|
Tuesday and Wednesday
Presentations:
A first look at Visual
Studio for DB Professionals:
"Visual Studio for Database
Professionals (Community
Technology Preview, or CTP)
was released in August 2006,
and provides developers and
QA engineers with simple
change management and
testing tools for SQL server
database projects. In this
"hands-on" presentation we
will go over some key
features introduced in VS
for DB Pros, and show how
developers and QA engineers
can utilized these new tools
to simplify database
software testing tasks."
Adaptive Automated
Testing With AberroTest –
The future of automated
software test:
Adaptive Automated Testing
goes beyond keyword-testing,
and is not only completely
script free but requires no
test authoring of any type.
Come find out how it works
and how it can be employed
by non-programmers. Automate
software testing earlier for
a fraction of the cost of
current automation tools.
Adding
Assurance to Business Rules:
Some business users are
migrating towards the
'Business rule approach'
where business policy
statements are encoded in a
rule-based system that
allows for more rapid change
of software systems that
affect the business.
Business users are
increasingly demanding
direct control of the
expression and deployment of
these 'executable policy
statements', in effect
bypassing established,
traditional IT controls for
software development,
testing, and deployment.
IT is rightly concerned
about losing some of this
control. High assurance
requirements demand that the
business rule approach
conform to some level of
formality and rigor in the
testing and deployment
of business rules that is
acceptable to IT. The
requirement for agility
(flexibility and speed
of change) wanted by the
business user requires some
level of constraint,
automation, and guidance
from IT to allow the
business user to deploy
business rule changes with a
high degree of confidence.
This presentation will
provide an analysis, along
with a solution that’s
experience based and a
conclusion.
Automated Database Testing:
Testing and Using Stored
Procedures: Today’s
complex software systems
access heterogeneous data
from a variety of backend
databases. The intricate mix
of client-server and
Web-enabled database
applications are extremely
difficult to test
productively. As a result,
today’s test engineers are
increasingly expected to
know how to create and use
Structured Query Language
(SQL), stored procedures,
and other relational
database objects to
effectively test data driven
environments. Current
relational database systems
increasingly use objects
called stored procedures to
contain application logic
that was formerly on the
front-end of the
application. For reasons
like performance and
security, this logic is
being moved to the
application's backend inside
stored procedures. This
change has made it
increasingly likely that
your testing effort is
missing important
application functionality.
Test engineers can also
productively use stored
procedures to automate
database testing. Attendees
will learn: Why testing of
database objects and stored
procedures is necessary and
why popular automated tools
can’t fill the need. How to
successfully test database
objects such as stored
procedures and views with
many examples and code
Specific stored procedures
that are valuable for
typical testing situations.
How these automated tests
can be productively
interleaved with other
popular testing tools.
Automated Testing in the
.NET Environment: A New
Opportunity for Test
Professionals:
Testing
in the .NET environment has
changed radically within
only the past few years from
a black box approach to
today’s full integration of
software development and
test in the .NET platform
itself. Find out what this
new approach means to you
and to the future of the
software testing industry.
This talk is not just
for Microsoft shops! This
new approach may just
revolutionize the how both
test and development are
treated in the software
process now and into the
future. Will your approach
be left in the dust? Learn
how the new approach affects
your best practices for
development and test. How
testing in .NET compares to
traditional and current
practices. Beyond the hype:
Find out what the problems
and advantages are with this
approach and what it can and
can't do for you. Learn
about the new features in
the Team Edition for Testers
software that are creating
all the buzz.
Automated Testing Using
Continuous Integration:
How do you make regression
tests automatic? Which
tools do you use and why?
Paul will show you how to
execute a suite of automated
tests anytime a change is
made to your Software
Configuration Management
system using the practice of
Continuous Integration
(CI). The following topics
will be covered:
Introduction to CI and the
CruiseControl CI tool;
Overview of automated test
types and testing tools;
Running automated
regressions tests using the
CruiseControl tool;
Both .NET and Java examples
will be included in live
demonstrations;
Types of Tests that will be
discussed are Unit Testing
using JUnit and NUnit;
Component Testing;
Functional Testing using
Selenium; presentation will
include a discussion on
System Testing;
Others types of testing will
be discussed, but not
demonstrated: Database,
Security, Performance;
Run tests from build script
using Ant and NAnt and
running tests from
CruiseControl
Automate and Collaborate:
A lot of work goes into
creating automation to test
software. The more projects
that are being tested, the
more automation there will
be. Yet a lot of teams will
be implementing the same
automation in a different
form. Everyone needs to
record test results. Some
teams may need to reboot the
system mid-test. In a
typical organization there
will probably be two
mechanisms created to save
the results, and two or more
ways used to reboot a
system.
