Thursday, September 25, 8:45 am - 9:45 am
Opening Keynote: Redefining the Boundaries of Boundary Testing
By James Bach

Boundary testing is too often discussed, taught and practiced as an overly simplistic idea: The designer tells you a boundary, and you test one above and one below that boundary. Sound familiar? To exploratory testing pioneer James Bach, that just sounds like weak testing. Boundary testing, when approached in an exploratory way, becomes much more powerful and more worthy of a skilled tester’s best efforts. Listen to Bach explain why testers need to rewrite the boundaries of traditional boundary testing to improve the outcome of this essential testing practice.

Thursday, September 25, 10:00 am - 11:00 am
101 Automated Testing in the .NET Environment: A New Opportunity for Test Professionals
By Mary Sweeney

Testing in the .NET environment has gone from a black-box approach to today’s full integration of software development and test within the .NET platform itself. This class will guide you through the pros and cons of working in .NET, what testing in .NET means to you, your company and today’s testing industry. You’ll learn how the new approach affects your best practices for development and test, how testing in .NET compares to traditional and current practices, the problems and advantages of this approach and what it can and can’t do for you.

Thursday, September 25, 10:00 am - 11:00 am
102 Agile Test Development
By Hans Buwalda

The short, iterative cycles, constant feedback and team-based approach to quality effective for delivering software also can be applied to developing and automating tests. Good automated test design requires constant feedback from stakeholders outside the QA team, including developers, managers and customers.

This class teaches an agile approach to building tests and test automation so QA teams can ensure the system is tested early and often, taking testing off the critical path to releasing the product. This class will present a methodology and case study to illustrate how agile test development can be implemented in real-world projects.

Thursday, September 25, 10:00 am - 11:00 am
103 Software Performance Engineering, Part 1: Software Execution Models
By William Louth

Software Performance Engineering (SPE) is a systematic process for planning and evaluating a new system’s performance throughout the application life cycle.

Learn the concepts underlying a software execution model as well as the basic activities involved in constructing SPE’s software execution models during application development and unit and functional testing. During the session, various tools and techniques for constructing a software execution performance model will be presented, as well as best practices on obtaining data: who, what, where and when.

In this class, you’ll learn how to effectively execute SPE activities in continuously constructing and verifying software execution models across development builds, as they apply to performance risk, critical use cases, performance scenarios and objectives and resource requirements.

Thursday, September 25, 10:00 am - 11:00 am
104 Overcoming Requirements-Based Testing’s Hidden Pitfalls
By Robin Goldsmith

Testing based on requirements is a fundamental method that is relied on extensively. However, it can frequently be compromised by traps that testers aren’t aware of.

In this class, you’ll learn key sources of requirements-based testing oversights, including a failure to distinguish between business and system requirements, assessing the completeness of requirements, the premise of one test per requirement, the appropriate level of test-case detail and the inclusion of requirements-based unit tests. We’ll also cover the strengths and weaknesses of requirements-based tests, the importance of testing based on business and system requirements, and determining how many tests a requirement needs.

Thursday, September 25, 10:00 am - 11:00 am
105 Web 2.0 and Security
By Danny Allan

The rise of Web 2.0 applications exposes new, more dangerous vulnerabilities, but hackers don’t necessarily need to work any harder to breach Web 2.0 when we’ve left the front door wide open. As more Web sites adopt Web 2.0 technologies, more attention must be placed on incorporating security into initial application development and continued testing throughout the application life cycle.

In this session, you’ll learn how companies can ensure better security practices across the development life cycle. IBM Rational will discuss the top vulnerabilities it sees from its customers, where the industry is inherently lax about security, and best practices for Web 2.0 security.

Thursday, September 25, 10:00 am - 11:00 am
106 Performance Testing, Core Principles
By Scott Barber

Teams developing commercial software rarely have sufficient time, resources and skills to effectively performance-test their systems. In cases where rigorous approaches wouldn’t be effective, a flexible, risk-based approach is needed. Any approach to performance testing should focus on collecting the data necessary to assist the development team in identifying, prioritizing and tuning areas of suboptimal performance and to assist stakeholders in making sound business decisions related to performance risks. This session introduces a proven heuristic approach to performance testing. It’s based on the book “Performance Testing Guidance for Web Applications,” which you can access online for free and begin applying immediately.

Thursday, September 25, 10:00 am - 11:00 am
107 Security Fix Validation and Security Bug Use-Case Testing During QA Using Browser Automation Technology
By Lars Ewe

Learn practical steps for using browser automation to validate Web application security patches in QA. Begin with an overview of common Web application vulnerability types, then focus on major vulnerabilities of cross-site scripting and SQL injection.

You’ll see a demonstration of the use of browser automation to model vulnerability tests performed by penetration testers or automated security scanning, which can then be reused to determine if a proposed security fix is effective. You’ll also learn how commercial Web application vulnerability scanners are used to properly model security tests during quality assurance testing.

