Software Testing and Agile

In Celebration of Agile’s 20th Anniversary, Executive Vice President Mike Sowers reflects on how software testing and testing professionals have been influenced by agile principles and practices.

Read more
Architecting Your Test Automation Platform

As another year begins and we look forward, many teams use this time to reflect on all that they’ve accomplished—reviewing things that are working well and things they’d like to improve. A key challenge continues to be automating our testing. Most of us are running to catch up in the test automation space and aggressively […]

Read more
Software Testing is Insurance, Not Assurance

Another week, another preventable, high-profile tech disaster. The Iowa Democratic Party used a mobile app to pull results from statewide precincts for the Iowa caucus. While there were many reasons why this application failed, the Democratic Party left it to “coding issues.” Anyone with any degree of experience can tell you this excuse really means they […]

Read more
No Production-Like Test Environment | DevSecOps Anti-Patterns
Wooded lake island water reflection

Owen Gotimer Hello everyone. My name is Owen Gotimer. I’m the community manager at TechWell. I’m joined today by Tom Stiehm the CTO at Coveros. Tom, thanks for joining me today. Tom Stiehm Thanks for having me. Owen Gotimer Another anti-pattern we can chat about is not having a production-like test environment. What are the […]

Read more
Continuous Build | DevSecOps Anti-Patterns
construction workers building a structure

Owen Gotimer Hello everyone. My name is Owen Gotimer. I’m the community manager at TechWell. I’m joined today by Tom Stiehm the CTO at Coveros. Tom, thanks for joining me today. Tom Stiehm Thanks for having me. Owen Gotimer Tom, we’re gonna chat about some DevOps and DevSecOps anti-patterns. Do you want to give a […]

Read more
Narrow versus Strong AI: The Future of Artificial Intelligence

Artificial intelligence is one of the fastest growing fields in the technology world, but there’s still a lot of uncertainty surrounding what truly qualifies as AI, the different types of AI, and how quickly AI is advancing. First, it’s important to set a framework about what AI is. While there isn’t one accepted definition, most […]

Read more
Dependency Checking Your Ruby Application

Dependency Checking Your Ruby Application Checking your application’s dependencies for known vulnerabilities is a critical, relatively low effort step you should take to secure your application, which you may have read about in another recent article: What is SCA? Compared to the wealth of tools used for dependency checking in, for example JavaScript,  there’s not […]

Read more
What is WAF?
WAF

Before diving into WAF security, it’s important to note the difference between web servers and application servers. A web server is internet facing on the front end, while an application server is where the code resides and is not internet facing. Between the web server and app server, all the HTTPs encrypted data is decrypted […]

Read more
What is SCA?
SCA

SCA stands for Software Composition Analysis. It’s a technique where you try to analyze the dependencies that your application includes to make sure that they don’t have any known vulnerabilities. In fact, up to 80% of the components that we include in our applications have some known vulnerability in them which can expose our applications […]

Read more
What is RASP?
RASP

RASP stands for Runtime Application Self Protection. Like IAST it’s agent based, so it watches your software run and tries to determine if something is attacking it. The goal of IAST is to try to determine if something’s attacking it by a certain behavior. RASP adds a layer to that by recognizing something’s attacking it […]

Read more
X