|
|
Gotcha!...Security Testing for Mission Critical Applications A local television station provides a Web service that allows schools and businesses in the area to easily enter information on closures due to bad weather. The information then is displayed as a crawl along the bottom of the television screen. Some kids hack into the site and declare their school closed for the day, and it's immediately shown on everyone's television! It's a cute story. Now let's imagine that these same kids hack the prices on your eCommerce site or obtain access to sensitive customer records on your company Web site. This time the story is not so laughable. Mike Andrews shares his favorite top ten holes in Web site security including "SQL injection" and "cross-site scripting," shows examples of each, and discusses the effects these security breaches can have on your site. Fortunately, the number of attacks is rather small and easy to repair-if you know where to look.
|
Michael Andrews, Florida Institute of Technology
|
|
|
Automation Architectures -- Best Practices in Your Context How are you going to develop 1,000 or more automated test cases and run them automatically and unattended night after night? Commercial test automation tools get a bad rap because many organizations never get past the record / playback / fail cycle of frustration. These tools can contribute to your testing needs, but first you must understand what has to be done to make them work for you. Jamie Mitchell outlines different test automation architectures successfully in use today and discusses the pros and cons of each. He provides an up-to-date review of test automation tool categories for functional testing and discusses what it takes to implement them robustly. To meet your unique testing needs, find out which framework or combination of practices from different frameworks will work best in your environment and for your applications.
|
Jamie Mitchell, Test & Automation Consulting LLC
|
|
|
Get Your Testing Message Across We all know how important test progress (or lack of) is to the success of the project. But why is it that sometimes no one takes notice? Valuable test reports provide information that is needed, not just easy to gather. Test progress reports aid management in decision-making and risk assessment and help testing teams set priorities. In this presentation, Isabel Evans asks, "Do our reports add value for their audience or are we just supplying 'chart junk' that will not be read? Are we providing teams and managers with information they need or giving them what we have? Do our reports and charts emphasize or hide our message? Are our reports clear and to the point?" She discusses what types of information different audiences need and when; how to display information using charts, diagrams, and text to be effective; and how to predict future progress from past reports.
|
Isabel Evans, Testing Solutions Group Ltd.
|
|
|
A Strategic Approach - "Beta the Business" Beta testing is an industry standard practice to obtain user feedback prior to general availability of software. Have you ever considered that the Beta release can be used to validate the software's value to customers and application users? Extending the Beta concept will result in higher customer satisfaction (and higher revenue for commercial products). Also, you can employ Beta testing to evaluate not only the software product, but the distribution (and sales) process, training, customer support, and usage within your customers' environments. Far beyond just finding defects in the product, you can focus Beta testing on how well the software is meeting your customers' needs. What does that mean to the Development team and the organization as a whole? What are the risks and challenges that we face? What are the rewards?
|
Pete Conway, EMC Corporation
|
|
|
Breakthroughs in Measurement and Benchmarking The "business of IT" is in the limelight more than ever. The economic, regulatory, and geopolitical changes of the past three years have made companies rethink everything from their IT cost structure to their service delivery models and the value of software to their enterprise. CIO's have asked for innovations to make software development more agile and adaptive and ways to more effectively communicate with their business units. These pressures have driven leaders to implement breakthrough ideas resulting in a focus on new (and more important) measures of performance. Quantitative techniques are now available to better align business and IT through the implementation of powerful and expressive product/service catalog structures. If your organization embraces these new methods and techniques, it will benefit from full transparency and an enterprise view of its software portfolio as a critical business asset.
|
Howard Rubin, META Group Inc
|
|
|
Software is Entering a New Dimension - Are You Ready? A revolution in the business of software is coming . . . The boundaries between the business and IT from one enterprise to another will disappear. The space around functional system silos will dissolve. How we develop and deploy software will have to undergo radical change, challenging our entire thought process about how, why, and for whom we build it. Already today, delivery cycle times are down to days and business processes embedded in software represent invaluable corporate intellectual property. Soon, service-oriented architectures will enable ad hoc application integration and sophisticated, dynamic user-driven software configurations. Web services, already deployed on many corporate Intranets, will be exposed to customers (and competitors as well as malicious hackers). These forces represent profound changes in how software is developed and deployed.
|
Linda Hayes, WorkSoft
|
|
|
Getting Started with Test Driven Development Test-driven (or test first) development (TDD) is an excellent method for improving the quality of software applications. It forces the programmer to focus on ensuring that the behavior of the objects at the lowest level of the system is appropriate. It also provides a mechanism to ensure that future source code changes do not break existing behaviors. Using C++ as the example language, Robert Walsh presents an overview of test-driven development, available TDD testing frameworks, and a demonstration of a project started from scratch using TDD. You can apply these concepts to other languages, including Java and Visual Basic. Learn how to overcome the initial hurdles many developers experience when starting out with TDD.
- An introduction to test-driven development using C++ as the example language
- The testing frameworks available for TDD
- Programming tasks that are difficult to implement using TDD
|
Robert Walsh, EnvisionWare, Inc.
|
|
|
Preventing Security Breaches at the Source Security is a complex and often overwhelming issue. You cannot rely solely on trying to prevent hackers from entering your systems. Instead, you must ensure that the system safeguards itself if a hacker does break in. Three of the most common internal software weaknesses hackers exploit are dangerously constructed SQL, buffer overflows, and runtime exceptions that are not properly handled. Although testing existing code for these defects can help, it is not fool proof. You also need to make a concerted effort to prevent security vulnerabilities from being introduced as the team is writing code. Through the application of practices, such as static analysis, dynamic analysis, unit testing, and runtime error detection, you can jumpstart your security efforts and keep the hackers at bay.
- The most common internal software weaknesses that hackers exploit
|
Sergei Sokolov, ParaSoft Corporation
|
|
|
Continuous Integration Using an Open Source Platform Architecture Continuous integration is the process of performing a fully automated build, run often, usually daily, during software development. How do you develop a robust platform architecture to automatically integrate your software into builds? How can open source tools fill the gaps in your platform architecture? After examining the benefits of continuous integration, Paul Duvall discusses techniques, such as architectural validation, configuration management, automated unit testing, and report generation within the process. From a working reference implementation in Java, learn the attributes of an effective platform architecture for continuous integration. Additionally, Paul will introduce you to open source tools, such as Ant, Maven, CruiseControl, Eclipse, xUnit, and others that can help you implement a continuous integration architecture in your environment.
|
Paul Duvall, Cigital, Inc.
|
|
|
Open Source Development Tools: Coping with Fear, Uncertainty, and Doubt Using open source tools in a development and test environment can be a big relief for your budget. However, open source remains a foreign and often frightening concept for many developers and organizations. Today, open source options are available for all types of tools used in the development process. In this session, you will gain a better understanding of the tradeoffs between choosing open source and commercial tools. In addition, you will learn about the wide variety of open source tools available for many operating environments and how to locate the most robust ones. Danny Faught, who has actively evaluated open source tools as they have evolved over the last five years, provides an honest analysis of the benefits and difficulties you may encounter using these tools for development.
- Open source tools to consider for you and your team
|
Danny Faught, Tejas Software Consulting
|
