SQE STARWEST Conference Brochure 2008

COnCUrrent SeSSiOnS MONDAY, MAY 16, 8:30-5:00 friDay, OCTOBeR 3, 10:00 a.m. f1 TEST MAnAGEMEnT f4 SECuRITy toward an exploratory testing Culture Rob Sabourin, AmiBug.com, Inc. Traditional testing teams often agonize over exploratory testing. How can they plan and design tests without detailed up-front documentation? stubborn testers may want to quit because they are being asked to move out of their comfort zone. Can a team’s testing culture be changed? Rob sabourin describes how several teams have undergone dramatic shifts to embrace exploratory testing. learn how to blend cognitive thinking skills, subject matter expertise, and “hard earned” experience to help refocus your team and improve your outcomes. learn to separate bureaucracy from thinking and paperwork from value. explore motivations for change and resistance to it in different project contexts. leverage Parkinson’s law—work expands to fill the time available—and Dijkstra’s Principle—testing can show the presence of bugs, but not their absence—to inspire and motivate you and your team to get comfortable in the world of exploratory testing. f2 automating Security testing with cUrl and Perl Paco Hope, Cigital Although all teams want to test their applications for security, our plates are already full with functional tests. what if we could automate those security tests? Fortunately, most web-based and desktop applications submit readily to automated testing. Paco Hope explores two flexible, powerful, and totally free tools that can help to automate security tests. cUrl is a free program that issues automatic basic web requests; Perl is a well-known programming language ideally suited for writing test scripts. Paco demonstrates the basics of automating tests using both tools and then explores some of the more complicated concerns that arise during automationauthentication, session state, and parsing responses. He then illustrates simulated malicious inputs and the resulting outputs that show whether the software has embedded security problems. The techniques demonstrated in this session apply equally well to all web platforms and all desktop operating systems. you’ll leave with an understanding of the basics and a long list of resources you can reference to learn more about web security test automation. f5 TEST TECHnIquES truths and Myths of Static analysis Paul Anderson, GrammaTech identifying defects with static analysis tools has advanced significantly in the last few years. yet, there still are many misconceptions about the capabilities and limits of these innovative tools—and sales propaganda such as “100% path coverage” has not helped at all. Paul Anderson debunks common myths and clarifies the strengths and limitations of static-analysis technology. you’ll learn about the types of defects that these tools can catch and the types they miss. Paul demystifies static analysis jargon, explaining terms such as object-sensitive and context-sensitive. Find out how the FDA uses static analysis today to evaluate medical device software. Paul jumpstarts your understanding of static analysis so you can decide where to apply this technology and have more knowledge and confidence in your interactions with tool vendors. f3 SPECIAL TOPICS Database Locking: what testers Should know, why testers Should Care Justin Callison, Luxoft Canada Database locking is a complicated technical issue for some testers. Although we often think that this issue belongs in the realm of the developer and the DBA—“it’s not my problem”—database locking is the enemy of functional and performance testers. As Justin Callison can personally attest, locking defects have led to many disasters in production systems. However, there is hope! Justin sheds light on the problem of database locking, how it varies among different platforms, and the application issues that can arise. Armed with a new understanding of database locking, you can develop effective testing strategies. Join in and learn about these strategies: designing explicit locking tests, ensuring appropriate test data, implementing sufficient monitoring, and combining manual with automated testing to avoid disaster. AGILE TESTInG Lessons Learned in acceptance test-Driven Development Antony Marcano, testingReflections.com Acceptance Test-Driven Development (ATDD), an application of the test-first practice of XP and agile development, can add enormous value to agile teams that are proficient in these practices. Moving from awareness of ATDD to being proficient at practicing ATDD comes about only after learning some important lessons. First, no one group can “own” the process. second, ATDD is first about helping the customer and the team understand the problem; then it is about testing. Third, writing automated acceptance tests in ATDD is not the same as writing automated tests with typical automation tools. Antony Marcano shares his experiences with ATDD—the good, the bad, and the ugly—and the many other lessons he’s learned in the process. Discover the benefits and pitfalls of ATDD and take advantage of Antony’s experiences so that you avoid common mistakes that teams make on their journey to becoming proficient practitioners of ATDD. “Variety of speakers–some with very different viewpoints. Great that it’s not homogenized to one view. Amazing breadth of coverage-thanks! SQE Rocks!” Jim Peak Tester, Future Point Systems Call 888.268.8770 or 904.278.0524 to register • www.sqe.Com/swreg 25 http://testingReflections.com http://www.sqe.com/swreg

Table of Contents Feed for the Digital Edition of SQE STARWEST Conference Brochure 2008

SQE STARWEST Conference Conference-At-A-Glance Pre-Conference Tutorials Keynote Sessions Concurrent Sessions Registration Information

For optimal viewing of this digital publication, please enable JavaScript and then refresh the page. If you would like to try to load the digital publication without using Flash Player detection, please click here.