Complete testing of a software or mobile app ensures that it serves the purpose it was built for, while meeting all requirements without compromising quality or functionality. For this, testers perform a variety of feasible tests based on pre-determined testing strategies and the availability of resources. The entire software testing process provides an overview of the quality of the software and its risk of failure to end-users and stakeholders.

Among the many types of testing employed, black box and white box testing are typically the most common in almost all software development projects. Let’s explore what it is that both these testing types are for, and their key differences.
 

Black box testing

 
Testers perform black box testing when they don’t have any information about how the software works internally. The high level testing technique tests the behavior of the software when it’s subjected to various conditions. The tests are conducted from an end-user or external user’s perspective. Black box testing can be performed on virtually every aspect of software testing including unit and integration testing, system testing, and acceptance testing. It’s also known as box testing or functional testing.
 

White box testing

 
White box testing is generally considered as low-level testing. It tests the internal functioning of the software, and is based on coverage of code statements, branches, paths, conditions etc. White box testing is also known as glass box, transparent box, or code base testing. Inputs are chosen to exercise paths through the software’s code to get desired outputs. It’s usually done at the unit level though in some cases, it’s also applied at integration and system levels.
 

Key differences between the two

 
Internal & External

Black box testing tests the external behavior of the software while the testers have no knowledge of the internal structure or behavior of the product. Testers who know the internal structure of the product performs white box testing.

Programming & implementation knowledge

Testers performing black box testing need not possess programming knowledge or implementation knowledge to do so. However, to perform white box testing, programming knowledge and implementation knowledge are mandatory.

Automation prospects

Black box testing is considered as an advanced testing technique where programmers and testers need to be involved directly. This makes it challenging to automate black box testing. White box testing, on the other hand, can be automated and is quite easy to do so as well.

Major techniques

Black box testing can generally use one of the three following techniques:

• Boundary Value Analysis: Focus on testing the input boundaries that are most likely to end up giving erroneous outputs.
• Equivalence Class Partitioning: Focus on identifying and classifying errors so as to reduce test cases.
• Error Guessing: Focus on finding defects first and developing corresponding test cases.

When it comes to white box testing, the tester’s knowledge about the system allows him to develop test cases to discover internal defects. The techniques involved include:

• Statement Tests: Every statement within the code should have a test associated to it, and each statement must be executed in a test cycle.
• Decision Tests: All decision directions should be executed in a test cycle.
• Branch Condition Tests: The conditions associated with a specific decision should be tested to see if they are working properly.
• Data Flow Tests: All variables and data within the system are tested.
• Multiple Condition Tests: Each point of entry within the code is tested in a test cycle.

Conclusion

 
Many software development companies tend to not completely perform black box testing especially when there are time constraints. They instead do some quick tests to see if the software’s core features are functional. Some companies perform neither black box nor white box testing but instead implements grey box testing – a combination of black box and white box testing done only at the interface level.

In this age, product quality and usability are more important than ever which demands great effort from testers into ensuring that the end-product was built the right way, with the right functionalities, and without defects.

A good majority of modern day enterprise IT and widely used technologies rely on open source software. Open source has made its presence very well known across networking, virtualization, and more. Open source development services still enjoy great demand, and the community keeps on growing bigger. However, enterprise security systems are still dominated by proprietary and vendor-locked technologies. Fortunately, change in times has brought change in trends as well.

There are a growing number of free open source security tools that are fully capable of both addressing security needs and protecting network, hosts, and data of the enterprises just as good as any proprietary security software. Some of these projects are backed by renowned organizations including major cloud operators and leading security firms.

That said, here are 4 open source security tools you should know about.
 

Commit Watcher

 
Accidental credential disclosures can end up causing a lot of damage for an organization. There have been reports of people accidentally exposing confidential information. One example is when private Amazon Web Services keys, passwords etc. were exposed after having them uploaded to GitHub or other repositories. Even developers may unintentionally do this.

The Commit Watcher open source tool from SourceClear can be a good solution for such mishaps, particular applicable during software development and testing cycles. The tool scans for potentially hazardous commits in both public and private Git repositories. This allows developers and project managers to monitor their projects for accidental credential disclosures. It periodically scans new commits and searches for matches against phrases or keywords defined in the project’s rules. Commit Watcher can be useful in testing enterprise software development projects that handle confidential data.
 

Jak

 
Keeping secrets out of the code is a key responsibility of developers. Even if they keep the ‘secrets’ in a configuration file, they should still ensure that the file isn’t committed to the code repository. They can add the config file to the .gitignore list to avoid it being committed to the repository. The secrets could be anything including keys that connect to aspects like payment systems, virtual machines, emailers etc. They are to be manually placed on application servers and managed separately from the source code which in turn can present a lot of challenges.

Jak can tackles this issue by allowing developers to commit encrypted ‘secret’ files into Git rather than use .gitignore. The files are included in a jakfile, and Jak ensures that only the encrypted file versions end up committed to the repository. The tool also handles encryption and decryption. Though the tool can be still challenging to use in production, it’s nevertheless useful for developers.
 

