donderdag 11 december 2014

Back in business: Software testing, information security and computer forensics

The last 2 months I was very busy with a lot of things except blogging on this site:
I founded a new social network about the behaviour of birds and together with SocialQuant, a company founded by my friend Dr. Morten Middelfart, we increased the online social Twitter-traffic for TestingSaaS and BirdBehaviour. Lots of fun and a lot tested and learned.

But, it started to itch again and after following an event organized by Testnet yesterday I was in the blogging mood again.
Why?
Well, the event was about information security and privacy.
Although the things said were not new to me I realized information security (infosec) and computer forensics depend on each other.
With infosec you want to defend information from wrongful behaviour by a third party.
This can be criminal behaviour, for which the evidence can be pertained by computer forenics specialists to use in legal court.
Yesterday, the first speaker from EMCS IT Services was saying government organizations were exploring the internet for criminal cyberbehaviour, but he did not say the evidence found for this has to be secured for forensic investigation. Finding the evidence is one thing, securing it and reporting it is something else.
To learn more about this, just have a look at Eforensics Magazine .
It's the same with software testing, bugs in the code and flaws in the documentation can be found, but this work is not effective without a sound description and report.
That's why I like software testing, information security and computer forensics.
It's all about interdisciplinary (functional, technical and legal) analysis and the way to visualize it in a report.
You can say that you found a bug, breach or forensic proof, but without a good report (with argumentation to back it) do not expect a pat on the back.

dinsdag 29 juli 2014

using forensics for mobile testing

In May 2014 I started a new job as the QA engineer at Onegini.

It is a software company, which develops access management solutions for online services for insurance companies, webshops and financial businesses
Who is familiar with my social network TestingSaaS will not be surprised hearing this, because of my fascination with online authentication.
One of the many challenges I now have is to develop a testing approach for their mobile solution.
That involves developing a test strategy, knowledge training, test automation and tool/device training.
The hardest part here is the knowledge and tool training.
Mind you, the company uses the agile methodology and that means every two weeks a delivery of workable software. No time for on-the-job reading.
Fortunately, another hobby of mine (yeah, I see software testing as a paid hobby :) ), computer forensics (not paid yet :) ), provides me the knowledge necessary to be able to test the mobile application.
Both for software testing and computer forensics (read mobile forensics) you need analytical skills to know what you have to analyse. For software testing this is identifying, analysing and documenting bugs and for computer forensics it is identifying, preserving, recovering, analysing and presenting facts and opinions about the digital information.
Both disciplines require a sound understanding of the object under analysis.
For a couple of years now I write for the online magazine Eforensics Magazine ,where I use my testing skills to study forensics software. A great way to learn forensics and practise my software testing skills.
Eforensics Magazine also has special issues on Mobile Forensics, with a load of reading material on forensics and mobile operating systems.
I am not a die hard programmer, but a forensics enthusiast, so Eforensics Magazine is my prime supplier of enough material to enhance my knowledge on mobile operating systems to test the Onegini solutions optimally.

Android, Blackberry, Apple, Windows Phone, it's a jungle out there, but I am ready to explore!

donderdag 13 februari 2014

Made in Japan: Homomorphic encryption biometrics style!

The last weeks I am blogging, writing articles and social networking about homomorphic encryption.
This all started when reading the news Fujitsu Labs Ltd. wants to implement a DNA read- and processtechnology using homomorphic encryption where encrypted genetic data can be read without decrypting it.
Great news for a software tester with a bioinformatics background and privacy at heart!

Fujitsu Labs claims it can ensure privacy by encrypting the query , the data and the searchresults, so a possible third party (read pharmaceutical company etc.) can't see to which person the DNA data belongs to.
But, homomorphic encryption is a slow process, how does Fujitsu cope with this?
They have 2 solutions:
The first is that the searches are in batchmode (16K per second) and second is that the search already starts when encrypting the data.
Cool stuff, but still questions pop up in my mind: is the encryption undecryptable for hackers, is the performance really 16K strings per second (performance tes(t!)), are the search results correct and can the data be tampered with with for instance Man in the Middle Attacks?
Questions I like to see answered and I wait until more news emerges.
Implementation is set in 2015. Let's see what happens and how the competition will deal with this.

Feedback is very welcome by responding to this blog, through Tweeting to @TestingSaaS or through the TestingSaaS Facebook-page.

dinsdag 4 februari 2014

2014, year of encryption?



According to Unisys, 2014 will be the year of encryption.
Quite logical, regarding the protection of personal data needed after all those hacks the past years. Encrypting this data is not a bad option, but it has its drawbacks.
How can I search in encrypted data?
Is decrypting the data not necessary then? But this costs computer power and time diminishing the search efficiency. Is there a solution?
A possibility is homomorphic encryption, which is an encryption issue to tackle at different universities and companies like MIT, IBM, Fujitsu and Microsoft. What is it then? In cryptography, encryption is the process of encoding messages (or information) in such a way that only authorized parties can read it. With homomorphic encryption, encrypted data could be processed without decrypting it first. This makes it ideal for Cloud applications, enabling vendors to process encrypted personal data without decryption, ensuring privacy of the data owner. This would be great in the financial and medical sector. One disadvantage, homomorphic encryption is a slow process. Full encryption is still practically impossible, but partially there are possibilities.
Which ones are part of the next blogposts. This tester's adventure in encryption continues!