This is unnecessary, and
slows down the creation of
automation.
Using a collaborative
system, users can store
their methods and
investigations so other
implementers can look for
how it has been implemented
in current and previous
projects. Now once one team
has created a reporting
system, any subsequent team
can avoid the overhead of
creating such a framework,
and use what another team
created. Or, to reboot a
system, another team may
learn about the shutdown
command rather than having
to dedicate an engineer to
write a reboot tool. If one
user or team has implemented
part of the automation you
need, why not use their work
and save yourself some time?
This presentation outlines
an approach to a central
automation repository that
can be reused within your
company and will prevent you
from reinventing the wheel
many times over.
Code Coverage
Analysis:
Adding Value to Your Process:
To ensure that the best
product is delivered to the
customer, it is important to
include code coverage
analysis as part of your
test processes. Test
processes that are
solely based on business
requirements (functionality)
are essential, but
can miss testing of some
essential code, especially
in areas such as design
decisions and exception
handling. This presentation
will discuss reasons for
using code coverage analysis
alongside other testing
techniques and automated
tools during life cycle
phases. Various levels of
code coverage, as well as
techniques for enhancing the
value of code coverage
analysis in conjunction with
other analysis techniques,
will be explored. Lessons
learned in the real-life
testing of applications of
various types will also be
described. Suggestions will
be provided for how to
integrate code coverage
analysis into your
organization's test process.
Compuware’s Security
Assessment solution:
One of the major
contributing factors to
application security
problems is that software is
often developed without
security in mind.
Application security issues
can arise due to lack of
security requirements,
design flaws, poor coding
practices, or oversights
within software test cases.
These issues can lead to
serious problems with the
applications that critical
business processes rely on.
Changing processes and
modifying how developers
work can be quite
challenging. However, there
are solutions and methods
that anyone involved in the
software security process
can utilize to see immediate
security improvements
without impeding the
momentum and workload of
development. In this
presentation, Compuware’s
Security Assessment solution
will be examined. An
analysis of how it can be
utilized to enhance the
applications integrity as
well as how to inject
security into the
development process will be
discussed.
Cost Effective Test
Automation:
Automated testing is
typically the most expensive
kind of testing an
organization does.
Automation script authors
need to have strategies for
coding their scripts that
result in returns on the
costs incurred in creating
them. Otherwise the
organization can wind up
with tens of thousands of
lines of scripts that only
find defects in the scripts
themselves. Bill focuses
this talk on cost effective
script writing strategies.
He begins the talk by
describing the "VCR" model
of automated testing, an
approach that is easy to
explain but which Bill
believes is not cost
effective. He
then describes two alternate
approaches to automation
that he finds more
effective. Finally, he'll
cover techniques he's
developed that he believes
have general applicability.
Creating you own Automation
Tool:
It seems like everyone wants
or needs to automate their
manual testing and for a
variety of reasons.
Companies will go out and
spend thousands of dollars
to buy an off-the-shelf tool
only to find the tool
sitting on the shelf years
later. So why spend the
money on a tool that is not
being used. With the
enormous amount of free
tools available why not use
them. Why not build your own
automation tool that is
fully customizable.
This class will detail the
process of creating your own
automation framework. The
framework will allow you to
plug in products that need
to be tested. The automation
framework contains detailed
logging and records test
results into a relational
database. It also is
completely data and action
driven. Testers can change
the setup, execution, clean
up, and/or expected results
verification without
changing a line of source
code.
The class will walk you
through the creation of such
a framework using our own
automation framework as a
living-breathing example.
The class will also
demonstrate the return of
investment of using a single
framework that can execute
automated tests across
multiple products.
