July 2013

The 39th Test Management Forum took place on Wednesday 31 July 2013 at the conference centre at Balls's Brothers, Minster Pavement.

The meeting was as usual, FREE to attend.

Timetable

13.30 Tea/Coffee
14.00 Introductions
14.15

Graham Thomas, Independent Consultant and Phil Isles, HSBC, Flowcharting workshop using the Raspberry Pi Paul Gerrard, Gerrard Consulting Big Data: What is it and why all the fuss? Blll Matthews, Target Testing, "Security Testing for Non-Techies"
15.30

Tea/Coffee

16.00

Stefan Zivanovic, Breaking Through the Barriers, "Agile Technical Testing - Reality or Myth" Adam Knight, Rainstor “Experiences in Testing a Big Data Product” Gordon McKeown, TestPlant, “The ideal load testing tool – what would it look like?”
17.15 Drinks
Reception

Session Abstracts

Graham Thomas, Independent Consultant, and Phil Isles, HSBC, Flowcharting workshop using the Raspberry Pi
By now many of you will have heard about the Raspberry Pi, the $35 British computer that is helping schoolchildren to learn how to write computer programs. To date over 1 million have been produced. A real success story.

Some of you may also know that over the last 18 months I (Graham) have been actively trying to reconvert the world to using flowcharts.

Well now Phil and I have brought these two themes together in the form of a highly interactive flowcharting workshop presented using the Raspberry Pi.

This session should be informative, fun, and productive. Informative in that you will find out how really powerful a $35 computer can be. Fun because we will use the Penguins logic puzzle game on the Raspberry Pi as the basis for the flowcharting exercise. And productive because you will learn or relearn how powerful quick and easy it is to generate flowcharts to aid in your daily work.

To play an active part in this workshop you will need something to draw flowcharts with, be that notepad and pencil, computer, tablet or phone.

Paul Gerrard, Gerrard Consulting Big Data: What is it and why all
the fuss?

Big Data seems to be the latest buzzword that seems to be trending.
The term has been around for a while but now, the largest
corporations are promoting Big Data products and services very
strongly, so something big is on the horizon. Right now, it still
looks like a load of hype, but scratching beneath the surface, it
seems to me that it has the potential to affect every person in
society and there's no getting away from it. What is all the fuss
about?

Big Data isn't really just about 'big'. Depending on who you ask,
mnemonics "V3" or "V4" summarise it well. Volume - is the quantity -
and it's big. Velocity - the rate of arrival/capture of data, and
that's big too. Variety - the sheer variety of data and formats to
be used. Veracity - the accuracy, truth or value of that data.
Volume and velocity are driving the technical aspects - relational
is out, NoSQL (not only SQL) is in and the relational data skills
out there are not enough. Variety and veractiy are the real
challenges: device instrumentation, social feeds, government,
location, financial, voice, image and video and all the data
captured by any (and I mean ANY) device that we use or encounter or
that monitors us and the gadgets we use are being stored, because
some day, it might be useful to a data analyst working for a
start-up, a corporate or our government.

If you don't know anything about Big Data, this session will provide
a basic introduction to what's happening out there, right now.
Adam's session will follow, and take a more practical look at a real
Big Data product.

Adam Knight, Rainstor “Experiences in Testing a Big Data Product”
I am currently working on testing a “Big Data” storage product for a
small agile company based in the UK. In this talk I’ll share my
experiences in testing a product that is targeted at the big data
problem. I’ll examine what big data means to us as a company and to
our customers and how it has emerged as a market in recent years.
I'll examine the technologies that characterise big data, for
example the increasing popularity of Hadoop and its associated
tools, and will highlight some of the issues faced when testing a
product that integrates with these.

As a group we'll discuss the implications of big data for testers
with reference to experience gained from working in my specific
context. I'll look at some of the approaches that we have had to
take to ensure that scalability and performance targets are tested
when the data sizes involved in the live implementations exceed that
which can be easily recreated in the test lab. I will present some
approaches that we have adopted to test the product quickly and
effectively within the constraints of agile sprints. By discussing
practical experiences you will gain valuable insights into the
testing issues that are emerging in the fast growing Big Data
market.
Blll Matthews, Target Testing, "Security Testing for Non-Techies"
Cyberspace is becoming an increasingly hostile environment to do business and in recent years many large players have admitted to being “Hacked” in some way or another. However this is only the tip of the iceberg. Less than 50% of detected breaches are reported to authorities and less than this are made public. Increasingly, many breaches are a result of software vulnerabilities. In line with this trend there is an increase in the need for test teams to undertake some form of security testing. So if it’s not already part of your test team’s remit to conduct security testing it’s likely that it will be in the coming years.

Security Testing is a complex topic and much of the literature focuses on the techniques used but this is only one side of the coin. In security testing, how you think about security is just as important as what you know about security.

In this interactive session I will present the approach that I frequently use to thinking about and communicate ideas about security testing based on Threat Modelling. The focus on Threats has its advantages:

  • Stakeholders understand the concepts of Threats and Risks.
  • We can better frame the testing we are doing and the problems we find.
  • Focuses attentions on specific areas of value and attack vectors rather than blanket coverage approaches.
  • Encourage creativity and avoids tunnel thinking that can stem from a techniques approach.
  • Encourages us to select techniques that fit the test, rather than select tests that fit the techniques.

We’ll cover the basics of Threat Modelling and interactively create a Threat Tree for a portion of a system (no expertise required – honest) and discuss how we might use this to communicate security testing upwards, to stakeholders, and downwards to testers.

We will wrap up the session with a discussion covering your thoughts and experiences of security testing and how we can prepare our teams for this type of work going forward.


Gordon McKeown, TestPlant, “The ideal load testing tool – what would it look like?”
What would the ideal load testing tool look like? Would it be a combination of the best features of existing tools minus their annoyances? If so what features should be included and what annoyances should be removed? Is there something missing from all current tools? What do you want (need) a load testing tool to deliver? What will you want (need) in the future?

Here is your chance not only to get your frustrations off your chest but also to contribute to a constructive discussion rooted in reality and what is possible! We’ll examine automation approaches, scripting versus scriptless, scalability, test resource management, Cloud delivery, SaS versus installable tools, licensing and anything else that emerges during the session.

Stefan Zivanovic, Breaking Through the Barriers, "Agile Technical Testing - Reality or Myth"
The session will look at trying to define what we mean by technical testing, then look at the often quoted reasons why some aspects seem to be difficult for Agile teams and finally work through some possible solutions. The aim of the session is to investigate the experiences of the attendees and look at how these could be applied.