Transcript Document

Testing for the web and some other stuff
A BIT ABOUT ME
• Jonathan
• Director at Ocellics Software Solutions
• Studied at UCT and have a Honours in Information Systems
• Been working as a software dev for 8 years now with the last
year as a director at Ocellics
• Software fanatic:
• Love solving business problems with elegant software solutions
• Constantly pushing myself to stay at the latest and greatest when it
comes to software techniques and technology
TODAY’S TOPIC
• Talk about my experience over last 8 years in becoming a
professional developer
• Testing for the web
• Resource recommendations that greatly helped my career
WHERE I’VE WORKED
• Start-up company called PushPlay
• RisCura financial risk consultants
• Based in Claremont, office in JHB, Namibia and London
• Ocellics Software Solutions
• Based in Claremont, clients all over the country
WHAT I DO AND DON’T KNOW
• DO
• Enterprise level architecture
•
•
•
•
•
Windows applications
Windows services
APIs
Web Applications
…all talking to each other across network and external servers over the net
• Robust and scalable software
• Don’t
• How to make PowerPoint do what I want
• I did not do ComSci
MY BIBLE AND HYMNAL
MY 3 KEY CODING RULES
• TDD
• Polymorphism
• Dependency injection
TESTING
• TDD
• BDD
• Acceptance testing
• Automated UI testing
• Load testing
• Web penetration testing
TDD
• Bread and butter stuff
• It’s more than just testing that your code works
•
•
•
•
•
Better architecture
Makes changes easier as it removes uncertainty and fear
Speeds up development dramatically
Faking allows for isolation of code (SOLID principles)
We use Moq framework for Faking (Mocking)
• The difference between a software professional and a person
that writes code
TDD cont.
• Write your test first
• Run the test and see it fail
• Write just enough production code to pass that test
• Rinse and repeat
• At RisCura we had over 2500 unit tests
• Ocellics EDM has over 600 and it’s only a year old
TDD ON THE WEB: CLIENT SIDE
• The rules are the same
• Tools for testing Javascript that we use:
• Mocha - framework
• Sinon – fakes, or rather spies as they are called in JS
• Others:
• Jasmine
• And Jasmine Spies
• QUnit
BDD
• The concept is that of an automated test that solves a Use
Case
• Gherkin and SpecFlow:
ACCEPTANCE TESTING
• Testlodge:
AUTOMATED TESTING
• Tools
•
•
•
•
Selenium
CodedUI
WatiN
…and many more
• Works well for bigger teams with mature software applications
where the UI does not change regularly
• We focus on TDD and keeping the UI layer as thin as possible
LOAD AND PENETRATION TESTING
• Visual Studio has built in tools for load testing
• Other tools on the market if you do some googling…
• Some top web security risks
•
•
•
•
Injection
Broken Authentication and Session Management
Cross-Site Scripting (XSS)
…full course on the rest listed in resources slide
• Incredibly critical within the finance industry
• Some of our clients request 3rd party penetration testing
WHAT DOES OCELLICS DO?
• We use the latest tech on the Microsoft stack
• All the groovy stuff like Entity Framework code first, Web API,
MVC, Jquery, Angular etc…
• Unit tests
WHAT DOES OCELLICS DO? Cont.
• We are focused in the financial industry
• We build tactical solutions for clients that help with decision
making. We spin off products when the opportunity arises.
• Data storage solutions with data provision
• Data focused, algorithms, reporting and charting
ADVICE FOR GRADUATES
• Focus on learning
• Find a company that has a culture that cultivates learning and knowledge
share
• I have interviewed many people with great salaries but lack real programming
experience
• Be careful of big companies – don’t get stuck doing the same thing for 10 years
• Golden hand-cuffs
• Use your free time wisely
• Work on pet projects
• Use resources like Pluralsight
• Know your worth in the market
• Prove yourself first, it makes negotiation much easier
• Make yourself indispensable through great, clean and robust code
• Don’t blackmail a company with poor, buggy and unstable code
RECOMMENDED RESOURCES
• Clean Code and Clean Coder
• Pluralsight
• http://www.pluralsight.com/courses/web-security-owasp-top10-bigpicture
• http://www.pluralsight.com/courses/codedui-testing-web-applications
• http://www.pluralsight.com/courses/test-first-development-1
• http://www.pluralsight.com/courses/automated-acceptance-testingspecflow-gherkin
• …and plenty, plenty more…
GET IN TOUCH
• [email protected]
• We’re always looking for more nerds
• Drop us an email with a motivational letter and your CV
• [email protected]