Software Testing

The IoT ransomware threat is more serious than you think

Test And Verification Services Blog - Fri, 26/05/2017 - 06:42

The IoT ransomware model is fundamentally different from the computer and laptop paradigm, but no less dangerous. It is only a matter of time before hackers decide it’s worth their time and try their hand at hacking IoT devices for ransom.

This is another reminder of the cybersecurity tradeoffs that IoT poses on consumers. This article explains why is IoT ransomware being underrated and should it be taken seriously.

Read More

Learn more about how T&VS IoT certification process can ensure the IoT revolution is delivering safe, secure and compliant products.

The post The IoT ransomware threat is more serious than you think appeared first on T&VS.

Categories: Software Testing

ISO 26262 – Addressing the Concerns around Emerging Technologies

Test And Verification Services Blog - Fri, 26/05/2017 - 06:35

The rapid deployment of ADAS and fully autonomous connected technologies, together with the associated cybersecurity threat has seen growing inadequacies in the original iteration of ISO 26262. This article from AutomotiveIQ describes how ISO 26262 strengthen the focus on semiconductor requirements and ensure the standard remains relevant when applied to systems commonly used in ADAS and fully autonomous driving architectures.

Read More

Find out how T&VS Functional Safety services help you to improve the safety & security requirements in electronic and electrical systems.

The post ISO 26262 – Addressing the Concerns around Emerging Technologies appeared first on T&VS.

Categories: Software Testing

How Verification Times are Changing?

Test And Verification Services Blog - Fri, 26/05/2017 - 06:28

Larger, and more complex designs with more software and hardware require new verification solutions that target the associated technological challenges. This article from Chip Design outlines how design and verification flows are changing and developing through the ages.

Read More

Find out how T&VS have developed a unique process that enables companies to make continuous improvements to their design and verification environments.

The post How Verification Times are Changing? appeared first on T&VS.

Categories: Software Testing

T&VS Security Services – Urgent Security Update – Malware ‘Adylkuzz’ Is Spreading Just Like ‘WannaCry’

Test And Verification Services Blog - Thu, 25/05/2017 - 16:47

Friday 12th May saw a large-scale ransomware attack across the globe, crippling companies and critical government services including the National-Health-Service in the UK. The appropriately named ‘WannaCry’ ransomware targeted Microsoft users, encrypting files and requesting money to be unlocked. It exploited Microsoft server message block (SMB) functionality, effecting all versions of windows operating system.

It recent days it has become apparent that another malware is using the same exploit to spread itself to unsuspecting machines. Adylkuzz is using the EternalBlue vulnerability (same as WannaCry) to exploit the systems, but it’s not a ransomware attack. It’s a botnet that shuts down SMB and uses system resources to mine for cryptocurrency.

Recommendations to protect against future malware

The following are general security best practice advice:

  • Always ensure your Microsoft patches are up-to-date.
  • Enable firewalls and disable the following ports 137,138,139,445. These are the ports ransomware utilises.
  • Ensure Antivirus software is up-to-date.
  • Stop using any unsupported windows Operating System. Always aim to regularly upgrade to the latest OS.
  • Disable Microsoft server message block (SMB)
  • Regularlyperform a secure backup of data into the cloud. This will allow a quick restore of data if an attack does occur.
  • Always be aware of phishing attacks. Avoid vulnerable websites and emails.
  • Finally, we would recommend you increase security awareness and give training for end users on how to protect themselves going forward.

Let T&VS ensure you are protected going forward. Our security team will analyse your infrastructure for potential weaknesses and provide assistance in ongoing security measures.  If you would like to know more, please see T&VS Security or contact us via email. T&VS experts will provide a simple step-by-step guide to the actions you can take now to ensure your systems are protected.

The post T&VS Security Services – Urgent Security Update – Malware ‘Adylkuzz’ Is Spreading Just Like ‘WannaCry’ appeared first on T&VS.

Categories: Software Testing

T&VS Security Services – Top3 Recommendations Following Global ‘WannaCry’ Ransomware Attack

Test And Verification Services Blog - Thu, 25/05/2017 - 08:29

The “WannaCry” ransomware appears to have used a flaw in Microsoft’s software, discovered by the National Security Agency and leaked by hackers, to spread rapidly across networks locking away files.

