Thursday, November 18, 2004, 10:00 AM  Go to 11:15 AM   Go to 1:30 PM   Go to 3:00 PM

T1	Test Management

What is the impact of agile methods on test departments and testers? How do you manage testing in an agile test department? Robert Martin, an early adopter and proponent of agile development practices, discusses his experiences and recommendations for how to organize and run an agile test department. He describes the principles, practices, tools, and metrics that are important to successful test management within agile development. Agile methods change the role of test departments from verification to specification. With agile methods, you develop tests before the code, and the tests become the detailed requirements documentation. This paradigm shift has a profound impact on both the test team and the programming team. Learn about the test management problems that often arise in making the transition to agile development and common solutions that address these issues.

• Issues and answers in transitioning a test department into agile development
• Test measurements that work best in an agile development environment
• How to be a successful agile test manager

T2	Test Techniques

Too often testers are thrown into the testing process without direct knowledge of the customers’ behaviors and business process. As a tester, you need to think and act like a customer to make sure the software does—in an easy-to-use way—what the customer expects. By defining personas and using them to model the way real customers will use the software, you can have the complete customer view in designing test cases. Get the basics of how to implement customer personas, their limitations, and ways to create tests using them. See examples of good bugs found using personas while learning to write bug reports based on them.

• What you need to know to develop customer personas
• Use customer personas for designing test cases
• The types of bugs found by using personas but missed by other techniques

Double-Track Session!

T3  Test Automation Free Test Tools Are Like a Box of Chocolates Danny R. Faught, Tejas Software Consulting You never know what you are going to get! Until you explore, it can be hard to tell whether a free, shareware, or open source tool is an abandoned and poorly documented research project or a robust powerhouse of a tool. In this information-filled presentation, Danny Faught shows you where open source and freeware tools fit within the overall test tool landscape. During this double session, Danny installs and tries out several tools right on the spot and shares tips on how to evaluate tools you find on the Web. Find out about licensing, maintenance, documentation, Web forums, bugs, and more. Discover the many different types of testing tools that are available for free and where to find them. Danny demonstrates examples of tools that you can put to use as soon as you get back to the office.

T4	Test Process Improvement

Fast development cycles, distributed architectures, code reuse, and developer productivity suites make it imperative that we improve our software test efficiency. A process assessment is one approach to begin an improvement program. What process assessments are available? How do you conduct an assessment? How do you guard against incorrect information? How do you know what to improve first? How can you make successful improvements without negatively impacting your current work? Learn the answers to these questions and more from Intel’s experiences using the Test Process Improvement (TPI®) model as a basis for assessments. See example scores, improvement suggestions, and adopted actions. Hear about the high points and low points of using this process, and take away a comparison of the TPI® model with the CMMI® Level 3 key process area.

• A case study using the TPI® model for process assessments
• The results and benefits of a test process assessment
• Buy-in, participation, prioritization, and controlled change during and after the assessment

T5	Advanced Topics

As for all life-critical software, the FDA guidance document on software validation emphasizes defect prevention, complexity analysis, risk assessment, and code coverage. Additionally, all software changes must be managed carefully and tested extensively. Based on his many years of experience managing biotech products, pharmaceuticals, medical devices, and various healthcare systems, Jim Bedford discusses the practical software tools and practices available to meet these stringent expectations. As a first line of action, Jim recommends implementing automated coding scans to verify that development consistently follows standards and recommended best practices. Further, measuring code complexity and path analysis provides a way to quantify risk and design corresponding test plans. Change analysis tools determine the downstream impact of modifications to selected code modules, and post-testing coverage measurements document untested areas of the software. Add to your arsenal of testing practices to ensure a safe system implementation and successful navigation of challenging regulatory waters.

• How complexity analysis identifies and quantifies error-prone code
• Examples of coding standards to help prevent defects
• Automated code coverage tools to document adherence to FDA testing requirements

Thursday, November 18, 2004, 11:15 AM  Go to 10:00 AM   Go to 1:30 PM   Go to 3:00 PM

T6	Test Management

How do you know if an interview candidate will be an effective tester in your organization? Do you spend most of your interview time reviewing employment history and discussing technicalities? Have you been surprised by “bad” hires in the past? Based on her years of hiring successful testers, Elisabeth Hendrickson lays out a proven framework for interviewing and selecting testers, then demonstrates how to conduct an experiential interview to assess a candidate's test design skills. She shares some of the key traits, talents, and skills that have proven to be good predictors of successful testers. From phone screens to group and individual interviews, discover how to structure effective interviews to help you choose the best candidates.

