Showing posts with label yopmail. Show all posts
Showing posts with label yopmail. Show all posts

Tuesday 1 June 2021

SaaS Azure Testing Thoughts

 Tooling:

  1. API Automation - Postman, Newman
  2. UI Automation - Selenium
  3. IDE - Visual Studio 2019
  4. Test Organization - Azure DevOps Test Plan
  5. CI/CD - Azure DevOps

Code reviews:

Code review is used as a verification technique to ensure that each unit is coded as per standards and expected business logic and inline with coding standards and best practices.  Automate code review built into Azure Pipelines should include:  

  • WhiteSource Bolt - Scan packages for vulnerabilities.
  • SonarQube - Static Analysis, 
  • Blackduck - Open-Source Scanning (OSS) tool.  Used to look for license risks and unused references.
  • Checkmarx - Static Application Security Testing (SAST) tool benefits include: Detect security vulnerabilities, Improve developer practices, and reports on code ownership.  Static code anaylsis.  VeraCode is a competitor product.
  • BugSuite
Code should pass OWASP (Open Web Application Security Project) shows the most common code vulnerabilities.  OWASP ASVS (Application Security Verification Standard) - framework for controls when building applications to cover functional and NFR's for web applications.

Unit testing:

Unit tests are written to ensure every unit of code is working as expected, and to prevent a defect from going to the next level on all C# code.  Xunit and Moq are the tools to be used for unit testing using the standard Arrange > Act > Assert pattern.

As long as Unit test coverage is high and of a good standard, I don't mind if the tests are written before the code (TDD) or as most developers tend to do the tests after the code is written.

API testing:

All API must use Postman collections and Environments for local testing.  The tests need to cover all API's dealing with authentication, authorisation, checking status codes, body responses, headers, data persistence, and post test clean-up.  Use Newman to integrate postman tests into Azure pipelines:

https://www.npmjs.com/package/newman-reporter-htmlextra

Selenium testing:

Code for UI must be automated where possible.

SonarQube: "automatic code review tool to detect bugs, vulnerabilities, and code smells in your code" SonarQube documentation

Code Smells:  Bloaters, OO abusers, ....

Checkmax detects potential security issues

Disposable email addresses: You often need to test login/account creation and it's useful to have temporary disposable email addresses:

Saturday 10 March 2018

SharePoint Tooling 2018

On a development/local machine, I have complied this list of tools that I'm likely to use but it completely depends on the development project, approach, and technologies used.  This post lists tools I commonly use as of March 2018:

SharePoint Tools:
  1. SharePoint Inspect
  2. SharePoint Designer
  3. Visual Studio 2017
  4. SharePoint Search Query Tool (CodePlex now PnP)
  5. SharePoint Manager
  6. CAML Builder
Developer Tools:
  1. NodeJS
  2. NPM
  3. Yeoman, 
  4. GULP
  5. Webpack
Design Tools:
  1. Balsamiq (My favourite) - Screens and interaction flow
  2. Updated 2019/12/01 - visual-paradigm.com online drawing tool
  3. Axure - Prototyping
  4. Figma
  5. Microsoft Blend - Screens and interaction flow
  6. Visio - Architecture
  7. MS Access to ERD design
Other Tools:
  1. Visual Studio or Visual Studio Code
  2. SnagIT - Basic video recording with audio and annotate screenshots.
  3. Office & OneNote
  4. NotePad++, add the compare dll plugin
  5. Grammarly
  6. Slack or Teams
  7. Yopmail or mailinator - useful for creating accounts for testing (beware these can be a security risk as anyone can guess you temporary emails) they are deleted after a few days.
  8. BrowserStack
Networking:
  1. Wireshark
  2. Fiddler
  3. DeveloperTool IE & Chrome
  4. Burp
  5. Telnet
  6. Postman
Source Control:
  1. TFS
  2. TFS online
  3. GIT