Thursday, September 25, 10:00 am - 11:00 am
108 Java Profiling in a Performance Assurance Life Cycle
By Rama Karthikeyan

Performance assurance requires a structured approach to planning, testing, analyzing and improving the performance, scalability and stability of Web-based applications. This involves defining performance goals; capacity planning; scripting; code profiling and system bottleneck identification; infrastructure, stress, baseline, high-volume, longevity and scalability testing; platform tuning; production monitoring; and regression testing.

Learn a detailed methodology for Java code profiling that can be incorporated in a performance assurance cycle. Learn CPU profiling, and how to rapidly identify poorly performing and poorly scaling methods from various standard profilers.

Thursday, September 25, 11:15 am - 12:15 pm
201 Test-First GUIs: The Model-View-Presenter Approach
By Robert Walsh

Graphical user interfaces are seen as a challenge for many people who have migrated to test-driven development. Some feel that GUIs can’t be developed effectively using TDD; others say it’s enough to stop short of the actual UI and test “just below the surface.”

Using a Model-View-Presenter (MVP) pattern and some other common techniques from TDD, GUIs can be built and tested in the same manner as other code built test-first. This class will show you how to construct graphical user interfaces test-first using MVP. Concrete examples will be given in C++ using both Win32 and Qt. The technique is applicable to virtually any development language and environment.

Thursday, September 25, 11:15 am - 12:15 pm
202 The 5% Challenges of Test Automation
By Hans Buwalda

Too much effort goes into developing test scripts, while the percentage of tests that are actually automated is usually no more than 30 percent. This problem led Hans to develop the 5 percent challenges of test automation: No more than 5 percent of tests should be executed manually, and no more than 5 percent of the test effort should be spent creating automation. Learn the 5 percent challenges and see them at work.

Thursday, September 25, 11:15 am - 12:15 pm
203 Software Performance Engineering, Part 2: System Execution Models
By William Louth

Software Performance Engineering (SPE) is a systematic process for planning and evaluating a new system’s performance throughout the application life cycle.

In this concluding session, learn how to effectively execute SPE activities in continuously constructing and validating system execution models across software releases. You will learn to evaluate performance models, monitor and analyze software performance, confirm performance objectives, tune performance and manage system capacity.

Thursday, September 25, 11:15 am - 12:15 pm
204 Designing Performance Tests Heuristically and Visually
By Scott Barber

Compared with functional testing, performance tests generally take longer to conduct, must typically be conducted one at a time and are more commonly inconclusive on their own. Additionally, it’s nearly impossible to determine which performance tests will provide significant information value until the results from the previous test are analyzed.

This session is designed for the performance testers, analysts, architects and managers who most significantly contribute to performance test design. You’ll learn heuristic and visual methods to design and document performance tests that are intended to deliver significant informational value while helping to ensure that performance testing remains focused on achieving business objectives, reducing project risk, and avoiding bad press.

Thursday, September 25, 11:15 am - 12:15 pm
205 How to Test the Untestable
By Robin Goldsmith

Testing documented features is easy. But what about testing the untestable: application requirements and design? When something is not testable, it’s usually because it’s not clear, which increases the chance of development errors. But we have to test those elements anyway. Defining testable Quality Factors (often called “non-functional requirements”) is especially challenging.

In this class, you’ll learn how tests and test cases indeed can be created for these seemingly untestable requirements and designs. You’ll also see how to correct problems in these areas, with suggestions how to proceed without encountering the resistance that testers typically tend to face.

Thursday, September 25, 11:15 am - 12:15 pm
206 Effectively Training Your Offshore Test Team
By Michael Hackett

Working with offshore teams is a fact of life. But many are still struggling to make their global test teams work effectively. Training your offshore test team is critical to the success of your projects for minimizing stress and late-night phone calls, ensuring you get the right information from the offshore team and enhancing your testing effort’s chance of success.

Learn through real-world examples the key elements of successful offshore testing, including training in the areas of process, product/domain knowledge and testing techniques, and how training can be used as a retention tool for offshore staff.

Thursday, September 25, 11:15 am - 12:15 pm
207 Robust Testing With Stochastic Test Data
By Bj Rollison

Many tests require input variables, often referred to as test data. Real-world test data is important, but it really serves only to verify nominal input conditions. Also, constantly reusing the same data repeatedly from a static data file doesn’t provide significant benefit. But random data is often shunned because it may not be repeatable.

This class will teach techniques to generate random test data for both positive and negative testing using seed values for repeatability, and how to randomly test data from a set of static variables based on a weight factor for preference.

Thursday, September 25, 11:15 am - 12:15 pm
208 Common Mistakes When Securing Web Applications
By Lars Ewe

Many organizations lack an overall sense of the best practices for deploying and securing Web applications. Despite security practices of the OWASP and WASC threat classifications, a number of mistakes are still commonly made.

This class explores five common mistakes made when securing Web applications, and the impact that these design flaws have on the overall security of an application. Issues such as client-side trust relationships, failure to properly secure application redirection mechanisms, and other design and configuration elements can quickly undermine application security, even when diligent security practices are in place.