Case for Automated
Testing: Given the
relatively little use of
test automation throughout
the testing universe one
begins to wonder if the
expense does justify the
end. From a manager's
perspective, automation
should increase the
efficiency of the testing
team, allow the team to be
more responsive to last
minute releases, and reduce
the cost of testing. From a
test engineer's perspective,
automation should reduce
tedious typing, allow for
increased analytical time,
and provide career enhancing
skills. But is all of this
really happening? This
session separates fact from
fiction and seeks to answer
the age old question: Can we
justify test automation?
Change Management for SQL
Server:
The presentation will
outline the purpose of
change management, to
include the costs of not
doing it at all. It will
cover the people and roles
and walk through a normal
change process then escalate
to an emergency change
process. It will cover the
Technology and Tools used
for effective change
management for SQL Server.
Database Validation
Testing: Discuss real life situations
where testing discovered
major problems prior to
production deployment of
major applications.
Situation 1 - Major insurer,
3rd time system
was written (in house,
external, then managed by
consulting firm which walked
out when fixed price
contract was exceeded,
leaving no documentation).
Situation 2 - Data
warehousing company,
statistical modeling
application for largest
client using data which was
sold to several customers.
Used functional
spec/technical spec system
of documentation. Project
18 months behind schedule;
strong belief that data was
clean.
After the presenter designed test
plans, both cases had system
ready to deploy within 3
months with successful first
time implementations.
This presentation will
discuss the database testing
challenges for both
situations and how the
projects succeeded despite
their challenges.
Determining
Exploitability and Severity
of Vulnerabilities:
Your security testing has
turned up a number of
potential vulnerabilities in
an application. How do you
sort through them to
identify which ones really
are security
vulnerabilities? How do you
prioritize the
vulnerabilities and decide
which must be fixed before
shipping and which may be
accepted? This presentation
will give some technical
background on common classes
of security vulnerabilities
and how they are exploited.
With this knowledge,
software testers can better
identify when they have
uncovered a serious security
vulnerability and determine
how exploitable it is. The
exploitability of a
vulnerability will be
measured in terms of time
required to exploit,
reliability of the exploit,
access granted, and
positioning required. From
this, a risk rating can be
assigned to the
vulnerability in order to
prioritize its remediation
among other development
tasks.
Developer Testing Best
Practices:
Developer testing has
arguably become an industry
expectation due to
the immediate positive
affects testing code early
has on software quality.
It’s no surprise that Java’s
JUnit framework has become
the de facto standard for
developer testing. In the
years since JUnit’s
introduction, a number of
frameworks have been built
to enhance its utility for
testing and validating XML,
controlling the state of a
database, testing legacy
code, performance testing,
and functional web testing.
In this session we’ll take a
look at XMLUnit for testing
XML related code, DbUnit for
testing code which depends
on a database, JUnit-addons
for testing private methods,
JUnitPerf for load and
performance testing, and
JWebUnit for functional web
and user acceptance testing.
We’ll also examine the
extensibility of these
frameworks in an effort to
combine them into handy
aggregate frameworks for
performance testing of
database code, scenario
testing of web sites, and
any other combinations we
can cook up.
Evaluating Requirements for
Testability:
For a test engineer, perhaps
the most important measure
of requirements quality is
testability. By improving
testability during
requirements development,
you not only will make test
design easier, but you also
will have gone a long way
toward building better
software for less cost. It’s
much easier for developers
to design and code from
“good” requirements. Learn
methods to identify the
requirements problems that
reduce or improve
testability: ambiguity,
incompleteness,
inconsistency,
incorrectness, and
"compound-ness." This method
first was used successfully
in a very large payroll
system development project
and has since been practiced
in both large and small
development projects. From
this session take away a
spreadsheet-based method for
tracking requirements
testability throughout the
project, and see examples
from an Access database that
can be used for further
requirements analysis.
How to analyze requirements
for attributes that increase
testability.
A way to correlate
requirements testability
analysis results and what
can go wrong with this
practice will also be
discussed.
Getting a Handle on Risk:
Risk Based Testing
Strategies:
With the rapid pace of
application development in
the e-business world,
testing has become a
challenging proposition.
Trying to meet even tighter
deadlines while still
delivering products that
meet customer requirements
is the greatest challenge
testers face today.
Formulating answers to
age-old questions like “What
should we test?” and “How
long do we test?” requires
different strategies in
fast-paced environments.
Stakeholders are looking for
testers to provide answers
to additional questions such
as:
Does the product meet our
quality expectations?
Is the application ready for
users?
