Software Quality Insights


April 29, 2011  3:15 PM

Security testing in an Agile environment

Melanie Luna Melanie Luna Profile: Melanie Luna

Recently, SearchSoftwareQuality.com has been examining the ongoing adoption of the Agile approach in small and large organizations. Our research shows that project success is highly dependent upon diligent requirements management processes and comprehensive security testing efforts.

It can be helpful to learn from others what has worked in the past and what hasn’t. While several aspects of Agile methodologies have changed since its inception a decade ago, some techniques translate into today’s projects. For more on implementing smaller projects, read QA expert professional Chris McMahon’s tip: Early days of Agile development: Lessons for small projects.

Security expert John Overbaugh addresses one of the top security vulnerabilities in Web applications: an injection attack, where the application is tricked into treating input as if it were code so that a hacker can infiltrate the application. For techniques on how to test for injection vulnerabilities, check out his tip: Application security: Testing for injection vulnerabilities.

In preparation for the STAREAST 2011 conference taking place May 1-6, Site Editor Yvette Francino and other SSQ contributors have been conducting interviews with presenters:

  • Learn about Test Centers of Excellence in this interview with quality advocate Tom Delmonte.
  • For information on testing for unexpected problems such as system faults or malicious attacks, read this interview about fuzzing and fault modeling with STAREAST presenter Shmuel Gershon.
  • How has Agile testing changed over the past 10 years, and what are the most important skills for an Agile tester? Find out in this interview between Lisa Crispin and Janet Gregory, co-authors of, “Agile Testing — A Practical Guide for Testers and Agile Teams.”

SearchSoftwareQuality editors and contributors will be in attendance at this important software testing event this week. Check back here for ongoing coverage, including more interviews, tips and blog posts.

April 14, 2011  4:22 PM

Both network and application security are important

Yvette Francino Yvette Francino Profile: Yvette Francino

When people think of security testing, they often think about the network layer — that area outside of the application. However, application security — security within your application — is important as well. John Overbaugh explains the difference in his two recent tips.

In Boost network security using firewalls, encryption and logging, he uses the protection of a home as an analogy:

To illustrate networking and application security, consider a private home with high-value targets. The access to the home (front gate, long driveway, wide lawns, and surveillance cameras) is a crucial element to protecting the home.

Overbaugh compares network security to breaking through the physical security that protects the house and application security to getting in the house and stealing the jewels. In this first tip, Overbaugh stresses the goals of network security, protecting network resources and the integrity of data traveling across the networks.

In his second tip, Application security: Protecting application availability, data confidentiality and integrity, Overbaugh addresses application security concerns. This effort involves keeping the data within an application safe.

Take a look at these two tips to understand more about both network and application security. Both efforts are crucial in keeping your application and data secure.


April 13, 2011  11:35 PM

How to make Agile stick: Howard Deiner at Mile High Agile

Yvette Francino Yvette Francino Profile: Yvette Francino

At the Mile High Agile conference held in Denver on April 7th, Howard Deiner of Deinersoft, Inc. gave a presentation about transitioning to Agile entitled, “How to make sure Agile sticks.”

Deiner’s presentation was filled with stories of Agile transitions and some of the pitfalls and traps that organizations can fall into. “A ‘smell’ is a problem that comes up, and you should raise an eyebrow,” said Deiner when talking about “smells” that warn him that there may be trouble with an Agile transition effort, and it may require further investigation. However, just like with expensive Gorgonzola cheese, Deiner says, you don’t want to toss everything with a suspicious smell.

Examples of “smells” to be leary of with Agile transition include:

  • Coach-lite: The matrixed organization, where a coach is spread across multiple teams.
  • Just fix the delivery team: Applying Agile only to the delivery team rather than the entire organization.
  • Buying tools before you have your processes down: Figure out your processes and buy tools that will fit your needs, rather than the other way around.
  • Closet command and controllers: Management must trust their staff and encourage collaboration.
  • Methodology polytheism: Mixing Agile and traditional methodologies can be wasteful and frustrating.

Deiner gave eight traction tips that would help in making Agile “stick” even when problems are encountered.


April 11, 2011  2:38 PM

Odyssey Software announces the release of Athena Configuration Manager v5.0

Melanie Luna Melanie Luna Profile: Melanie Luna

On April 11, Odyssey Software announced the release of Athena Configuration Manager v5.0, a remote mobile device management (MDM) solution that offers several functionalities, including security, asset inventory, remote assistance and software distribution.

SSQ spoke with Odyssey Software CEO Mark Gentile last week, who shared a couple of mind-boggling statistics: “A recent statistic says that every second there are two iPhones activated. Also, as of two months ago, there were a reported 300,000 Android activations per day.” With numbers like these, mobile security has become increasingly important.