T&VS security service is offering top 3 recommendations to ensure you are protected from “WannaCry” and help you to secure against future ransomware.

Read More

The post T&VS Security Services – Top3 Recommendations Following Global ‘WannaCry’ Ransomware Attack appeared first on T&VS.

Categories: Software Testing

Importance of Performance Testing and Which type of performance tests should you conduct?

Test And Verification Services Blog - Thu, 25/05/2017 - 08:24

Performance testing examines responsiveness, scalability, reliability, speed and resource usage of your software and infrastructure.In the world of performance testing, it’s important to understand the several types of testing, what they consist of and how they can benefit your applications.

This article from DZone summarizes the several types of performance testing and outlines which type of performance tests should you use and how they fit into your testing cycle.

Read More

Know how T&VS ensure you implement and deliver the right performance testing approach to help you meet your objectives and business demands.

The post Importance of Performance Testing and Which type of performance tests should you conduct? appeared first on T&VS.

Categories: Software Testing

How to Protect Web Applications from attacks?

Test And Verification Services Blog - Thu, 25/05/2017 - 08:09

Web application firewalls play an essential role in maximizing throughput and ensuring to protect web applications against an attack. This article summarizes how to protect and secure your critical web applications from attacks by deploying a strong web application firewalls.

Read More

Find how T&VS Web Application Security Services enable you to prevent breaches by protecting and securing your data against web attacks, DDoS, and other botnets.

The post How to Protect Web Applications from attacks? appeared first on T&VS.

Categories: Software Testing

Why Portable Stimulus is the First Verification Model?

Test And Verification Services Blog - Thu, 25/05/2017 - 07:22

The objective of Portable Stimulus is to be able to write your verification intent once and can use it at all stages of silicon realization. This article from EDA Café summarizes the reasons that states why portable stimulus is the first true verification model. A single Portable Stimulus model can be used as an input to synthesize tests for a variety of target execution platforms, including UVM, simulation, emulation, post-silicon validation, etc.

Read More

Find out how T&VS portable stimulus specification addresses today industry verification challenges.

The post Why Portable Stimulus is the First Verification Model? appeared first on T&VS.

Categories: Software Testing

Cambridge Lean Coffee

James Thomas' blog - Wed, 24/05/2017 - 20:48

This month's Lean Coffee was hosted by Redgate. Here's some brief, aggregated comments and questions  on topics covered by the group I was in.

What benefit would pair testing give me?
  • I want to get my team away from scripted test cases and I think that pairing could help.
  • What do testers get out of it? How does it improve the product?
  • It encourages a different approach.
  • It lets your mind run free.
  • It can bring your team closer together.
  • It can increase the skills across the test group.
  • It can spread knowledge between teams.
  • You could use the cases as jumping-off points.
  • I am currently pairing with a senior tester on two approaches at the same time: functional and performance.
  • For pairing to work well, you need to know each other, to have a relationship.
  • There are different pairing approaches.
  • How long should you pair for?
  • We turned three hour solo sessions into 40 minute pair sessions.
  • You can learn a lot, e.g. new perspectives, short-cuts, tips.
  • Why not pair with developers?

Do you have a default first test? What it is? Why?
  • Ask what's in the build, ask what the expectation is.
  • A meta test: check that what you have in front of you is the right thing to test.
  • It changes over time; often you might be biased by recent bugs, events, reading etc to do a particular thing.
  • Make a mind map.
  • A meta test: inspect the context; what does it make sense to do here?
  • A pathetic test: just explore the software without challenging it. Allow it to demonstrate itself to you.
  • Check that the problem that is fixed in this build can be reproduced in an earlier build.

How do you tell your testing story to your team?
  • Is it a report, at the whiteboard, slides, a diagram, ...?
  • Great to hear it called a story, many people talk about a report, an output etc.
  • Some people just want a yes or no; a ship or not.
  • I like the RST approach to the content: what you did, what you found, the values and risks.
  • Start writing your story early; it helps to keep you on track and review what you've done
  • Writing is like pairing with yourself!
  • In TDD, the tests are the story.