What can we expect when
2,000 people hit the site?
What are we risking if we
release now?
Meeting the Demands:
One way for testers to meet
the demands of rapid
application implementation
is to use a risk-based
approach to defining
requirements and strategy.
Such an approach allows you
to assess the risks of
potential problems in the
product compared to the
quality expectations that a
stakeholder has. A sound
risk-based test strategy can
increase the probability
that:
The most important problems
are found;
Problems are detected early;
Problems with the most
potential rework are found
first;
Requirements with the most
impact to users are tested
first;
Accurate information on
product quality can be
provided.
The proposed risk strategy
for testing moves us from
the informal approach
experienced testers often
use to a more formal and
systematic way of assessing
risk that allows you to base
your test strategy on the
assessment as well as
address the quality concerns
of the stakeholder.With the rapid pace of
application development,
testing has become a
challenging proposition.
Trying to meet tight
deadlines and deliver
products that meet customer
requirements is the greatest
challenge testers face
today. This presentation
discusses a risk assessment
tool that is used to assess
risks associated with
product testing. The
assessment tool provides an
alternative to “guesses”
about what should be tested,
and helps test managers
determine where they should
concentrate their efforts.
Hands-on with Free Web
Security Testing Tools:
Web portal technology
whether Java, .NET, or
proprietary is pervasive.
Tool vendors often imply
that only expensive tools
can find security issues and
provide you the insight you
need. This session shows you
how much low-hanging fruit
you can pick with freely
available tools. The tools
are based on popular, free
packages like perl, or are
open source and based on
readily available platforms
like Java and .NET.
Regardless of whether you
test .NET, Java, or
CGI-based systems, the
techniques in this session
will apply. In this session,
participants will:
Go beyond the browser: Learn
the fundamental techniques
of attacking a web-based
system in automated,
programmatic ways.
Learn the basics of several
proxy-based testing tools:
WebScarab, Paros, and
TamperData.
Learn the methods of
encoding and decoding data
in the formats commonly used
in HTTP.
Learn to spider a web site
using a tool like Nikto to
find bad defaults, cross
site scripting
vulnerabilities, debugging
debris and more.
Learn the signs of security
weakness like bad session
IDs, bad input handling, and
information leakage.
The session will include
live demonstrations of all
the tools. At the end of
this session, attendees will
have a thorough appreciation
and basic knowledge of
operation for several free
tools. Attendees will
understand how they can
automate security testing
with these tools, and how
they can interpret the
results to improve their own
testing.
Attendees will benefit most
if they have some background
with web systems and a
scripting language like
perl, but that's not
required.
High Reuse, Low Maintenance:
A Practical Approach to Test
Automation:
Traditional test automation
techniques have been known
to be maintenance intensive,
fragile in nature, require
technical capabilities of
those working with test
automation scripts, and
typically allowed for only
static data to be captured
in the test scripts.
Additionally, the scripts
recorded in test automation
programs were usually
tightly coupled to that
program and to the
application under test (AUT).
There were usually little
reuse capabilities therefore
productivity gains have been
known to be minimal when
compared to that of manual
testing over time.
The approach to test
automation presented here
breaks work down in an
intuitive, structured, and
maintainable approach
allowing all members of a
testing team to focus on
what they do best. A test
engineer (usually a test
professional with a
programming background) can
dedicate his/her efforts to
coding what is needed to
interact with the AUT. The
functional tester, subject
matter expert (SME), or
business analyst (BA) can
dedicate his/her efforts to
the creation and maintenance
of test assets. The proposed
solution is designed and
constructed using a
"keyword-driven" or the
"table-driven" framework to
test automation.
Find out which widely used
program can be used to
quickly produce a visually
cohesive, wizard based GUI
tool for creating self
documenting test assets, and
learn how to quickly and
intuitively generate and
store repeatable test assets
with relative ease while
reducing error prone scripts
and maintenance costs.
How Technical Should a
Tester Be?
Should all Testers be
Programmers by another Name?
Inevitably, the question
pops up at conference after
conference: should every
tester be a programmer?
Some test managers think
so. Some Software
Development Life Cycles
(SDLCs) seem to even imply
that, “We don’t need no
stinkin’ testers!”
Historically, test team
members have been drawn from
many different disciplines:
Business Analysts, Support,
the User Community,
Training, and yes, even from
the developer ranks.