In recent months the market for smartphones and tablets has been experiencing enormous growth. While in the past enterprise IT personnel were primarily focused on desktop and laptop management, there is a growing need to shift focus to phones and tablets due to the sheer number of these devices that employees now use.

Mobile devices often enable access to more than just corporate email, opening up a host of security issues. It’s important for enterprises whose employees use corporate devices remotely to look for solutions that support multiple platforms as well as scalability.

Athena offers several features, which Gentile explained in detail. Since Odyssey Software offers an add-in for Microsoft systems centers, IT staff can manage mobile devices from the same environment as the in-house servers and desktops, so they can control what is happening with all the company’s devices at the same time.

In addition, Athena works to secure all the hot platforms, including iOs and Android. Enterprises can monitor asset inventory and detailed data about each device such as signal strength and software installed. Users can also access remote assistance and other self-service functions.


April 8, 2011  12:24 AM

Jean Tabaka’s keynote at Mile High Agile: Lean in

Yvette Francino Yvette Francino Profile: Yvette Francino

The inaugural Mile High Agile Conference kicked off April 7th with a keynote from Agile Fellow, Jean Tabaka from Rally Software. Addressing the crowd of 500 (a sell-out), Tabaka spoke of the importance of community and working together to “elevate agility,” the conference’s theme in her presentation titled, “Elevating the Agile Community of Thinkers.”

Tabaka started by describing a meeting she’d had with fellow Agile enthusiasts, Liz Keogh and Eric Willeke, in which they forged the idea of creating a “community of thinkers,” — people who would demonstrate leadership behaviors and help promote agile thinking. She stressed the difference between community building and destructive bullying, speaking of the infighting that can happen amongst Agile enthusiasts who are determined to “win” or be “right” and make the other person “wrong.” Instead, Tabaka encourages people to “invite inquiry.” “Your organization is only as wise as the least vocal person,” she says, encouraging everyone to have a voice in discussions.

Throughout the keynote, Tabaka encouraged us to all “lean in” and take risks. “Be prepared to take the hard stuff and push yourself out of your comfort zone,” she encouraged.

Here’s a reaction from Wayne Wells who was at the conference:


April 6, 2011  2:55 PM

Daptiv combines traditional and Agile in PPM solution

Yvette Francino Yvette Francino Profile: Yvette Francino

On April 5th, Daptiv announced the integration of Rally Software with their PPM solution. Project portfolio management (PPM) tracks an organization’s projects so that executives are able to make decisions about company goals, strategies and spending. However, many companies have a variety of software projects using different methodologies and different project management tools and metrics. It can be a challenge to merge those metrics to obtain an overall report of organizational health.

I spoke with Ian Knox, VP of Marketing at Daptiv, about the announcement. He described five primary metrics that all software development projects should track, regardless of methodology being used:

* Scheduled finish date
* Percentage complete
* Scope change
* Cost vs. budget
* Project health

The issue, of course, is that traditional teams track these metrics differently than Agile teams. “The unit of progress in Agile is a story point, whereas with a traditional waterfall it’s reaching a milestone or how many task hours you have completed. The underlying metrics are very different,” said Knox describing one example.

Because many PPM tools don’t have the ability to combine metrics from Agile projects, those projects may be lacking in visibility at the executive level. “When you have a certain number of Agile projects, it makes sense to integrate into a single source of truth for executive portfolio reporting,” said Knox.

Knox stressed that the integration would not impact developers working with Rally. They would continue to do so with no changes required to their Agile practices. “The development team needs to be left alone. Problems happen when project managers try to impose traditional project management reporting on an Agile team and it totally breaks the culture. Our goal with this is to allow the development team to run exactly as they want to with their Agile culture and Agile methodology and then the data is pulled data out of Rally to allow for executive visibility.”

Forrester analyst Dave West says of the announcement:

“We do see a trend of PPM vendors either integrating with ALM tools or building out functionality to support more the management of development projects. The fundamental issue is that planning and management reporting benefits from real development information that ALM tools collect. By injecting the planning information into the development space, it is possible to consistently work within the projects. With the advent of Agile practices, it is clear that planning and development must have a tighter relationship, as planning happens more frequently and status reporting needs to include real time information. It is great that Daptiv is working with a leading Agile tool such as Rally.”


April 5, 2011  1:40 PM

Replay Solutions announces DevOps survey results

Melanie Luna Melanie Luna Profile: Melanie Luna

Tuesday Replay Solutions released the results of a survey conducted in collaboration with HP this January on the evolution of DevOps trends during the past year. Over 1,000 respondents provided feedback on the role of DevOps in their organizations, answering questions about personnel, tools, drivers and advantages.

Jonathan Lindo, Co-Founder and VP of Products & Technologies for Replay Solutions, a company that has been closely involved in the DevOps community, discussed the survey and the results with SearchSoftwareQuality last week, highlighting the correlation between DevOps adoption and the use of Agile development methodologies.

