Friday, September 26, 1:00 pm - 2:00 pm
701 Taking AIM—Using Visual Models for Test Case Design
By Robert Sabourin

Designing test cases is a fundamental skill all testers master over time. This workshop teaches a fun graphical technique to help you design powerful test cases and choose test data that will surface important bugs fast. These skills can be used in exploratory, agile or engineered contexts—any time you need to design a test.

Mind maps are powerful graphical tools used to help visualize complex paths and relationships between concepts. Learn how mind maps can be used to visualize test designs and help understand variables being tested, alone and in complex combinations with other variables and conditions.

Friday, September 26, 1:00 pm - 2:00 pm
702 A Buzz About Fuzz: An Approach to Finding Software Vulnerabilities
By Joe Basirico

Fuzzing is a technique that feeds random inputs to applications in an attempt to choke them. Fuzzing provides a simple, highly automatible way to trap uncommon and unforeseen errors that may have been overlooked.

Learn fuzz testing in practical terms and how to include fuzz testing in your QA efforts. Through demonstrations, learn about fuzz testing tools and techniques, and discover how fuzzing provides insight into application behavior. You’ll hear examples of how fuzz testing can uncover hard-to-find bugs and how it can provide metrics on software correctness. After this class, you’ll be able to apply fuzz testing immediately.

Friday, September 26, 1:00 pm - 2:00 pm
703 Team Techniques for Influencing Upstream Decisions
By Jeff Feldstein

Influencing people who work for you is easy (usually). Influencing people with whom you have no direct reporting relationship isn’t always so easy. Testers rely on what they get from marketing and development to do their job well. But it’s more important for test/QA teams to influence the others rather than vice versa.

Discover what Jeff has learned at Cisco that will help you develop test-specific strategies to influence other internal organizations. Hear about solutions that most test teams need when trying to get good requirements from marketing and sound, testable code from development.

Friday, September 26, 1:00 pm - 2:00 pm
704 Optimizing Your Testing Effort With Keyword-Driven Frameworks
By Brian Massey

Time is always in short supply. This class will teach you about tools for taking the manual tests created in the initial project planning phases and incrementally creating automation using a keyword-driven framework that allows for the creation of modular test assets and reuse.

Take away a framework for keyword-driven testing that allows easy planning and creation of manual tests using the framework and learn how an automated functional testing tool can be integrated easily into the framework.

Friday, September 26, 1:00 pm - 2:00 pm
705 Metrics: How to Track Things That Matter
By Clyneice Chaney

Metrics programs have often been a dirty word, misused and poorly implemented. This class discusses ways to provide metrics that really matter to organizations and provide visibility into their or their customers’ organizations. You’ll learn why metrics programs fail and then work on the keys to successful metrics programs, developing quality metrics that matter and ways to implement and maintain these metrics over time.

Friday, September 26, 1:00 pm - 2:00 pm
706 Performance-Testing Non-Standard and Legacy Applications: Hybrid Solutions
By Mohit Verma

Legacy and proprietary applications form the backbone of many corporations. Performance testing of such applications often presents unique challenges and demands creative solutions.

Learn about a solution implemented for a critical legacy healthcare application, and how it can be applied to other non-standard applications with minor modification. Tackle the problem of what the test environment requirements are, how to gather test data and how the test environments and tools are integrated. This class will present a step-by-step walk-through of the solution that can be implemented elsewhere. Gain most from this class by bringing your laptop.

Friday, September 26, 1:00 pm - 2:00 pm
707 Java EE Performance-Tuning Methodologies
By Steven Haines

Java EE performance experts know that the key to success is to focus application-tuning effort where it’s most needed: the wait-points, where the delays happen. But what are the wait-points, how can you find them in your application, and what can you do about them? That’s what you’ll learn in this intermediate-level class.

Wait-points can encompass Web and business-tier thread pools, external dependency connection pools, persistence caches, object pools and even garbage collection. In this class, you’ll learn how to disassemble your application call stack, identify wait-points and tune from the inside out to optimize throughput and suspend requests where they’re best suited to wait. You’ll leave this class knowing how to focus your application tuning efforts to immediately improve the performance of your Java EE systems.

Friday, September 26, 1:00 pm - 2:00 pm
708 Using Virtualization to Manage Globally Distributed Testing
By Chintan Gupta

Distributed software testing projects can involve multiple teams working on different components with different tools and styles in different parts of the world. There’s always the possibility of overlap, redundancy missing requirements and communication gaps.

