With rapid application development environments and sometimes daily product releases, test cases can be an unnecessary burden on testers. Test cases are expensive to write, often fail to adequately describe interrelationships, and are ineffective for whole-team collaboration. Brett Leonard explains how you can employ software models to replace test cases as your main vehicle for test design, execution, and reporting. Using real-life examples from testing a business-to-business networking application, Brett explains two types of models to accelerate your test efforts: the simple Straight-Line Model approach and the more robust Uniform Customer Modeling language. By planning and executing tests from models, you will quickly gain an understanding of the software under test and have a new tool for collaborating with developers and all project stakeholders.

Expert answers to frequently asked questions. In this issue, David Hussman explains how to write good user stories.

To ensure the quality and safety of Web applications, security testing is a necessity. So, how do you cover all the different threats-SQL injection, cross-site scripting, buffer overflow, and others? James Knowlton explains how Ruby combined with Watir-both freely available-makes a great toolset for testing Web application security. Testing many common security vulnerabilities requires posting data to a Web server via a client, exactly what Watir does. The Ruby side of Watir, a full-function programming language, provides the tools for querying the database, checking audit logs, and other test-related processing. For example, you can use Ruby to generate random data or large datasets to throw at a Web application. James describes common security attacks and demonstrates step-by-step examples of testing these attack types with Ruby and Watir.

Exploratory testing is a popular approach, but many testers secretly worry they might be doing it wrong. Jonathan Kohl addresses those concerns by explaining exploratory testing in ways that testers identify with.