Conference Presentations

The QA/Testing Perspective on Software Security

Most everyone now realizes that we cannot solve security vulnerabilities with firewalls, virus scanners, and other tactics that build an electronic “moat” around systems. According to Julian Harty, security is not an operational issue, not a developer issue, and not a testing issue. It is a systems issue that you must focus on throughout the software’s life. From a QA/testing perspective, we need to look early in the development process for adequate security requirements. Then, we should assess the designs for vulnerabilities and participate in security code reviews. When specialized, security tests find bugs that get past our early prevention efforts, causal analysis helps prevent the recurring security defects. Dig into system security issues with Julian and learn about manual techniques, commercial software, and home-brew automation tools to help you find security vulnerabilities-before the bad guys do.

Julian Harty, Commercetest Limited
Service-Oriented Architecture - Exposed

Service-Oriented Architecture (SOA), incorporating methods for Web services to communicate dynamically, promises to significantly improve organizational operating efficiency, change the way companies conduct business, and even alter the competitive landscape. However, Service-Oriented Architecture is a strategy rather than an objective, and, like any strategy, it is of no value unless it is implemented. With illustrations from companies who today are using SOA to transform their organizations, Sharon Fay shares current practices for exposing Web services and XML to internal development teams, outsourced development, external trading partners, and customers. Learn why reuse is a key method for supporting integration of SOA implementations and how it is being accomplished. Take away a set of metrics that you can use to measure the level of SOA adoption, development productivity gains, and organizational agility.

Sharon Fay, Flashline, Inc.
Compressing Test Execution Time to a 24-Hour Cycle

Software development projects face a growing trend of tighter schedules, more complex environments, and increased time-to-market pressures. Thomas Poirier presents a composite case study that explores how frequently encountered situations can severely impact the duration of the Test Execution Cycle (TEC). Learn strategies and tactics to shorten the TEC to within a 24-hour cycle without sacrificing test coverage.

Thomas Poirier, Conduciv inc.
Validation and Component-Based Development

Component-based development is the practice of constructing software applications from new or existing encapsulated language-independent modules. In his presentation, David Wood details a case study on the use of opaque-box testing, coupled with code coverage and pre-/post-conditions, to provide validated software components. Learn about component-based development and how to apply it to your projects.

Rob Harris, Harris Corporation and David Wood, Applied Object Engineering
STAREAST 2000: A Risk-Based Test Strategy

Testing information systems should be based on the business risks to the organization using these information systems. In practice, test managers often take an intuitive approach to test coverage for risks. In this double-track presentation, discover how a "stepwise" definition of test strategy can be used for any test level as well as the overall strategy-providing better insight and a sound basis for negotiating testing depth.

Ingrid Ottevanger, IQUIP Informatica
Trimming the Test Suite: Using Coverage Analysis to Minimize Re-Testing

Coverage Analysis System (CAS) data is often useful in determining that enough tests have been written, and identifying C-code lines that have no test coverage. In this presentation, Jim Boone explores various methods that use CAS data to determine the best set of automated tests to execute for a corrected defect. Learn the strengths, weaknesses, and best stage for using each method.

Jim Boone, SAS, Institute, inc.
Interpreting Graphical Defect Trend Data

Evaluation of graphical defect trend data can dramatically increase your ability to predict current project quality, schedule milestone compliance, and provide historical data for proper test and development scheduling of later revisions. Jim Olsen will explore some of the complexities in analyzing graphic defect trending in this presentation (winner of the Best Presentation award for ASM'99). Learn ways to determine how much time establishes a trend, when the appropriate time to start taking data occurs, what type of data to track, and how to estimate the amplitude of defect oscillations at the end of the product cycle.

Jim Olsen, Novell, Inc.
Estimating and Tracking Software Size without Lines of Code or Function Points

Sandee Guidry explains the processes that were used to effectively manage projects at Defense Financial Accounting System (DFAS). This presentation walks you through the process from when project requests are originated, through the analysis of requirements, the development of estimates, etc., to the delivery of the final project. Learn estimation methods and tools that were seamlessly integrated to deliver each project's committed functionality -- on time and on budget.

Sandee Guidry, DOD/DFAS/SEOPE
Web Log Analysis for Performance Troubleshooting

Web server logs contain powerful-but often hidden-information about the performance of your Web application. In this session, you'll learn how easy it is to enlarge your toolkit for Web performance testing. For instance, Web Performance Log Analysis is a new activity that's based on performance information of Web server logs (elapsed time, bandwidth, number of hits, and more). Giuseppe Cassone shows you all the information you can extract from the log (with a focus on performance) and how you can best use it.

Giuseppe Cassone, Telecom Italia Lab SPA
Basis Path Testing for Structural and Integration Testing

Basis path testing is a structural testing technique that identifies test cases based on the flows or logical paths that can be taken through the software. A basis path is a unique path through the software where no iterations are allowed; they're atomic level paths, and all possible paths through the system are linear combinations of them. Basis path testing uses a Cyclomatic metric that measures the complexity of a source code unit by examining the control flow structure. Basis path testing can also be applied to integration testing when software units/components are integrated together. You'll see how the use of the technique quantifies the integration effort involved as well as the design-level complexity.

Theresa Hunt, The Westfall Team


AgileConnection is a TechWell community.

Through conferences, training, consulting, and online resources, TechWell helps you develop and deliver great software every day.