Resources

If you are a software developer, software development manager, or software quality assurance staff member, you probably know that developing secure software is no longer simply desirable—it’s completely essential. 

Continue reading →

If you are a software tester, programmer, or manager, you probably know that developing secure software is no longer simply desirable—it’s completely essential.  

Some might assume that most security problems arise from the operating system or networking layers, well below the application code they are working on.  However, figures for Web-based applications show that over three-quarters of security exploits arose from applications. 

So, you know you need secure code, but how to get there? What are your security risks?  What security failures and bugs do you have?  What do these security risks, failures, and bugs mean?  How can you reduce security risk in a way that doesn’t create new problems?  How do you monitor my progress over time?  This article will outline seven steps that will allow you to answer these and other questions as you improve your software’s security.

Continue reading →

This is an excerpt from my book, Expert Test Manager, written with James Rommens and Leo van der Aalst. I hope it helps you think more clearly about the test strategies you use.

A test policy contains the mission and objectives of testing along with metrics and goals associated with the effectiveness, efficiency, and satisfaction with which we achieve those objectives. In short, the policy defines why we test. While it might also include some high-level description of the fundamental test process, in general the test policy does not talk about how we test.

The document that describes how we test is the test strategy. In the test strategy, the test group explains how the test policy will be implemented. This document should be a general description that spans multiple projects. While the test strategy can describe how testing is done for all projects, organizations might choose to have separate documents for various types of projects. For example, an organization might have a sequential lifecycle test strategy, an Agile test strategy, and a maintenance test strategy.

Continue reading →

Let’s suppose you bought a car. Six days later, someone from the dealership let himself into your garage, removed the tires on the car, installed some “updated” tires that actually had holes in them, and then left. In the morning, your car was there in the garage, all sad and undriveable on its flat, flabby tires. That’s clearly unacceptable, in fact even criminal, but we allow the same thing to happen all the time with software. Why? In this webinar, Rex will catalog infamous automated software updates, released without sufficient testing to wreak havoc, or at least inconvenience. He’ll then give a detailed roadmap for reducing your chances of being part of the problem.

Listen now →

Defects and errors prevent applications and systems from delivering the value their designers and customers intended.  Moreover, defects and errors present opportunities for malicious actors to undermine the integrity, availability and confidentiality of essential business data and computational assets.  Many large cyber incidents (ex. Target, Yahoo! and Equifax) have reduced the tolerance of regulators, shareholders, customers and the public for poor cyber security practices.  The greatest threat is directed towards the greatest value, albeit the path of attack may be roundabout.  Security testing is an essential phase in the application and systems development and operations lifecycle.  Join us to learn about this valuable professional development step that will bolster your career, and assist your employer’s efforts to take substantive steps to ensure their business goals are reached and risks managed.

Listen now →