One thing that would turn you off a job advert? One thing that would make you interested?
  • Off: a list of skills (I prefer a story around the role).
  • Off: needing a degree.
  • Interested: the impression that there's challenge in the role and unknowns in the tasks.
  • The advert is never like the job!
  • Interested: describes what you would be working on.
  • Off: "you will help guarantee quality".
  • Interested: learning opportunities.
  • Interested: that it's just outside of my comfort zone.
Image: https://stocksnap.io/photo/A78EC1EB73
Categories: Software Testing

See T&VS at DAC 2017 – 18-22 June, Austin TX.

Test And Verification Services Blog - Wed, 24/05/2017 - 17:17

The Design Automation Conference (DAC) is the premier conference devoted to the design and automation of electronic systems (EDA), embedded systems and software (ESS), and  intellectual property (IP). DAC offers outstanding training, education, exhibits and superb networking opportunities for designers, researchers, tool developers and vendors.

At this year’s event Mike Bartley, founder and CEO of T&VS will be contributing to the following panel discussion.

DAC Panel : Verification Necessity: When is Enough Too Much? Mike Bartley
T&VS Founder and CEO

One contributing factor to the growing verification complexity is the emergence of new layers of verification requirements that did not exist years ago and that are driving the need for new solutions and expertise. Given a complex SoC project’s constraints (i.e., finite resources, finite time, and finite budget) some of the important questions that will be put to the panel include: How do you construct an efficient, effective, and productive verification flow?  and When is a proposed verification solution a necessity or nicety?

  • Moderator: Brian Bailey – Semiconductor Engineering
  • Wednesday June 21, 4:30pm – 5:20pm –  12AB
  • Track: EDA and Embedded Systems
  • Panelists:
    • Mike Bartley – Test and Verification Solutions
    • David Lacey – Hewlett Packard Enterprise
    • Ashish Darbari – OneSpin Solutions GmbH, Munich, Germany
    • Lauro Rizzatti – Rizzatti LLC, Portland, OR
    • Amol Bhinge – NXP Semiconductors, Austin, TX
  • DAC Website: Verification Necessity: When is Enough Too Much?
Meet Us at DAC 2017

If you would like to meet up at DAC to discuss you Test and Verification requirements, including all aspects of Hardware Verification, Software Testing, Security Testing & Data Protection or Safety Compliance, please contact us to arrange a suitable time and place.

The post See T&VS at DAC 2017 – 18-22 June, Austin TX. appeared first on T&VS.

Categories: Software Testing

Quaere, Heuristics, Mnemonics, and Acronyms

Alan Richardson's Blog - Wed, 24/05/2017 - 11:30
Don’t limit yourself to a set of attributes and words, seek more, develop strategies for identifying new concepts and ways of exploring them for then you have manifested the spirit of Quaere.



How might I describe the process of model building?I was writing some notes on ‘Testing’ and trying to think through how I might describe the process of model building.

And I wrote down a few words:

  • Questioning,
  • Exploration,
  • Experimentation,
  • Analysis.
Useful words methinks.

Marketers ruin everythingAnd then my marketing brain kicked in.

“What if you made an acronym?”

Q.U.A.E.R.E - An Acronym I could MarketOK, well, “Q” requires a “U”

  • Usage?
And what else?

  • R? for Reasoning
And feed all of that into an online anagram solver:

“Quaere”

“Quaere” a word “to seek”The word “Quaere” coincidentally maps on very well to the process.

Since the word originates from Latin, to “seek, look for; ask”.

“Quaere” definitions:

Mnemonics and HeuristicsClearly at this point I should own this and present it as a branded Mnemonic.

“Quaere”, which would lead you to the individual words: Questioning, Usage, Analysis, Exploration, Reasoning, Experimentation.

And how would you use those words?

I see many presentations of lists of words as Heuristics, but I don’t think of individual words as heuristics.

I think of individual words as words.

But I could have a parameterized statement that works as a Heuristic that says “Meditate on an individual word to think of ideas to improve your testing”.

