Conference Presentations

Develop and Deliver Secure Web-based Systems

Gartner Group estimates that three-fourths of today's successful Web attacks do not happen via network security flaws but rather by entering directly through defects in application code. To thwart these attacks, you need to institute security procedures and technologies throughout the development lifecycle. Through a review of recent Web application breaches, Dennis Hurst exposes the methods hackers use to execute break-ins via the Web using security defects in the underlying code. In addition to revealing hacker exploits, Dennis outlines coding practices for developing secure Web applications and describes available automated security code testing tools that can help you protect your systems. After completing this session, you will be well versed in the underlying protocols that allow hackers to exploit Web-based applications and, more importantly, understand how to better protect critical applications throughout development.

Dennis Hurst, SPI Dynamics Inc
Agile QA - An Oxymoron?

Your software development group is adopting Agile practices. Documentation and processes now are lightweight. There are more unit tests, and all are automated. The software changes quickly with new releases every one to two weeks. What's happening with QA? Quality Assurance groups are typically accustomed to more heavyweight processes in which they spend a third or more of their time documenting tests and tracking results. QA groups that automate user interface tests have difficulty keeping up with the rapid changes inherent in an Agile environment. So, is there a need for Agile QA? Based on her experiences on Agile projects and the experiences others have shared with her, Elisabeth Hendrickson shows how QA teams can respond by becoming more Agile themselves and learning new ways to support the team and the users when the development team moves to an Agile process.

Elisabeth Hendrickson, Quality Tree Software, Inc.
The Return on Investment for Finding Defects in Test

For testers, finding defects is a way of life. However, we usually don't reflect on what an undiscovered defect can cost a business or how much it costs to find defects late in development. Geoff Horne seeks to put real costs on both of these situations and looks at practical ways to reduce the costs of not finding defects. With real-life case studies that you can use to justify the need for more testing, Geoff provides simple measures and statistics to calculate whether your allocation of testing dollars is too high, too low, or just right. Learn to show how testing can actually save money and how to get the best return for your testing dollar. After all, stock market investors assess their options based on risk and potential return. Why should testing be any different?

Geoff Horne, iSQA
Classic Mistakes in Testing: Revisited

Some common testing practices seem appealing ... but rarely seem to actually work. Yet software development organizations choose them again and again. Project behind schedule? Just shorten the testing phase! Testers pointing out too many problems with the requirements? Kick the testers out of the room! Many of the software testing gurus suggest adding new "best practices" to the test process. Matt Heusser suggests that test process improvement should start by eliminating worst practices instead of adding extra work through new practices. Matt recounts the existing body of classic mistakes offered by Brian Marick and Steve McConnell. Then he offers a new wrinkle: Mistakes often come from a specific root cause such as short-term thinking. Instead of battling over the specific mistake, teams are better off correcting that root cause.

Matthew Heusser, Priority Health
Test Improvement for Highly Reliable NYSE Trading Systems

With billions of dollars changing hands every day, financial trading systems demand extremely high accuracy and reliability. So, how do you improve test process performance in the areas of time to market and efficiency and at the same time reduce failures? Over the last three years, using process and project measurement data as a guide, SIAC has focused on doing exactly that. Steve Boycan highlights the key elements of the process changes that have led to SIAC's current performance: the use of a rigorous requirements engineering process; controlled parallel and iterative work flows; changes to the level of abstraction in test documentation; emphasis on test planning, analysis, and design; causal analysis; and improving the test team's skills.

Steve Boycan, SIAC
Get a New Agile Attitude - Quality First

For decades quality assurance (QA) has been a back-end loaded process. Developers put the bugs in, and QA tests the bugs out. For nearly as long, testers have bemoaned the fact that quality can't be put in at the end, that quality must be built in from the beginning. Support for this view has grown from the grassroots within the development community and is now spreading like wildfire in the software industry. The practice of building (and testing) quality in throughout the development process has come from an unexpected source: Agile methods. Agile methods demand a strong reliance on both automated component testing and acceptance testing. Agile practices recommend that those tests be developed before the code is written and that the tests act as the true requirements for the software.

Robert Martin, Object Mentor
Quality Assurance as a Service Organization

"QA is the bottleneck” ... "Why does QA take so long?" ... "You need to test faster." Often, key project stakeholders either do not understand QA or have difficulty quantifying the effects that increasing or decreasing test time will have on the project. First American CREDCO found the solution was to turn QA into a full service organization, complete with a "Quality Rainbow" menu of options to be purchased. Want it quicker and willing to accept a higher risk? Then select from Column 1. Want low risk and willing to take the time to ensure the product is pristine? Then select from Column 5. Whether your test team is small or large, you can learn to "in-source" QA services, set time and efforts expectations up front, and measure the value of QA activities so that QA does not become a roadblock to project success.

  • A method to specify and quantify the services provided by a QA group
Sandi Oswalt, First American Credco
Free Test Tools are Like a Box of Chocolates

You never know what you are going to get! Until you explore, it can be hard to tell whether a free, shareware, or open source tool is an abandoned and poorly documented research project or a robust powerhouse of a tool. In this information-filled presentation, Danny Faught shows you where open source and freeware tools fit within the overall test tool landscape. During this double session, Danny installs and tries out several tools right on the spot and shares tips on how to evaluate tools you find on the Web. Find out about licensing, maintenance, documentation, Web forums, bugs, and more. Discover the many different types of testing tools that are available for free and where to find them. Danny demonstrates examples of tools that you can put to use as soon as you get back to the office.

Danny Faught, Tejas Software Consulting
Testers and Testing in the Agile Development

You have heard about agile software development techniques such as eXtreme Programming (XP), Scrum, and Agile Modeling (AM). The industry is buzzing with everything from "this is the greatest thing ever" to "it's just hacking with a fancy new name." Comments like "there is no place for testers because developers and users do the testing now" and "testers play an important role in the agile methods" are both common. Scott Ambler, an early proponent of the agile movement, explains the fundamentals, values, and principles of agile development. He describes a range of agile techniques and explores many myths and misconceptions surrounding agility. Agile software development is real, it works, and it may be an important part of your future in testing. Better testing and improved quality are critical aspects of agile software development, but the roles of traditional testers and QA professionals on agile projects remain unclear.

Scott Ambler, Ronin International, Inc.
Getting Started with Test Driven Development

Test-driven (or test first) development (TDD) is an excellent method for improving the quality of software applications. It forces the programmer to focus on ensuring that the behavior of the objects at the lowest level of the system is appropriate. It also provides a mechanism to ensure that future source code changes do not break existing behaviors. Using C++ as the example language, Robert Walsh presents an overview of test-driven development, available TDD testing frameworks, and a demonstration of a project started from scratch using TDD. You can apply these concepts to other languages, including Java and Visual Basic. Learn how to overcome the initial hurdles many developers experience when starting out with TDD.

  • An introduction to test-driven development using C++ as the example language
  • The testing frameworks available for TDD
  • Programming tasks that are difficult to implement using TDD
Robert Walsh, EnvisionWare, Inc.

Pages

CMCrossroads is a TechWell community.

Through conferences, training, consulting, and online resources, TechWell helps you develop and deliver great software every day.