The latest generation of Web technologies-AJAX, improved client-side scripting, support for extensive DOM manipulation in browsers, content syndication, Web service APIs, and simple interchange formats such as JSON-are all driving new, powerful Web applications. Based on his work on real world "Web 2.0" applications, Ivan Krstic discusses the security implications of these new technologies. Ivan describes specific attacks such as Web-based worms, XSS, CSRF, and HTTP response splitting and offers advice on mitigating security risks during the engineering process. Learn how standard security guidelines such as The Confidentiality-Integrity-Availability (CIA) model apply to the modern Web and about the role of cryptography and crypto-engineering in Web security.
Many organizations have achieved success in using the SEI Capability Maturity Model Integrated (CMMI®) as a framework for their process improvement program. Steven Lett describes the structure and contents of the CMMI®, including the continuous and staged versions of the model. He discusses each of the five maturity levels and their process areas, the specific and generic practices that exist within each process area, and the typical process documentation and work products required for each. Learn an effective approach that companies take in driving change across their software engineering organizations. Find out how the model is meant to be interpreted and take back examples of the successes that companies have experienced in using both CMMI® and the earlier Capability Maturity Model (CMM®). Capability Maturity Model® and CMMI® are registered trademarks of Carnegie Mellon University.
Too many teams create very decent products that, for whatever reason, fail to rise above the crowd and truly capture the popular imagination. They are surprised when their products are mostly ignored by the marketplace, which seems to be captivated by some other shiny geegaw that's functionally inferior and more expensive. In many product categories, from software to consumer electronics, the product with the most market share is often more expensive and less functional than the number two product. Joel Spolsky will explore why this happens and suggest some ways to design a "blue chip" product that people will love. After you get great software and products using the usual repertoire of debugging, usability testing, etc., you have to go still further and think about beauty, user happiness, and emotional impact. Let Joel help you figure out what makes truly great software-great.
With the global availability of talented development people there is a growing trend toward the commoditization of software development. No longer is it enough to simply be a developer with knowledge of specific languages or algorithms in order to maintain your competitive edge in the marketplace. To compete, you must become a complete developer-someone who can, for example, write some code in the morning and in the afternoon update the requirements Wiki with the results of the latest customer review meeting with your marketing team. This talk explores what it takes to be a genuinely valuable complete developer in today’s world of agile development, outsourcing, globalization, and an increasingly complex business environment.
Struggling to help your team or organization become more innovative? Have great ideas but can't seem to get them off the ground? We all try to influence others, whether we want to move our department to a better development method or suggest a Friday night movie for the family. We discover new ideas to take back to our workplace but then struggle to make something happen. How can we successfully influence change? From her latest book Fearless Change:
Enough of the stories ... Where is the quantitative proof that Agile methods like Extreme Programming (XP) deliver higher productivity and quality? Such data has been missing for years, perhaps because agile practitioners and metrics experts have never fully cooperated to crack this difficult problem. Whatever the reason, the wait is now over. Metrics expert Michael Mah will discuss how he successfully applied productivity benchmarking techniques on numerous real-world XP projects and how a company's development approach was transformed using agile methods. He'll give an overview of the projects, explain an approach to gathering "Agile Productivity Metrics," review how the data was interpreted, and show what was revealed in the time-to-market and quality numbers. Michael concludes with a glimpse of the kind of agile management and measurement that is possible-when you collect the right information.
High quality software should be measured by the value it delivers to customers, and high quality software process should be measured by the continual flow of customer value. Modern processes have taught us that managing flow is all about the constraints restricting that flow. Testing, rather than being thought of as a conduit in that flow, is often perceived as an obstacle. It doesn't help that most testers struggle to answer the questions that their managers ask: What has and hasn't been tested? What do we need to test next? Where do we need to shift resources? If it works in the lab, why isn’t it working on those production machines? Where do we need to fix the performance or security? The ability-or inability- to answer these questions can determine the success and budget of a test team as well as how it is valued by its organization.
Many organizations use code coverage almost religiously in their testing. Just as many or more organizations do not use code coverage or have tried it and stopped. If you want to begin using code coverage for the first time or improve its value and usage within your team, come hear what Dale Brenneman has to share. Using real-life examples, Dale explains the value of code coverage analysis as part of a comprehensive test plan and the potential side effects when you do not use code coverage. Find out about the many levels of code coverage and ways to enhance the value of code coverage analysis with other analysis techniques. Take away a step-by-step approach for integrating code coverage analysis into your organization's test process and fitting it into your functional test automation program.
The levels of module code coverage: entry, line, statement, branch, Boolean, cyclomatic path, all paths
The system of apprenticeship was first developed in the late Middle Ages. The uneducated and inexperienced were employed by a master craftsman in exchange for formal training in a particular craft. So why does apprenticeship seldom happen within software testing? Do we subconsciously believe that just about anyone can test software? Join Lloyd Roden and discover what apprenticeship training is and-even more importantly-what it is not. Learn how this practice can be easily adapted to suit software testing. Find out about the advantages and disadvantages of several apprenticeship models: Chief Tester, Hierarchical, Buddy, and Coterie. With personal experiences to share, Lloyd shows how projects will benefit immediately with the rebirth of the apprenticeship system in your test team.
Four apprenticeship models that can apply to software testers
Measures of the benefits and return on investment of apprenticeships
Is there an important technical test issue bothering you? Or, as a test engineer, are you looking for some career advice? If so, join experienced facilitators Esther Derby and Johanna Rothman for "Testing Dialogues-Technical Issues." Practice the power of group problem solving and develop novel approaches to solving your big problem. This double-track session takes on technical issues, such as automation challenges, model-based testing, testing immature technologies, open source test tools, testing Web services, and career development. You name it! Share your expertise and experiences, learn from the challenges and successes of others, and generate new topics in real-time. Discussions are structured in a framework so that participants receive a summary of their work product after the conference.