And the parameter is defined as “an individual word”

  • “Meditate on [an individual word] to think of ideas to improve your testing”.
Becomes:

  • “Meditate on Questioning to think of ideas to improve your testing”.
  • “Meditate on Usage to think of ideas to improve your testing”.
  • “Meditate on Analysis to think of ideas to improve your testing”.
  • “Meditate on Exploration to think of ideas to improve your testing”.
  • “Meditate on Reasoning to think of ideas to improve your testing”.
  • “Meditate on Experimentation to think of ideas to improve your testing”.
I might think - what other parameterized heuristicesque sentences could I use?

  • “Have I performed enough [an individual word]?”
  • “Has my [an individual word] been good enough?”
  • “Did my [an individual word] cover everything it could?”
A Springboard for IdeasAs a springboard for ideas, word generation and cogitation can work well, I’m not knocking it, I just don’t think of a word as a Heuristic.

And I get nervous of lists in general because I have a tendency to view them as complete and never see the invisible “etc.” at the bottom which reminds me to expand them.

Don’t limit yourself to this set of attributes, seek more, for then you have manifested the spirit of Quaere.

Related Reading

Newer readers might like to read my earlier mentions of Stichomancy:

Categories: Agile, Software Testing

Essential components to building a Security Testing practice

Test And Verification Services Blog - Wed, 24/05/2017 - 06:48

Security testing is a process intended to reveal flaws in the security mechanisms of an information system that protect data and maintain functionality as intended. Secure development testing also affords security teams with higher visibility into security risks early in the product lifecycle.

This article from Techwell highlights how to build the security layers in software development life-cycle which make difficult for hackers to exploit the current known security vulnerabilities that exist in the technology world.

Read More

Find how T&VS Security Testing Services help ensure the correct security features are built into devices at the outset and processes to assist with ongoing maintenance and updates.

The post Essential components to building a Security Testing practice appeared first on T&VS.

Categories: Software Testing

How to Protect the IoT with secure hardware

Test And Verification Services Blog - Wed, 24/05/2017 - 06:35

As the IoT devices continues to expand exponentially, security threats to hardware is an also growing concern and it becomes more of a reality to the organizations, the importance of securing the billions of remote, connected objects, networks against cyber-attack becomes increasingly challenging. This article explores why the use of secure hardware is recommended for protecting today’s user-accessible networked IoT infrastructure.

Read More

Learn how T&VS IoT Security services allow you to take a comprehensive approach to maintain the security, and protect your IoT devices from cyber threats.

The post How to Protect the IoT with secure hardware appeared first on T&VS.

Categories: Software Testing

Names that make computers go crazy

Gojko Adzic's blog - Tue, 23/05/2017 - 23:00
this is an excerpt from my upcoming book, Computer Says No, about wrong assumptions, computer bugs and humans caught in between In 1961 IBM introduced a new monster processing system, called 7074. The beast was normally delivered in several trucks, required a room of 40 by 40 feet, and weighed more than 41,000 pounds. The system had a disk storage unit with a capacity of 28 million characters and could process almost 34,000 operations per second. Still, the IBM 7074 was no match for Hubert B. Wolfeschlegelsteinhausenbergerdorff. Hubert rose to fame in 1964 when Associated Press carried the story of...
Categories: Agile, Software Testing

Is Crowdsourced Testing Right for My Team?

Test And Verification Services Blog - Tue, 23/05/2017 - 07:54

Crowdsourced testing is an emergent method of QA testing which leverages a dispersed, temporary workforce to test software applications quickly and effectively. This article from DZone summarizes the best practices that help you decide why crowdsourced testing is the right for your team and outlines why crowdsource testing can be a powerful tool for optimizing your workflow.

Read More

Find out how T&VS services let you integrate crowdsourced testing into your development workflow to ensure higher quality and more accurate test results.

The post Is Crowdsourced Testing Right for My Team? appeared first on T&VS.

Categories: Software Testing

Do we need Penetration testing?

