|
|
Web 2.0: The Fall and Rise of the User Experience The Web has enabled pervasive global information sharing, commerce, and communications on a scale thought to be impossible only ten years ago. At the same time, the Web dealt a setback in the user interface experience of networked applications. Only now are Web standards and technologies emerging that can bring us back to the rich and robust user experiences that were developed in the desktop client/server era before the Web came along. Wayne Hom presents examples of great, rich client Web user interfaces and discusses the enabling tools, technologies, and methodologies for today’s popular Web 2.0 approaches. Wayne discusses the not-so-obvious pitfalls of the new technologies and concludes with a look at user interface opportunities beyond the current Web 2.0 state-of-the-art to see what may be possible in the future.
- User experiences on the Web versus older technologies
|
Wayne Hom, Augmentum Inc.
|
|
|
Testing Web Applications for Security Defects Approximately three-fourths of today's successful system security breaches are perpetrated not through network or operating system security flaws but through customer-facing Web applications. How can you ensure that your organization is protected from holes that let hackers invade your systems? Only by thoroughly testing your Web applications for security defects and vulnerabilities. Michael Sutton describes the three basic security testing approaches available to testers-source code analysis, manual penetration testing, and automated penetration testing. Michael explains the key differences in these methods, the types of defects and vulnerabilities that each detects, and the advantages and disadvantages of each method. Learn how to get started in security testing and how to choose the best strategy for
- Basic security vulnerabilities in Web applications
- Skills needed in security testing
|
Michael Sutton, SPI Dynamics
|
|
|
Web Services Interface Design - Pitfalls and Proven Techniques Designing Web services is all about the interface. Although tools for Web services development have advanced to the point where exposing application functionality is simple, the ease of building Web services does not diminish the need for careful planning and a highly functional design. Dave Mount opens his presentation by spinning the cautionary tale of slapping together a Web services interface on a poorly structured application. This scenario serves as a reference point for a subsequent discussion of the pitfalls of a poorly designed interface. Dave illustrates techniques for correcting problems and improving the Web services interface. Looking at high profile Web services provided by Google, eBay, and Salesforce.com, he shows how an external perspective that emphasizes consistency and conceptual clarity is key to Web services interface design.
|
Dave Mount, J-Soup Software, Inc
|
|
|
STAREAST 2006: Apprenticeships: A Forgotten Concept in Testing The system of apprenticeship was first developed in the late Middle Ages. The uneducated and inexperienced were employed by a master craftsman in exchange for formal training in a particular craft. So why does apprenticeship seldom happen within software testing? Do we subconsciously believe that just about anyone can test software? Join Lloyd Roden and discover what apprenticeship training is and-even more importantly-what it is not. Learn how this practice can be easily adapted to suit software testing. Find out about the advantages and disadvantages of several apprenticeship models: Chief Tester, Hierarchical, Buddy, and Coterie. With personal experiences to share, Lloyd shows how projects will benefit immediately with the rebirth of the apprenticeship system in your test team.
- Four apprenticeship models that can apply to software testers
- Measures of the benefits and return on investment of apprenticeships
|
Lloyd Roden, Grove Consultants
|
|
|
Test Driven Development - It's Not Just for Unit Testing Test-driven development (TDD) is a new approach for software construction in which developers write automated unit tests before writing the code. These automated tests are always rerun after any codes changes. Proponents assert that TDD delivers software that is easier to maintain and of higher quality than using traditional development approaches. Based on experiences gained from real-world projects employing TDD, Peter Zimmerer shares his view of TDD's advantages and disadvantages and how the TDD concept can be extended to all levels of testing. Learn how to use TDD practices that support preventive testing throughout development and result in new levels of cooperation between developers and testers. Take away practical approaches and hints for introducing and practicing test-driven development in your organization.
|
Peter Zimmerer, Siemens
|
|
|
Project Retrospectives At the rate Web vulnerabilities are being discovered and exploited, the security industry cannot afford to continue trying to keep up with patches and fixes. Cross-site scripting, SQL injection, command injection-attacks like these result from vulnerabilities in inadequately designed or written code, creating opportunities for attackers to threaten privacy and steal data. The only way to truly eliminate these vulnerabilities is to address them at their origin-in the source code itself. The critical sources of threats in an application come from coding errors, configuration issues, and design flaws. Using actual security failures, Daniel Hestad describes the dirty baker's dozen code-based vulnerabilities found in Web software. Learn to locate, understand, and eliminate these vulnerabilities before they present untold risks to your organization.
|
Lucille Parnes, Software Process Improvement Consultant
|
|
|
Achieving Meaningful Metrics from Your Test Automation Tools In addition to the efficiency improvements you expect from automated testing tools, you can-and should-expect them to provide valuable metrics to help manage your testing effort. By exploiting the programmability of automation tools, you can support the measurement and reporting aspects of your department. Learn how Jack Frank employs these tools with minimal effort to create test execution
status reports, coverage metrics, and other key management reports. Learn what measurement data your automation tool needs to log for later reporting. See examples of the operational reports his automation tools generate, including run/re-run/not run, pass/fail, percent complete, and percent of overall system tested. Take with you examples of senior management reports, including Jack's favorite, "My Bosses' Boss Test Status Report"-names will be changed to hide the guilty. Regardless of the
|
Jack Frank, Mosaic Inc
|
|
|
How GM Tests Web Services General Motors is on the road to a Service Oriented Architecture (SOA) as its computing standard. To proceed they need to understand the scalability and throughput limits of the message-centric Web services approach that is the essence of SOA. General Motors chose SOA to build its next generation information systems, using Web services and ebXML technology. Service consumers and service providers will exchange Unified Business Language (UBL) Business Object Documents (BODs) to do things like get a purchase order and acknowledge an order. Frank Cohen presents the test methodology and findings from the GM Web Service Performance Benchmark project for its SOA applications and highlights a huge, impending industry-wide problem with Web services. Take home a test methodology to check SOA and Web Services for scalability in your environment.
|
Frank Cohen, PushToTest
|
|
|
Load Testing the MSNBC 2002 Winter Olympics Web Site When the Canadian pairs figure skating controversy erupted during the 2002 Winter Olympics, TV viewers hit the MSNBC Web site with a fury. But the site was ready and responded without a hitch due to the carefully planned and executed load testing of the voting applications. The MSNBC site received four to five million visitors a day with sudden bursts of traffic due to breaking news. In this session, Suzanne Wagstaff reviews the process she used for planning and preparing to test the MSNBC site, revealing a performance test methodology that works for any scale Web site. Learn about hardware profiling and a process that identifies distributed and on-site risks, including software, hardware, and personnel, to ensure a successful application rollout.
- A scalable methodology for performance testing
- How to identify performance and load risks prior to testing
|
Suzanne Wagstaff, KeyLabs
|
|
|
Service-Oriented Architecture - Exposed Service-Oriented Architecture (SOA), incorporating methods for Web services to communicate dynamically, promises to significantly improve organizational operating efficiency, change the way companies conduct business, and even alter the competitive landscape. However, Service-Oriented Architecture is a strategy rather than an objective, and, like any strategy, it is of no value unless it is implemented. With illustrations from companies who today are using SOA to transform their organizations, Sharon Fay shares current practices for exposing Web services and XML to internal development teams, outsourced development, external trading partners, and customers. Learn why reuse is a key method for supporting integration of SOA implementations and how it is being accomplished. Take away a set of metrics that you can use to measure the level of SOA adoption, development productivity gains, and organizational agility.
|
Sharon Fay, Flashline, Inc.
|