ProcFilter

 
An open source project from GoDaddy, ProcFilter can address the challenge of defending against known threats in Windows environments. It runs as a Windows service and integrates with Microsoft’s ETW (Event Tracing for Windows) thereby logging activities directly into Windows Event Log. The tool can also be configured to scan memory and files whenever processes are created or terminated.

ProcFilter is not a replacement to an antimalware tool, but is more useful as a tool to focus on specific known threats that can potentially compromise the project. For instance, if a peer organization has been hit by a particular threat, you can use ProcFilter to defend against it should it target your organization.
 

Yara

 
Yara is mainly used to identify and group malicious files. However, it can do more than that. The open source tool from VirusTotal’s Víctor Manuel Álvarez can be very useful for forensic investigations. The user will be able to create rules and Yara performs scans looking for matches. In addition, Yara can also use the virus signature files of popular open source antivirus tool ClamAV. Many more rule sets are also available from the YaraRules repository maintained by the community. However, as there are still some limitations to signature-based threat detection, it would not be wise to rely on Yara to defend from malicious attacks. That’s where ProcFilter can be of use.
 

Conclusion

 
Open source technologies are obviously competent in the security department as well, and the tools mentioned above are just a few of the more popular ones. The community behind most open source tools comprises of several big brains including security experts and analysts. Open source security tools are anticipated to bring better changes in the coming times. For developers, familiarizing with the aforementioned tools would be a great way to prepare for an open source-influenced future.

ASP.NET turned out to be one of Microsoft’s greatest contributions for innovative web application development. The popular open source framework kept getting refined with each update adding more features or augmenting the existing ones to help developers effectively build and deploy highly scalable web applications. The framework’s myriad features are designed to help developers overcome various development challenges while giving the clients high-performance web apps.

ASP.NET’s success in delivering value over the years contributed to the high demand for ASP. NET development services. In this blog, we picked 5 features of ASP.NET Core that we though was the most useful to build innovative web applications.
 

Cross-platform & container support

 
.NET Core brought with it several features that enabled developers to create ASP.NET applications and deploy them across all the popular platforms – Windows, Linux, and macOS. The open source community along with the tech giant contributed to making Linux an ideal platform for running ASP.NET. It also offers great support for popular containers including Docker and Kubernetes.
 

Boosted performance

 
For a software, performance is the most important aspect. No matter how feature rich it or appealing it is, if its performance is underwhelming, it’d be rejected. A combination of ASP.NET Core and the Kestrel web server considerably buffs the speed of the framework.

Back in the day, the technology that powered the ASP.NET integrated pipeline and IIS was outdated. The new Kestrel web server, however, was completely redesigned to leverage asynchronous programming models which subsequently made it lightweight and fast.
 

MVC & Web API frameworks unified

 
Before the arrival of ASP.NET Core, developers relied on MVC and Web API frameworks. MVC catered to building web applications that serve up HTML while web API frameworks were used to create RESTful services using XML or JSON. However, there were many overlaps when the two frameworks were involved. ASP.NET Core combined both thus simplifying software development. The Razor Pages feature of ASP.NET Core extend the capabilities of the MVC framework in encapsulating ‘model and ‘controller’ aspects of a page with two-way binding.
 

CSRF protection

 
The importance of security for enterprise web applications is obvious. In addition, the web application’s end user will also have to employ stringent security policies to identify and eliminate several vulnerabilities that can be exploited. Of the many types of attack that can happen, CSRF happens to be a particularly dangerous one for an enterprise. CSRF is where cyber-attackers hijack users’ authenticated sessions and perform actions in their name without their knowing. ASP.NET Core can generate anti-forgery tokens preventing this kind of attacks.
 

Output caching

 
The output caching feature of ASP.NET Core allows the framework to cache the output a page generates and serve the cached content later when requested. Data that are not updated frequently are stored securely, and are served from a cached location when there is a request. The framework also can be used to specify how long any request should be cached.
 

Conclusion

 
Unlike most Microsoft technologies, ASP.NET Core is open source. The community itself is dedicated to improving the framework further. Due to its open source nature and community support, ASP.NET Core supports the use of various third party platforms and frameworks in conjunction with it to build innovative applications easier than before.

Pair testing, often referred to as Buddy testing, is a software testing technique where two people from the project team test the same feature in parallel under the same conditions while exchanging ideas. Contrary to how it appears, pair testing does speed up test assignments while delivering more quality results.

This guide serves to introduce beginners in software testing to the concept, and where and when they can adopt the technique to maximize its benefits.
 

Pair testing buddies

 
Pair testing is generally done by a developer and a tester. However this isn’t the only way to do pair testing. A technical writer and a tester can be paired up to document how the software would be in the next release. A tester and the client can be paired up to recreate an error scenario that the client identified, and fix it. A solution architect and a tester can also be buddies in pair testing, which could lead to exploratory testing with respect to what if scenarios. A tester and a developer can team up to investigate odd bugs.

So basically, pair testing can be done with almost anybody in the project team, especially if it’s a Scrum project.
 