Test And Verification Services Blog - Tue, 23/05/2017 - 07:50

Penetration test not only reveals vulnerabilities but also actively exploit vulnerabilities to find a real possibility of hacker attack directed against the IT structure, data, or the physical security of an organization. This article summarizes the benefits of performing penetration test for organizations and outlines what are the business needs to periodically check cybersecurity of their networks, software, websites, and applications.

Read More

Understand how T&VS Penetration Testing services help to maintain compliance, eliminate IT security threats, and can reveal how hackers may breach systems.

The post Do we need Penetration testing? appeared first on T&VS.

Categories: Software Testing

How Emulation’s Footprint is Growing?

Test And Verification Services Blog - Tue, 23/05/2017 - 07:47

This article from Semiengineering outlines why emulators are suddenly indispensable to a growing number of companies and how emulation also has been going through several transformations that have made it more affordable, more useable, and more complete verification tool.

Read More

Find out how T&VS Hardware Emulation services allow verifying the robustness of a design and helps optimize the design for improved performance.

The post How Emulation’s Footprint is Growing? appeared first on T&VS.

Categories: Software Testing

T&VS Awarded Place On The UK Government G-Cloud 9 Procurement Framework To Provide Cloud Support Services

Test And Verification Services Blog - Mon, 22/05/2017 - 15:00

22 May 2017,  Bristol, UK. – Test and Verification Solutions (T&VS), a leading hardware verification and software testing provider is proud to announce its appointment as a supplier to the UK government’s public sector cloud framework G-Cloud 9, under Cloud Support Services.

The G-Cloud procurement framework is part of the UK Governments Digital Marketplace, giving public sector organisations an easy solution for sourcing specialists for Cloud-related projects.  Eliminating the need for buyers to run complicated tenders, purchasing through the G-Cloud 9 framework is designed to make the purchase of Cloud services both faster and cheaper for public sector bodies.  Offering the dual benefit of shorter procurement cycles and faster service deployment.

This year has seen T&VS update their product solution set ready for G-Cloud 9, with a focus on the current industry challenges and the latest innovative testing solutions, including:

G-Cloud 8 Framework“T&VS have delivered a number of testing solutions to the public sector over the last 9 years and we have enjoyed great success providing testing services that have added real value” said Dr Mike Bartley CEO of T&VS. “Being awarded G-Cloud 9 is a major achievement for T&VS and we aim to continue to be the right choice for quality testing services in the public sector.”

About the Crown Commercial Service (CCS)

CCS works with both departments and organisations across the whole of the public sector to ensure maximum value is extracted from every commercial relationship and improve the quality of service delivery. The CCS goal is to become the “go-to” place for expert commercial and procurement services.

About T&VS

T&VS (Test and Verification Solutions Ltd) provides services and products to organisations developing complex products in the microelectronics and embedded systems industries. Such organisations use T&VS to verify their hardware and software products, employ industry best practice and manage peaks in development and testing programmes. T&VS’ embedded software testing services includes onsite/offshore testing support including assistance with safety certification and security testing. T&VS hardware verification services include onsite/offshore verification support and training in advanced verification methodologies. T&VS also offers Verification IPs and its own Verification (EDA) signoff tool.

T&VS Company Contact

 

 

The post T&VS Awarded Place On The UK Government G-Cloud 9 Procurement Framework To Provide Cloud Support Services appeared first on T&VS.

Categories: Software Testing

The A-Z of XP

James Thomas' blog - Sat, 20/05/2017 - 20:54

After I blathered on and on about how much I'd enjoyed Ron Jeffries' Extreme Programming Adventures in C# the Dev Manager offered to lend me his copy of Extreme Programming Explained by Kent Beck.

Some background from Wikipedia:
Extreme programming was created by Kent Beck during his work on the Chrysler Comprehensive Compensation System (C3) payroll project. Beck became the C3 project leader in March 1996 and began to refine the development methodology used in the project and wrote a book on the methodology (in October 1999, Extreme Programming Explained was published).So I took the book (it's the first edition) and I enjoyed it too, but differently. I might say that if Adventures is a road trip, Explained is a road atlas.

