Issue 24: Three Security Highlights For Terraform on AWS

🕒 5 MIN READ | Published on: September 8, 2021

This is the Software Testing Notes, a newsletter that goes out every Wednesday. I republish it here for sharing and referencing, but if you'd like to sign up you can do so right here:

Hello everyone! 👋

Welcome to the 24th edition of Software Testing Notes, a weekly newsletter featuring must-read content on Software Testing. I hope this week has been good for you so far.

It has been around 6 months 🥳 (we are at 24th issues) since publishing the first issues and I still can’t believe that I was able to publish newsletter each week, consistently. This is a personal best for me (yay 🙌 ).

With that being said, It’s time for our weekly round up of curated links. I have lots of nice reads for you this week, let me know what your favorite is!

Happy Testing and have a great rest of the week! 🙏

📚 On Testing

The 7 Most Expensive Bugs in History

Why test your software at the initial stages ? well, one of the reason is to avoid high costs in damages and repair. Wondering how higher that cost might be? Prithwish Satpati has compiled a list of 7 bugs that cost some organizations very dearly.

Measuring Value Realization Through Testing in Production

Recording of virtual event organized by InfoQ on what the best patterns for testing in production are and how testing in production can provide feedback that can be built back into the continuous delivery lifecycle of DevOps.

The Errors of Estimation

Lets by honest estimations never work either for development or testing. Vasco Duarte accurately pin points the reasons and explains it with particle examples.

A Useable Definition of Quality

I really liked the way Stu explains the what quality means when it comes to testing.

Quality Coaching: Preventing production issues

Kim Engel describe the approach used for bug reviews along with what worked, what didn't work, and lessons learned along the way.

➜ Read all curated stuff on Software Testing here.

⚙️ Automation

What Makes a Good Automated Test?

Some excellent insights in this blog post on what makes a good automation test/ Kristin Jackvony writes about six indications as listed below that you have a good automated test.

  1. It tests something important
  2. It fails when it should
  3. It’s reliable
  4. It’s maintainable
  5. It runs quickly and
  6. It runs at appropriate times

curl - API testing made really simple

Would you like to use a tool that's fast, lightweight and makes API testing super simple? Well, this post by Carlos Jasso might interest you.

Applying agile principles to automation projects

A great article by David Tzemach showing us how agile teams can use agile values and principles to meet challenges when facing an automation project.

Jest asserts beyond equals

This post covers different assertions like Array Containing, to Be, Modifiers, Async, Resolves etc with examples. Marabesi Matheus has written a great to the point piece.

Creating an Architecture for Your Automated Tests

In this post, Corina Pip discusses the architecture of the tests, technique for writing them, while keeping in mind reusability and separation of concerns.

Design First Contract Testing For Micro-services

Great article about implementing the the contract testing by Akshay Anand.

➜ Read all curated stuff on Automation here.

💨 Performance

Chrome Browser Extensions Study Reveals Performance Impact of Popular Extensions

Can a chrome extension degrade the performance of a web app that you are using ? Bruno Couriol published a post summarizing the recently published report by DebugBear reviewing the impact of the 1000 most popular Chrome extensions on browser performance and end-user experience.

HTTPie for Performance Engineers

HTTPie is a very useful user-friendly command-line utility with JSON support. If you are looking for a guide to getting started, NaveenKumar just posted an article.

➜ Read all curated stuff on Performance here.

🛡️ Security

Three Security Highlights For Terraform on AWS

In this blog Ben de Haan and Jeroen Willemsen sheds some light on some of the security topics such as IAM roles, Terraform state, and detection & monitoring while working with Terraform on AWS.

What is Stored XSS?

An introduction to stored cross-site scripting (XSS) vulnerabilities by Vickie Li

➜ Read all curated stuff on Security here.

🌞 Accessibility

A11y with Ady: September 2021

As always, Ady Stokes is back with this monthly retrospective on all thing accessibility.

➜ Read all curated stuff on Accessibility here.

🛠️ Resources & Tools


It’s a user-friendly command-line HTTP client for the API era. It comes with JSON support, syntax highlighting, persistent sessions, wget-like downloads, plugins, and more.


improves stability of Selenium-based test cases, handling changes of updated web elements.

Serverless Testing Toolkit

A set of components that leverage the AWS CDK to make testing of serverless constructs in the cloud straightforward.

Can I use

"Can I use" provides up-to-date browser support tables for support of front-end web technologies on desktop and mobile web browsers.


A collection of useful links for Pentesters.


Perform visual testing with record and play Brimstone pixel-perfect webpage automation tests.

📝 List of Software Testers

It's hard to find good articles, podcasts on Software Testing. Even hard to find people who create them. Are you also looking for amazing software testers to follow or read their content ? check out this page dedicated to software testers.

Show me all Software Testers

Do you also create content around Software Testing ? Submit yours here and I will add it to the list.

😂 And Finally,

To Test Is To Doubt

Keep Smiling and have a fun week.

👋 Reach Out

Let me know what you thought about this newsletter, maybe you have some ideas you'd like to share.

You can follow me personally @priteshusdadiya. I give insights into Testing, development & how I'm growing Software Testing Notes.

You can follow @thetestingkit to keep up-to-date on the community & fresh links to read.

Thanks so much for reading,

Did You Enjoy This?

Then consider joining the 1,265 other people getting the Software Testing Notes newsletter. It's a collection of fascinating finds from my week, about wide range of topics surrounding software testing and whatever else catches my interest.

Subscribe to Newsletter

Get hand-picked round-up of the best resources and articles on Software Testing in your inbox. Every Week — for free!

No spam, ever. We'll never share your email address and you can opt out at any time.