Software Test Professionals – Conference Highlights from STPCon 2015

This week the Software Testing World moved to the US East Coast – just outside of Boston, MA a group of testers is discussing the latest and greatest at STPCon 2015.

I was lucky enough to get 3 speaking slots this time (1 workshop, 2 breakouts) to share my thoughts on Performance, DevOps & Agile Testing:

Here are some of my highlights and summary

Monday, Oct 5: Application Performance Clinic

My clinics are based on my blog post on Functional Test (R)evolution and the work I do in my Online Performance Clinics. The key message is:

  • Level-Up your Skills: You don’t need a load test to find performance related problems
  • Make F12 your Friend: For Web Applications start using the Browser built-in tools and follow WPO (Web Performance Optimization)
  • Use Developer Diagnostic Tools: Its easy to spot implementation flaws by looking at things such as a Transaction Flow

If you have an app and you have data but you don’t know what it means – feel free to use my “Share Your PurePath Program” – > happy to analyze the data for you

Tuesday, Oct 6: PerfBytes Live Podcast

If you don’t yet know the guys (Mark Tomlinson, James Pulley, Howard Chorney) from PerfBytes – please check them out. We did a Live recording of their 67th PerfBytes podcast show. The two main topics where HTTP/2 (what is it? is it worth it? what are the challenges?) and Holiday Readiness (Tips & Tricks for eCommerce). Recording should be online soon.

Wednesday, Oct 7: Automated Software Testing and Cybersecurity

Elfriede Dustin will kick off the main conference with her keynote on Testing and Cybersecurity.

Main lesson is “You can do Security Testing even if you are not a Security Tester” – but it requires you to sit down and understand all potential vulnerabilities in your system. Then expand your functional testing by looking INTO the application, understand what the code is doing, and how it can be breached! Some of my takeaways:

  • Impressive stats of growing number of LOC (lines of code) overall, e.g: Linux Kernel SLOC grew from 8M in 2007 to 18M in 2015 -> showing us growing complexity and possibility of potential security holes.
  • Showed off -> live attack view
  • Try Google: “not for public release” filetype:pdf -> what do you see?
  • Human Factor: Security is Only as Strong as its Weakest Link

Wednesday, Oct 7: The Future of Government Software

Jason Huggins, creator of Selenium (now Saucelabs), starts with walking us through the story of and his involvement. Very interesting insights from a guy that was really on the Tech Surge team to fix the situation. Now we also know that his nick name “hugs” resulted in a real hug from the president 🙂 – I encourage everyone – especially in the testing area to look up his presentation. Check out 10 Things that Saved I also just found a recording of most likely a very similar presentation he did at a meetup. Check it out on YouTube: Fixing – One Test at a Time.

Quote: “We are still in the boat sinks phase when it comes to building/procuring software as a government”

Quote: “Too much money in Silicon Valley is chasing too many stupid ideas” 🙂

Andreas Grabner has 20+ years of experience as a software developer, tester and architect and is an advocate for high-performing cloud scale applications. He is a regular contributor to the DevOps community, a frequent speaker at technology conferences and regularly publishes articles on You can follow him on Twitter: @grabnerandi