development

Conference Presentations

Project Retrospectives

At the rate Web vulnerabilities are being discovered and exploited, the security industry cannot afford to continue trying to keep up with patches and fixes. Cross-site scripting, SQL injection, command injection-attacks like these result from vulnerabilities in inadequately designed or written code, creating opportunities for attackers to threaten privacy and steal data. The only way to truly eliminate these vulnerabilities is to address them at their origin-in the source code itself. The critical sources of threats in an application come from coding errors, configuration issues, and design flaws. Using actual security failures, Daniel Hestad describes the dirty baker's dozen code-based vulnerabilities found in Web software. Learn to locate, understand, and eliminate these vulnerabilities before they present untold risks to your organization.

Lucille Parnes, Software Process Improvement Consultant
Lipstick on a Pig - How Illusion Leads to Crisis in Real World Projects

Change, ambiguity, and risk are key issues whether you are running a software project, managing a development team, or leading an entire organization. We learn it over and over again. It's not a matter of "if" change will happen-it's a matter of "when." When a crisis inevitably arrives, how do you respond? As Jerry Weinberg observed in The Secrets of Consulting, "It may look like a crisis, but it's only the end of an illusion." Andy Kaufman looks at key project illusions that threaten success as we lead projects and people in the realm of software development. Whether you're a project team member or a senior executive, Andy provides practical tips you can immediately apply in your organization.

Andy Kaufman, Institute for Leadership Excellence and Development
Describing Software Requirements with User Stories

All projects start with needs or requirements. How those requirements are documented and expressed has a tremendous affect on the rest of the project. The technique of expressing requirements as "user stories" is one of the most broadly applicable techniques introduced by eXtreme Programming (XP). However, user stories are a valuable approach on all time-constrained projects, not just those using XP. Although user stories originated in the Agile processes, they are useful even if you are not planning to employ Agile development. In this session, Mike Cohn will help you identify and write good user stories and understand the six attributes of all good stories. Explore how user role modeling can help when gathering the initial stories for a project.

Mike Cohn, Mountain Goat Software
Agile Software Development: The Home of 31 Flavors

You've heard of eXtreme Programming (XP) and perhaps Scrum. How about Crystal Clear, Adaptive Software Development, Dynamic Systems Development Method, Rational Unified Process for Agile Development, and Feature Driven Development? These are some of the many variations of Agile development methods. Join Jeff McKenna as he explores the many flavors of Agile development methods and explains the similarities and differences. Find out what aspects of Agile development can help your organization’s development team in its particular environment. If you are considering Agile development and need to decide in which direction to go, this session is for you. Although a one-hour session cannot provide all the information you will need, you can explore what is common-the philosophy, the values, the characteristics-and what is different-the methods, the coverage, the costs-about different Agile approaches.

Jeff McKenna, Agile Action
Model Driven Architecture (MDA) - What's in it for Developers and Testers?

According to the Object Management Group (OMG), the benefits of Model Driven Architecture (MDA) are significant to businesses and developers alike: reduced overall product life costs, faster development, better application quality, rapid deployment of new technology, and a higher ROI on new technology. In short, the hype is that MDA enables system integration strategies that are better, faster, and cheaper. However, the MDA approach represents a fundamental change in the way software is developed, and it revolutionizes how you allocate test resources and how you create system tests. Timothy Korson outlines the MDA process and then suggests ways to change quality assurance activities to mesh with the MDA development style. Take away a realistic view of the current state of MDA practices compared to the MDA promise and vision, offered by the OMG.

Timothy Korson, QualSys Solutions
Clean and Green

All code is not created equal. Learn from a master of the craft how to spot bad code and mold it into good. Mike Clark explains how to clean up your code clutter by removing duplication.

Mike Clark
Structure Marking

Structure marking is a programming technique that defends data against damage, especially from software bugs. It adds flags to data structures and checks them at each use to detect damaged data immediately.

Tom Van Vleck
Achieving Meaningful Metrics from Your Test Automation Tools

In addition to the efficiency improvements you expect from automated testing tools, you can-and should-expect them to provide valuable metrics to help manage your testing effort. By exploiting the programmability of automation tools, you can support the measurement and reporting aspects of your department. Learn how Jack Frank employs these tools with minimal effort to create test execution
status reports, coverage metrics, and other key management reports. Learn what measurement data your automation tool needs to log for later reporting. See examples of the operational reports his automation tools generate, including run/re-run/not run, pass/fail, percent complete, and percent of overall system tested. Take with you examples of senior management reports, including Jack's favorite, "My Bosses' Boss Test Status Report"-names will be changed to hide the guilty. Regardless of the

Jack Frank, Mosaic Inc
Test Driven Development (TDD) for Secure Applications

Test Driven Development (TDD) has emerged as a successful productivity technique for development teams. As a unit testing methodology, TDD prescribes a simple three-step process of (1) develop test, (2) write code, and (3) re-factor the code. In a question-and-answer tag-team

James Whittaker, Florida Institute of Technology
Controlling Performance Testing in an Uncontrolled World

Think about it ... You are responsible for performance testing a system containing over 5 billion searchable documents to an active user base of 2.6 million users, and you are expected to deliver notification of sub-second changes in release response and certification of extremely high reliability and availability. Your n-tier architecture consists of numerous mainframes and large-scale UNIX
servers as well as Intel processor-based servers. The test environment architecture is distributed across large numbers of servers performing shared functions for a variety of products competing for test time and resources during aggressive release cycles. Because it is impractical and too costly to totally isolate systems at this scale, capacity and performance test engineers produce high quality

Jim Robinson, LexisNexis

Pages

CMCrossroads is a TechWell community.

Through conferences, training, consulting, and online resources, TechWell helps you develop and deliver great software every day.