🤷🏾 🍛 🤟 QA Meetup in Nizhny - as it was and the materials from the event 🧑🏽‍🤝‍🧑🏽 📜 👩🏽‍🌾

On February 15, a meeting was held in Nizhny Novgorod on testing and project safety. We talked about working with incidents and the bug bounty approach of the Mail.ru Group team, and colleagues from Ecommpay talked about DAST in CI / CD. We also learned about the interesting Fidler & Charles toolkit, and went in a separate block on automation without test engineers and the BDD approach.
Under the cat they have collected for you all the most useful things that can remain after such events.

Mail.ru Incident Management

Anton Viktorov, Quality Assurance Manager, Mail.ru, Mail.ru Group

Anton spoke about the comprehensive approach of the Mail.ru Mail team to work with incidents: how the guys filter the incoming message flow, what they consider to be incidents, and what they redirect to other units, for example, in support. Anton also gave a couple of interesting examples of how the team works with reports from company employees. According to him, this is a special audience and requests go to a separate turn, because there is direct access to colleagues - which means that the case closes faster, which can also occur for external users. In addition, Anton shared information about workflow, automation and useful tools - this can be viewed at the link below:

Using Fiddler and Charles when testing the front end of the pulse.mail.ru project

Anna Dolgova, head of the testing group, recommendation systems Mail.ru, Mail.ru Group

Anya decided to talk about the two most common utilities for testing traffic-related tasks. Her presentation will be useful to those who want to learn more about the functionality and, perhaps, discover something new. We agree that the documentation is, of course, good, but here the most common cases that are potentially encountered when sniffing traffic are laid out on shelves, for more details see the link:

DAST to CI / CD

Olga Sviridova, Application Security Specialist, Ecommpay

Today, popular analyzers such as OWASP ZAP and Burp Suite do not always do the job of automatically scanning applications. Often, they cannot find any specific directories, automatically send a request without human intervention. And often these tools run locally. Moreover, if the company has a well-tested testing automation team, their work can be taken as the basis for dynamic analysis and phasing. More details in the video:

The other side of bug bounty programs: how it looks from the inside

Vladimir Dubrovin, Testing Manager, Mail.ru, Mail.ru Group

This report is about how the bug bounty program is integrated into the internal processes of the Mail.ru Group. Vladimir shared the current (at that time) statistics on the bug bounty. He told how they work with the community and analyze incoming requests, how information from bug reports helps not only fix bugs, but also change internal processes. He also gave some tips on organizing the hunt (and what to do if it is not at all possible to start a full-fledged program). More useful tips in the video:

BDD for the frontend. Test Automation with Cucumber, Cypress and Jenkins

Alexander Yakovlev, programmer of the E-Commerce platform, Mail.ru Group

Alexander shared how they use the BDD methodology. If anything, BDD (Behavior-driven development) is a software development methodology that is an offshoot of the development methodology through testing. The main objective was to automate testing of UI. For this, the guys use Cucumber, Cypress and Jenkins. You can see what happened and what conclusions Sasha has at the moment, using the link:

Automation without automation test engineers

Maria Terekhina, process advisor and Vladislav Kuznetsov, CTO, Emergn

In the framework of the report, they shared examples of projects that have automation, but there is not a single dedicated engineer to perform tasks related to test automation. More details here:

All materials (photos, presentations, and separately video) can be found in our Cloud .
See you at other events of Mail.ru Group!