STARWEST 2006 Concurrent Sessions
Go To: Wednesday | Thursday | Friday
View by Track
| Wednesday, October 18, 2006 11:30 AM|
|The Nine “Forgettings”|
Lee Copeland, Software Quality Engineering
People forget things. Simple things like keys, passwords, and the names of friends long ago. People forget more important things like passports, anniversaries, and backing up data. But Lee Copeland is concerned with things that the testing community is forgetting—forgetting our beginnings. We forget the grandfathers of formal testing and the contributions they made. We forget organizational context, the reason we exist and where we fit in our company. We forget to grow, to learn, and to practice the latest testing techniques. And we forget process context, the reason that a process was first created but which may no longer exist. Join Lee for an explanation of these nine “forgettings”, the negative effects of each, and how we can use them to improve our testing, our organization, and ourselves.
• Learn how we must constantly rediscover
Understand that each “forgetting” limits our personal and organizational ability
Discover the power we have to grow and to improve
|Back to the Beginning: Testing Principles Revisited|
Erik Petersen, Emprove
In 1976, Glenford Myers listed a set of testing principles in his book Software Reliability. Computing has changed dramatically since those days! iPods have more computing power than the Apollo spacecraft. Testing has even been recognized as a profession—but testing approaches have not changed substantially since Myers’ book. Erik Petersen examines classic testing principles to help us understand what still works and what doesn't. He compares some of the originals with newer principles, including those from the international ISTQB™ testing syllabus. Along the way, Erik takes a light-hearted look at the state of software reliability today.
• Review old testing principles that are still applicable
Consider new principles that the first generation of testers missed
Evaluate the quality of software testing today
|Positioning Your Test Automation Team as a Product|
Satya Mantena, Nielsen Media Research
Test automation teams are typically created with the expectation of facilitating faster testing and higher product quality. To achieve these goals, the test automation team must overcome many challenges—stale test data, burdensome test script maintenance, too-frequent product upgrades, insufficient resources, and unfamiliarity with the systems under test. Satya Mantena describes a creative approach to test automation that overcomes these challenges. The first step is implementing keyword-driven testing. Satya demonstrates how the keyword testing approach is implemented proving this approach is not just theory but has been “proven in action.” Satya concludes by showing how positioning the test automation team as a “product” rather than as a central service, or embedded within each testing team, results in better testing.
• Examine the difference between a service and a product
Increase the probability of a successful test automation effort
Learn how to reduce time while increasing the success of test automation
|Security Testing: From Threat to Attack to Fix|
Julian Harty, Google, Inc.
Based on his years of experience in security testing, Julian Harty believes that most system stakeholders don’t understand—or even recognize—the need for security testing. Perhaps they will pay an external consultant to perform an occasional security audit, but they do not recognize the need for ongoing security testing. Julian will explain why security testing is vital, though often unappreciated. He will describe the security testing lifecycle, from threat, to attack, to fix. Julian shows how to gather information to become productive quickly if we’re invited late to security testing. Julian prefers that we prevent attacks but also describes how to repair damage—to both data and reputation—if your systems are attacked. Join this session to begin security testing at your organization.
• Examine the typical software security issues lifecycle
Determine how to get involved in security testing without a huge, up-front investment
Learn how to recognize your limitations, and when to get help
|Software Disasters and Lessons Learned|
Patricia McQuaid, Cal Poly State University
Software defects come in many forms—from those that cause a brief inconvenience to those that cause fatalities. Patricia McQuaid believes it is important to study software disasters, to alert developers and testers to be ever vigilant, and to understand that huge catastrophes can arise from what seem like small problems. Examining such failures as the Therac-25, Denver airport baggage handling, the Mars Polar Lander, and the Patriot missile, Pat focuses on factors that led to these problems, analyzes the problems, and then explains the lessons to be learned that relate to software engineering, safety engineering, government and corporate regulations, and oversight by users of the systems.