This class will study an IBM project that suffered from all these challenges and was missing deadlines and finding increased and duplicate defects. Learn how we solved these problems using virtualization with OS snapshots for repetitive testing by combining the technology with earned value management and test management.

Friday, September 26, 2:15 pm - 3:15 pm
801 Implementing Automated Software Testing, Part 1
By Scott Bindas

Based on original research conducted by IDT, 70 percent of companies believe that test automation achieves a high payoff, but half don’t know how to do it. This two-part class will walk through a proven and effective test automation approach using open-source testing tools such as STAF/STAX and VNCRobot, and how to leverage the tools in the overall testing effort. You’ll also see a demonstration test automation suite and learn the importance of such scalable, extensible and pluggable frameworks.

Friday, September 26, 2:15 pm - 3:15 pm
802 Multi-threaded Application Development: How to Avoid Concurrency Defects with Static and Dynamic Analysis
By Tom Schultz

To take full advantage of the latest multi-core hardware, developers must utilize multiple threads in their applications. Multi-threaded applications introduce an entirely new class of hard-to-find software failures, commonly known as concurrency defects. To date, testing for Concurrency defects such as Race Conditions, Thread Blocks, Atomicity and Deadlocks have been extremely difficult due to the complexity inherent in multi-threaded run-time environments.

In this session, Tom Schultz, Director at Coverity’s office of the CTO will explain how breakthroughs in the use and combination of both static and dynamic code analysis are enabling developers to catch and eliminate these dangerous defects early in the development lifecycle. In addition to an overview of the challenges between single-threaded and multi-threaded development styles, Schultz will also provide specific examples of the most dangerous Concurrency defect types and provide tips on how to avoid them, including: Race Conditions, Thread Blocks, Atomicity and Deadlocks.

Friday, September 26, 2:15 pm - 3:15 pm
803 Testing Your Software Architecture
By Neeraj Sangal

Automated testing of software architecture can keep quality from degrading and help preserve the design intent. In this class, you’ll learn a new, lightweight approach to specifying and verifying software architecture. Using inter-module dependencies, software architecture is represented using a dependency structure matrix. Once the architecture is specified, it can be verified through automated tests during development, and architectural violations can be easily prioritized for remediation.

Friday, September 26, 2:15 pm - 3:15 pm
804 Effective Metrics for Managing a Test Effort
By Shaun Bradshaw

As a development manager, do you have trouble getting upper management to understand the impact of delays, defects and chances in scope? This class will introduce you to a set of well-defined test metrics for tracking and managing the testing effort. You’ll learn how to consistently apply these metrics to software projects and to improve the communication of your findings to the rest of the organization. This class covers test metrics philosophy, base test metrics, management test metrics and interpreting test metrics.

Friday, September 26, 2:15 pm - 3:15 pm
805 Deciding What Not to Test
By Robert Sabourin

Software project schedules are always tight. There’s not enough time to complete planned testing. But don’t stop just because the clock ran out. Triage of testing ideas, assessing credibility and impact estimation can be used to help decide what to do when the going gets tough! Decide what not to test on purpose—not just because the clock ran out!

This presentation explores some practical and systematic approaches to organizing and triaging testing ideas, which are influenced by risk and importance to your business. Information is coming at you from all angles—how can it be used to prioritize testing and focus on the test with the most value?

Friday, September 26, 2:15 pm - 3:15 pm
806 Quality Throughout the Software Life Cycle
By Jeff Feldstein

Quality cannot be tested into the product; it must be emphasized, monitored and measured from the beginning of the project. Each team involved in the project—from management to marketing—plays a key role in ensuring software quality. A carefully planned application development life cycle is a key requirement to successful delivery of on-time, quality software.

This class will explore each broad phase of development—requirements, development, testing and deployment—from a software quality perspective. You’ll learn the activities required at each step, the precise role of the tester or QA engineer, common mistakes and how to catch bugs earlier.

Friday, September 26, 2:15 pm - 3:15 pm
807 Software Reviews: If They’re So Great, Why Isn’t Everyone Using Them?
By Clyneice Chaney

Software reviews are a proven technique for reducing defects in delivered systems. They’re considered a industry best practice for detecting software defects early and learning about software artifacts. However, many organizations fail to use them, fail in implementation or believe that they’re too time intensive to be of value.