This workshop has been
designed to pose the
question, “Jut how technical
must a tester be? Rather
than just have one or two
polarizing, talking heads
discuss this important
question, however, we would
like to get the opinions of
the attendees who are on the
front line of testing.
Some of the questions we
would like to discuss:
Does your organization need
highly technical testers?
Is there any value in having
testers with a non-technical
background?
How much training does a
tester need?
Can training alone make a
good tester, or is there an
innate quality needed?
What is the background
profile of the best tester
you have known?
Is it time to rethink the
need for testers?
Should every tester be an
automator?
What is the true value add
of testing specialists?
Should the test group get
more involved in unit
(object, class, component)
testing?
This workshop will have a
moderator, but it is your
input that will make it a
success!
How to Adopt Agile,
Iterative Testing with
OpenUP: Most
traditional test teams deal
with the same problems over
and over: late arriving and
poor quality software,
pressure to compress the
“test phase” because of
production deadlines, and
growing piles of
high-maintenance manual test
scripts. The Open Unified
Process (OpenUP), part of
the open-source Eclipse
Process Framework, offers
test teams a flexible
foundation for adopting
agile testing methods. OpenUP-Test
is a lightweight, iterative
testing process for test
planning, development, and
execution. OpenUP-Test
organizes test teams to
continuously verify quality
across the entire project
lifecycle, in parallel with
system development, and
encourages agile software
test automation approaches
that scale with your
project. If you’re
interested in using an
open-source iterative test
process or just interested
how much “agile” is right
for your test team, come
discuss how to incrementally
adopt flexible but
disciplined software testing
with OpenUP.
Incorporating Test
Automation into Test
Processes:
Many companies are trying to
modernize their testing
methods; many have already
done so. By integrating
their testing team more
firmly into the SDLC, they
are starting to reap the
advantages of early test
planning and design, and
getting more leverage from
their testers in the
organization.
This presentation will
discuss the topic of
integrating automated tests
into the rest of the test
processes that your team
uses. Some of the points
that will be discussed
include:
Ownership of tests: who
should own an automated
test?
Determining results; who
owns the failures?
Making test results
available to all – including
developers.
Saving artifacts from the
automated test process.
Investigating the quality of
automated testing.
Obtaining meaningful metrics
from the automation.
Managing
Upward – Getting Approval
for the Tools you need:
Once you have made your
decision and must now get
management approval to
purchase, what are the steps
you need to take to be the
Executive OK to spend the
money? In this session,
hear from a CEO how to
convince your CEO,
and other members of the
executive team that they
should approve your
proposal. Learn how to build
internal support and
recognize the principal of
‘what’s in it for me?”.
Affect the bigger part of
the decision – after all,
logic is 50% and emotion is
150%.
Model-Based Testing:
One of the primary
difficulties continuously
facing developers is
assuring that the design,
and the implemented code, is
correct. By that, it is
meant that the delivered
system properly and
correctly implements the
requirements of the system.
This is a reasonably
understood - if arduous -
task for functionally
decomposed systems, but how
can we do this with
object-based or
object-oriented systems,
particularly when we use UML
with use case, sequence
diagrams, and statecharts to
capture requirements? This
class discusses how to
effectively transition from
the specification of
requirements in the UML into
the design and testing
phases with continuous,
on-going testing that always
ensures that the evolving
design always meets the
desired requirements.
Pair Programming:
Imagine working the code
while constantly rethinking
the grand scheme of the
design in your head. Imagine
catching your typos first
time, every time. Imagine
finding bugs twice as fast
and having a good
conversation about how to
approach finding them.
Imagine learning new
techniques, ideas and
strategies while working on
your code everyday. If you
already achieve all of these
things on your own then skip
the conference and go
straight to a
psychologist! If not, then
stop by to learn why Pair
Programming is fun,
productive and a tremendous
improvement to the otherwise
black art of lone
gun programming.
Software Assurance Metrics
and Tool Evaluation (SAMATE)
- and
A Standard Test for Source
Code Analyzers:
The presenter
Paul Black leads this
project SAMATE at National
Institute of Standards and
Technology (NIST). This
project develops standard
tests for software assurance
tools and techniques,
particularly those for
security. To develop tests
the SAMATE project is
developing a reference
dataset of thousands of
flawed programs. This
presentation will inform
attendees about the SAMATE
project so the audience can
benefit from the tests and
testing artifacts that are
developed and
contribute to them. It will
also present the interesting
problems in coming up with
tests.