• Learn from our mistakes—not in generalities but in specifics
Understand the synergistic effects of errors
Distinguish between technical failures and management failures
| Wednesday, October 18, 2006 1:45 PM|
|Quantifying the Value of Your Testing to Management|
Arya Barirani, Mercury
Congratulations, you're a true testing expert. You know all there is to know about test planning, design, execution and reporting, performance tests, usability tests, regression tests, agile, SCRUM, and all the rest. But it’s still possible that your IT executives and business stakeholders do not fully understand the value of your work. It's time to communicate with them in a language they understand: Return on Investment (ROI). Arya Barirani will show you how to calculate the ROI of common test activities including test automation, defect reduction, and downtime prevention; how to create reports for maximum effect; and how to evangelize the value of your testing efforts. You will learn how to make better decisions about investments like strategic sourcing, lab infrastructure, and staffing through better quantification of their business value.
• Learn how to use ROI as a metric to demonstrate the value of testing
Consider reporting techniques for maximum executive buy-in
Discover marketing (yes, marketing!) techniques for promoting your testing activities
|Implementing a Final Regression Testing Process|
Jeff Tatelman, Avaya
After applications move into production, it is vital that subsequent additions or modifications are thoroughly tested and that the entire system is re-tested to ensure that it still functions after these changes. This process, called final regression testing, should be repeated for every new release. Many organizations that have attempted to implement a final regression test process have discovered that it isn’t as easy as it sounds. In Jeff Tatleman’s presentation you will learn a step-by-step approach to ensure successful implementation of a process that meets your technical needs and is attractive to your management. These steps include documenting manual test cases, creating a dedicated testing environment, standardizing test data, and using automation.
• Analyze risk to ensure proper regression test coverage
Use manual tests to drive test automation
Simulate the process of migrating into production
|Ruby and WATIR: Your New Test Automation Tools|
Kalen Howell, LexisNexis
Ready to start writing your own test scripts? Not sure of what tools to use? Kalen Howell discovered Ruby, a powerful scripting language that is easy to learn. Using Ruby led Kalen to WATIR, an open source tool written in Ruby. WATIR is used to drive Web sites through Internet Explorer just as a user would. Just by following a few examples, Kalen was able to create automated test scripts in a matter of minutes. Learning more about Ruby enabled Kalen to write more robust scripts. Ruby connects to databases, writes XML, creates and reads data files, and can be used to create customized libraries. Combining the powerful features of WATIR with the robust and easy to learn language of Ruby gives the tester powerful tools for automated scripting.
• Discover how Ruby can be used as a powerful scripting language
Explore how WATIR libraries can be used to effectively test your Web applications
Learn how Ruby and WATIR are ideal in both agile and traditional development processes
|Testing for the Five Most Dangerous Security Vulnerabilities|
Joe Basirico, Security Innovation LLC
Today, secure applications are vital for every organization. Security attacks seem to come from every corner of the globe. If your applications are breached, your organization could lose millions. Currently, the biggest holes in IT security are found in applications rather than system or network software. Perimeter and network defenses are not enough to protect your organization from attacks. Unfortunately, most development and testing teams do not have the expertise or the tools they need to properly secure their applications. Joe Basirico, an experienced software security expert, will highlight the top five security vulnerabilities that testers face today and offer practical how-to tips for testing their applications with security in mind.
• Address security issues before the product ships
Understand the trade-offs among functionality, usability, and security
Select system designs that are “security safe”
|Building a Fully-Virtualized Test Lab|
Ian Robinson, VMware
For many organizations, creating a testing environment to replicate every combination of hardware and software that their users have is cost prohibitive. If your organization faces this challenge, the solution may be to create an infrastructure that is based upon virtual machines. Virtualization allows a single physical server to run the workloads of many different servers. Virtual test environments save time and money and support sophisticated test cases that are not possible in a traditional physical environment. For multi-tiered systems, an interconnected set of servers (application server, Web server, database server, domain controller, and firewall) can be implemented within a family of virtual machines running on a single system. Ian Robinson describes how to transition your test systems from a physical to virtual infrastructure, resulting in a far smaller and more cost-effective number of systems, increased manageability, and the ability to test across a broader range of platforms.