Where you can apply pair testing

 
In a Scrum project, pair testing can be done throughout the software development cycle – in one sprint or many. It can be a good learning experience for junior testers. If the business analyst needs to see how a particular feature works and identify possibilities for further enhancements, he can do pair testing.

A tester or developer who wants to investigate an odd bug or look into some issue with the application that’s becoming a problem for the client, can speed things up with pair testing. In addition, almost every task directly associated to testing done by a pair from the project team may fall under pair testing even if it’s noticed to be so.
 

Basics of doing pair testing

 
Pair testing can either happen spontaneously or it can be executed with a predefined approach. For the latter, testers should begin by defining the preparation for the tests they will be doing and then plan the execution. Both parties should agree upon a time period and actively make an effort to finish testing as planned.

Spontaneous pair testing can happen in many scenarios, a common example of which would be when a tester gets stuck while looking into a problem and seeks aid from a colleague. While the partnership works with different test data, shares ideas, and explores new aspects to test, they’d also find the cause of the problem that had been bugging the tester at the beginning. This can be considered as unplanned pair testing.

Another situation is when the tester explains how a feature would work to a colleague. The colleague might have questions that didn’t occur to the tester. This is also unplanned pair testing.
 

Conclusion

 
The bottomline is that pair testing is a beneficial practice for any software development company, provided they have replaced traditional development methodologies with Agile. Making an execution plan, setting up the test environment, and ensuring that your testing buddy bought into the concept of what it is that you are testing – this is how you do pair testing. Give it a go once and see how it can speed up application testing.

Image Designed by Freepik

Open source project management tools are abundant. However, identifying the right one can be challenging. Still, they are very important for companies that have adopted Agile to provide open source development services. Today, a great majority of organizations use Agile methodologies resulting in more successful projects compared to those that still go with traditional methodologies.

That said, this blog lists (in no particular order) 4 great open source project management tools that will prove beneficial to organizations that have adopted or are planning to adopt Agile this year. These tools are designed to support Agile-related methodology and practices including Scrum, Kanban etc.
 

OpenProject

 
A powerful open source project management tool popular for its ease of use, OpenProject is particularly useful in Agile software development environments. It facilitates effective team collaboration and makes project management much easier with modules that support project planning, scheduling, release planning, time tracking, bug tracking, budgeting, and Scrum as well. Its main features like prioritizing and tracking tasks are integrated with its other modules.

OpenProject is licensed under GPLv3.
 

Taiga

 
Taiga is an efficient management tool for Scrum projects and features a Kanban board, tasks, sprints, issues, a backlog, ticket management, wiki-pages, third-party integration support etc. Another awesome fact about Taiga is that it offers a free mobile app for iOS, Android, and Windows platforms. It’s also possible to migrate from other popular project management applications.

Taiga is also available for free to use for public projects. There is no catch. The number of public projects or the number of users do not have any restrictions. However, for private projects, Taiga can be really useful only if its paid plans are availed. These ‘paid plans’ are available under a ‘freemium’ model and have reasonable price tags for all kinds of organizations. What’s notable is the fact that the features of the application remains the same for both free and paid use.

Taiga is licensed under GNU Affero GPLv3. It requires a stack comprised of Nginx, Python, and PostgreSQL.
 

MyCollab

 
MyCollab is unique compared to the tools mentioned above, due to the fact that it’s actually a suite of 3 collaboration modules. It’s intended for SMBs (small-medium sized businesses). The modules include:

• Project management
• Customer relationship management (CRM)
• Document creation and editing software

Like many other open source software out there, MyCollab comes in two licensing options – a commercial ‘MyCollab Ultimate Edition’ and the open source ‘MyCollab Community Edition’.

The Ultimate edition can be run in the cloud or on premises while the Community edition doesn’t come with a cloud option and is slower as it doesn’t use query cache. Nevertheless, the Community edition does provide great project management features from task management to a Kanban board for Agile teams. It works on mobile devices and computers running on popular operating systems like Windows, Unix, Mac OS, and Linux.

MyCollab is licensed under AGPLv3 and requires MySQL and Java runtime to function.
 

Odoo

 
Just like MyCollab, Odoo can also be classified as a suite. As a matter of fact, Odoo is a full, integrated business application suite. Odoo includes human resources, accounting, website, eCommerce, inventory, manufacturing, and various other tools.

The free version of Odoo termed as the Community Edition obviously has limited features unlike the paid version of the suite. However, it can still be of great benefit for organizations providing Agile development services. The latest release, Odoo 11.0, came with a great update with the suite now featuring a Kanban-style task tracking view useful for Agile teams. Odoo also includes Gantt charts, tasks, graphs etc.

Odoo is licensed under GPLv3 and requires Python and PostgreSQL.
 

Conclusion

 
This roundup covers only 4 open source project management tools. There are more Agile-friendly tools that can be added to this list. But despite being open source, not all free versions of the said tools can be completely effective. It does require an organization to spend something to get something in return. But the good thing about these tools is that the spend would be a worthy investment.