One of the things I liked about Explained (that it shares with Adventures) is the suggestion that only you can really decide whether XP can work in your context, and how. Also that Beck is prepared to offer you suggestions about when it might not.

But the world probably doesn't need any more reviews of this book so instead I'll note that I was a little surprised at the degree of upfront formality (which isn't to say that I don't think formality can license freedom to express yourself); sufficiently surprised that I mapped it to help navigate the rest. (And, yes, that's a map from an atlas.)


Image: Amazon
Categories: Software Testing

How to use JavaScript Bookmarklets to Amend Web Page Example [Tutorial Text and Video]

Alan Richardson's Blog - Fri, 19/05/2017 - 09:52
TLDR; When you learn to manipulate the DOM with JavaScript you can create simple tools and automate from within the browser and use bookmarklets to make the code easy to execute and sync across different machines.






BackgroundWhen I first learned how to code it was in BASIC with an interpreter. This was great because I didn’t have to write a lot of scaffolding code to create an application I just wrote code and it ran.

I can experience a similar process using JavaScript in the browser console which makes JavaScript a good first language to hack about with and make your first steps learning how to code.

It also means that I an get a lot done very quickly from the console to help me when I test web applications.

I can manipulate a web application client in my browser by:
  • changing the DOM
  • amending the JavaScript
  • changing the values of variables
  • adding new elements into the DOM
A client, in a browser, is ours to command.
A Set of Twitter linksBearing the above in mind. I visited the TestingCircus.com list of testers on twitter and there were a few names I didn’t recognise.

The page handily provides the twitter handle and the URL but the URL is a text element, not a clickable URL. Therefore in order for me to check if I follow that person I have to engage in manual effort to copy and paste the text into the browser URL field and visit the page.

Ugh, manual effort.

Fortunately however:
  • this is a web page
  • the URLs are on the page as text
  • I know how to get the URL from the page with JavaScript
  • I know how to amend the DOM with JavaScript
  • I can write some JavaScript to convert all the text URLs into clickable URLs
The full process for this is shown in a video on youtube.
The codeIf I inspect the page and into the JavaScript console I paste the following code and hit return to execute the code then all the Twitter URLs will become clickable:

posslinks = document.getElementsByTagName("td");
for (var plinkid = 0; plinkid < posslinks.length; plinkid++) {
if (posslinks[plinkid].innerHTML.startsWith("https://")) {
posslinks[plinkid].innerHTML =
"<a href='" + posslinks[plinkid].innerHTML + "'>" +
posslinks[plinkid].innerHTML + "</a>"
}
}
  • get all the elements with tag name “td”
  • iterate over them all in a for loop
  • if the text in the table data/cell starts with “https://” then
    • change the text so that it is clickable link
The bookmarkletSince I will probably want to do this a few times I can make this easier by creating a bookmarklet.

A bookmarklet is:
  • javascript code
  • wrapped in an anonymous function that executes immediately
  • prefixed with “javascript:”
  • added to your browsers bookmarks
javascript:(function(){
posslinks = document.getElementsByTagName("td");
for (var plinkid = 0; plinkid < posslinks.length; plinkid++) {
if (posslinks[plinkid].innerHTML.startsWith("https://")) {
posslinks[plinkid].innerHTML =
"<a href='" + posslinks[plinkid].innerHTML + "'>" +
posslinks[plinkid].innerHTML + "</a>"
}
}
})

If I paste the above code into my bookmark toolbar then I’ll create a bookmarklet that I canclick on to change all the listed URLs to clickable URLs.

Bookmarklets can sync across machines .e.g if logged into Chrome Browser then your bookmarklets sync across all logged in browser sessions.
A ToolBecause I create small JavaScript snippets and convert them into bookmarklets to help me with my testing and general web navigation, I created a tool to help with this process.
You can see the tool in action in the video.
End Notes
  • A small knowledge of JavaScript can help you do very powerful actions.
  • JavaScript is a useful language to learn to ‘do stuff’ quickly
  • You can automate web applications from the JavaScript console
  • The Web Client pages are manipulatable and yours to control
  • Bookmarklets allow you have easy access to custom JavaScript
The Video
Categories: Agile, Software Testing

Pages