2020-04-11 Geb and Spock Workshop 75 Meeting notes

Location: Zoom Meeting from 10 AM to 1 PM.

Discussion:
-   Automated scripting to create a micro-service that adds https certificate (in DevOps).
-   Implement tests other than Geb and Spock, for example Cucumber, Rest Assured API testing.
-   “SUT” (System Under Test) to ensure the system is being tested for correct operation.
-   “BRE” (Business Rules Engine) a software system that executes one or more business rules in a run-time production environment.
    -   Drools
-   Create conditions to check the health of the system: ping the server, API/Service mechanism check.
-   Tn.health
       For srv in jiraweb jira.web…
       $(curl -s ${srv}.technologynursery.org /status/ sed - e “s/^.running.$/up/” -e “s/Passed.*/up/”;
       done alias tssgtech.go ‘cd ~/Projects/TSSG/tssgtech; git status
-   Skunk Works: a group within an organization given a high degree of autonomy and unhampered by bureaucracy, working on an advanced project.
-   Docker registry - Jitsi server to test 
-   SQNE exploits meetup link to zoom, should we do the same? Create Registration Form: name, city, state, validate email?
-   Test Plan

Test Plan: (detailed)
1. Scope SDLC (Systems Development Life Cycle) 
   (IEEE QA Plan is typically waterfall as well)
2. JIRA Epic - spans Sprints
   2.1 Story - work that meets Definition of Done (DoD) within a Sprint
3. Requirements: JIRA Stories
4. What types of testing?
   4.1  Automation Testing
   4.2  Manual Testing
   4.3  Smoke Testing
        4.3.1 Keep alive
        4.3.2 Daily quick testing that validates fundamentals
        4.3.3 Examples:
             4.3.3.1 Health Check
             4.3.3.2 Happy Path
             4.3.3.3 Ping, Curl
   4.4  System Testing
   4.5  Black Box testing
   4.6  Grey Box testing
   4.7  White Box testing
   4.8  Functional Testing
   4.9  Unit Testing
   4.10 Integration Test
        4.10.1 Micro-services interaction
               - Parent
               - Child
        4.10.2 Source Code integrates (merges) into other branches (eg. Master Branch) 
        4.10.3 Subsystem integration (with each other)
  4.11  Software Release Train (distinct series of versioned software releases released as a number of different “trains” on a regular schedule).
  4.12  Penetration (Security) Testing (also known as pen test is commonly used to augment a WAF(Web Application Firewall).
        - Imperva.com
        - “Kali Linux” run in docker container
        - Ethical Hacking
        - Be careful using as proxy and leaving it on
        - “OWOSP Foundation” ZED Attack Proxy
        - “Let Me Lint: Fix That For You”
        - Google Recent CVE “Common Vulnerabilities and Exposures”
          <https://cve.mitre.org/>
        - APT (Adaptive Persistent Threat) names Hackers
        TOOLS:
        4.12.1 Metasploit <https://www.rapid7.com/products/metasploit/?utm_source=google&utm_medium=cpc&utm_term=&utm_content=410256168184&utm_campaign=brand-golden-keywords&CS=google&gclid=CjwKCAjw1cX0BRBmEiwAy9tKHp2ZXQQNT5dX7YAgOEfCIjmymEwSE4ZeuHg2lKWMuvIN-eqZy5IZ5hoCFsYQAvD_BwE>
        4.12.2 Google Recent CVE “Common Vulnerabilities and Exposures”
          <https://cve.mitre.org/>
        4.12.3 CISA - Cyber Infrastructure <https://www.us-cert.gov/>
  4.13  Left-Shift testing (prevent defects early in the development cycle) 
        - BMC(.com)BLOGS
        - “The Test Pyramid”
        - “Succeeding with Agile” coding review Shift-Left 
        - Write tests for every class in java code
        - More Unit Tests than anything else, UI or Service tests.
  4.14  Performance test
        4.14.1 Performance Baseline/Models
        4.14.2 Load Testing
        4.14.3 Availability Testing
        4.14.4 Scalability Testing
        4.14.5 JMeter
5. What tools will be used?
        5.1 Testing Framework
        5.2 Deployment Mechanism
        5.3 Running Test Automation
        5.4 Test Reporting