Transcript Document
Testing for the web and some other stuff A BIT ABOUT ME • Jonathan • Director at Ocellics Software Solutions • Studied at UCT and have a Honours in Information Systems • Been working as a software dev for 8 years now with the last year as a director at Ocellics • Software fanatic: • Love solving business problems with elegant software solutions • Constantly pushing myself to stay at the latest and greatest when it comes to software techniques and technology TODAY’S TOPIC • Talk about my experience over last 8 years in becoming a professional developer • Testing for the web • Resource recommendations that greatly helped my career WHERE I’VE WORKED • Start-up company called PushPlay • RisCura financial risk consultants • Based in Claremont, office in JHB, Namibia and London • Ocellics Software Solutions • Based in Claremont, clients all over the country WHAT I DO AND DON’T KNOW • DO • Enterprise level architecture • • • • • Windows applications Windows services APIs Web Applications …all talking to each other across network and external servers over the net • Robust and scalable software • Don’t • How to make PowerPoint do what I want • I did not do ComSci MY BIBLE AND HYMNAL MY 3 KEY CODING RULES • TDD • Polymorphism • Dependency injection TESTING • TDD • BDD • Acceptance testing • Automated UI testing • Load testing • Web penetration testing TDD • Bread and butter stuff • It’s more than just testing that your code works • • • • • Better architecture Makes changes easier as it removes uncertainty and fear Speeds up development dramatically Faking allows for isolation of code (SOLID principles) We use Moq framework for Faking (Mocking) • The difference between a software professional and a person that writes code TDD cont. • Write your test first • Run the test and see it fail • Write just enough production code to pass that test • Rinse and repeat • At RisCura we had over 2500 unit tests • Ocellics EDM has over 600 and it’s only a year old TDD ON THE WEB: CLIENT SIDE • The rules are the same • Tools for testing Javascript that we use: • Mocha - framework • Sinon – fakes, or rather spies as they are called in JS • Others: • Jasmine • And Jasmine Spies • QUnit BDD • The concept is that of an automated test that solves a Use Case • Gherkin and SpecFlow: ACCEPTANCE TESTING • Testlodge: AUTOMATED TESTING • Tools • • • • Selenium CodedUI WatiN …and many more • Works well for bigger teams with mature software applications where the UI does not change regularly • We focus on TDD and keeping the UI layer as thin as possible LOAD AND PENETRATION TESTING • Visual Studio has built in tools for load testing • Other tools on the market if you do some googling… • Some top web security risks • • • • Injection Broken Authentication and Session Management Cross-Site Scripting (XSS) …full course on the rest listed in resources slide • Incredibly critical within the finance industry • Some of our clients request 3rd party penetration testing WHAT DOES OCELLICS DO? • We use the latest tech on the Microsoft stack • All the groovy stuff like Entity Framework code first, Web API, MVC, Jquery, Angular etc… • Unit tests WHAT DOES OCELLICS DO? Cont. • We are focused in the financial industry • We build tactical solutions for clients that help with decision making. We spin off products when the opportunity arises. • Data storage solutions with data provision • Data focused, algorithms, reporting and charting ADVICE FOR GRADUATES • Focus on learning • Find a company that has a culture that cultivates learning and knowledge share • I have interviewed many people with great salaries but lack real programming experience • Be careful of big companies – don’t get stuck doing the same thing for 10 years • Golden hand-cuffs • Use your free time wisely • Work on pet projects • Use resources like Pluralsight • Know your worth in the market • Prove yourself first, it makes negotiation much easier • Make yourself indispensable through great, clean and robust code • Don’t blackmail a company with poor, buggy and unstable code RECOMMENDED RESOURCES • Clean Code and Clean Coder • Pluralsight • http://www.pluralsight.com/courses/web-security-owasp-top10-bigpicture • http://www.pluralsight.com/courses/codedui-testing-web-applications • http://www.pluralsight.com/courses/test-first-development-1 • http://www.pluralsight.com/courses/automated-acceptance-testingspecflow-gherkin • …and plenty, plenty more… GET IN TOUCH • [email protected] • We’re always looking for more nerds • Drop us an email with a motivational letter and your CV • [email protected]