Better Software - July/August 2008 - (Page SW13) Pre-COnferenCe tUtOriaLS tUeSDay, sePTeMBeR 30, 8:30-4:30 (FUll DAy) TF requirements-Based testing Richard Bender, Bender RBT, Inc. Testers use requirements as an oracle to verify the success or failure of their tests. Richard Bender presents the principles of the Requirements-Based Testing methodology in which the software’s specifications drive the testing process. Richard discusses proven techniques that ensure requirements are accurate, complete, unambiguous, and logically consistent. Requirements-based testing provides a process for first testing the integrity of the specifications. it then provides the algorithms for designing an optimized set of tests sufficient to verify the system from a black-box perspective. Find out how to design test cases to validate that the design and code fully implement all functional requirements. Determine which test design strategy—cause-effect graphing, equivalence class testing, orthogonal pairs, and more—to apply to your applications. By employing a requirements-based testing approach, you will be able to quantify test completion criteria and measure test status. Richard Bender has been involved in test and evaluation since 1969. He has authored and co-authored books and courses on quality assurance and test, software development lifecycles, analysis and design, software maintenance, and project management. Richard has worked with an international clientele in a wide range of industries from financial to academic. TG Session-Based exploratory testing Jon Bach, Quardev, Inc. The agile nature of exploratory testing makes it a widely-used and effective test approach, especially when testing time is limited. But despite the ability of testers to rapidly apply their skill, exploratory testing is often dismissed by project managers who regard exploration as unreproducible, immeasurable, and unaccountable. if you find this to be true where you work, a solution may be to use session-Based Test Management (sBTM), developed by Jon Bach and his brother James, to solve these problems. in sBTM, testers are assigned areas of a product to explore, and testing is time-boxed in “sessions” which have mission statements called “charters.” Together, these create a meaningful and countable unit of work. Using a simulated project, you’ll practice elements of sessions, including chartering, paired testing (working with another tester on the same mission), storytelling (taking notes during your testing), and debriefing (responding to questions after your session). Jon will use a freely available, open source tool to help manage and measure testing effort done in sessions. Jon Bach is senior consultant and manager for corporate intellect at Quardev, Inc., a Seattle outsource test lab where he manages testing projects ranging from a few days to several months using Rapid Testing techniques. In 2000, Jon and his brother James invented the “Session-Based Test Management” technique for managing and measuring exploratory testing. In his thirteen years of testing, Jon has been a test contractor, full-time test manager, and consultant for companies such as Microsoft and Hewlett-Packard. He has written articles for both Better software and ieee Computer magazines. TH test Process improvement UPDateD Martin Pol and Ruud Teunissen, POLTEQ IT Services BV what is the maturity of your testing process? How do you compare to other organizations and to industry standards? To find out, join Martin Pol and Ruud Teunissen for an introduction to the Test Process improvement (TPi®) model, an industry standard for testing maturity assessments. Although many organizations want to improve testing, they lack the foundations required for success. improving your testing requires three things: (1) understanding key test process areas, (2) knowing your current position in each of these areas, and (3) having the tools and skills to implement needed improvements. Rather than guessing what to do, begin with the TPi® model as your guide. Using as examples real world TPi® assessments that they have performed, Martin and Ruud describe a practical assessment approach that is suitable for both smaller, informal organizations and larger, formal companies. Take back valuable references, templates, examples, and links to start your improvement program. TPI® is a registered trademark of Sogeti USA LLC. Martin Pol has played a significant role in helping to raise the awareness and improve the performance of testing worldwide. Martin provides international testing consulting services through POLTEQ IT Services BV. During recent years, he has specialized in test outsourcing/offshoring, and he has developed an approach to successfully deal with this phenomenon. His experiences in both India and China are of great value. He has supported many organizations to define the test service levels, to organize the prerequisites, and to implement test outsourcing management and monitoring. Ruud Teunissen, International Test Consultant at POLTEQ IT Services BV, has performed several test functions in a large number of IT projects: tester, test specialist, test consultant, and test manager. Together with Martin Pol, he is co-author of several books on structured testing. His main focus at this moment is test management and test process improvement. TI Protecting your applications from web Security Vulnerabilities Caleb Sima, Hewlett Packard new Does your security testing focus mainly on user identification, access control, and encryption? Although that’s a start, you also should be concerned about application security from the outside world of dangerous hackers. Caleb sima, a white-hat hacker who has broken into countless web applications, demonstrates popular hacking techniques, such as sQl injection, cross-site scripting, and more. Using live web sites, he takes you step-by-step through traditional web site and newer Ajax security vulnerabilities. learn where these issues are present in your systems, how you can find them, and what hackers can accomplish if you don’t. Caleb describes attacks via server-side application “holes” and how phishers, boters, and worm authors use these vulnerabilities to exploit web-based systems. He discusses browser/server interaction issues, the increasing attack surface in newer web applications, repudiation of HTTP requests, and how hackers expose application logic. Get a “behind the scenes” look at the thought processes of hackers who are actively working to circumvent your web applications’ security measures. Caleb Sima is HP Application Security Center’s chief technologist. He is the former co-founder and CTO of SPI Dynamics acquired by HP Software in August 2007. He is responsible for directing the strategic direction of the company’s Web application security solutions. Caleb is widely recognized as an expert in Web security, penetration testing, and identifying emerging security threats. His pioneering efforts and expertise in Web security have helped define the direction of the Web application security industry. Caleb is a contributing author to various magazines and online columns, and is a co-author of the book, Hacking exposed web Applications: web security secrets & solutions. Call 888.268.8770 or 904.278.0524 to register • www.sqe.Com/swreg 13 http://www.sqe.com/swreg
For optimal viewing of this digital publication, please enable JavaScript and then refresh the page. If you would like to try to load the digital publication without using Flash Player detection, please click here.