Engineering Blog

Quality at Pendo: Our Experiences in Ensemble Testing

In this blog post you’ll read about our successes and challenges as we tried our hand at Ensemble (Mob) Testing

At Pendo, we’re always trying to push the boundaries of testing. We believe that  incorporating new approaches is key to promoting our quality culture and a quality focused mindset within our teams. We actively promote that everyone is responsible for quality and constantly strive for more collaboration and knowledge sharing to assist everyone on our quality journey. We have always found value in exploratory testing and recently tried two different approaches to enhance and improve our approach to this key testing activity. In this two part blog you’ll read about our successes and challenges as we tried our hand at Ensemble (Mob) Testing and Gorilla Testing.  

Read more…

WebAssembly vs JavaScript: the LZ77 algorithm

WebAssembly (Wasm, in short) is an assembly-like instruction format for a stack-based virtual machine. It is designed to be encoded in an efficient binary format that can be executed at near-native speed on any platform that can host the virtual machine. In particular, this is supported on all modern browsers (Chrome, Edge, Firefox and Safari).

Read more…

Pendo Aggs: Writing Your First Aggregation

At Pendo we are always looking to enable our customers to gain insights into their products so they can invest in building the right features for their users. One of the key methods for doing this is to dig into the data.  We have a lot of cool tools such as Dashboards, Data Explorer, and Retention to display that data in a meaningful way. Read more…

Creating Delightful Graphs using HTML 5 Canvas

At Pendo, we collect tons of data, and we’re always finding new ways to showcase that data so our customers can see how their apps are being used and can make their software more lovable. One of the data visualizations we have been working on recently is Product Engagement Score. To calculate a Product Engagement Score, we combine Stickiness, Growth, and Adoption to show how invested users are in that product.

Read more…

Engineering Management: Interviews & Hiring

What makes a great engineering manager? What are the important frameworks that engineering manager should know about? How do you assess and interview for this crucial role?

Pendo’s SVP of Engineering Dave Rensin speaks to Exponet about hiring managers including his top tips for people in the midst of an engineering manager interview.

Avoiding Header Method Override Cache Poisoning

Configuring CloudFront in front of Google Cloud Storage

On April 15, 2021, a security researcher reached out to Pendo’s security team regarding a potential vulnerability in cdn.pendo.io. The proof of concept used the HTTP header X-HTTP-Method-Override to poison the cache, causing the cache to return a blank page to future clients for the lifetime of the cache entry.

A security researcher, who has asked to remain anonymous, described the issue as they observed it (personal communication, April 15, 2021):

“When sending a request to any asset located on https://cdn.pendo.io/ that includes an HTTP header X-HTTP-Method-Override with the value HEAD, the request gets passed to the back-end (unless the cache prevents it) and then triggers a response based on the value of that header which gets stored in the cache. By pointing a request to any endpoint located on https://cdn.pendo.io/ and providing that header an attacker can store an invalid response in the cache that has no body, which in the browser will be seen as a completely blank page.” 

Read more…

How Pendo Maintains a Culture of Quality with Cypress

I recently had the opportunity to take part in a case study for Cypress on behalf of Pendo to talk about our quality culture and how using Cypress helped us with our testing and releases. Cypress had seen the progression we had made over the past year and were keen for us to discuss our experience in the form of a webcast.

I sat down with Cypress’ Distinguished Engineer, Gleb Bahmutov, to talk about how Pendo utilised Cypress to rebuild the automated test suite for our Guides product. We discussed common issues that can arise when building automation frameworks such as flaky tests, identifying elements inconsistently, and using explicit waits in tests. We then discussed how we avoided these by following best practices set by Cypress such as using data attributes, adding test retries, and waiting on aliases. We then go into detail on how this helped us to create a stable foundation for automated Sanity and Regression test suites. We also talked about how we added integrations to support further reporting and maintenance processes.

Watch the recording to learn about Pendo Guides, Cypress best practices, and usage of key features from Cypress such as Test Retries.Feel free to reach out to me on Twitter if you have any questions, or you can find additional questions and answers linked in the Cypress blog here.

A Tour of Steganography – Embedding Payloads in PNG Files

Hiding data in inconspicuous places is not just something the spies of old did to get messages across borders, it is also something that attackers do to exfiltrate data out of vulnerable systems. Attackers may even slip malicious commands past antivirus software. The act of hiding data or malicious commands into regular files is called Steganography – a fascinating discipline that many talented security professionals devote themselves to mastering.

I am going to discuss how to embed payloads into PNG files without corrupting the original file, and how to hide that payload to prevent antivirus from being able to detect it.

Read more…