|
STARWEST 2003: How To Break Software Security We have all experienced the "thrill" of functional testing, going through requirements and then crafting test cases to ensure that the application behaves according to specifications. While this method has its place, it misses many classes of bugs, especially security bugs. For example, security bugs can manifest as extra functionality that may not violate requirements directly, but still expose catastrophic holes in software. Based on strategies that have successfully broken some of the world's most secure applications, Herbert Thompson presents the tools and techniques you need to find security problems before your application is released. Learn the security attacks and tools to uncover security vulnerabilities before hackers discover them for you.
|
Herbert Thompson, Security Innovation LLC
|
|
STAREAST 2003: Rapid Web Testing in a High-Velocity Environment This paper discusses implementing METS (Minimal Essential Testing Strategy) for your test team. METS is a strategy to help get the essential testing for your project done within the time frame allowed. Step by step instructions for using this methodology are included.
|
Greg Paskal, Kinko's
|
|
STARWEST 2002: How to Break Software Security This presentation addresses classifying, finding, and attacking software security vulnerabilities.
|
James Whittaker, Florida Institue of Technology and Herbert Thompson, System Integrity
|
|
Testing Component-Based Software Today component engineering is gaining substantial interest in the software engineering community. Jerry Gao provides insight and observations on component testability and proposes a new model to represent and measure the maturity levels of a component testing process. In this presentation, you will identify, classify, and discuss new issues in testing component-based software.
|
Jerry Gao, San Jose State University
|
|
Software Inspection: Taking a Step Forward to Completion A software inspection is a well-known method in the industry today to improve the quality of software that we produce. Examine the problems that Intel Corporation faced with implementing this process and how they overcame the issues to see some very good results--ultimately attaining closure with 96% of their inspections.
|
Neela Majumder, Intel Corporation
|
|
Security Testing for E-Commerce Applications It seems that everyone is creating e-commerce applications these days with security being one of the greatest issues. The role of assessing security often falls to the tester, who may feel ill-prepared for the demands imposed by this new paradigm. Learn how to conduct a security assessment for e-commerce and what to look for.
|
Jonathan Beskin, Reliable Software Technologies
|
|
Exploiting a Broken Design Process A major flaw in the way most code is designed allows you to break the code by exploiting the flaw. Learn how this "trick" can force software into a state from which it produces incorrect results. Observe live demonstrations on applying this "trick" to popular software programs and code. Discuss ways to build test automation that methodically searches for these flaws.
|
James Whittaker, Florida Tech, Computer Science
|
|
STAREAST 2002: Testing Web Site Security The Internet can be a less-than-secure place to conduct business. So how do you make sure your Web site is secure from attack? Is a firewall the only line of defense you need? This presentation provides insight into the different attack points that a hacker could seek to exploit. It teaches you what to look for when testing the security of a Web site and delivers a simple, ten-step process for testing the security of a Web site.
|
Steve Splaine, Splaine & Associates
|
|
Requirements Are Requirements Are Requirements - Not! "This isn't what I need," states Customer Bob. "But it's what you said you wanted," replies Engineer Joe. "It's not right. I need something else." We've all encountered this classic users-don't-know-what-they-want scenario. The fact that software professionals continue to have this same experience over and over again suggests that we're overlooking the real reasons for the user/engineer disconnect. This presentation contrasts the different uses of the term "requirements" as it explores the possible solutions to improving understanding between business people and technical people.
|
Robin Goldsmith, GoPro Management, Inc.
|
|
Get Real! Creating Realistic, Actionable Project Schedules The preparation of a realistic, practical project schedule is an essential management function for obtaining stakeholder commitment, setting expectations, and communicating within the team and organization what is achievable. Doing this preparation well is another challenge-one that must be conquered. Rex Black helps participants see the bigger project scheduling picture by focusing on issues such as constituent tasks, the underlying dependencies between them, and the risks attached to the completion of those tasks.
|
Rex Black, Rex Black Consulting Services, Inc.
|