Software Automation
Framework Support: SAFS (Software Automation
Framework Support) is a free
opensource test automation
framework intended for
user-driven, a.k.a.
keyword-driven, a.k.a.
action-based testing. Learn
how both technical
developer-testers and
non-technical experts can be
engaged by the same testing
framework. See how test
assets are independent of
the test tools that will
execute them. Witness how
this enables the tests to
easily migrate from one
testing tool to another or
even be executed by
different testing tools at
the same time.
Topics covered:
What is user-driven test
automation?
What are keyword-based or
action-based tests?
What is the SAFS Framework?
How does this separate our
tests from the tools?
How can tests migrate from
one tool to another?
Various Demos:
Demo Excel-based test
development for
non-technical experts.
Demo execution by a test
tool (Rational Robot).
Demo execution by multiple
tools (Robot and Functional
Tester).
Demo total migration to
another tool (Functional
Tester only).
Demo Eclipse-based test
development for developers.
Software Endgames: Learning
to Finish What You’ve
Started:
Each of us has experienced
more than one software
project that ended badly.
Either the requirements were
misunderstood or implemented
poorly. Or overall quality
targets couldn’t be met
because there were simply
too many defects. Or the
team simply couldn’t decide
on priorities and which
direction to steer the
project.
Many projects fail in their
Endgame during testing. Not
because of the testing per
se, but because of the
massive discovery of defects
and functional gaps that
indicate the true viability
of the project. I call this
time the Software Endgame
and have spent a great deal
of time negotiating its
challenges through numerous
software projects.
This presentation focuses on
a set of 5 high level
practices and techniques
that will help improve your
management and steering
within the endgame.
Providing experienced
guidance that will increase
the odds of your
successfully delivering a
project.
Succeeding with a Code
Analysis Tool:
Code analysis tools play an
important role in the
production of secure and
robust software. The reality
of tool integration is that
it takes more than just
buying a tool to find
success. Real software
development teams have
processes and habits that
can be difficult to adapt to
new tools. As such, there's
a few important steps that
an organization should take
in order to successfully
integrate a code analysis
tool.
To setup for success, we'll
first discuss a good
approach to finding the
right tool for your team.
Logically following, we then
need to determine who, in
your organization are the
right people to be using the
tools. Another crucial piece
is finding the right place
in your software lifecycle
to add the tool. The
proverbial last mile, and
the one of the trickiest
parts to successful
integration, is deciding
how to handle all the
wonderful output from the
code analysis tools. These
processes will vary
according to organization,
but there are a few patterns
for success that work well.
Overall, you'll walk away
equipped with a sound
approach to integration
that'll ensure you get a
high ROI on your tool
investment.
Test Automation for
SAP: Enterprise applications pose
unique testing challenges.
Their configuration flexibility makes them easy
to modify, but their tight
integration increases the
risk of unintended consequences. Changes can be
made in days but may take
months to verify. Since the
best testers are your business process experts,
this takes their time away
from new projects. Automation can help, but technical scripting tools
can’t be used by analysts
and maintaining complex code
takes too long. Learn what
the top challenges are to
efficient and effective testing and how to plan for
success both during the original go-live project and
for future changes and updates. Discover the key
factors that drive quality
for your enterprise application implementation
and assure the reliability
of your critical business
processes.Linda Hayes, BBA, MS, JD is
CTO of Worksoft, Inc. and
brings over twenty years of
test automation experience
to enterprise applications.
She will reveal the secrets
to making test automation
accessible to your business
process experts and avoiding
the trap of writing custom
script code that has to be
maintained and supported.
You will learn how to create
test assets for end to end
testing of business
processes that can be easily
reused, maintained and
transferred over the life of
your enterprise application
deployment.
Tool
Acquisition and
Implementation as Capital
Management:
Many
companies acquire Software
Development/Management tools
without viewing them as
capital assets. In order to
be effectively implemented,
many conditions from Budget
to Process Maturity must be
in place. This presentation
examines the optimal
conditions for the purchase
of six tool classes.
