AgileConnection | Agile Software Development Q&A and How-to Advice

Conference Presentations

	Model-Based Security Testing Preventing the release of exploitable software defects is critical for all applications. Traditional software testing approaches are insufficient, and generic tools are incapable of properly targeting your code. We need to detect these defects before going live, and we need a methodology for detection that is cost-efficient and practical. A model-based testing strategy can be applied directly to the security testing problem. Starting with very simple models, you can generate millions of relevant tests that can be executed in a matter of hours. Learn how to build and refine models to focus quickly on the defects that matter. Kyle Larsen shows you how to create a test oracle that can detect application-specific security defects: buffer overflows, uninitialized memory references, denial of service attacks, assertion failures, and memory leaks.	Kyle Larsen, Microsoft Corporation
	Security Testing: Are You a Deer in the Headlights? With frequent reports in the news of successful hacker attacks on Web sites, application security is no longer an afterthought. More than ever, organizations realize that security has to be a priority while applications are being developed-not after. Developers and QA professionals are learning that Web application security vulnerabilities must be treated like any other software defect. Organizations can save time and money by identifying and correcting these security defects early in the development process. Ryan English helps you overcome the “deer in the headlights” look when you are asked to begin testing applications for security issues. See real world examples of company Web sites that have been hacked because of vulnerable applications and see how the attacks could have been avoided. Security defect categories and responsibility areas	Ryan English, SPI Dynamics Inc
	The Software Vulnerability Guide: Uncut and Uncensored Warning: This talk contains graphic examples of software failure . . . not suitable for the faint of heart. This "no holds barred" session arms testers with what they really need to know about finding serious security vulnerabilities. Herbert Thompson takes you on an illustrated tour of the top twelve security vulnerabilities in software and shows you how to find these flaws efficiently. Each vulnerability is brought to life through a live exploit followed by a look at the testing technique that would have exposed the bug. Testers and test managers will leave with a keen awareness of the major vulnerability types and the knowledge and insight to fundamentally improve the security of the applications they support and test.	Herbert Thompson, Security Innovation LLC
	What Lies Beneath Just when you think your application is free of defects, you find security vulnerabilities lurking beneath the surface. Penetration testing can help you get them before they get you. Ryan English discusses vulnerabilities and offers five steps to organizations looking to start a Web application security initiative.	Ryan English July 5, 2006
	Who do You Trust? The defensive programmer may sometimes feel a touch of paranoia in his work, but it’s all part of the job. Writing code today that is robust and defensive will help protect against the potential errors of the unforeseeable future.	Tod Golding May 2, 2006
	A Look at GreenBlue Inspector by Ecyware Why should hackers have all the good tools? Marnie Hutcheson takes a look at Ecyware's GreenBlue Inspector, an inexpensive tool that automates gray box vulnerability testing for simple data types, buffer overflow, SQL injection, and cross-site scripting in forms, cookies, and client requests.	Marnie Hutcheson March 30, 2006
	A Critical Line of Defense Tackle software vulnerabilities at the root—in the applications themselves.	Herbert H. Thompson March 28, 2006
	Testing Web Services Security Many organizations are beginning to deploy Web services as the preferred way to interact electronically with employees, customers, and trading partners. To ensure that these Web services implementations are secure, vulnerability assessment and rigorous testing must be built into the Web services development process. Jack Quinnell describes the current "best practices" in developing and testing the security of an enterprise's Web services applications. He explains what makes Web services vulnerable to attacks and the characteristics of both design-centric and attack-centric vulnerabilities. Learn how to identify and test these vulnerabilities during development and in operational settings. Find out about the latest technology to support testing Web services security. Go away with a new appreciation for the security risks inherent in Web services and what you can do about them.	Jack Quinnell, Kenai Systems
	STARWEST 2004: Testing Dialogues - Management Issues Many organizations are beginning to deploy Web services as the preferred way to interact electronically with employees, customers, and trading partners. To ensure that these Web services implementations are secure, vulnerability assessment and rigorous testing must be built into the Web services development process. Jack Quinnell describes the current "best practices" in developing and testing the security of an enterprise’s Web services applications. He explains what makes Web services vulnerable to attacks and the characteristics of both design-centric and attack-centric vulnerabilities. Learn how to identify and test these vulnerabilities during development and in operational settings. Find out about the latest technology to support testing Web services security. Go away with a new appreciation for the security risks inherent in Web services and what you can do about them.	Facilitated by Esther Derby and Elisabeth Hendrickson
	Testing Windows Registry Entries Warning: Registry keys may be hazardous to your program's health! Registry key entries in Windows applications-visible or hidden-are often neglected by testers. A registry key entry is a program feature just like any other application function and as such needs to be validated. Michael Stahl describes why registry keys should be accorded special attention during testing and proposes a strategy for mitigating risks posed by incorrect registry key entries. He suggests a test strategy, as well as coding standards for input value and type validation, default values, regeneration, and naming rules. Michael demonstrates the use of correct and incorrect registry keys in common commercial applications.	Michael Stahl, Intel Corporation

Pages

Recommended Web Seminars

May 09	Beyond Compliance: Ensuring Accessibility with Innovative Testing Strategies
May 16	Test Ahead of the Curve: Insights for Developing a Superior Test Coverage
May 23	How Generative AI Boosts Speed and Quality in Software Testing
On Demand	Building Confidence in Your Automation
On Demand	Leveraging Open Source Tools for DevSecOps

Featured Resources

Introduction to Containers eGuide | TechWell

Scrum Master Essentials eGuide | TechWell

The Total Economic Impact of Keysight Eggplant Test Automation Software | Keysight

Build vs. Buy: The Hidden Costs of In-House Software Test Automation | Keysight

Test Automation eGuide | TechWell

Visit Our Other Communities

Where configuration management and development professionals go for answers on SCM, ALM, change management, DevOps, tools and more.

The home for software testing and QA professionals—practical advice on test automation, test management, test techniques, and more.

AgileConnection is a TechWell community.

Through conferences, training, consulting, and online resources, TechWell helps you develop and deliver great software every day.

Follow Us

Upcoming Events

Apr 28	STAREAST Software Testing Conference in Orlando & Online
Jun 02	AI Con USA Bridging Minds and Machines
Sep 22	STARWEST Software Testing Conference in Anaheim & Online
Oct 13	Agile + DevOps USA The Conference for Agile and DevOps Professionals