Tag Archives: testing

Get Started with Free Service Virtualization

Free service virtualization, sounds great! Whenever you hear free, should get nervous, I know that I do. After I wrote this title I looked at it and immediately hated it. But here’s the thing – at my day job at Parasoft we’ve just taken one of our really great products, Parasoft Virtualize, and made a free “community edition” version of it.

So who needs this and why should you care about it? Well software applications have gotten a lot more complex in the last decade. Time was you had a simple monolithic desktop application and that’s all you had to worry about. Some of them had a little connectivity, like to a database or maybe simple external dependencies, but mostly they stood on their own. Today’s “applications” look more like systems or even systems-of-systems. It’s not uncommon to have a relatively small core application but surrounded by a plethora of dependencies like databases, cloud APIs to provide data, shipping services, payment services and even connections to physical devices in the real world – the Internet of Things or IoT.

That’s where the “service virtualization” technology comes in. I know, I know, it’s a horrible name and it’s already caused you to think it’s something other than what it is. Nothing I can do about it, that name is in use by the analysts and I have no control over it. I think of it more like “communication emulation” in that it emulates the communication. Think of it this way, instead of APIs linked into an application as part of the compilation processed, we now have services that are accessed live dynamically – meaning we talk to them and they talk to us. Even in the IoT world of SmartHome or SmartFactory or SmartCity it’s all about pieces talking to each other. This gives as remote info, remote control, and even some degree of autonomous decision making – like the NEST thermostat. Initially I used the app to control the thermostat to my liking, now it just figures out what I was doing and mostly does it for me.

Testing these kinds of systems is a huge pain. You need a test lab that has one of everything you’re connecting to. If you’re updating some of them, then you need a lab with the old one AND the new one – like a new version of Oracle or MySQL. Setting up the lab costs time and money, and then I have to fight with other teams to use it. Service Virtualization let’s me make fake (virtual) versions of the things I depend on, and then use them to test instead of needing the real thing.

This not only makes it faster/easier/cheaper to test, but it frees IT to do other important things. Plus I can make these virtual things behave how I want them to – if I want them to flood the network, they will. If I want them to be fast or slow to respond, I can do that. If I want one of them to be a bad actor and pretend it’s been compromised, no problem. My testing will be more thorough in addition to easier.

Once you realize that service virtualization technology is for you, the next step is to choose a tool. Lot’s of people instantly go check open-source, because of course it “doesn’t cost anything”. I’ve done a pretty thorough check of all open-source SV tools and at the moment they’re only really useful if your whole world is centered in http/https. Even then there are lots of other features like using a UI to create, manage, and deploy the virtual assets. So now that Parasoft created a free version, why not see what commerical software offers you? You can download it here.

Try it, you’ll like it.

Parasoft Rides the Testing Wave

Those of you who follow me regularly know that I generally like to keep things vendor neutral. As my bio shows I’ve been working at Parasoft since 1992 on software development and testing tools. From time to time we do some pretty cool stuff and/or get some recognition that I think would be interesting for you to know about and frankly I’m proud of what we do.

Recently Parasoft participated in the Forrester Wave for Modern Application Functional Test Automation Tools and we did very well. I spend a lot of my time focusing (and harping) on very codecentric tools and ideas, but our functional test solution is really second to none. It was great to see recognition for that. Forrester Research said:

“Parasoft has the strongest continuous testing product offering, with a long list of mature features in UI automation and comprehensive functional API testing automation and rich integrations with third-party CI/CD pipeline tools … These features plus the solution’s performance and service virtualization tools make it stand out. Parasoft’s solution also stood out in our assessment of maintenance, reuse, and reporting analytics.”

The truth is that functional testing is a tedious pain and sometimes tools in this area are worse than the alternative. Open source tools in the space tend to focus on a few very narrow topics and lack basic user-friendly functions like a graphical UI. The tools from the “big boys” are not only expensive but in the end way too complicated to setup and use. We’ve managed to make something that is highly automated, easy-to-use, and rich in features. The trifecta of software testing. 😉

To get a copy of the report click here and if you haven’t seen these tools yet, you should check them out.

Internet of Things (IoT) Hall-of-Shame

A collage of various devices that not only can be hacked, but already have been.
A collage of various devices that not only can be hacked, but already have been.
As I’ve said before, the “Internet of Things” aka IoT has become the internet of hacks. More and more devices are being internet enabled, but security on the devices isn’t keeping up. Some vulnerabilities are difficult, but many of those that have been in the news seem to have been more from either lack of training or simply not prioritizing software security.

In the grand tradition of my SQLi Hall-of-Shame, I’ve decided to start creating a list of IoT hacks that have hit the press. The list is small but will surely grow. Please let me know if you’re aware of publicized hacks on IoT devices. If this doesn’t scare you then you’re not thinking about it enough. You should be running screaming to empty your bank account, buy an old pre-70s car, and smash your phones, thermostats, and other electronic devices.

I know the answer to this isn’t easy, but I’m hoping that at least you’ll spend more time thinking about it than you have. So take a look, and let me know in the comments, twitter, email, etc. when you hear about new ones I haven’t covered. You can view it at the IoT Hall-of-Shame.

IoT Security Resources

Embedded Systems Security: Practical Methods for Safe and Secure Software and Systems Development,

Platform Embedded Security Technology Revealed: Safeguarding the Future of Computing with Intel Embedded Security and Management Engine,

Software Test Attacks to Break Mobile and Embedded Devices

C9D9 Discussion about Continuous Testing

For those who missed it, I was part of a fun discussion earlier this week on Continuous Testing and Test Acceleration, hosted by Electric Cloud. Sam Fell over there does this regularly as part of their C9D9 or continuous discussion series.

C9D9 - continuous discussion
C9D9 – continuous discussion

Basically it’s a group of us sitting around chatting about various issues such as how to enough when you’ve got enough testing, or what is the best way to get started.

If you missed it, you can still watch the recording at the Electric Cloud blog

This episode features:

arthurArthur Hicken
Parasoft Evangelist, expert in creating secure, defect-free software via Service Virtualization, Cloud/API Testing, and Development Testing.
@CodeCurmudgeon | blog.parasoft.com ; codecurmudgeon.com
floFlorian Motlik
Flo is the CTO and co-founder at Codeship, a hosted continuous delivery service. He’s passionate about immutable infrastructure and helping teams build more productive processes.
@flomotlik | flomotlik.me blog.codeship.com
greggGregg Caines
Software engineer for ClassDojo, an Educational Technology start-up in San Francisco. Gregg is interested in open source software, APIs, craftsmanship and Continuous Delivery.
@GreggCaines | caines.ca
trevorTrevor Parsons
Trevor is the Co-founder & chief scientist at @Logentries, log management & analytics made easy. Irish, software engineer. PhD, @UCDDublin alumnus.
@trevparsons | blog.logentries.com/