Conference Presentations

Preventing Security Breaches at the Source

Security is a complex and often overwhelming issue. You cannot rely solely on trying to prevent hackers from entering your systems. Instead, you must ensure that the system safeguards itself if a hacker does break in. Three of the most common internal software weaknesses hackers exploit are dangerously constructed SQL, buffer overflows, and runtime exceptions that are not properly handled. Although testing existing code for these defects can help, it is not fool proof. You also need to make a concerted effort to prevent security vulnerabilities from being introduced as the team is writing code. Through the application of practices, such as static analysis, dynamic analysis, unit testing, and runtime error detection, you can jumpstart your security efforts and keep the hackers at bay.

  • The most common internal software weaknesses that hackers exploit
Sergei Sokolov, ParaSoft Corporation
Build the "Right Software" to Delight Your Customer

Many companies have implemented quality programs such as CMM®, TQM, Six Sigma, etc., to improve requirements and software development. However, these initiatives often focus on building the software right-meeting quality expectations and specifications-but do not necessarily focus on building the right software-the right functionality at the right time and at the right cost from the customer's perspective. Unmesh Gundewar explains how EMC employed the Goal, Question, Metric (GQM) methodology to identify key measurements that ensure the "right software" is being developed. Learn how EMC applies the Six Sigma approach to drive these measurements into the organization and the resulting software. Move beyond the processes designed to get functional requirements and specifications right as Unmesh shares experiences, the challenges faced, and lessons learned from building the right software.

Unmesh Gundewar, EMC Corporation
A Manager's Guide to Getting the Most Out of Testing and QA

Like other aspects of development, information about testing and QA practices is often buried in technical jargon and hidden from senior management's true understanding. Although corporations have many choices to protect their customers from poor quality software, these choices are so complex that many decision-makers do not understand them well enough. This lack of understanding is dangerous both to the companies and to the test organizations working for them. Whether you are among the decision-makers or someone who needs to influence them, Brian Warren offers, in business terms, a flexible model of how testing and QA can fit into the development organization as seen by IEEE, ASQ, CMMI®, RUP, and others. He provides recommendations for integrating testing and QA functions into your organization and how these functions now are being impacted by the 2002 Sarbanes-Oxley Act.

Brian Warren, Ceridian Corporation
QA Practice in High Maturity Organizations

If your organization aspires to higher maturity, such as CMMI® Level 4 or 5, your Quality Assurances process capability must measure up. As process action team leader, group process assessor, and trainer, Steven Thompson has developed, deployed, and maintained systems for quantitatively managing and continuously improving QA activities in his organization. These systems were formally assessed as satisfying CMMI® Capability Level 5 for the Process and Product Quality Assurance process area, and his organization has been formally assessed at CMM®/CMMI® Level 5 Maturity. Join Steven as he describes his journey growing a QA process capability to Level 5 in a Level 5 company. Learn about their quality management system, encompassing planning and reporting, and find out more about their QA Quantitative Management Model and QA Continuous Improvement Model.

  • Mechanisms to quantitatively manage and improve QA
Steve Thompson, BAE Systems
Software Test Automation Spring 2003: Mission Made Possible: A Lightweight Test Automation Experience

Using a challenging client engagement as a case study, Rex Black shows you how he and a team of test engineers created an integrated, automated unit, component, and integration testing harness, and a lightweight process for using it. The test harness supported both static and dynamic testing of a product that ran on multiple platforms. The test process allowed system development teams spread across three continents to test their own units before checking them into the code repository, while the capture of the tests provided automated integration testing and component regression going forward. He'll also explain the tools available to build such a testing harness and why his team chose the ones they did.

  • Examine the benefits-and challenges-of implementing an integrated, automated component and integration testing process in a Java/EJB development environment
Rex Black, Rex Black Consulting Services, Inc.
Reduce Risk Using Security QA Automation Techniques

Security QA testing is still in its infancy, yet the number of vulnerabilities found in applications is increasing-up by 75 percent in 2001 according to Gartner Group. Although software teams are learning about the types of coding and configuration errors that expose vulnerabilities in an application, a comprehensive QA methodology must be applied to reduce security risk. This means testers need a security policy that can serve as the basis for automated tests. Security experts can define these policies, but testers need to know how to effectively run the security tests in an automated environment to locate vulnerabilities, evaluate their results, and enter bugs for failed tests in a defect tracking system. By automating security tests, organizations can significantly reduce risk and maximize existing resource productivity.

  • Reduce the cost of development by finding security holes early in the cycle, before release
Alexander Mouldovan, Cenzic Inc
Total Reliability Management- Test Automation to Production

Most companies organize their application development teams in a manner that reduces communication. However, the end result of this is that the application is released with more defects and on a delayed schedule. Total reliability management is a new approach to ensuring product quality and timely release. This presentation focuses on how quality assurance can be applied to each phase of the software development and deployment processes. Attend and learn how total reliability management can be achieved, and how your organization can benefit from it.

  • Learn why reliability can't be put in "after the fact"
  • See how production monitoring can provide extremely valuable information
  • Bridge the information gap so development teams can get valuable information from the QA and production teams
Rohit Gupta, Segue Software Inc
Home-Brewed Test Automatioin: Approaches from Extreme Programming Projects

Projects that use eXtreme programming (XP) often do not use commercial GUI test tools, finding it more useful to build their own support for test automation. This session explains the strategies they've used, which can actually cross over to any project where developers take responsibility for building support for automated testing. The XP community has already made an impact on the tools and practices for unit testing in the wider development community. The instructor reviews the potential impact on customer-perspective testing.

  • Share experiences in building in-house GUI test tools
  • How and when to build and use test APIs
  • Open-source tools to support these approaches
Bret Pettichord, Pettichord Consulting
Why Software Quality Assurance Practices Become Evil!

Are your organization's software quality assurance practices (SQA) working well? Would some developers even say they cause discomfort or are destructive? If so, maybe you are focusing too much on the processes and not enough on the underlying principles. Based on his 35 years of being involved in almost every aspect of the software development business from programmer to CEO, Greg Pope shares his eight principles for good software. You'll learn about a quantitative, risk-based approach to tailor these principles into appropriate practices. By employing a context-driven approach to select the right practices for each application and project, you'll go along way toward making customers and developers appreciate the value and benefits of SQA principles and practices.

  • Symptoms of "evil" SQA practices
  • Eight principles for good software development
Gregory Pope, Univ. of California / Lawrence Livermore National Laboritory
State of the Practice in Application Development: A Basis for Benchmarking

This presentation explains why knowing broad industry trends regarding application development is not enough to ensure a successful project. AD should be tightly bound to businesses. Existing measures need to be reviewed and service levels for usefulness in measuring attainment of goals that directly support each line of business need to be considered. Read on as the author details these and other important points.

Robert Solon, Gartner Inc

Pages

CMCrossroads is a TechWell community.

Through conferences, training, consulting, and online resources, TechWell helps you develop and deliver great software every day.