TesterCity

A place where software quality lives

OWASP Top 10 2017 RC2 Final has been published

A second release candidate for the list of Most Critical types of vulnerabilities/risks for Web Apps by version of OWASP, has been published recently on their GitHub space.

There was significant changes since the previous OWASP Top 10 2013 list: some threats are not so actual these days, but another ones arose (such as XML External Entity (XXE), Insecure Deserealization, and Insufficient Logging & Monitoring).

The RC2 has Final postfix in its name meaning the document is ready to review and investigation.

Read the rest of this entry »

Kali Linux 2017.2 Release

A state-of-art Linux build for all those who interested in security testing has been upgraded. For more details, including what’s new and upgrade instructions please proceed the link https://www.kali.org/news/kali-linux-2017-2-release/

Announce for OnlineTestConf Spring 2017

Yet another interesting free online conference is upcoming! Here is some details about. It’s 2 day online-only conf which has some of the topics to discuss. You may overview the schedule at the following page: http://www.onlinetestconf.com/program/ It’s worthwhile to make some list of the classes you want to visit, so not hang on whilst boring ones is going on.

Some of the topics I’m going to visit:

  • 101 For Building The Right Mobile Test Lab For Your Business
  • Contributing to GitHub is for Everyone
  • Opening Keynote: Testing and AI
  • Crowd Testing Magic
  • Testing Challenges in the Highly Interconnected World of IOT

Event Time: Tue, June 13 (10:00am–3:00pm) and Wed, June 14 (10:00am–3:00pm).
Times presented are in (EDT) Eastern US timezone.
Event Registration: Free. Use this link to register

Announce for online StarEast Virtual Conf 2017

STAREAST Virtual conference on software testing and QA will be streaming live on Wednesday, May 10 and Thursday, May 11 straight to your computer or mobile device from the live event in Orlando, Florida.

Your virtual conference registration is completely free and streams keynote presentations, live interviews, and industry technical presentations, so you’ll get a taste of what it’s like at the actual event. Plus, you can learn about top industry testing solutions all from the comfort of your home or office. See full schedule here.

Event Time: Wed, May 10 (8:30am–5:30pm ET) and Thur, May 11 (8:30am–5:30pm ET)
Event Registration: Free. Use this link to register

Announce for «Testing Connected Devices for the Internet of Things»

Broadcast Date: Thursday, February 16, 2017, 2:00 p.m. Eastern
Registration Link: here

The Internet of Things (IoT) and its connected devices are quickly influencing our daily lives. Although consumer goods have received the most publicity, another fast-emerging area is the use of IoT technologies in manufacturing.

Whether for the consumer or the industrial sector, testing embedded and connected devices for the IoT comes with different concerns from traditional software testing. Using industrial IoT as an example, this web seminar will detail the top three software challenges IoT developers and testers face—managing security and vulnerabilities, privacy and regulations, and eliminating silos while maintaining quality—and explore the best practices for addressing them.

Anyone involved in the software development or testing of connected devices will benefit from this web seminar. You will learn:

  • How to effectively manage and maintain an ongoing security assessment for your products
  • How to navigate existing and future connectivity regulations and privacy
  • What software testing tools and processes provide the biggest impact

Latest webinars this year

December is a great time to threat yourself and get familiar with something new or to refine existing skills. Find below list of upcoming online events, I believe most of them worth to attend.

  • Secure Software Requires the Right Tools. Synopsys cybersecurity expert Jonathan Khudsen will tell about classes of tools work best for locating vulnerabilities and how to use them in the context of product development.  Date and time: 13.12.2016, 2:00 PM ET. Free, registration required.
  • The Future of Test Automation: Leading Experts Share Their Vision for 2017. Test Automation gurus Dave Haeffner, Jim Evans, Simon Stewart and Brian Jordan, about to ​discuss emerging trends, skills, and best practices that will shape your testing environment during 2017. English language. Date and time: 15.12.2016, 10:00-11:00 AM PST. As usual, event is free but registration required.
  • HP invites to discover a HPE User Behavior Analytics, some kind of enterprise DLP (data leak prevention) system with fraud-assessment abilities. Russian language. Date and time: 16.12.2016, 11:00-12:30 (MSK). Free, but registration requried.

Announce for SEI Webinar: From Secure Coding to Secure Software

sei-webinar-20160808_580px

Systems exploits, intrusions, and stolen data are more prevalent than ever. It seems there are daily headlines related to system security and privacy. Many, if not most, of these incidents could have been prevented with more secure coding practices. Software and systems are more connected than ever, often in ways that were not originally designed leading to unforeseen and unprotected attack vectors.

The CERT Secure Coding Standards are lists of rules and recommendations for developing secure software. In this webinar, we will discuss how you can improve your organization’s secure coding capabilities. We will discuss how to improve your workforce, processes, and tools to develop and verify the security of your software before it is deployed. We will also explain how the CERT Secure Coding Standards can help and how you can adopt them through training, tools, and process improvements.

Date: August 17, 2016
Time: 1:30-2:30 pm ET
Cost:  Free (prior registration is required)

Announce for ‘Advanced Test Automation Techniques for Responsive Apps and Sites’

e711eb50-d15af060-app-logo-subtitle-white-200-50-var2Struggling with coding automated tests for your responsive web-app, full of asynchronous JS, yet on various types of devices, ha? Then it worth to join and visit this free webinar.

This session is organised by Applitools, you will learn how to:

  • Implement generic tests that work for all the layouts of your app
  • Control browser’s viewport size to accurately target layout transition points
  • Incorporate layout-specific assertions in your tests
  • Effectively design responsive page objects
  • Visually validate the correctness of your app’s layout

Yet the organizers follow with advanced session, where they going to implement a complete Selenium-based automated test for a popular responsive website from scratch.

Date: Tuesday, July 26
Time: 10 am PDT / 1 pm EDT / 5 pm GMT
Duration: 1 hour

Announce for ‘How to Deliver Robust and Secure Software’ webinar

17-02-2016_HowToDeliverRobustAndSecureSoftware

Creating software is easy—anyone can do it. But creating secure, robust software with high quality is extremely challenging.

The short game of software development is all about bringing functionality to market as quickly as possible. In the long game, it’s your delivery process that ensures software is created with low risk and high quality.

Join this web seminar to learn how to implement a robust, secure software delivery process that ensures effective management of the supply chain, license compliance, management of known and unknown vulnerabilities, and reduced risk for both developers and consumers of software.

You’ll learn how to:

  • Examine the short-term and long-term drivers of software development
  • Understand the risks involved in the assembly and use of software
  • Appreciate how better processes helps minimize risk for software creators and consumers
  • Evaluate the available tools for minimizing the risks of creating and consuming software

Event Date: Wednesday, February 17, 2016
Event Time: 2:00 p.m. ET/11:00 a.m. PT
Event Registration: Free. Use this link to register

KazanQAComm: Встреча тестировщиков в Казани

Казанское сообщество тестировщиков после долгого перерыва вновь возобновляет встречи для обмена опытом и знаниями.

Следующая встреча состоится 15 декабря в 19:30 по адресу: Петербургская дом 50, корпус 5, Бизнес-парк «Идея», 4 этаж, офис SmartHead

Темой встречи будет два доклада:
1. Введение в управление рисками и зачем это надо «неменеджерам». Игорь Зильберг.
2. Автоматизация тестирования верстки методом сравнения с эталоном. Эмиль Хуснетдинов.