News from the Worlds of Software Development and QA – October 2016

Microsoft Teams is the next Slack competitor; How containers is becoming hot item on serverless infrastructures and more news this October!

With the Autumn season in full force and Halloween approaching, it is time to take another look at a few interesting recent news stories from the software development and QA industry. If you want to check out last month’s news digest, simply click on the following link. Hopefully, this month’s digest gives you and your team some inspiration and insight on your own development and testing duties.

Microsoft to release a Slack Competitor

With the Agile and DevOps methodologies requiring software development teams to communicate better with each other as well as business stakeholders, clients, and network engineers, highly functional messaging apps are currently in vogue in the industry. We previously talked about the growth of ChatOps, and Slack is another popular application aimed at fostering collaboration at the enterprise.

Those watchful eyes in Redmond have been taking note of Slack’s popularity, as shown by the recent news Microsoft is planning to release their own competitor to the app. Called Microsoft Teams – it was known as Skype Teams during development – the tool is expected to be available early in November.

In addition to text messaging, users are able to share files, aggregate texts into different channels, as well as embed emojis and other graphics. Integration with Microsoft’s Cloud-based storage service, One Drive is also expected, along with a built-in calendar. In short, these are many of same features provided by Slack.

ChatOps functionality, including integration with Microsoft’s Visual Studio and other third-party development tools, will make Teams more attractive to the software development community.

Docker making the QA Process more Efficient

Docker’s emphasis on container-like structures to hold development and testing environments continues to make aspects of software development and network management more efficient. This growing trend now impacting software testing was noted this month by InfoWorld magazine. The article serves as a primer for QA team leads and development managers hoping to leverage containers to streamline the QA function at their shop.

The author notes the small size of a Docker container enhances their portability, especially when compared to virtual machines. Their simplicity in Cloud deployment makes it easy to perform load testing on a web app or API. He also discusses how Docker facilitates the testing and deployment of individual services in applications using a microservices architecture.

Anyone interested in using Docker as part of their development and QA processes needs to read the full article, as it is filled with great tips and insights on how to implement the tool in QA environments.

Containers revolutionizing the Software Development World

Containers are definitely a hot item in the software development news this month. This week, the Wall Street Journal published an article describing how container infrastructures are ushering in an era of “serverless” computing. Seen by many industry pundits as a maturing of the Cloud services market, serverless computing essentially means an application is hosted within a container at a Cloud-based provider.

“If you’re moving into the next generation of big shifts like [artificial intelligence] and machine learning, the underlying infrastructure that supports that stuff will be serverless,” said the CTO for GE, Chris Drumgoole. One major Cloud provider, Amazon Web Services (AWS), has been offering a serverless product, called Lambda, for nearly two years.

Expect this trend to continue for the foreseeable future, as businesses of all sizes – and the developers building applications for them – strive for more efficiency and a stronger bottom line.

Keep visiting the Betica Blog for these and other insights from the always evolving worlds of software development and QA.

StopLight makes API Development an Easier Process

Modeling applications have assisted programmers in architecting software for years. So it stands to reason the process of API design and development would also benefit from the use of models during the SDLC. StopLight is one such application, offering shops a full visual API modeling suite, including documentation and other useful features.

The best applications used for software development stay out of the way, while making the entire architecting, coding, and testing processes easier. With that said, let’s take a closer look at StopLight to see if it needs to be part of your team’s API tool arsenal

The Need for a Better API Design Tool

Like many other innovative technology products – Ruby on Rails comes to mind – StopLight was developed by software engineers wanting a better tool to make their work easier. Company founder Marc MacLeod commented on how the need for a better API tool led to StopLight’s genesis. “I’m an engineer, and StopLight is the solution to problems I faced repeatedly. Before StopLight, best practices were very manual — with no easy way to document and test APIs in an accessible, collaborative setting. StopLight changes this paradigm,” said MacLeod.

StopLight first became available in February of 2016. The designer tool is free to use for singular developers, while team subscriptions are also available – starting at a monthly rate of $8 per person. At those prices, downloading the application to test drive its features and functionality is a smart call for any API shop. The app is available on the Mac, Windows, and Linux platforms.