Top 10 Testing Tips for SQL
Server Database Applications:
Are you looking for better
ways to test your SQL Server
applications? Have
you been struggling with
insufficient environments or
unequal database code?
Does testing with SQL Server
become a manual process when
you know it has to
be easier? Come learn about
the Top 10 Testing Tips for
SQL Server where we
will cover these puzzling
questions and more.
Using a Proxy to Test
Web
Applications: Learn to test
web applications for
common classes of
vulnerabilities using OWASP's open source web
proxy. Using
a live application as a
demonstration platform
attendees will see how to
efficiently test for common
issues such as cross-site
scripting, SQL
injection, business logic
errors, and buffer
overflows. WebScarab will be
used to demonstrate common
testing techniques and
tricks on a sample web
based banking application.
Attendees will leave with an
understanding of the
classes of vulnerabilities
common to web applications
and how to test for
them using a proxy.
Using
Code Metrics for Targeted
Code Refactoring:
Often times, candidate code
for refactoring is based
upon a source file's
smell, which its
spotting can take time to
acquire and is largely based
upon subjective
determinations. The proper
use of code metrics, such as
Cyclomatic Complexity,
Fan-In, Fan-Out, and Depth
of Inheritance can also
facilitate the discovery of
candidate code which is in
need of refactoring. For
example, Cyclomatic
Complexity is adept at
spotting methods containing
a high degree of conditional
logic, which, consequently,
can be replaced with
polymorphism as elaborated
in Martin Fowler's seminal
work, Refactoring
with the Replace Conditional
with Polymorphism pattern.
Additionally, excessively
deep hierarchy trees create
problematic testing targets,
which can be broken out into
separate objects with
Fowler's Replace Inheritance
with Delegation and Collapse
Hierarchy patterns. Fan-In
and Fan-Out are quite
effective at pinpointing
brittle code, which can be
refactored into a more
stable state with a plethora
of patterns including
Extract Hierarchy and
Extract Class.
Using Scrum to Manage the
Testing Effort:
Many testing efforts succumb
to management and project
pressures and become chaotic
in their focus and work
quality. It’s simply the
nature of the endgame phase
of software development
projects, where anything
goes in pushing for the
delivery of a product and
it’s usually quality that
goes first. Beyond the
product quality impacts, the
team usually suffers too
with low morale and little
empowerment.
Scrum is one of the Agile
Methodologies and it focuses
on project management in
agile and iterative
development efforts. It can
be successfully applied to
testing efforts to renew
their focus and drastically
improve overall results. In
this presentation we will
explore the Scrum
methodology and learn to
practically apply it to your
testing cycles. You’ll
realize how easy Scrum
overlays on your existing
processes and how much
positive impact it can have
on your team and project
efforts.
A quick overview of the
Scrum methodology as it
applies to the testing
effort will be covered.
Additionally how to define a
testing sprint goal with
your key customers; how to
manage testing as a product
backlog activity – defining
testing focus with the
customer; the value of daily
stand-up meetings in
managing the testing cycle
and how to implement them
correctly; and finally, how
important a testing sprint
review is to set the stage
for the next testing cycle.
What to Test from a Security
Perspective: An Introduction
to Security Testing for the
QA Professional:
As awareness and
prioritization of software
security issues increases,
today's software quality
assurance professionals are
increasingly being asked to
stretch beyond traditional
QA concerns and take on the
verification and testing of
software security issues as
well. For many, this is a
new and unfamiliar domain
without a great deal of
instructive and reference
content known to be
available. This session is
targeted at briefly
introducing QA professionals
to the concepts,
perspectives, practices and
knowledge involved in
software security assurance
and testing such that they
can better understand what
it is that they still
need to learn and what
resources they can look to
for guidance. Learn some of
the fundamental similarities
and differences between
traditional quality
assurance and security
assurance. Learn the basic
perspectives, activities,
artifacts and knowledge
involved in software
security assurance and
testing. And finally, learn
about some key knowledge
resources including the
Common Weakness Enumeration
(CWE) and the Common Attack
Pattern Enumeration and
Classification (CAPEC) that
will not only significantly
reduce your learning curve
in security assurance but
will also dramatically
increase your effectiveness
as a practitioner going
forward. Attendees will
benefit most if they have a
fundamental grounding in
software quality assurance
and at least some
familiarity with the nature and
challenges of software
security issues.
|
