Бондаренко Игорь Игоревич
Specialized on Security and non functional testing.
Without testing or QA resources from the bench
Time to time, managers are faced with the tasks of developing internal
projects, most cases it is the same large project as the external or
outsourcing project, but it is realized completely by the dev and QA
resources who are currently on the bench, or not involved in the
The main feature of such a project in the absence of personal
responsibility for the results. With such approach to development, the
internal quality of the project, as well as the functional testing of
the product, always suffer.
In my topic, I will talk about how to organize the development and
testing process on such a project on the example of successfully
implemented internal projects in our company.
Business oriented testing in eCommerce
Currently, the dynamics of sales through the Internet is growing, and the number of sites for online trading is also growing, which raises the demand for testing eCommerce platforms.
The peculiarity of eCommerce projects is that the development is always conducted with an eye on the business and in my speech I will talk about the main features of testing eCommerce projects from the business point of view. I will talk about:
- What the customer expects from testing
- Why test cases are of little use on such projects and how to work without them
- How to organize load and perfomance testing and what customer really expect from it
- How to test payments
- The importance of conducting A \ B and multivariate testing
- Intagration testing
Most common problems of QA courses, or why the courses prepare bad specialists.
In this report, I want to talk about the problems, I've encountered trying to find junior specialist, completed a variety of courses on testing. It's about the typical tasks that teach future testers look at why these problems do not bring added value and is often simply harmful.
We will discuss following questions:
- As in the pursuit of big money courses crushed into several parts, giving the material a really useful only in the latter part of training
- Senseless and haphazard test applications
- For what purpose students are given assignments in the style of "Find at least 40 bugs"
- How does the process of training trainers detachment from work on real projects
In the second part of his report, I want to give a several advices for all junior professionals: what to read, whether it is necessary to go on courses, and how to choose courses correctly.
Mobile applications security. First steps.
In this speach I'll show the basics rules of mobile applications security testing.
First of all, I will show most common vulnerabilities included in the list of OWASP Top 10 Mobile. Then we will focus on the typical vulnerabilities of applications, and how to prevent their occurrence in the early stages of development.
At the final I will show a checklist , which will help the tester to check the safety of mobile applications.
Blind SQL injections or "Are your tests good enough"
At present more and more projects are reviewed for safety criteria, but how good are your tests?
In this report I will discuss the detection of the blind SQL injection. In particular, will be considered the following issues:
- Types of vulnerabilities
- Universal detection techniques
- Software methods for detecting these vulnerabilities