Testing
SOX (Sarbanes-Oxley Act) Section 404 requires public companies to document and test internal controls over financial reporting. For software teams, this means testing IT General Controls (ITGCs) — access controls, change management, and data integrity controls — that support financial systems. This guide covers what SOX compliance means for software testing, what
Testing
Synthetic test data generation solves one of the hardest problems in software testing: how do you create realistic data that exercises your application without using real user information? This guide covers the tools and techniques that QA teams use to generate test data that's realistic enough to catch
Testing
HIPAA (Health Insurance Portability and Accountability Act) imposes specific technical safeguards on software that handles Protected Health Information (PHI). Testing for HIPAA compliance means verifying these safeguards work as designed — not just documenting that policies exist. This guide focuses on what to test, how to structure those tests, and how
Testing
Compliance testing done manually, at audit time, is expensive and unreliable. Controls that worked in Q1 can break in Q3 when someone updates a middleware or changes an API. Automated compliance testing shifts the catch point to when code changes — cheap to fix — rather than when auditors arrive. This guide
Testing
OSS-Fuzz is Google's free continuous fuzzing service for open source software. Once integrated, your project gets fuzzed 24/7 on Google's infrastructure using libFuzzer, AFL++, and Honggfuzz. Crashes are automatically deduplicated, tracked, and reported. As of 2024, OSS-Fuzz has found over 10,000 vulnerabilities in 1,
Testing
libFuzzer is LLVM's in-process, coverage-guided fuzzing engine. Unlike AFL which forks a new process per input, libFuzzer runs inside the target process. This eliminates process spawn overhead and can achieve orders of magnitude more executions per second for code with fast parsing paths. libFuzzer is built into LLVM/
Testing
GDPR testing is not a single audit — it's ongoing verification that your application handles personal data according to the regulation's requirements. This guide covers what to test, how to structure tests for the major GDPR obligations, and how to integrate compliance testing into your development workflow.
Testing
AFL++ is the most widely used coverage-guided fuzzer. It's responsible for finding thousands of CVEs in real-world software — in image parsers, network libraries, file format handlers, and more. This tutorial walks through everything you need to go from installation to finding actual bugs. Installation Ubuntu/Debian: apt-get install
Testing
Screen reader testing is one of the most direct ways to verify that your application is accessible to blind and low-vision users. Unlike automated tools, screen reader testing reveals the actual user experience: what gets announced, in what order, and whether it makes sense. This guide covers how to set
Testing
PIT (Pitest) is the mutation testing tool for Java. It's fast relative to other mutation testing tools for JVM languages, produces detailed HTML reports, and integrates with Maven, Gradle, and CI pipelines. It's the go-to tool for any Java team that wants to measure test suite
Testing
axe-core is the accessibility testing engine behind Deque's browser extensions, most CI accessibility tools, and the built-in accessibility checks in browser DevTools. Understanding how to use it directly gives you more control over what you test, what you suppress, and how violations surface in your build pipeline. This
Testing
Playwright's browser automation and axe-core's accessibility engine are a natural pairing. Playwright handles navigation, interaction, and state management. axe-core scans the DOM for WCAG violations. Together, they let you run accessibility checks at the same time as your functional tests — or in a dedicated suite that