Tuesday, July 31, 2007

Techniques for Exploratory Testing

One of the more nebulous discussions in the I.T. world is just what Exploratory Testing is and what is it place in I.T. development.

I personally believe that a well trained tester with a good foundation in Exploratory Testing heuristics is worth their weight in gold.

The Indianapolis Workshop on Software Testing's July session tackled Exploratory Testing heuristics, Session Based Test Management (SBTM) and the Satisfice Heuristic Test Strategy Model. Check out Mike Kelly's: Techniques for Exploratory Testing, Mike does a good job covering the in and outs of the event, and it makes a very interesting read.

Thanks, Mike, I look forward to reading your posts. I wish I could have been there.

Sphere: Related Content

Wednesday, July 25, 2007

Unit Testing - The fastest way to achieve software quailty improvement

An essential part of Agile development, Unit Testing enables programmers to catch bugs early before they cause significant problems or delays. But in order for Unit Testing to be practiced regularly and effectively programmers must feel comfortable in creating and preforming the testing.

An amusing but substantive view on the subject has been written by Alberto Savoia in his ebook The Way of Testivus in it he talks about unit testing. Why Unit Testing is essential, who should do it, when it should be done, and last but not least it introduces the idea of using tools to create the actual tests, in this case JUnit Factory.

But JUnit Factory isn't the only tool that can be used, in the best argument to use Java that I've heard in a while, Infoworld reviews another unit test tool that can automate, and document the Unit Testing process take a their review of AgitarOne by Agitar.

Clearly, Unit Testing need not be the tedious, manual process it once was. Times change.

Sphere: Related Content

Tuesday, July 24, 2007

Dangling Pointers, Now a Security Threat...

Jonathan Afek and Adi Sharabani of Watchfire Inc. are reporting that they have discovered a reliable method for exploiting a common programming error, dangling pointers, which until now had been considered simply a quality problem. If true this could be a major problem for hundreds if not thousands of existing programs.

Jonathan and Adi found the method for remotely exploiting dangling pointers while executing the company's AppScan software against a Web server. The web server crashed in the middle of the scan and upon investigation, a dangling pointer was found, not too surprising, as this is a common programming mistake, especially in C++. The pair also found they could reproduce the error by sending a specially crafted URL to the server. Next they began looking for a way to run their own code on the target machine using the dangling pointer as a starting point. Unfortunately they were successful.

In August, Jonathan Afek, will present the technique he and Adi developed for exploiting the dangling pointer at the Black Hat Briefings in Las Vegas. The technique involves using generic dangling pointers to run their own shell code, and is said to work with any application in which there is a dangling pointer.

Since there are hundreds perhaps thousands of applications in production with this type of error, this is a very scary discovery and application testing just got a whole lot more difficult and a whole lot more important. It is a whole new class of bugs to look for, on the same order as SQL Injection or Buffer Overflow. Thousand of existing production programs will need to be retested for vulnerability to this type of exploit.

Microsoft, of Redmond, Wash., addresses the problem in IIS with one of the July security bulletins, MS07-041 . It should be pointed out that dangling pointers occur primarily in lower level languages and some languages such as Java are not vulnerable to this exploit because they have automatic mechanisms for deallocating memory.

For additional information on this error take a look at SearchSecurity.com's article: New hacking technique exploits common programming error

Sphere: Related Content

Saturday, July 7, 2007

Using Unix or Linux - You need to know VI

Most of my early programming career was spent working at AT&T, and for a time as a part of Bell Labs, then a division of AT&T.

Bell Labs developed the Unix Operating System as an experiment to see how far one could push the "Everything is a file" model. And they did pretty well, so well that it is still used extensively and has provided the base model for Linux.

One underlining principles of Unix or Linux is that the same editing commands work through out the operating system including the command line. Not all commands work everywhere but the basic ones do. So it is important for anyone working with these Operating Systems to know what the editing commands are.

The most complete set of editing commands is found in the systems base visual editor or better know as "vi". There are many tutorials, books and probably videos to teach you the ins and outs of using "vi". But one of the best guides available is online from the University of California, San Diego's Academic Computing Services: vi_tutorial

Hint.... One of my favorite interview questions concerning use of Unix concerns what the basic editing commands are.

Talk a look at it, practice your vi and remember the quick way out of a file is "(ESCAPE)(SHIFT)ZZ".

Sphere: Related Content

Monday, July 2, 2007

AMEX hit by technical problem - More Testing Needed

In my ongoing effort to highlight how inadequate testing causes real problems in our everyday lives I give you.

The American Stock Exchange shut down nearly an hour early last Thursday 6/28/07, due to a technical problem. Evidently AMEX is in the middle of a conversion between their old system a CMS order entry gateway and their new system AEMI [Auction and Electronic Market Integration Platform] which I believe is a distributed system.

The new system, AEMI went live at the end of last year, in readiness for new U.S. Securities and Exchange Commission's rules that were introduced in February. For more see PCWorlds:
Technical Glitches Close American Stock Exchange

Looks like the AEMI had not been fully tested prior to its release, but it isn't alone. The Singapore Stock Exchange suffered a setback in March as its electronic trading system collapsed for more than an hour. The Tokyo Stock Exchange was sued by broker Mizuho Securities after a botched trade last October that resulted from a combination of system problems and human miscues.

Sphere: Related Content

Sunday, July 1, 2007

I've Read It, I know I Should Do It, But I Never Do, Why Not?

Why do so many people buy so many self improvement books, read so many self improvement articles, but never implement what they have learned even if they know they should.

I read a lot of self improvement articles, and I know I should implement the things I learn in them but I rarely do, and it appears I'm not alone.

One of my favorite Self Improvement Bloggers Brian Kim tackles the problem in Why People Read But Never Apply.

In it Brian finds what he feels are problems that can be attributed to both the writer and the reader.

On the writer’s side, he finds these three common mistakes:

  1. Too many ideas.
  2. Not enough passion.
  3. Not enough logic.
On the reader's side, he finds these two common mistakes:
  1. Lack of desire.
  2. Lack of foresight.
If you've ever wondered why you haven't been able to implement the self-improvement ideas you read, You can learn more about these mistakes and what can be done about them in Why People Read But Never Apply.

Sphere: Related Content

OK, I'm Blogging Now What? Analytics Of Course.

Now that you've read my post Does your career need a lift? And you've gone out created a blog with the instructions found in Blogging offers a lift to your career and have started recording your thoughts in high quality posts, using the tips found in NorthxEast's 12 Ways to Turn a Boring Post into Pure Gold by Leo Babauta.

How do you find out if anyone is reading your posts, it's not by the number of comments you receive, you find that you may have 100 people read your post for every comment you get, maybe even more.

The web offers a myriad of Analytics services the most popular being Google Analytics. A good introductory guide of what you can do with Google Analytics can be found at
Occam’s Razor by Avinash Kaushik in Google Analytics Is Re-Launched: Do These Five Things First In V2
and if Google Analytics does not display the information you want in the way you want it then give Mashable's Analytics Toolbox: 50+ Ways to Track Website Traffic a try.

Good Blogging...

Sphere: Related Content