Learn how to make software reviews more viable in today’s fast-paced organizations. Discuss a variety of options, hear practical considerations for implementation and factors that can derail it, learn how to develop a strategy for resistance and when software reviews are best used, and receive key automation techniques.

Friday, September 26, 2:15 pm - 3:15 pm
808 Best Practices in Java Environment Performance Testing
By Steven Haines

Learn how to implement performance testing in enterprise Java environments. This class presents a detailed methodology for following performance requirements from architecture artifacts through unit testing, integration testing and production staging. Learn to implement a formal capacity assessment that determines when you need to add resources to your environment, and how to validate that your test bed mimics your end users’ behavior. Automate a repetitive test process that quickly reports the quality of your code.

Friday, September 26, 3:30 pm - 4:30 pm
901 Implementing Automated Software Testing, Part 2
By Scott Bindas

See description for class 801.

Friday, September 26, 3:30 pm - 4:30 pm
902 Performance-Testing “Obnoxious” Protocols
By Mark Lustig

While performance-testing tools and techniques have reached a relative state of maturity, dealing with non-standard, complex and emerging protocols is beginning to demand evasive action. Not all systems are developed using HTTP-based protocols. In Web-based UIs, challenges abound to accurately simulate obnoxious protocols such as compressed XML, Java Swing, Flash and AJAX.

Learn about specific techniques and a mature methodology for working with challenging protocols. Specific topics discussed will include performance-testing tool add-ins and integration points, and custom load generation suites. We’ll also address complementary techniques for workload characterization, data generation and test data management.

Friday, September 26, 3:30 pm - 4:30 pm
903 Implementing a Quality and Metrics Process
By Richard Sharpe

Quality in software projects needs to start in the development team. Using tools and metrics can help spot buggy code and reduce risk of issues before the code has even entered QA. However, are all metrics equal? What do we do with the collected data?

This class will discuss and demonstrate that metrics used in a feedback loop such as that of continuous integration can benefit software projects and reduce costs due to rework.

Friday, September 26, 3:30 pm - 4:30 pm
904 How to Break Web Software
By Joe Basirico

The Web and Web services are prime targets for hackers. But network security isn't the answer. This class describes a model for Web application testing that covers accountability, availability, confidentiality and integrity. You will be taken on a journey through the set of techniques for breaking Web applications and methods of mitigation.

Go beyond the basics of SQL injection and cross-site scripting (also covered) to more advanced and sinister attacks. Learn how to think about security vulnerabilities in Web apps, techniques for information gathering, client-side attacks, state attacks, data attacks, language attacks, server attacks and authentication attacks.

Friday, September 26, 3:30 pm - 4:30 pm
905 Bugs on Bugs! What Looney Tunes Taught Me About Testing
By Robert Sabourin

Characters from the Looney Tunes gang—Bugs Bunny, Road Runner, Foghorn Leghorn, Porky Pig, Daffy Duck, Michigan J. Frog, and others—provide wonderful metaphors for the challenges of testing.

Bugs teach lessons for the young at heart—novice and experienced alike. Robert shares some powerful heuristic models that you can apply right away, including the value of modeling personas for test design, how metaphors can help us understand and communicate and how heuristic models are not only useful—they're fun.

Friday, September 26, 3:30 pm - 4:30 pm
906 How To Fail with 100% Test Coverage
By Jason Rudolph

With an expressive language such as Ruby and with modern test practices, 100 percent test coverage is readily achievable. But 100 percent coverage is meaningless without other supporting habits and practices. Over the last few years, we’ve taken dozens of projects to 100 percent coverage, and there are still plenty of things that can go wrong.

We’ll look at examples of fragile mocking, the ugly mirror, overspecification, underspecification, invisible code, incidental coverage, and shallow tests, and show how to prevent each from infecting your project.

Friday, September 26, 3:30 pm - 4:30 pm
908 Testing Visibly
By David Kapfhammer

One of the worst things a testing organization can do is to operate in obscurity from the rest of IT. If the testing organization doesn’t treat developers, business analysts and users like customers, they’ll most certainly lose credibility as the “team that operates behind the curtain,” and ultimately become ineffective.

Learn a strategic road map that test organizations can use to operate visibly and transparently. Learn how and why the testing team should issue a user manual that details how to engage testing services, including a specific operational workflow and work breakdown, and maintain an open door policy.