PS:
This blogpost is also posted in the Dutch online magazine for IT-professionals Computable:

Versleutelde data-verwerking in de cloud


dinsdag 7 januari 2014

New year, new softwaretesting adventures



It’s 2014, a new year!
What is it going to be?
Well, it’s predecessor, 2013, was awesome.
A new job at Eyefreight, a new journal to write for (eForensics Magazine) and expanding the TestingSaaS network through a conference in Denmark (Thank you Targit and Dr. Morton ). Not to mention the personal things that happened, which deeply broadened my life.
Strangely enough, this was all NOT planned, I just went with the flow.
And that’s exactly what I am going to continue in the coming year.

Believing the expectations of different visionaries it will be the year of Internet of Things, mobile, big data,  privacy and consumerization.
Regarding my blogs, tweets and articles this could be a continuation of 2013, but 2013 also gave me inspiration for testing computer forensics applications, which could be very well combined with big data and privacy. This will certainly continue in 2014.
Next to this, I should also make some time for helping the UMA-WG wih their interoperability tests, maybe even with some implementors?
By the way, these possible future efforts will be done in my free time.
My daily job will still be softwaretesting at Eyefreight where every day is a new fun(!) day with lots of challenges ranging from testing new applications, reviewing new documentation (it is promised) or devising new test strategies for regression (test automation) ,  load- and security testing. And maybe some international adventures, you never know.

Who dares wins!










donderdag 3 oktober 2013

Roaring with the Vikings


I plan to go every year on an adventure combined with a IT conference.
In 2010 I went to Belgium for EEMA and Colorado for the Cloud Identity Summit.
 2011 was the time for the Internet Identity WorkShop in San Francisco and Silicon Valley.
2012 was a year without conferences, but my trip to the Panama Canal got me interested in logistics.
And voila where do I work in 2013: Eyefreight, a kick-ass transport management software company with big multinational customers.
But that does not mean 2013 is only logistics for me.
Nope, this year Big Data caught my attention. And when looking for other enthusiasts I got in contact with a Danish daredevil named Morten Middelfart.
He is CTO of Targit, also a kick-ass company, specialized in business Intelligence solutions.

And when I heard they were giving a conference  in Copenhagen in September I knew it was time again to pack my bags: Four days Copenhagen: three days sightseeing and one day conference, mixing business with pleasure, Viking style!

And it did not disappoint me: Copenhagen is a vibrant capitol, with great history and amazing buildings.
The Conference was a combination of showing the new target product: the Targit 2013 Decision suite (link) and the new trends in IT like big data and analytics.
In the morning it started with some great keynotes (guarded by Lenny the Lion) and in the afternoon it was time for the parallel sessions where visitors could listen to people of their interest.
Oh, and did I tell you the King of KPIs, David Parmenter was invited as a keynote speaker?
By demystifying KPI he taught me valuable lessons in Business Performance, and all just in a few hours. Well, his books and recommendations are now on my wishlist and I am eager to see if I can use it in my daily work. 
The other parallel presentations taught me a lot about Social Analytics, airport logistics and the target products, valuable insights!

Then a few hours off (except for a lucky lady who went for a skydive with Morten).
Seven o'clock it was time for drinks and a good dinnerbuffet where the King of KPI entertained us with a story about Shackleton who did not succeed in reaching his goal but still learned us an important leadership lesson.
The evening ended with Kate Perry ‘roaring’her latest song , a recording of the skydive and a breathtaking show by the Copenhagen Drummers.

And then when I thought it was all over my friend Morten came to me and he said he had to do something he promised me some time ago: drinking a beer together. 
So, it was a good day Dr. Morten and I met new friends and new opportunities are in the horizon.
Thanks for giving me the opportunity to roar with the Vikings: AWESOME!!!





zaterdag 25 mei 2013

when exploring the cloud brings you to a new employer

In the beginning of 2013 it became clear to me I needed a change.
For almost five years I was in the contract business doing challenging projects for my employer.
But something nagged.
I noticed most projects were in finance and I knew there was more to test, especially in the cloud.
And I wanted to work for a company which was developing for interesting clients in the cloud.
So, I started to go walkabout.
My goal was to find a suitable project in 3 months or less.
Man, if I knew what I was getting myself into.
In 3 months time I saw more companies and organisations then in all my testing career.
Names I won't tell, but let me say this, every big player in finance, e-commerce, navigation, government, insurances etc etc got a call or letter from me.
A lot of telephone calls, emails and invites followed.
At the end of april I struck gold, and in an area which was known to me, but I never imagined to start working for in the cloud: a company in transport management software (see my personal details for more :) ).
Well, and it's completely out of my comfort zone finance.
I need all my knowledge on software testing, test automation, ERP, cloud and review techniques.
And not for only 1 client like I had in my previous projects. Nope, for more than 5, and these are still encounting, I love it.
It's gonna be a hot summer with new stuff to see and learn.
New areas to spread the softwaretesting word., all in the name of quality.

Stay tuned for updates, they certainly will come...