|
Software Security Testing: It's Not Just for Functions Anymore What makes security testing different from classical software testing? Part of the answer lies in expertise, experience, and attitude. Security testing comes in two flavors and involves standard functional security testing (making sure that the security apparatus works as advertised), as well as risk-based testing (malicious testing that simulates attacks). Risk-based security testing should be driven by architectural risk analysis, abuse and misuse cases, and attack patterns. Unfortunately,
first generation "application security" testing misses the mark on all fronts. That's because canned black-box probes-at best-can show you that things are broken, but say very little about the total security posture. Join Gary McGraw to learn what software security testing should look like, what kinds of knowledge testers must have to carry out such testing, and what the results may say about security.
|
Gary McGraw, Cigital Inc
|
|
The More Things Change ... Revisiting a Software Culture In 1994, Karl Wiegers published a popular article titled Creating a Software Engineering Culture. More than a decade later, he reviews his fourteen principles on software development to see how they've stood the test of time.
|
|
|
Code Improvement: Five Practices to Help Spread the Joy of Great Code Design The software we produce is like the neighborhoods in which we live--the blueprints aren't as important as the enjoyment of simply using it. The best design brings joy to both those who create it and those who use it. Jeff Grover and Zhon Johansen detail five practices to help you spread the joy.
|
|
|
Web Services Interface Design - Pitfalls and Proven Techniques Designing Web services is all about the interface. Although tools for Web services development have advanced to the point where exposing application functionality is simple, the ease of building Web services does not diminish the need for careful planning and a highly functional design. Dave Mount opens his presentation by spinning the cautionary tale of slapping together a Web services interface on a poorly structured application. This scenario serves as a reference point for a subsequent discussion of the pitfalls of a poorly designed interface. Dave illustrates techniques for correcting problems and improving the Web services interface. Looking at high profile Web services provided by Google, eBay, and Salesforce.com, he shows how an external perspective that emphasizes consistency and conceptual clarity is key to Web services interface design.
|
Dave Mount, J-Soup Software, Inc
|
|
The Many Layers of Ajax Ajax began as a shortened form of "Asynchronus JavaScript and XML," but these days Ajax doesn't require XML and needn’t be asynchronous. Overcome your cravings for a richer user experience, and find out how Ajax can sweeten your Web application development in this article by Ajax expert Justin Gehtland.
|
|
|
A Balanced Scorecard Approach for Assessing Test Value and Success Internal test metrics--test progress, defect density, and TPI/TMM measures on process improvement-do not reveal the complete picture of test value and success. By comparing common test metrics with those found in the Balanced Business Scorecard--financial, customer, internal, and learning/innovation metrics-we see the need to also report financial and customer measures. Some of these measures are quantitative (such as profits), and others are more qualitative (for example, customer satisfaction). Learn to measure the financial impact of testing through productivity metrics and measures of how testing affects the total cost of quality. Include in your reporting qualitative assessments such as the customers' perception of the usefulness of testing, the visibility of testing on projects, acceptability measures, and estimation accuracy.
- Set measures for all viewpoints of testing's value and success
|
Isabel Evans, Testing Solutions Group Ltd
|
|
STAREAST 2006: Apprenticeships: A Forgotten Concept in Testing The system of apprenticeship was first developed in the late Middle Ages. The uneducated and inexperienced were employed by a master craftsman in exchange for formal training in a particular craft. So why does apprenticeship seldom happen within software testing? Do we subconsciously believe that just about anyone can test software? Join Lloyd Roden and discover what apprenticeship training is and-even more importantly-what it is not. Learn how this practice can be easily adapted to suit software testing. Find out about the advantages and disadvantages of several apprenticeship models: Chief Tester, Hierarchical, Buddy, and Coterie. With personal experiences to share, Lloyd shows how projects will benefit immediately with the rebirth of the apprenticeship system in your test team.
- Four apprenticeship models that can apply to software testers
- Measures of the benefits and return on investment of apprenticeships
|
Lloyd Roden, Grove Consultants
|
|
Test Driven Development - It's Not Just for Unit Testing Test-driven development (TDD) is a new approach for software construction in which developers write automated unit tests before writing the code. These automated tests are always rerun after any codes changes. Proponents assert that TDD delivers software that is easier to maintain and of higher quality than using traditional development approaches. Based on experiences gained from real-world projects employing TDD, Peter Zimmerer shares his view of TDD's advantages and disadvantages and how the TDD concept can be extended to all levels of testing. Learn how to use TDD practices that support preventive testing throughout development and result in new levels of cooperation between developers and testers. Take away practical approaches and hints for introducing and practicing test-driven development in your organization.
|
Peter Zimmerer, Siemens
|
|
Let's End the Defect Report-Fix-Check-Rework-Cycle Find out how teams transitioning to Agile practices must re-think their workflows and project metrics originally designed to handle many hundreds of defect reports that occur in typical testlast development cycles. Richard Leavitt discusses how a real-world implementation of key practices like early testing and continual integration-though not without bumps and bruises-lowered the number of open defect reports by an order of magnitude. These practices also can improve how the team communicates, reduce delays, and provide more direct measures of project status, feature progress, and release readiness.
|
Richard Leavitt, Rally Software Development
|
|
Systematic Techniques for Fault Detection and Isolation Selecting the appropriate testing techniques and test cases improves test efficiency, reduces time to market, and gives you confidence that the system is ready to ship. Using real-world case studies as examples, Madhav Phadke explains the fundamentals of robust test case selection and how code coverage can improve your test results. He discusses ways for testers to support debugging and faster repairs by isolating defects to a specific part of the software. Learn to select test outputs based on "total function evaluation" rather than end customer outputs and ways to use orthogonal arrays for testing combinations of parameters. Take away a list of free or inexpensive tools that can speed up your testing process.
|
Madhav Phadke, Phadke Associates
|