When testing software, most of us identify risk seemingly effortlessly. But do we really understand the process we’ve undertaken? Do we know what methods we’ve called upon? Are we aware of how we’re identifying risks? And therefore, are we identifying all the important risks? David Greenlees uses models to assess these questions.
Compared to traditional functional testing, security testing requires testers to develop the mindset of real attackers and pro-actively look for security vulnerabilities throughout the software development lifecycle. Using live demos, Frank Kim shows you how to think-and act-like a hacker. Rather than just talking about issues such as Cross Site Scripting (XSS), SQL Injection, and Cross Site Request Forgery (CSRF), Frank shows-live and in color-how hackers abuse potentially devastating defects by finding and exploiting vulnerabilities in a live web application. Find out how attackers approach the problem of gaining unauthorized access to systems. Discover the tools hackers have that you don't even know exist and how you can find critical security defects in your production apps. In this revealing session, you'll learn how to become a better tester and find serious security vulnerabilities in your systems before the bad guys do.
In large financial institutions, treasury departments-specialized teams of traders and experts in liquidity, risk, accounting, financial forecasting, and quantitative analysis-manage the organization’s wealth and financial risk. These departments require large, complex, third-party software products that must change often to support the treasury’s complicated business processes. Matt Callanan describes how a team of developers and operations staff-the DevOps team-applied agile principles to the “last mile” and reduced software deployment from one week to one day. He discusses how their DevOps team collaborated to develop automation solutions to support ongoing deployment activities and solve many issues in the operational environment.
Adopting agile is often a difficult proposition with many variables and sometimes uneven results. Recognizing when your adoption isn't working well and taking pro-active actions to put it back on track are essential. So, how do you know if your adoption is proceeding through rough but expected waters or running the risk of failing? Thomas Stiehm describes the signs of serious adoption problems and the steps you can take to fix them. Leveraging ten years of experience helping teams adopt agile, Tom walks through the many successes and failures he’s seen and, more importantly, the mistakes companies and people made that led to those failures. Learn the remediation steps you can take to re-energize and re-center your adoption efforts. Don’t let small missteps cascade into failure. Instead, join in and take back an action plan that’s sure to increase the odds of making your agile adoption a win for you, your teams, and your company.
The cloud has rapidly gone from “that thing I should know something about” to the “centerpiece of our five-year corporate IT strategy.” However, cloud computing is still in its infancy. The marketing materials ignore or gloss over the many risks present today in the cloud-data loss, security leaks, gaps in availability, migration costs, and more. Ken Johnston and Seth Eliot share new research on the successful migrations of corporate IT and web-based companies to the cloud. They lay out the risks to consider and explore the rewards the cloud has to offer when companies employ sound architecture and design approaches. Discover the foibles of poor architecture and design and how to mitigate these challenges through a novel Test Oriented Architecture (TOA) framework.