The Value of Security Testing in QA

For many organizations, traditional testing groups are separated from the IT security group. But having traditional testers perform some security testing efforts is a great way of achieving a balanced approach to shifting left while being mindful of staffing and budgetary challenges. It also has some great advantages.

Read more
What is agile, part 1
an agile development team

Today in class, one of my students asked the seemingly straightforward question, “what is agile?”.  This got me thinking – what is the most fundamental aspect of agile? My unorthodox view is that agile is simply the name given to the bundle of values and principles that result in more successful outcomes in software development. […]

Read more
Building a Node.js REST Microservice: Part Two
portrait of a red panda

Introduction This is the second part of a series of tutorials focused on the process of creating, deploying, and consuming a Node.js REST microservice. In part one of this series, I walked through the initial creation process. I demonstrated how to leverage Node.js and just a few modules to create a functioning REST microservice. While […]

Read more
FIDO2…It’s Getting Real

In this article, you’ll get an overview of the motivations behind the FIDO2 (Fast Identity Online) effort and how it works, a walk through of some popular use cases, who the players are behind the specification, and finally, where FIDO2 is headed. State of Affairs Passwords are real problem. They’re hard to remember and they […]

Read more
Leveraging Kubernetes as a Tester

With the advent of agile and DevOps, organizations are moving from specialized roles to cross-functional teams—and that means cross-functional sharing of the specialized tools used in each silo. So it’s not unreasonable for a tester to need access to the tools used in those other silos, such as Kubernetes. Kubernetes is a scalable, production-grade container […]

Read more
No Estimates means Incremental Funding

At Agile+DevOPs 2018 @ryan.ripley kicked off a UX fishbowl panel session about no estimates. To be honest I have been skeptical about no estimates since I first heard about it. I think I have been skeptical about it for a couple of reasons including: Committing to work and achieving it in the sprint has been […]

Read more
Custom Framework Listeners

In my past articles I’ve written about using custom listeners as part of getting desired reporting, or making your tests do what you want. I’ve always referred offhandedly to these listeners, never paying them direct attention. I figured it was finally time to actually write a full fledged post about listeners, and some useful tricks. What is a […]

Read more
Ansible privilege escalation using ‘sudo su -‘
Privilege Escalation

Recently I wrote an Ansible playbook to extract data from an Informatica PowerCenter repository. The data was then compressed and uploaded into Nexus Repository Manager. I used the command line utility, pmrep, to execute the commands needed to connect to the Informatica repository and to extract the data. A specific Informatica user had been given […]

Read more
Installing MicroK8s 1.14 for Local Development

In a recent development, MicroK8s replaced its dockerd installation with containerd. Many pre-existing sources mention “microk8s.docker”, but this command is no longer available. I will walk you through the full initial installation and basic usage on Ubuntu 18.04. Practically speaking, this means you now need to install Docker on your Ubuntu machine. In previous versions, […]

Read more
X