The survey found that DevOps is particularly helpful in facilitating a faster, more iterative software release, increasing speed-to-market and turnaround times due to faster response times. Respondents also cited overall improved communication as a major benefit of this structure.

For more in-depth discussion of the survey results, check out this story on SearchSoftwareQuality.com: Survey Results: No longer an emerging trend, DevOps is here to stay.


April 4, 2011  2:05 PM

Gorilla Logic announces automation test tool for iOS

Yvette Francino Yvette Francino Profile: Yvette Francino


Today Gorilla Logic announced the release of a new open source automation test tool, FoneMonkey 5, for testing iPhone and iPad applications.

I spoke with president and CEO of Gorilla Logic, Stu Stern, who was one of the founders of Gorilla Logic in 2002. A former Sun Microsystems exec, Stern says Gorilla Logic, primarily an Agile development consulting firm, brings an executive perspective with rigorous process to their clients.

“One of the challenges was finding good testing tools for rich applications,” says Stern when talking about the creation of FlexMonkey, their first open source automated test tool for Flex applications.

Now they are following that up with FoneMonkey which is a robust script recording and playback tool, similar to the popular open-source tool, Selenium. Working on both simulators and real devices, FoneMonkey includes code generation options, generating test scripts in Objective-C that can be run under OCUnit, or JavaScript that can be run with Apple’s UI Automation tools.

For more information on mobile application testing, check out these recent SearchSoftwareQuality articles: Tips for application testing on mobile devices and Defining a strategy for testing mobile devices.


April 1, 2011  4:20 PM

uTest announces QADate: High quality dating

Yvette Francino Yvette Francino Profile: Yvette Francino

uTest is known for their crowdsource testing services, but they are now expanding their market to online dating! Today they announced QADate, a free online dating service for software testers. Though the site is designed specifically with testers in mind, all technosexuals familiar with software development will enjoy the features offered. From the press release:

Considering that uTest has a community of more than 37,000 QA professionals worldwide, and broad experience matching skilled testers with leading customers like Google, Microsoft, and AOL, this is a natural, inevitable—and perhaps obvious—step in the company’s growth strategy.

QA professionals certainly understand the importance of validating requirements, so there is no doubt that before embarking on a date, they’ll check for compatibility. And I would venture to guess there will be some serious questions about performance and security before any connections are made.

The site, unlike other dating sites, allows users to state their testing preferences. Exploratory testers will undoubtedly be thrilled to find matches who will totally get it when they ask for an IP address and understand questions about their use of anti-virus software. Testers know the importance of a safe connection!

Another unique feature is the ability to track the bugs you find with your date, classifying them as priority one problems (for major issues such as foul breath and body odor) to priority four problems (accidental burp). Of course, usability testing is subjective, but the QADate community will appreciate the transparency, allowing everyone the opportunity to assess feedback received as dates share the bugs and issues found. It allows for continuous improvement until that perfect connection is made.

Related posts:
How can I possibly test all mobile devices? Try crowdsourcing
uTest releases new apps for the iPhone and iPad
Crowdsource specialist uTest launching new performance, load test offerings
Crowd meets cloud: uTest and SOASTA announce partnership


March 31, 2011  6:43 PM

Managing requirements in Agile environments

Yvette Francino Yvette Francino Profile: Yvette Francino

Agile environments encourage and embrace requirements changes. However, knowing how to effectively manage those changes can be a huge challenge. In March, SearchSoftwareQuality focused on tips from experts about requirements management. In this series of articles we look specifically at managing requirements in Agile environments.

Agile requirements: A conversation with author Dean Leffingwell, part 1
Author of Agile Software Requirements – Lean Requirements Practices for Teams, Programs, and the Enterprise Dean Leffingwell talks about the differences between Agile and traditional requirements practices and gives advice on what to look for in Agile requirements tools.

Requirements in Scrum environments: Q&A with Dean Leffingwell, part 2
Dean Leffingwell, author of Agile Software Requirements – Lean Requirements Practices for Teams, Programs, and the Enterprise, answers questions about requirements management in Scrum environments.

The value of visible requirements
Chris McMahon describes the experience of migrating requirements data from a difficult-to-use tool to a whiteboard that clearly displays requirements and status.

Getting on the same page: How testers can help clarify requirements
Agile expert Lisa Crispin gives helpful advice to testers on helping to clarify requirements. Programmers, testers and business experts must work together to ensure requirements are well-understood.

Want more? Dean Leffingwell will be presenting at the Virtual Trade Show on April 27th: Beating Key ALM Challenges.


Forgot Password

No problem! Submit your e-mail address below. We'll send you an e-mail containing your password.

Your password has been sent to: