Conference Presentations

Beyond GUI: What You Need to Know about Database Testing

Today's complex software systems access heterogeneous data from a variety of back-end databases. The intricate mix of client-server and Web-enabled database applications are extremely difficult to test productively. Testing at the data access layer is the point at which your application
communicates with the database. Tests at this level are vital to improve not only your overall test strategy, but also your product's quality. Mary Sweeney explains what you need to know to test the SQL database engine, stored procedures, and data views. Find out how to design effective automated tests that exercise the complete database layer of your applications. You'll learn about the most common and vexing defects related to SQL databases and the best tools available to support your testing efforts.

Mary Sweeney, Exceed Training
Security Testing Web Applications

Often, the fast-paced development cycles of Web applications don't usually leave much room for testing. Thanks to the instant service pack phenomenon, we can update a Web application every day-so it's ok if things aren't perfect, right? That may be the case for functional bugs, but not security bugs. All an attacker needs is a very small window of opportunity to do damage. James Whittaker shows you how to identify these threats and demonstrates examples of attacks against them. From "SQL injection" to "cross-site scripting," and many more, you’ll leave with the knowledge of how a hacker views your online business and, as a tester, what you can do about it.

Dr. Mike Andrews, Florida Institute of Technology
STARWEST 2003: How To Break Software Security

We have all experienced the "thrill" of functional testing, going through requirements and then crafting test cases to ensure that the application behaves according to specifications. While this method has its place, it misses many classes of bugs, especially security bugs. For example, security bugs can manifest as extra functionality that may not violate requirements directly, but still expose catastrophic holes in software. Based on strategies that have successfully broken some of the world's most secure applications, Herbert Thompson presents the tools and techniques you need to find security problems before your application is released. Learn the security attacks and tools to uncover security vulnerabilities before hackers discover them for you.

Herbert Thompson, Security Innovation LLC
STAREAST 2003: Rapid Web Testing in a High-Velocity Environment

This paper discusses implementing METS (Minimal Essential Testing Strategy) for your test team. METS is a strategy to help get the essential testing for your project done within the time frame allowed. Step by step instructions for using this methodology are included.

Greg Paskal, Kinko's
Security Testing by Steven Splaine

For anyone involved in security testing, or for anyone who is just plain curious about this area of software testing, the following references will provide a good starting point for any effort that you might be asked to undertake. In this issue, Steven Splaine discusses this important aspect of software engineering.

Steven Splaine
Security Bugs Exposed

The one thing that is crystal clear with respect to software security is that it isn't done well. Security bugs and design deficiencies that allow digital information to be stolen or tampered with are far too prevalent. As testing professionals, we have a big problem, and a big opportunity, on our hands. Learn ways to find security vulnerabilities in your system.

Usability and Privacy

While most bugs that make headline news are due to careless software implementations exploited by skilled hackers, the problems in KaZaA center around its user interface. This article details KaZaA's application flaws and then suggests ways to prevent such flaws.

Nathaniel Good
STARWEST 2002: How to Break Software Security

This presentation addresses classifying, finding, and attacking software security vulnerabilities.

James Whittaker, Florida Institue of Technology and Herbert Thompson, System Integrity
Testing Component-Based Software

Today component engineering is gaining substantial interest in the software engineering community. Jerry Gao provides insight and observations on component testability and proposes a new model to represent and measure the maturity levels of a component testing process. In this presentation, you will identify, classify, and discuss new issues in testing component-based software.

Jerry Gao, San Jose State University
Software Inspection: Taking a Step Forward to Completion

A software inspection is a well-known method in the industry today to improve the quality of software that we produce. Examine the problems that Intel Corporation faced with implementing this process and how they overcame the issues to see some very good results--ultimately attaining closure with 96% of their inspections.

Neela Majumder, Intel Corporation

Pages

AgileConnection is a TechWell community.

Through conferences, training, consulting, and online resources, TechWell helps you develop and deliver great software every day.