• Learn how to create virtual machine “libraries” of common platforms
Discover how to reproduce defects in a virtualized environment
Use only one system to support multi-tier testing configurations
| Wednesday, October 18, 2006 3:00 PM|
|Step Away From the Tests: Take a Quality Break|
John Lambert, Microsoft Corporation
Designing, implementing, and executing tests is critically important, but testers sometimes need to take a break. John Lambert describes four un-testing techniques that can quickly improve quality: watching bugs, helping developers, talking to other testers, and increasing positive interactions. Watching bugs enables us to see defect patterns that might otherwise go unnoticed. Helping developers allows you to understand their process and help them understand yours. Talking to other testers helps you learn new techniques and share your experience. Increasing positive interactions builds a cohesive team that works together to solve problems. Join John as he presents ways to easily incorporate these un-testing activities into your schedule to help improve the quality of your products.
• Learn why testers need to step away from their daily testing activities
Make a positive impact on your systems’ quality
Add these activities to your schedule
|A Risk-Based Approach to End-to-End System Testing|
Marie Was, CNA Insurance Co
You’ve performed unit, integration, functional, performance, security, and usability testing. Are you ready to go live with this new application? Not unless you’ve performed end-to-end system testing. What’s so important about end-to-end testing? It is the only testing that exercises the system from the users’ point of view. Marie Was presents a case study detailing the introduction of a new insurance product in her organization. Their first step was to create an end-to-end system diagram showing how transactions and data flowed through the system. Next, the risk associated with each of those flows was evaluated. Test cases, and their order of execution, were derived based on the risks identified through interviews of subject matter experts and past experience. A “subway map” identifying the various flows was created and color-coded to help non-technical business stakeholders understand the testing approach. This method was highly effective in both planning the tests and communicating the approach to important stakeholders.
• Create an end-to-end system diagram
Create a “subway map” to help stakeholders understand critical functionality
Learn a highly successful, customer oriented testing process
|Introducing Test Automation: The Pain and Gain of the First Year|
Andy Redwood, Neutrino Systems
Are you contemplating moving from totally manual testing to automated testing? Andy Redwood shares a case study of a leading financial organization in the UK that did exactly that. Their goal was to automate testing using the latest tools across multiple projects. They have just finished the first year of the project and have learned some valuable lessons. Andy will describe this organization’s starting position and the goals they set; a step-by-step tour through the processes, tasks, and activities they performed; the new roles that were needed; and how the organizational structure was changed to support automation. Andy will also share the mistakes they made with decisions, processes, environments, and automation and how they dealt with them. Overall, after the first year, they have laid a foundation for future success based on sound automation principles.
• Learn how to create an automation strategy
Analyze the team structures and people you will need
Discover the issues, risks, and solutions to automation problems
|Testing Web Applications for Security Defects|
Brian Christian, SPI Dynamics Inc
Approximately three-fourths of today’s successful system security breaches are perpetrated not through network or operating system security flaws, but through customer-facing Web applications. How can you ensure that your organization is protected from holes that let hackers invade your systems? Only by thoroughly testing your Web applications for security defects and vulnerabilities. Ryan English describes the three basic security testing approaches available to testers—source code analysis, manual penetration testing, and automated penetration testing. Ryan also explains the key differences in these methods, the types of defects and vulnerabilities that each detects, and the advantages and disadvantages of each. Learn how to get started in security testing and how to choose the best strategy for your organization.
• Understand the basic security vulnerabilities in Web applications
Discover the skills needed in security testing
Learn who should be performing security assessments
|ISTQB™ Certification: Setting the Standard for Tester Professionalism|
Rex Black, Rex Black Consulting
A good test certification program confirms, through objective exams, the knowledge and professional capabilities of software testers. The International Software Testing Qualifications Board (ISTQB™) was formed as a non-profit organization to develop and promote just such a certification throughout the world. The ISTQB™ is comprised of volunteer representatives from eighteen national boards, including the United States, United Kingdom, Germany, Sweden, Israel, India, Japan, Korea, Poland, and other European countries. Rex Black, current President of both the ISTQB™ and the US national board (ASTQB), presents an overview of the first truly international tester certification program. He describes the development of the standard syllabus outlining required knowledge and skills and presents an overview of the three levels of certification available to professional testers.
• Learn about the ISTQB™—an open, international tester certification program
Discover how the syllabus is the distilled wisdom of many experts including practitioners, consultants, trainers, and academicians
Participate in a program with over 32,000 certified testers around the world