dinsdag 26 januari 2016

Data science and software testing, it's all about the question


When I started my career in software testing I was a biologist without business experience, but I knew how to crunch data through statistics, python and machine learning.
In the last 11 years software testing was my main profession and still is.
But, more and more companies are into Big Data (as a part of data science) and as a biologist, trained in crunching lots of data (genetics, bioinformatics), I got curious.
Is there a way to combine my knowledge of statistics and crunching big data and software testing in today's business?
Sure there is: a lot of methods (statistics, data mining, web scraping) and programming language (R, python) used in data science can also be used in software testing.
Both software testing and data science are empirical studies trying to answer a specific question. The answer to this question can be derived by using tools or methods.
Mind you, don't let the tool or method determine how the answering process proceeds, let the question be the determinant.
Be open minded! Remember a fool with a tool is just a fool.

Data science and software testing

Data science is not just statistics, it is an interdisciplinary field like bioinformatics, combining mathematics, statistics, computer science, information science etc.
Just like Big Data, it's a buzz word, but a data scientist, according to Coursera, has one goal:

Ask the right questions, manipulate data sets, and create visualizations to communicate results.

Well, that's the same in software testing.
Without the correct question, dataset and visualization (report) a software tester can't inform the stakeholder about the state of quality of the object under test.

Now I know testers have tools like Jira, Microsoft Excel and Selenium to help them.
Why should we know about data science then?
Well, as I said before, a fool with a tool is just a fool.
You maybe know how to use many testtools, but the most important thing a tester does is asking the right questions. This triggers the other stakeholders to answer these and this way possible issues are found.
Data science is all about asking the right questions. It can help the tester with creating the question and deriving the testset, even when the testset has missing data. It also learns the tester how to visualize its findings.
Testtools can also do these things, but, in my opinion, a tester should be able to do it himself.
Knowing data science can help the tester to stay critical. 
There are a lot of data science courses online like Coursera or Udacity.
Try a course, it won't be easy, but that's part of the learning.


Software testers can learn from data science to help them in their daily work: ask open minded critical questions, testdata development and processing, testtool selection and visualizing the quality of the object under test.

For me, data science increased my ability to ask the right questions and diminished the fear of going too deep into the data. 
A software tester never should be afraid to ask the right questions to different (!) people, go deep if neccesary and report his/her findings
You have a job to do: Visualize the quality of the object under test, as critical as possible!

zondag 1 november 2015

So what's your hobby? Resurrection!

2015 is a busy year for me: new job, more responsibilities, work abroad and some explorations in data science using R.

I noticed I did not post anything on my TestingSaaS blog for a while now.
Well, it's that time again.
Too much is going on in software testing,cloud computing, forensics and information security to let unnoticed.
Questions to be answered like:

  • Is the software tester a dying breed?
  • How can we test the Internet of Things?
  • Can we use data science when doing software tests?
  • Isn't test automation just checking, not testing?
  • What's a RAT in information security, and why should you know about it?
Just a few questions, and the next few months I am going to answer these through my blog and my articles for Eforensics Magazine.

TestingSaaS is not a dying breed.
Why not?
Because his hobby is: Resurrection!

zaterdag 24 januari 2015

A decade of software testing, how it all started

When you are having fun time flies!
Well, you could say that with me concerning software testing.
And I am a fun-loving tester now for ten years, a decade of adventure!
How did it all start?

Ten years ago I got the idea to become a software tester.
Pretty strange at that time because I just finished a Masters in Biology at the Wageningen University and Research Centre (WageningenUR) and was destined to become a bioinformatician.
However, specific events led me to this decision:

  1. I always was intrigued by computers: birds were my first love, but computers my second
  2. A summerjob introduced me to the world of softwaretesting: I had to test a time-planning application for truckers, exploratory tessting to the max!!
  3. 10 years ago biology was more in the DNA labs than behind the computer
  4. I did not want to be a programmer:. I can build, but I like breaking more!
So I wanted to earn money, use my brain and get some business experience.
Softwaretesting is then not a bad career move:
you get a nice salary, you have to think a lot and you explore different businesses.
When I was studying biology, I would have never thinked of working at a bank, a logistics company or a mbile security firm. Or spending your free evenings and nights exploring XMLs, identity protocols or forensic software.
And still I find enough time to explore testing adventures abroad.

Sometimes a bumpy ride, but with enough fun time.
Well, it's a jungle out there, and it's survival of the fittest, but this guy adapts and sometimes he wins.

Let's see how the next decade goes.
I am ready to go, are you?

donderdag 11 december 2014

Back in business: Software testing, information security and computer forensics

The last 2 months I was very busy with a lot of things except blogging on this site:
I founded a new social network about the behaviour of birds and together with SocialQuant, a company founded by my friend Dr. Morten Middelfart, we increased the online social Twitter-traffic for TestingSaaS and BirdBehaviour. Lots of fun and a lot tested and learned.

