Infrastructure security from the eyes of QA in Devops team
Being a functional QA before, Tarun got the chance to grew up as an Infrastructure QA in Devops team for worlds’s first enterprise level Blockchain project where whole infrastructure is over cloud platform.
Ensuring that all resources are spinning up properly was the main thing in blockchain because breakdown of any block/peers/node in blockchain can affect whole application.
For the private network to work via quorum client all nodes should need to be in sync with each other to provide consensus for incoming transactions.
In this talk Tarun will share his experiences and demo via a quick tutorial as how he wrote 1500+ test cases for INFRASTRUCTURE only that run completely under 60 seconds and at the same time ensure the security of infrastructure system at cloud resource e.g. AWS.
And some incidents like:
- How some private confidential data files were saved from being public and getting visible to world.
- How access to some endpoints, ports visible to world were detected with tests & blocked.
- How it was ensured that all application pods running continously on ec2 containers are healthy.
both for infra as well as blockchain testing to make things run smoothly.
Outline/Structure of the Tutorial
Flow of session will be as follow:
- Understanding WHY there is a need of infrastructure tests? [5 min]
- Brief about the core components of an ideal infrastructure (monitoring, security, resilience) [5 min]
- How to find the loop holes in your cloud infrastructure [4 min]
- Which all tools you can choose to ensure compliance and security [6 min]
- How to write/update test case:
- Creation of dummy account with minimal permissions [2 min]
- Demo of Writing tests and execution [5 min]
- Test Execution [1 min]
- Security Review [Feedback] from report [2 min]
- Implement feedbacks [1 min]
- Making your infrastructure more secure and robust [2 min]
- Report generation & maintenance [2 min]
- Challenges faced and solutions [3 min]
- Scalability & Integration with CICD pipeline [2 min]
- QA [5 min]
TECHNICAL DETAILS: I will be using INSPEC tool to demo framework creation for test creation and execution against AWS and docker resources.
- User creation with right set of permissions
- Integration with CICD pipeline
- Report visibility
- Accepting Licenses
- Ruby Gem dependencies and updations
SCALABILITY: Can be scaled to much larger extent, I will be sharing my experience of running 2500+ tests in my project
FRAMEWORK : https://drive.google.com/file/d/1wEpDjqQmfuakzg0p-DEa_NLHOvZ-D1lN/view?usp=sharing
- How to run 1500+ tests in under one minutes for quick feedback.
- How to ensure your private application is not accessible to outside world
- How to ensure cloud infrastructure is up and running with minimum permissions
- How to ensure that data is exposed to the required audience only
- How to Ensuring security and compliance is in place.
- How to ensure encryption of cloud resources is in place
- How to write cloud agnostic tests either it may be aws, azure, GCP
After this session attendees will be able to create framework for infrastructure testing of any of their resources.
This talk is for audience of all levels (beginner, intermediate, Expert)
Prerequisites for Attendees
Nothing, Just a zeal to learn about new domain that is infrastructure testing.
schedule Submitted 1 year ago
People who liked this proposal, also liked:
Tarun Maini - LifeCycle of Testing AI/ML ApplicationsTarun MainiSenior Quality AnalystThoughtWorks
schedule 1 year agoSold Out!
With the seismic shift in industry and development of new technologies emerging, QA’s testing approaches are also changing, we must know the right strategies and algorithms to test. One of the latest technology emerging is Artificial Intelligence and Machine Learning. And its applications like Self driving cars, Virtual Assistants are everywhere. They have great impact in our life and most of our decisions, behaviour & destinations depend on them.
So in this presentation/Workshop i would like to present all the ways/strategies/ challenges faced while testing AI/ML applications. Join me in creating a Machine Learning application from scratch and then take it to testing stage, creating edge case scenarios and validations.
Time Management: To make sure that all people are upto date with with setup for hands-on, i will be sharing this document with the participants 12 days before in a temp slack channel, where they can share the progress and ask queries to resolve them quickly.
*No internet is required for participants if they follow the setup doc.
Srinivasan Sekar / Sai Krishna - Testing And Observability in an Integrated Microservices environmentSrinivasan SekarLead ConsultantThoughtWorksSai KrishnaLead ConsultantThoughtWorks
schedule 1 year agoSold Out!
Leading-edge applications are dynamic and adaptive in capabilities that require people to use increasingly dexterous tools and supporting infrastructure, including microservices. All of these applications leverage data in new ways. Decoration and tagging of data with intelligent meta-data have become more important than data itself. To keep up with evolving needs, enterprise devs across industries are shifting from traditional app architectures in favor of more fluid architecture for building data-centric applications.
Microservices break traditionally structured applications into manageable pieces that can be developed and maintained independently. microservices are often decoupled, allowing for updates with little to no downtime, as the other components can continue running.
Moving to distributed Microservices ecosystem brings its own challenges; Among them is the loss of visibility into the system, and the complex interactions now occurring between services. Monitoring these applications only reports the health of it but Observability provides granular insights about the behavior of the system along with rich content. In this talk, we will cover the difference of Monitoring and Observability, data path engineering challenges, pillars of observability, distributed tracing of various microservices, testing in distributed microservices ecosystem, automated observability, etc.