|
|
Danger! Danger! Your Mobile Applications Are Not Secure
Slideshow
A new breed of mobile devices with sophisticated processors and ample storage has given rise to sophisticated applications that move more and more data and business logic to devices. The result is significant and potentially dangerous security challenges, especially for location-aware mobile applications and those storing sensitive or valuable data on devices. To counter these risks, Johannes Ullrich introduces and demonstrates design strategies you can use to mitigate these risks and make applications safer and less vulnerable. Johannes illustrates design patterns to: co-validate data on both the client and server; authenticate transactions on the server; and store only authenticated and access-controlled data on the client. Learn to apply these solutions without losing access to powerful HTML5 JavaScript APIs such as those required for location-based mobile applications.
|
Johannes Ullrich, SANS Technology Institute
|
|
|
It's a Phone First! How to Test Your Five-star Mobile Apps
Slideshow
Mobile application development shares many similarities-and some stark differences-with traditional web-based development. To build, test, and deploy five-star mobile applications, your organization needs-from inception-a focused test strategy to drive quality. Employing the wrong approaches and tools can leave your business sponsors and clients wondering what went wrong. Will Hurley outlines the current mobile landscape and explains what can and cannot be controlled in the mobile lifecycle. He explores the current landscape and limitations on tools for testing mobile apps, and offers guidance on what-and what not to-automate. With Will's guidance, you’ll learn how to establish a mobile lifecycle test strategy that is both leading edge and practical.
|
Will Hurley, Will Hurley - Quality and Security Services
|
|
|
Games Software People Play: Reasoning, Tactics, Biases, Fallacies
Slideshow
As engineers and doers, we make rational, well-thought-out decisions based on facts and figures. Or do we? Philippe Kruchten has identified not so rational strategies and tactics software people use while developing new, bold, and complex software-intensive systems. In addition to strategies such as divide-and-conquer, brainstorming, and reuse, Philippe has observed some strange tactics, biases, and reasoning fallacies. If not understood and managed, these “games”-intentional or not-can creep in and pervert the software development process. They go by simple, funny, and sometimes fancy names: anchoring, red herring, elephant in the room, argumentum verbosium, and others. Philippe shares an illustrated gallery of the games software people play and shows you how they combine to become subtle and elaborate political ploys.
|
Philippe Kruchten, Kruchten Engineering Services, Ltd.
|
|
|
How to Break Web Software If you're new to testing Web applications or facing new challenges, you may feel overwhelmed by the terminology and multiple technologies of today's Web environments. Web testing today requires more than just exercising the functionality of applications. Each system is composed of a customized mix of various layers of technology, each implemented in a different programming language and requiring unique testing strategies. This “stew” often leads to puzzling behavior across browsers; performance problems due to page design and content, server locations, and architecture; and the inconsistent operation of the bleepin' Back button! Dawn Haynes shares a Web testing strategy for discovering and targeting new areas to test and an extensive set of test design ideas and software attacks.
|
Dawn Haynes, PerfTestPlus, Inc.
|
|
|
STARWEST 2012: Testing in the DevOps World of Continuous Delivery DevOps is an increasingly popular development approach focused on ensuring that delivered code is immediately stable and works as expected. DevOps team members must be multi-skilled and are expected to perform all the activities of development, testing, and SysAdmin tasks. Manoj Narayanan shares how to implement testing using DevOps tenets and how it differs from its more popular cousin, agile development. To work productively with developers and SysAdmins, testers must develop knowledge of development and design principles, programming languages, and continuous integration. Manoj explores the critical role that functional and regression test automation plays in enabling testing organizations to be more productive. Manoj concludes with an analysis of the cultural impact DevOps has on the testing organization and its interaction with other critical stakeholders-business, developers, operations, and customers.
|
Manoj Narayanan, Cognizant Technology Solutions
|
|
|
Implementing Agile in an FDA-regulated Environment While many industries have adopted agile, the medical device industry, which develops products for life-critical applications-where quality and reliability are clearly a top-priority, remains largely stuck under the “waterfall.” Medical device firms must comply with FDA regulations that overwhelmingly suggest a controlled, phase-gated approach to software development. Unfortunately, many companies and development organizations interpret FDA regulations to require a steep waterfall. Many industry long-timers incorrectly see agile as an undisciplined style of software development. Neeraj Mainkar demonstrates how those in regulated industries can overcome these and other hurdles. At Neuronetics, he helped implement key elements of agile while fully complying with FDA regulations.
|
Neeraj Mainkar, Neuronetics
|
|
|
Is Open Source Too Open? Tips for Implementing a Governance Program By next year, 90 percent of large enterprises will include open-source software as business critical elements of their IT portfolios. However, most software development organizations have limited capability to govern the process of selecting, managing, and distributing open-source components-leaving them exposed to unforeseen technical and compliance risks. Larry Roshfeld examines how open-source components-and their dependencies-may expose your company to unforeseen and unnecessary vulnerabilities. He outlines the significant threats to software quality, stability, performance, security, and intellectual property that have occurred using such components. Then, Larry shares an action plan for balancing the risk/reward trade-offs of open-source software in the enterprise. Find out how to ensure that your organization uses only the highest quality open-source components and avoids the common vulnerabilities.
|
Larry Roshfeld, Sonatype
|
|
|
Better Software Conference West 2012: Writing High Quality Code Quality in delivered software is very different from quality in physical goods. You can see it or touch it, except in the code. When classes and methods are cohesive, non-redundant, well-encapsulated, assertive, and explicitly coupled, they are less prone to developer mistakes and far easier to debug, test, and maintain. David Bernstein asserts that paying attention to code quality helps developers focus every day on the key principles, patterns, and practices expert developers use. Even more, if you don’t pay attention to critical code quality attributes, iterative development practices can quickly degrade code into a maintenance nightmare. Join David and your peers to take a deep dive into the code quality attributes that make software more maintainable and less bug friendly. Learn to create software that provides value now and, in addition, is easy to change and extend so it can continue to deliver value far into the future.
|
David Bernstein, To Be Agile
|
|
|
Application Lifecycle Management Imperatives Ever growing software development needs and faster delivery cycles coupled with flat or shrinking IT budgets have brought many organizations to new agile and lean practices. Together, these disruptions are causing a sea of change in the application lifecycle management (ALM) landscape. Although management tools aren’t an explicit focus for most development teams, choosing the right tools for enterprise development is an important factor in keeping everyone productive. Monica Luke discusses the five key imperatives for ALM implementations: in-context collaboration, accelerating time to delivery with real-time planning, improving quality with lifecycle traceability, refining predictability with development intelligence, and reducing costs through continuous improvement. For each imperative, Monica offers concrete examples and lessons learned from real-world implementations. Don’t get lost in the weeds with an ALM tool.
|
Monica Luke, IBM Rational Software
|
|
|
Agile Development Conference & Better Software Conference West 2012: Avoiding Overdesign and Underdesign The question of how much design to do up-front on a project is an engaging conundrum. Too much design often results in excess complexity and wasted effort. Too little design results in a poor architecture or insufficient system structures which require expensive rework and hurt more in the long run. How can we know the right balance of upfront design work versus emerging design approaches? Alan Shalloway shows how to use design patterns-coupled with the attitude from agile of “don’t build what you don’t need”-to guide your design efforts. The trick is to identify potential design alternatives, analyze how each may affect the system in the future, and then find the simplest approach for isolating those potential affects.
|
Alan Shalloway, Net Objectives
|
