Seb Rose, Continuous Improvement Lead, SmartBear

New software development approaches continue to be promoted. You may be aware of waterfall, RUP, 4GLs, 3-tier client server – all still alive and kicking in some domains. You will be familiar with some (or all) of Agile, Kanban, DevOps, SAFe, No Code/Low Code and many others.

A new kid on the block is DevSecOps. What does that mean? Where did it come from? Why is it important? If we adopted the tenets of DevSecOps without calling it DevSecOps would it “smell just as sweet”? What would it “smell” like if we spun up a DevSecOps team, without understanding the fundamental challenges that DevSecOps was intended to overcome?

In this session I’ll explore the origins of DevSecOps before going on to demonstrate the distance between the label and the intent of DevSecOps. Finally I’ll try to generalise the journey from “good idea” to “empty slogan” that seems to underpin many of the hyped transformations that I’ve lived through during my 40 year career in software.

Nikhil Barthwal, Software Engineer, Facebook

Modern software-based services are implemented as large scale, highly distributed systems running in cloud or data centres. Disruptive real-world events like hardware failures or software bugs can create turbulent conditions in the environments where these systems and can lead to unpredictable outcomes. Chaos Engineering is a study of system’s ability to withstand such disruptive turbulent conditions. It works by purposefully injecting failure into the production environment that mirrors the actual failure modes and monitors the recovery.

Chaos engineering uses experimentation to study effects of such disruptions. These experiments typically start by defining “steady state” of the system and come up with metrics that can be used to measure this steady state. Then various events that mirror the failure modes (aka “Chaos”) that are possible in our production environment (e.g. server crash), are injected systematically in the system in controlled environment.

Effect of the injected “Chaos” is observed by collecting and analyzing the metrics identified above. If the system is able to recover successfully, this builds confidence in system’s ability to handle an actual unplanned outage. If a failure to recover is observed, then it becomes a target for improvement before that behavior manifests in the system at large. By automating these chaos experiments, it is possible to identify several such vulnerabilities on a continual basis.

This talk goes into details of what Chaos Engineering is, why is it important, and how to use it to build immunity in Production Systems. It also emphaisze that extensive monitoring & logging is essential for the success of Chaos Engineering in its goal to improve the resiliency of the system.

View Nikhil Barthwal’s video

Gil Zilberfeld, Agile Testing Consultant, TestinGil, Israel

Testers never catch up with all the code developers create. We never know the product’s real quality.
We constantly ignore a root cause – testability.

Code architecture, design, and structure directly affect our testing effort. By improving testability, we increase testing effectiveness and efficiency. And everyone on the team should contribute.

View Gil Zilberfeld’s video

Moderator: Colin Deady, PPS
Panellists: Seb Rose, SmartBear; Nikhil Barthwal, Facebook; Gil Zilberfeld, TestinGil

Matthias Zax, Agile Engineering Coach, Raiffeisen Bank International AG (RBI)

Continuous Security testing is becoming more and more a key factor for success. Especially if we consider that the development and release process is speeding up enormously. Just imagine that your potential shippable product is going to production with a huge vulnerability or a back door open. The damage to your company and bad reputation would be even not measurable. So how can we avoid this? How can we build- security -in? Let’s leave the stone age behind, break down the security silo and implement DevSecOps. During my talk, I will tell you where you can implement and improve security testing. What different kinds of functional and non-function security testing methods are available and what are the low-hanging fruits. On a high level, I will explain SAST / DAST / IAST / RASP and how your team could implement these methods with examples. Then I will lift it to the next level and show how you can add security testing to your pipeline to get fast feedback to fix the vulnerabilities at a very early stage (shift left). By showing where to implement security tests in your software development lifecycle, I will explain where it makes sense to have security as a deep skill part of your team and go for DevSecOps! After I increased our transparency of security and showed you how to deal with “the four fists”, I will close my talk by presenting the 10 successful steps to DevSecOps.

Dr Thomas Fehlmann, Senior Researcher, Euro Project Office AG

Autonomous Real-Time Testing (ART) is a novel approach to automated testing, where not only code, or services, are tested automatically, but also test cases are generated by an Artificial Intelligence (AI) process. ART is executed anywhere, anytime, without human intervention. The AI process for generating test cases is based on a solid process for analysing users’ values and needs, following ISO/IEC 16355.

ART impacts product marketing, in automotive and medical instruments, and many others.

View Dr Thomas Fehlmann’s video

Astrid Winkler, Project Manager, Face AG, Switzerland

As human beings, we often deal with difficult situations that most likely include fellow humans. When situations or people start to trigger us it becomes critical to reflect and decide about your reactions within seconds. And sometimes situations warrant us to step back, reflect and do the right thing after thinking through the situation. In scenarios like these, Emotional Intelligence (EI) is a great tool, to effectively deal with stressful situations, misunderstandings or conflicts, and in fact, if applied skilfully EI can help one steer things towards success.