StopLight – Features and Functionality

The StopLight application suite includes three main modules. The API Designer is the heart of the tool, providing a way for developers to collaborate on model design leveraging open standards. A documentation module automatically generates API documentation every time the model changes – a boon for public API shops.

Prism Proxy gives developers a way to validate and mock API requests. Users can either install the proxy on a local server, or use StopLight’s Cloud-hosted version for up to 20,000 requests per month. One useful feature provided by Prism Proxy is the ability to reverse engineer an API – simply run traffic through the proxy and StopLight automatically generates end point and model definitions.

An Easy to Use API Design Tool

StopLight’s easy to use API Designer module lets everyone work together on API designs, no matter their level of technical expertise. Even business stakeholders with little to no programming experience are able to use the tool. This is one feature attractive to DevOps and Agile development teams where collaboration and interaction are vital to the success of a project.

Version 2 of StopLight entered a public beta phase in July, with a new module used for testing APIs, including the debugging of HTTP requests. Better collaboration features are also part of the new release. A new pricing model adds flexibility to shops of all sizes.

StopLight is worthy of further exploration for any API development shop. This product continues to garner a lot of buzz in the industry.

Keep coming back to the Betica Blog for additional insights into the world of QA and software development.

A Closer Look to Fuzz Testing

Fuzz Testing remains an important part of any application or system QA process. Sometimes known as “fuzzing,” it is a software testing technique aimed at scrambling any input to an application — file formats, UI devices such as a keyboard and mouse, network protocol data, etc. — in an attempt to break its functionality. It sees wide use in security testing, among other QA scenarios.

We recently talked about Microsoft’s Project Springfield which is a Cloud-based fuzz testing application. No matter the audience for your company’s application development efforts, fuzz testing needs to be part of your QA arsenal. Let’s take a closer look at this vital part of the software testing process.

Breaking an Application’s Inputs

Vetting how an application handles its input — no matter the source — is the primary goal of fuzz testing. Considering the wide use SQL injection techniques in hacking, any program needs to be able to either restrict the kinds of data sent to it or properly recognize and deal with nefarious inputs. Just verifying that an app doesn’t crash isn’t good enough; the security of the entire computing infrastructure hosting a hacked application is at risk.

While primarily used for black-box testing, where invalid data is sent into an application, fuzz testing techniques are also leveraged in white-box testing to truly test how the source code handles faulty input data. It is also leveraged to see how if an app properly deals with any memory issues, including those dreaded crash-causing leaks.

Automation is primarily used for fuzz testing, although QA engineers and developers need to be closely involved in the process. Automated routines are able to combine fuzz and stress testing to great effect. It helps in ensuring proper code coverage, as well as finding bugs not yet defined by a test case. 

Types of Fuzzers

There are two common types of fuzz testing applications, commonly known as fuzzers. Mutation fuzzers take existing input data patterns and modify or “mutate” them to create a variety of test data to vet the application’s inputs. On the other hand, generation fuzzers create the input data from scratch based upon specifications; these are sometimes known as specification-based fuzzers.

Leveraging both types helps ensure the complete testing of any application’s inputs.

Additional Resources on Fuzz Testing

While many existing QA frameworks include some fuzz testing functionality, there are also a variety of commercial and open source projects focused specifically on fuzzing. Of course, Project Springfield from Microsoft warrants another mention, especially if your organization builds Windows or Azure applications. Redmond is actively looking for partners to help spread the world about Springfield.

Defensics from Codenomicon is a commercial suite of security testing applications based on fuzz testing technology. Known for its support for over 270 network protocols, file formats, and interfaces, Defensics promises to be vital part of any QA shop’s test tool arsenal. It was the QA application that discovered the infamous Heartbleed vulnerability in 2014.

Shops interested in an open source fuzzing solution need to check out the Sulley Fuzzing Framework, downloadable on GitHub. This Python-based tool is fully automated and vets input data from network protocols, file formats, and command-line arguments. A tutorial is available on Scribd.

If your team isn’t already fuzzing as part of your QA process, use these resources to learn about the technique to ensure you deliver more secure applications to your customers.

Stay tuned to the Betica Blog for additional dispatches from the worlds of QA and software development.