• The most important tester skills and attributes in your context
• Organize to get the information you need before making an offer
• Proven screening and interview techniques

T7	Test Techniques

Risk-based testing is a popular subject for project and test managers—low risk equals little testing, and high risk equals lots of testing. But how do you do it in the real world? Make the jump from vague stakeholder worries and a list of technical risks, to a practical, defendable risk-based testing strategy. Drawing on his experiences from the testing work floor, Gerard sheds light on the practice of risk-based testing while avoiding the abstract calculation methodologies offered in some texts. Learn about and see examples of ways to elicit the information you need to identify, quantify, and prioritize the risks that are key to developing a sound test strategy. Find out what questions to ask and how to probe below the surface for the hidden risks that often do not make it into test designs.

• Risk assessment steps and guidelines
• Interviewing guidelines and sample questions to probe for hidden risks
• Example of a practical, risk-based test strategy

T8	Test Process Improvement

You may have heard about the power of project retrospectives, but will a retrospective benefit your test team or development team when you don’t control the budget or set priorities for the entire project? The answer is—yes. Workgroup retrospectives apply the proven methods and techniques of project retrospectives to improve teamwork and results within a software team. An experienced retrospective facilitator, Esther Derby describes how a retrospective supports learning and offers the basics of putting on a retrospective for your team. Learn about the phases, exercises, outcomes, and action planning that go into a successful retrospective. The next time you complete a project, invest in a workgroup retrospective instead of doing a standard post-review. You will be surprised and possibly amazed by the results.

• How retrospectives differ from post-project reviews
• How a retrospective improves motivation, process, and results
• Caveats and warnings for retrospectives

T9	Advanced Topics

With the tools existing today, model-based testing for Java applications is extremely difficult to implement. According to Jeff Feldstein, you need a scripting language that allows for creating and manipulating complex data structures and driving your tests with models of the application. Learn about Jeff’s success and the obstacles he faced implementing model-based testing for Java and HTML applications. During the presentation, Jeff demonstrates the use of XDE Tester's ScriptAssure and Java to create an HTML application model and shows examples of the programming required for model-based testing. In this model-driven approach, you will see how changes in the user interface do not require changes to the tests.

• Ways to implement the required data structures in Java for modeling
• What to avoid in creating the models
• How to automatically adapt test cases to changes in the application's GUI

Thursday, November 18, 2004, 1:30 PM  Go to 10:00 AM   Go to 11:15 AM   Go to 3:00 PM

Double-Track Session!

T10  Test Management Testing Dialogues - Management Issues Facilitated by Esther Derby and Elisabeth Hendrickson As a test manager, are you struggling at work with a BIG test management issue or a personnel issue? If so, this session is for you. “Testing Dialogues - Management Issues” is a unique platform for you to share with and learn from test managers who have come to STAR from around the world. Facilitated by Esther Derby and Elisabeth Hendrickson, this double session takes on management issues—career paths for test managers, hiring, firing, executive buy-in, organization structures, and process improvement. You name it! Share your expertise and experiences, learn from others' challenges and successes, and generate new topics in real-time. Discussions are structured in a framework so that the participants will receive a summary of their work product after the conference.

T11	Test Techniques

Good test designs often require testing many different sets of valid and invalid input parameters, hardware/software environments, and system conditions. This results in a combinatorial explosion of test cases. For example, testing different combinations of possible hardware and software components on a typical PC could involve hundreds or even thousands of possible tests. The classic question for effective testing is always, “Given limited time and resources, which of the combinations should be tested?” Peter Zimmerer describes the underlying challenges in test case design for combinatorial testing and solutions using orthogonal arrays and all pairs test techniques. From Peter’s experiences learn about both free and commercial tools, such as AllPairs, Jenny, Pro-Test, and Telcordia AETFWEB, to support these methods and lessons.

• A design dilemma due to the combinatorial explosion of test conditions
• Features, characteristics, and usage of tools supporting orthogonal arrays and all pairs testing
• The limits of orthogonal arrays and all pairs test techniques

T12	Security Testing

So, your company makes money from its Web site. Who else might also be doing the same? While the Web is a profitable venture for many companies, it is often equally profitable for hackers and thieves. Due to unknown vulnerabilities of your Web application, hackers may end up with more profit from your Web site than you do. See examples of hacker techniques—SQL injection, format string attacks, session-based attacks—and a host of others. Find out why the current crop of Web testing tools is not sufficient to thwart hackers and will leave you with a false and dangerous sense of security. Learn the skills and techniques you must know to stay ahead of hackers and find security holes in your Web applications.