As a newbie in the testing industry, I developed my understanding based on different talks I attended. I realized how much human-centric and human-dependent technology is. I learned how testers work and what they deal with. EI can help you become the best version of yourself and help you perform better whether you are a team leader or not, EI can help you become the best version of yourself and help you perform better.

In this talk, participants will learn:

• Why is testing an emotional activity and how can a tester use Emotional Intelligence?
• How can Emotional Intelligence change their perspective as a leader?
• How to use EI in their personal and business life.
• It will help participants understand and react in the best possible way based on the situation/person you are dealing with including your own needs.

View Astrid Winkler’s video

Saurabh Bhardwaj, Tech Evangelist, General Manager VOIS and Ramapriya Shivakumar, Senior Test Lead, Vodafone

Vodafone Enterprise UK is one amongst the fastest growing businesses globally within fixed data network spanning over 90 countries. Offerings like Internet of Things (IoT), Cloud Connect, Mobile, Fixed and Unified Communications helps to connect people, places & things, and to do so interplays a complex IT stack complemented by an array of networks.

Company understand that to build a competitive advantage a key factor contributing is “Accelerating Application Delivery“. The myth that testing holds back the speed of delivery is not relevant today, now with Continuous Testing (CT) and DevOps practices that provide near-real time measure of business risk & comparing it within the acceptable limit.

CT and DevOps adoption is a guiding principle and there is no ‘One Size Fits All’ solution off-the-shelf. Creating a stable and low maintenance E2E continuous test framework is challenging given complex application stacks, deeply entrenched process built for dramatically different delivery models within strict compliance requirements. The four pillars towards sustainable CT/DevOps are Stability, Scalability, Maintainability & Reusability. This paper/presentation details how these pillars were realized in the CT & DevOps adoption journey within E2E testing services for Vodafone Enterprise IT (EIT). Key Challenges:

1. Focus on Stable Test Suites rather than enhance Coverage
2. Build Scalable Automation Framework that is hybrid, flexible & customizable, yet Standardized
3. Build a Mature, Maintenance free platform using Jenkins/Azure DevOps (ADO) Orchestration
4. Design to reuse framework, processes & tools

This journey provides an adaptable framework to establish Continuous Testing by extending DevOps beyond ‘Build-Test- Deploy’ within systems to ensure Auto Deployments, Auto environment and Functional Sanity test-runs & Auto Reporting are embraced across entire E2E stack.

Adopt, Adapt & realize Value – Focus on the right solution for your challenges

It is true that there is no such thing as Enterprise CT & DevOps In-A-box. Given the rapid advancement in tools and technologies in this space, there is often tradeoff between keeping the CT & DevOps system stable/mature and achieving low maintenance overheads. An enterprise CT & DevOps framework that can achieve your organization’s goal with respect to quality, speed, and efficiency, needs to be crafted by adapting this framework based on solid understanding of the current testing estate within the organization and focused evaluation of the key challenges impeding the pace of delivery.

View Saurabh and Ramapriya’s video

Moderator: Dr Thomas Fehlmann, Euro Project Office AG
Panellists: Matthias Zax, Raiffeisen Bank International AG (RBI); Astrid Winkler, Face AG; Saurabh Bhardwaj, VOIS and Ramapriya Shivakumar, Vodafone;

Adarsh Mehrotra, Industry Principal Consultant, Infosys, India

Given the complexities & scale in large enterprises, the talk covers how Flow based Agile culture can catapult growth & speed up the delivery to the customers. Visualization of work & culture of continuous improvement will be part of the core theme.

View Adarsh Mehrotra’s video

Marielle Roozemond, Agile coach & lecturer, Rotterdam University of Applied Sciences/Agile Communicatie, The Netherlands

Most people tend to avoid conflict and disagreement. A shame, because disagreement is necessary to achieve better products and processes. Dealing productively with disagreement and conflict ensures that quality of work goes up, job satisfaction increases, and team members will feel more engaged. We should embrace conflict instead. In order to do this we need to be familiar with the anatomy of this type of interactions and the biological processes that are set in motion in our brains.

View Marielle Roozemond’s video

Peter Maddison, VP of Engineering, Xodiac Inc.

– DevOps makes the work visible and creates conversation around it
– The creation of feedback loops allows you to understand the impact of the process changes you are making
– Continually iterating accelerates learning, allowing you to improve your process

Moderator: Colin Deady, PPS
Panellists: Adarsh Mehrotra, Infosys; Marielle Roozemond, Rotterdam University of Applied Sciences/Agile Communicatie; Artem Golubev, testRigor; Peter Maddison, Xodiac Inc.