But, it started to itch again and after following an event organized by Testnet yesterday I was in the blogging mood again.
Well, the event was about information security and privacy.
Although the things said were not new to me I realized information security (infosec) and computer forensics depend on each other.
With infosec you want to defend information from wrongful behaviour by a third party.
This can be criminal behaviour, for which the evidence can be pertained by computer forenics specialists to use in legal court.
Yesterday, the first speaker from EMCS IT Services was saying government organizations were exploring the internet for criminal cyberbehaviour, but he did not say the evidence found for this has to be secured for forensic investigation. Finding the evidence is one thing, securing it and reporting it is something else.
To learn more about this, just have a look at Eforensics Magazine .
It's the same with software testing, bugs in the code and flaws in the documentation can be found, but this work is not effective without a sound description and report.
That's why I like software testing, information security and computer forensics.
It's all about interdisciplinary (functional, technical and legal) analysis and the way to visualize it in a report.
You can say that you found a bug, breach or forensic proof, but without a good report (with argumentation to back it) do not expect a pat on the back.

dinsdag 29 juli 2014

using forensics for mobile testing

In May 2014 I started a new job as the QA engineer at Onegini.

It is a software company, which develops access management solutions for online services for insurance companies, webshops and financial businesses
Who is familiar with my social network TestingSaaS will not be surprised hearing this, because of my fascination with online authentication.
One of the many challenges I now have is to develop a testing approach for their mobile solution.
That involves developing a test strategy, knowledge training, test automation and tool/device training.
The hardest part here is the knowledge and tool training.
Mind you, the company uses the agile methodology and that means every two weeks a delivery of workable software. No time for on-the-job reading.
Fortunately, another hobby of mine (yeah, I see software testing as a paid hobby :) ), computer forensics (not paid yet :) ), provides me the knowledge necessary to be able to test the mobile application.
Both for software testing and computer forensics (read mobile forensics) you need analytical skills to know what you have to analyse. For software testing this is identifying, analysing and documenting bugs and for computer forensics it is identifying, preserving, recovering, analysing and presenting facts and opinions about the digital information.
Both disciplines require a sound understanding of the object under analysis.
For a couple of years now I write for the online magazine Eforensics Magazine ,where I use my testing skills to study forensics software. A great way to learn forensics and practise my software testing skills.
Eforensics Magazine also has special issues on Mobile Forensics, with a load of reading material on forensics and mobile operating systems.
I am not a die hard programmer, but a forensics enthusiast, so Eforensics Magazine is my prime supplier of enough material to enhance my knowledge on mobile operating systems to test the Onegini solutions optimally.

Android, Blackberry, Apple, Windows Phone, it's a jungle out there, but I am ready to explore!

donderdag 13 februari 2014

Made in Japan: Homomorphic encryption biometrics style!

The last weeks I am blogging, writing articles and social networking about homomorphic encryption.
This all started when reading the news Fujitsu Labs Ltd. wants to implement a DNA read- and processtechnology using homomorphic encryption where encrypted genetic data can be read without decrypting it.
Great news for a software tester with a bioinformatics background and privacy at heart!

Fujitsu Labs claims it can ensure privacy by encrypting the query , the data and the searchresults, so a possible third party (read pharmaceutical company etc.) can't see to which person the DNA data belongs to.
But, homomorphic encryption is a slow process, how does Fujitsu cope with this?
They have 2 solutions:
The first is that the searches are in batchmode (16K per second) and second is that the search already starts when encrypting the data.
Cool stuff, but still questions pop up in my mind: is the encryption undecryptable for hackers, is the performance really 16K strings per second (performance tes(t!)), are the search results correct and can the data be tampered with with for instance Man in the Middle Attacks?
Questions I like to see answered and I wait until more news emerges.
Implementation is set in 2015. Let's see what happens and how the competition will deal with this.

Feedback is very welcome by responding to this blog, through Tweeting to @TestingSaaS or through the TestingSaaS Facebook-page.

dinsdag 4 februari 2014

2014, year of encryption?

According to Unisys, 2014 will be the year of encryption.
Quite logical, regarding the protection of personal data needed after all those hacks the past years. Encrypting this data is not a bad option, but it has its drawbacks.
How can I search in encrypted data?
Is decrypting the data not necessary then? But this costs computer power and time diminishing the search efficiency. Is there a solution?
A possibility is homomorphic encryption, which is an encryption issue to tackle at different universities and companies like MIT, IBM, Fujitsu and Microsoft. What is it then? In cryptography, encryption is the process of encoding messages (or information) in such a way that only authorized parties can read it. With homomorphic encryption, encrypted data could be processed without decrypting it first. This makes it ideal for Cloud applications, enabling vendors to process encrypted personal data without decryption, ensuring privacy of the data owner. This would be great in the financial and medical sector. One disadvantage, homomorphic encryption is a slow process. Full encryption is still practically impossible, but partially there are possibilities.
Which ones are part of the next blogposts. This tester's adventure in encryption continues!

This blogpost is also posted in the Dutch online magazine for IT-professionals Computable:

Versleutelde data-verwerking in de cloud