• Hidden Web application security vulnerabilities
• Testing skills and techniques to find security holes and prevent breaches
• Tools to help you with security testing Web sites

T13	Metrics

As testers, we usually focus our efforts on measuring the quality of products. We count defects and organize them by severity, we compute defect density, we examine the changes in those metrics over time for trends, and we chart customer satisfaction. While these are important, we must apply additional measurements to ourselves if we are to reach the next level of testing maturity. Lee Copeland suggests that we (1) count the number of defects in our test cases and the time to find and fix them; (2) compute test coverage, a measure of how much of the software we have exercised under test conditions; and (3) determine Defect Removal Effectiveness, the ratio of the number of defects we find divided by the total number we should have found. Start keeping these and other metrics, and we are on the way to improving our testing processes and results.

• Four basic measurement types – counts, counts over time, ratios, and surveys
• How these measurements can be applied to product quality
• Measurements to evaluate the effectiveness and efficiency of the testing process

T14	Advanced Topics

With a framework built in .NET using the open source application NUnit, database application developers and testers quickly can create a basic set of build verification tests and provide a foundation for a set of more powerful tests. Alan Corwin demonstrates the framework in the context of a fully functional Web site and offers a brief history of how his team developed it to show how they came to introduce automated testing into their development process. Learn what problems they encountered, how they overcame them, and the value of this framework to the team. NOTE: Those with some knowledge of Microsoft's .NET framework, a .NET programming language, and object-oriented programming will get the most out of the advanced parts of the presentation.

• How to use NUnit, an open source test harness for .NET
• Simplify the work of developing automated tests with abstract test classes
• Increase quality and shorten development time with this framework

Thursday, November 18, 2004, 3:00 PM  Go to 10:00 AM   Go to 11:15 AM   Go to 1:30 PM

T15	Test Techniques

Automated testing in most QA organizations involves capture-playback tools in combination with manual testing. But these types of tests often suffer from well-known implementation and execution problems. One way to enrich the set of automated tests is through the use of API-level testing. Because APIs tend to be more stable than GUIs, many of the GUI-related test problems disappear, and API tests can be constructed earlier in the process. Generalizing the testing approach for API testing means running them in a common framework, a “Test Harness.” Michael Sonshine provides an overview of how to add API testing to your current testing mix and implement a minimum useful set of functionality. Find out ways to standardize inputs and outputs and novel strategies for minimizing the impact of release changes. Learn what inputs should be used, and what outputs should be produced. Find out how much work should be done by the test harness, and how much by the tester.

• How API test cases should be structured
• The software tools needed to implement an API test harness (Reflection, .NET remote, Web services, and others)
• How to use instrumentation to complete the testing process

T16	Security Testing

Security issues are becoming more and more relevant as testers are called on to find security problems before others exploit them. So, where do you start, and how do you bridge the gap between honest tester and bad-guy hacker? Julian Harty suggests we do so by adopting the mindset and practices of a hacker. In this presentation, gain a unique insight into the ways of hackers and specific technical techniques and tips on how to find security flaws before the hackers do. Progress from a novice to a journeyman security tester as you learn how to use “anti-goals” and your internal knowledge of the software to find and fix security vulnerabilities before the hackers find them and hurt your organization.

• How a tester can adopt the mindset of a hacker
• Proven techniques for finding security flaws
• A safe environment to get started in security testing

T17	Metrics

Most software and test managers keep some metrics to help them, but are yours really doing the job for you? Good test metrics can serve as an early warning mechanism about a project in trouble, help justify much needed assistance for a testing team, or demonstrate the value testers provide. Poor metrics can mislead management or drive a wedge between development and test teams. Steve Walters explains the basic enablers for metrics reporting and discusses three categories of metrics, providing tips for choosing metrics that matter. Find out which metrics your team should publish and which metrics provide limited or negative value. Discover how metrics can change behavior while learning ways to improve metrics over time.

• Building a foundation for effective metrics reporting
• Choosing metrics that matter in your organization
• Driving behavioral changes with metrics

T18	Advanced Topics

Write the test. Make it green. Make it clean. This is the mantra of test-driven development (TDD). Though viewed as a developer-only practice, software project managers, test managers, and testers need to understand TDD if they are going to operate successfully in a TDD environment. Because developers maintain a continuously updated automated test suite with TDD, testers are liberated to focus on higher level testing activities. In addition, TDD offers an opportunity for testers to give early feedback and insight regarding the tests that developers write. Overall, a complementary feedback cycle can ensue to enhance the work of developers and testers alike. With several case studies as examples, Chris Sepulveda, a veteran developer and proponent, introduces test-driven development, demonstrates TDD in action, and discusses the relationship between testers and developers in a TDD world.

• Getting started with test-driven development (TDD)
• How to apply TDD to a legacy code base, GUI interfaces, Web applications, and more
• The balance of responsibilities between the testers and developers on a project using TDD

Software Quality Engineering Home       Conference Home       To Exhibit       Get a Brochure       Register for STARWEST 2004

feedback  © 2004