Security

Conference Presentations

Exploiting a Broken Design Process

A major flaw in the way most code is designed allows you to break the code by exploiting the flaw. Learn how this "trick" can force software into a state from which it produces incorrect results. Observe live demonstrations on applying this "trick" to popular software programs and code. Discuss ways to build test automation that methodically searches for these flaws.

James Whittaker, Florida Tech, Computer Science
STAREAST 2002: Testing Web Site Security

The Internet can be a less-than-secure place to conduct business. So how do you make sure your Web site is secure from attack? Is a firewall the only line of defense you need? This presentation provides insight into the different attack points that a hacker could seek to exploit. It teaches you what to look for when testing the security of a Web site and delivers a simple, ten-step process for testing the security of a Web site.

Steve Splaine, Splaine & Associates
Requirements Are Requirements Are Requirements - Not!

"This isn't what I need," states Customer Bob. "But it's what you said you wanted," replies Engineer Joe. "It's not right. I need something else." We've all encountered this classic users-don't-know-what-they-want scenario. The fact that software professionals continue to have this same experience over and over again suggests that we're overlooking the real reasons for the user/engineer disconnect. This presentation contrasts the different uses of the term "requirements" as it explores the possible solutions to improving understanding between business people and technical people.

Robin Goldsmith, GoPro Management, Inc.
Get Real! Creating Realistic, Actionable Project Schedules

The preparation of a realistic, practical project schedule is an essential management function for obtaining stakeholder commitment, setting expectations, and communicating within the team and organization what is achievable. Doing this preparation well is another challenge-one that must be conquered. Rex Black helps participants see the bigger project scheduling picture by focusing on issues such as constituent tasks, the underlying dependencies between them, and the risks attached to the completion of those tasks.

Rex Black, Rex Black Consulting Services, Inc.
Bottlenecks Exposed: The Most Frequently Found Performance Problems

Dan Downing's experience with stress testing projects has revealed a handful of common denominators present in most Web site performance problems. These include memory starvation; a CPU-gobbling database access; improperly sized heaps, caches, and pools; poor application design; and load balancing that doesn't balance. This presentation uses actual B2C and B2B project examples to show you a symptom-measurement-diagnostic approach to understanding, exposing, and documenting these common problems.

Dan Downing, Mentora
Targeted Software Fault Insertion

Since the completely random software fault insertion techniques suggested in much of the research literature are not practical for most software products, this paper suggests that a modest targeted software fault insertion effort for a few common error conditions can have a dramatic impact on defect detection rates and quality. The paper uses the example of a software fault insertion subsystem, codenamed Faulty Towers, which was added to Mangosoft Incorporated’s test automation in order to target
common failures and errors.

Paul Houlihan, MangoSoft Corporation
Predictive Metrics to Estimate Post Project Costs

How much will it cost to support your software project based on current estimations? Discover the answer to this question by using statistical estimation methods-including the S-curve and the Rayleigh curve-to help you determine where your projects are in relation to required quality and trendings to meet your post-project cost goals. Learn how to use metrics to predict post-project costs and make better release decisions based on these predictions.

Geoffrey Facer, Intel Corporation
When Your Developers Don't Work for You-How I Managed A Band of "Hackers"

The future of the development world lies with a bunch of skilled programmers living wherever they want, taking whichever projects they like, naming their price, and disappearing once the project is over. At many firms, that is already the reality. In this presentation, learn how one company effectively managed valuable but volatile people resources. Discover why process and formality are important, and why certain practices are indispensable for minimizing risk and keeping everyone happy.

Lee Fischman, Galorath, Inc.

Pages

StickyMinds is a TechWell community.

Through conferences, training, consulting, and online resources, TechWell helps you develop and deliver great software every day.