Earlier this month, SSQ contributor Matt Heusser interviewed Shmuel Gershon, previewing his presentation at STAREAST about software testing with fuzzing and fault modeling. The interview gives a good overview of how you can simulate attacks or create conditions that are not ideal that will uncover bugs in real-world situations rather than a typical pristine test environment.
Heusser had suggested titling the interview, “Schmoozing with Shmuel.” Although we ended up going with a different title, “schmoozing with Shmuel” does have a nice ring to it, and I felt lucky to have my own opportunity to schmooze with Shmuel at a one-on-one interview at STAREAST 2011. I met Shmuel last year at STAREAST 2010, and I’ve always been impressed by his warmth and attention, not just to the business of software testing, but to connecting with people. A leader at Intel, he’s quite active in various software test communities and a mentor and friend to many.
Check out our SSQ STAREAST page for more videos, tips and interviews with industry experts.
Agile coach and software tester Selena Delesie was a speaker at this year’s STAREAST conference. She offered ideas for testers to network with others and share their experiences. Attendees were treated to her engaging and interactive presentation. Delesie runs her own company, Delesie Solutions, and has been working in the testing field for about a decade.
To be honest, though I’d heard about Test Centers of Excellence (TCoEs) before, I wasn’t exactly sure what they were until I talked to Tom Delmonte. Delmonte, from Progressive Insurance, is a quality advocate and leader in TCoEs as well as passionate about education for testers.
Read STAREAST: An interview about Test Centers of Excellence with Tom Delmonte to find out more about TCoEs and how you might implement one in your organization.
Check out our SSQ STAREAST page for more videos, tips and interviews with industry experts.
Software testing evangelist Dawn Cannan offered a half-day tutorial at this week’s STAREAST conference, focusing on the FitNesse and Selenium test tools. She explained how to translate requirements into executable commands.
Dawn is an expert at building teams that can truly collaborate to complete successful projects, integrating business, development and testing. She actively works in the open source community, presents at conferences and writes for various publications including her blog. Her STAREAST presence also included a lightning keynote.
I’m guessing James Bach has never been accused of being a “yes-man.” The outspoken test guru, well-known for his intolerance of step-by-step test scripts, is at STAREAST 2011 and delivered a full-day tutorial on May 3rd entitled, “Critical Thinking for Testers.” In this short video, Bach recommends three questions for critical thinkers: 1) Huh? (Do I really understand?) 2) Really? (How do I know what you say is true?) and So? (Is that the only solution?)
Bach is one of many who has been denouncing “best practices.” At the recent SQuAD conference, Lee Copeland also reminded us of the dangers of proclaiming “best practices,” saying that what works well in one context does not necessarily work well in another context. Lloyd Roden in his concurrent session this morning challenged us to “ban the use of best practices.” Stepping through the Dreyfus Model for skills acquisition (novice, advanced beginner, competent, proficient and expert), Roden said that while best practices may be useful for the novice and advanced beginner, it would stifle the creativity for those who were skilled. “You don’t see a Jedi stopping to take out a rule book to find out how to use his light saber!” he quipped.
I admit to being guilty myself of writing a tip or two that had “best practices” in the title. In fact, I kid that even Bach’s suggestions for critical thinking sound a bit like “best practices.” While it’s certainly useful to learn from those who have more experience than we do, the message is that we must do more than blindly follow processes and rule books. Challenge the system. Question the rules. Look for ways to improve. Do this with three questions: Huh? Really? and So? You don’t want to use those questions? Good! Use your own! That’s thinking!
James and his brother, Jon Bach, will be “torturing the test lab” at STAREAST on Thursday, May 5, at 9:30 ET.
Wouldn’t it be nice if you could really conduct testing while at a test conference? That’s the question that prompted the creation of STAR Test Lab. Brain child of Bart Knaack and James Lindsey, Test Lab allows participants to get some hands-on testing experience. Its first implementation was at EuroSTAR 2009, and it has been tried at a few other conferences worldwide, but this is its inaugural year at STAREAST.
Tables are set up with handouts giving tools and test ideas and allowing for competitions as well. The Testlab menu includes everything from light assignments with little preparation required (starters) to sophistocated and in-depth exercises (high calorie desserts.)
Currently, Lisa Crispin is giving an introduction to test automation design using Selenium and Robot Framework.
Here’s the schedule for today and Thursday, with openings for additional sessions.
10:00 AM Usability testing: heuristic evaluation – B. Knaack/Julian Harty
11:00 AM How to set up maintainable automated testing – Lisa Crispin
11:45 AM Testing in pairs – Michael Bolton
1:30 PM How to use rapid reporter – Shmuel Gershon
2:30 PM Combinatorial Test Design Tool – Justin Hunter
4:00 PM Discussion group: How to manage agile testing? to be announced
6:30 PM Closure
9:30 AM Torturing the test lab – James and Jon Bach
11:30 AM Something exciting and new – Jacob Hooghiemstra
12:30 PM Testing with the gurus lunch
2:30 PM How to set up actionwords?
