|
|
Reduce Risk Using Security QA Automation Techniques Security QA testing is still in its infancy, yet the number of vulnerabilities found in applications is increasing-up by 75 percent in 2001 according to Gartner Group. Although software teams are learning about the types of coding and configuration errors that expose vulnerabilities in an application, a comprehensive QA methodology must be applied to reduce security risk. This means testers need a security policy that can serve as the basis for automated tests. Security experts can define these policies, but testers need to know how to effectively run the security tests in an automated environment to locate vulnerabilities, evaluate their results, and enter bugs for failed tests in a defect tracking system. By automating security tests, organizations can significantly reduce risk and maximize existing resource productivity.
- Reduce the cost of development by finding security holes early in the cycle, before release
|
Alexander Mouldovan, Cenzic Inc
|
|
|
A Formula for Test Automation Success: Finding the Right Mix of Skill Sets and Tools Not sure what elements to consider now that you're ready to embark on the mission of automating your testing? This session explores the possibilities-the key mix of skill sets, processes, and tools-that can make or break any automation effort. The instructor shows you how to develop an informed set of priorities that can make all the difference in your effort's success, and help you avoid project failure.
- Create better, more reusable tests to improve efficiency and effectiveness
- Increase the value and reputation of QA within your organization
- Establish a closer relationship with developers based on mutual respect
|
Gerd Weishaar, IBM Rational software
|
|
|
Total Reliability Management- Test Automation to Production Most companies organize their application development teams in a manner that reduces communication. However, the end result of this is that the application is released with more defects and on a delayed schedule. Total reliability management is a new approach to ensuring product quality and timely release. This presentation focuses on how quality assurance can be applied to each phase of the software development and deployment processes. Attend and learn how total reliability management can be achieved, and how your organization can benefit from it.
- Learn why reliability can't be put in "after the fact"
- See how production monitoring can provide extremely valuable information
- Bridge the information gap so development teams can get valuable information from the QA and production teams
|
Rohit Gupta, Segue Software Inc
|
|
|
Application Performance and Reliability Management - 24x7 Managing system performance and reliability has never been as significantx0151or as challengingx0151as it is now. These days, most organizations have multi-technology, multi-vendor, multi-tier environments. In other words, it’s a world rife with 24-hour, alwaysx0151on complexity. Add to this the need for continual changes to react to shifts in business conditions, technology advances, and mixes of demands and you have a recipe that calls for the highest level of performance and reliability possible. But getting there is next to impossible. However, new concepts emerging from research labs are delivering usable products such as flexible computing, autonomous computing, and self-tuning systems. These possibilities have revolutionary potential for performance management.
- Examine recommended suites of tools and their limitations
- Look at the major innovations and trends, such as self-tuning systems
|
Ross Collard, Collard and Company
|
|
|
Home-Brewed Test Automatioin: Approaches from Extreme Programming Projects Projects that use eXtreme programming (XP) often do not use commercial GUI test tools, finding it more useful to build their own support for test automation. This session explains the strategies they've used, which can actually cross over to any project where developers take responsibility for building support for automated testing. The XP community has already made an impact on the tools and practices for unit testing in the wider development community. The instructor reviews the potential impact on customer-perspective testing.
- Share experiences in building in-house GUI test tools
- How and when to build and use test APIs
- Open-source tools to support these approaches
|
Bret Pettichord, Pettichord Consulting
|
|
|
Smaller-Scale Web Sites Need Performance Testing Too! Even a smaller-scale Web site requires careful planning and execution of performance tests. Making the critical decisions in a timely manner and identifying the performance goals are still prerequisites to a successful test. However, smaller sites don't necessarily have the resources required to do large-scale testing, so compromises have to be made. This requires good test planning. The instructor explains the testing of a small site looking to grow, as well as the successes and pitfalls of achieving reasonable goals.
- Define the test objectives; what's reasonable?
- Plan the test then utilize tools, choices, and tradeoffs effectively
- Apply and understand the results
|
Dale Perry, Software Quality Engineering
|
|
|
Why Software Quality Assurance Practices Become Evil! Are your organization's software quality assurance practices (SQA) working well? Would some developers even say they cause discomfort or are destructive? If so, maybe you are focusing too much on the processes and not enough on the underlying principles. Based on his 35 years of being involved in almost every aspect of the software development business from programmer to CEO, Greg Pope shares his eight principles for good software. You'll learn about a quantitative, risk-based approach to tailor these principles into appropriate practices. By employing a context-driven approach to select the right practices for each application and project, you'll go along way toward making customers and developers appreciate the value and benefits of SQA principles and practices.
- Symptoms of "evil" SQA practices
- Eight principles for good software development
|
Gregory Pope, Univ. of California / Lawrence Livermore National Laboritory
|
|
|
Fault Injection to Stress Test Windows Applications Testing an application's robustness and tolerance for failures in its natural environment can be difficult or impossible. Developers and testers buy tool suites to simulate load, write programs that fill memory, and create large files on disk, all to determine the behavior of their application under test in a hostile and unpredictable environment. Herbert Thompson describes and demonstrates new, cutting edge methods for simulating stress that are more efficient and reliable than current industry practices. Using Windows Media Player and Winamp as examples, he demonstrates how new methods of fault injection can be used to simulate stress on Windows applications.
- Runtime fault injection as a testing and assessment tool
- Cutting edge stress-testing techniques
- An in-depth case study on runtime fault injection
|
Herbert Thompson, Security Innovation
|
|
|
Testing Web Services Interoperability If your development organization is developing Web services because you want independence across languages and platforms, you'll need to undertake serious interoperability testing. John Scarborough explains the problem by creating a matrix of interoperability issues and explores possible testing strategies you might use. He also takes a sober look at what we may not be able to tackle with existing testing technology. Find out about SOAP monitoring and other approaches to interoperability testing. Take away a new understanding of how the desire for interoperability can open up opportunities for hackers and the likelihood of security breaches.
- The matrix for interoperability testing of Web services
- Web services testing experiences from both small and large companies
- The need for designing interoperability testing into the software from the beginning
|
John Scarborough, Disha Technologies Inc.
|
|
|
Testing "Best Practices": From Microsoft's Context to Yours Testing is a never-ending series of trade-off decisions, what to test and what not to test; when to stop testing and release the product; how to budget your testing resources for automated vs. manual testing; how much code coverage is good enough; and much more. To make these difficult judgement calls, we often turn to the "best practices" recommended by testing experts and others who have encountered similar problems. The key to successful implementation is matching their "best practices" to your own context (team make-up, company culture, market
environment, etc.). Barry Preppernau shares his insights gathered from over 20 years of testing experience at Microsoft. You'll learn about the tools and processes that have been successful within Microsoft and ways for you to identify, adapt, and implement successful test improvement
initiatives within your organization.
|
Barry Preppernau, Microsoft Corporation
|
