1 / 33

Lightning Talks

Lightning Talks. Presented at Better Software 2005 By Matt Heusser … and the gang. Matt.heusser@gmail.com. Timothy Lister. Atlantic Systems Guild Overwhelm ‘em with estimates tlister@systemsguild.com. Ryan English.

laszlo
Download Presentation

Lightning Talks

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript


  1. Lightning Talks Presented at Better Software 2005 By Matt Heusser … and the gang Matt.heusser@gmail.com

  2. Timothy Lister Atlantic Systems GuildOverwhelm ‘em with estimatestlister@systemsguild.com

  3. Ryan English SPI DynamicsThe Road to Secure Software Nirvana:Web Application Security in Quality Assurancerenglish@spidynamics.com

  4. Web Applications Breach the Perimeter

  5. Administration Extension Checking Common File Checks Data Extension Checking Backup Checking Directory Enumeration Path Truncation Hidden Web Paths Forceful Browsing Platform Known Vulnerabilities Examples of Application Security Vulnerabilities Web application vulnerabilities occur in multiple areas. Application Application Application Mapping Cookie Manipulation Custom Application Scripting Parameter Manipulation Reverse Directory Transversal Brute Force Application Mapping Cookie Poisoning/Theft Buffer Overflow SQL Injection Cross-site scripting Administration Platform

  6. Why should QA be concerned about Application Security? Customers In the Field This is the cost to fix a security defect. What would the cost be if you were actually hacked? 100X 15X System/Acceptance Testing Integration Testing 6.5X Static Analysis 1 X Design Development Testing Deployment

  7. Michael Feathers ObjectMentorWorking Cleanmfeathers@mindspring.com

  8. Judy Todd & Gale Anshelm Vertex/Canadian PacificAgile Vs. Plan-Driven Face Offjudy.todd@vertexinc.com

  9. Melissa W. Frail The MathWorks, Inc.QE Industry Round TableMelissa.Frail@mathworks.com

  10. QE Industry Round Table • Why • To learn from other organizations and share best practices • What • Discuss a topic of mutual interest (e.g. Performance, Internationalization, RCAs, Metrics) • 2-3 short presentations followed by group discussion • Who • QE managers from local companies • When • Once per quarter, for an afternoon Melissa W. Frail The MathWorks, Inc Better Software 2005

  11. Getting Started • Identify Participants • Invite contacts at other companies • Network within your company • Talk to new hires about their previous companies • Ground Rules • No NDAs – share what you are comfortable sharing • No recruiting Melissa W. Frail The MathWorks, Inc Better Software 2005

  12. Matthew Heusser Secrets of the Baby WhispererMatthew.Heusser@gmail.com

  13. LaBarron Lewis EBSCO/MetaPressTwo benefits of test management softwareLLewis@web.ebsco.com

  14. Greg Pope University of California LLNL‘Test’ is a four-letter wordpope12@llnl.gov

  15. The Word Test • “When was the first time you heard the word test?” • “Where were you when you first heard the word test”? • “How did the word test make you feel”?

  16. Usual Answer • “It was my third grade teacher at school, and I felt nervous and afraid.” • Less Frequent - “It was my third grade teacher, and I was happy and excited to show how smart I was.”

  17. Openness to Testing • “I’m sure there is nothing wrong with the software, so go ahead and test it, better you find defects than our customers.”

  18. More Common • “There is no need to test my software because there is nothing wrong with it.” • “You are not qualified to test my software because you don’t know as much as I do about it.” • “If any Test Engineers come into our office again to test our software we will throw them through the third floor window.”

  19. Bug Free Software? • “The software was so good that the developers felt it to be without bugs and not necessary to test. We did, however, perform some Rapid Requirement Proofs and found a number of cases of Irregular Convergence and Biased Believability. These findings were handled by the developers as trivial enhancements, which have now been fully implemented, and we are ready to ship after performing the mandatory Independent Observational Scoring.”

  20. Matthew Heusser Healing Software DevelopmentMatt.Heusser@gmail.com

  21. Payson Hall Catalysis GroupFacts about assumptions payson@catalysisgroup.com

  22. Facts & Assumptions Facts are known - How many widgets did we sell last year? Assumptions are placeholders for facts - How many widgets will we sell next year? Payson@catalysisgroup.com

  23. Thanks for coming! Lightning talks will be at STARWest and other upcoming conferences! Call for presentations - http://www.sqe.com/lightningtalks.asp and http://www.xndev.com/Speaking.htm

More Related