Dale Carnegie’s timeless classic, “How to Win Friends and Influence People,” may work well for sales and socializing, but will it work for testers? Carnegie’s first principle tells us, “Don’t criticize, condemn or complain.” Already testers are in trouble! How can they not be viewed as annoying when their role is to find and report on problems? At STAREAST, 2011, author and project management expert Andy Kaufman delivered a keynote, titled “How to Win Friends and Influence People – and Deliver Quality Software.” He showed us how the principles that Carnegie touted still apply today. To be successful, it has been shown that only 15% is due to professional knowledge and 85% is your ability to express ideas and to arouse enthusiasm among people.
Kaufman did a fantastic job of arousing enthusiasm amongst this crowd. Stay tuned as we cover additional sessions throughout the next two days!
In every software development project I’ve ever worked on over the past 27 years, we used defect tracking tools to help us manage the bugs that were found in the system. Not only did these tools help us manage what we needed to work on, but they provided metrics so that we could look for quality trends. Defect tracking systems (DTS’s) were an integral part of our tool set. The first time I heard that some Agile teams were not using them, my immediate reaction was that Agile was not for me. I was all for collaboration, but somebody better be tracking and documenting the bugs!
Over time, as I became more familiar with Agile methodologies, I realized that there are alternative ways to track and manage defects. This week, Agile expert and SSQ contributor Lisa Crispin will be presenting at STAREAST 2011: Limbo Lower Now: An Agile Approach to Dealing with Defects. Crispin highlights her presentation in one of our STAREAST previews: Agile testing and defect tracking.
While there is no “rule” on how Agile teams track bugs, Crispin lists several alternatives including self-documenting automation tests:
Some Agile teams, especially those that embrace lean development, take a different approach to defects. Anytime a bug is identified, an automated test is written to reproduce it, the bug is fixed, and both the code fix and the test are checked in. The test documents the bug, and will alert the team in case that same problem occurs again. This enables teams to “fix and forget” bugs.
Crispin also talks about the use of wikis, story boards, and other techniques used by Agile teams to ensure defects are being addressed and documented. While defect tracking systems are still used by some Agile development teams, they are not the only means for tracking and managing bugs.
I’ll be meeting with Lisa Crispin and other industry experts this week at STAREAST 2011. For more conference interviews and conference coverage, check out STAREAST2011: News and interviews from SearchSoftwareQuality.com.
Recently, SearchSoftwareQuality.com has been examining the ongoing adoption of the Agile approach in small and large organizations. Our research shows that project success is highly dependent upon diligent requirements management processes and comprehensive security testing efforts.
It can be helpful to learn from others what has worked in the past and what hasn’t. While several aspects of Agile methodologies have changed since its inception a decade ago, some techniques translate into today’s projects. For more on implementing smaller projects, read QA expert professional Chris McMahon’s tip: Early days of Agile development: Lessons for small projects.
Security expert John Overbaugh addresses one of the top security vulnerabilities in Web applications: an injection attack, where the application is tricked into treating input as if it were code so that a hacker can infiltrate the application. For techniques on how to test for injection vulnerabilities, check out his tip: Application security: Testing for injection vulnerabilities.
In preparation for the STAREAST 2011 conference taking place May 1-6, Site Editor Yvette Francino and other SSQ contributors have been conducting interviews with presenters:
- Learn about Test Centers of Excellence in this interview with quality advocate Tom Delmonte.
- For information on testing for unexpected problems such as system faults or malicious attacks, read this interview about fuzzing and fault modeling with STAREAST presenter Shmuel Gershon.
- How has Agile testing changed over the past 10 years, and what are the most important skills for an Agile tester? Find out in this interview between Lisa Crispin and Janet Gregory, co-authors of, “Agile Testing — A Practical Guide for Testers and Agile Teams.”
SearchSoftwareQuality editors and contributors will be in attendance at this important software testing event this week. Check back here for ongoing coverage, including more interviews, tips and blog posts.
When people think of security testing, they often think about the network layer — that area outside of the application. However, application security — security within your application — is important as well. John Overbaugh explains the difference in his two recent tips.
In Boost network security using firewalls, encryption and logging, he uses the protection of a home as an analogy:
To illustrate networking and application security, consider a private home with high-value targets. The access to the home (front gate, long driveway, wide lawns, and surveillance cameras) is a crucial element to protecting the home.
Overbaugh compares network security to breaking through the physical security that protects the house and application security to getting in the house and stealing the jewels. In this first tip, Overbaugh stresses the goals of network security, protecting network resources and the integrity of data traveling across the networks.
In his second tip, Application security: Protecting application availability, data confidentiality and integrity, Overbaugh addresses application security concerns. This effort involves keeping the data within an application safe.
Take a look at these two tips to understand more about both network and application security. Both efforts are crucial in keeping your application and data secure.