March 6, 2010 by mensming.

8:12 AM Feb 28th, 2010
Hold vendors liable for buggy software - http://bit.ly/c2y5YJ

11:01 AM Feb 27th, 2010
2010 CWE/SANS Top 25 Most Dangerous Programming Errors - http://bit.ly/cNVjit

9:37 PM Feb 23rd, 2010
Use Speedy Tab Shortcuts to Increase Your Firefox Productivity - http://bit.ly/crxdMx

8:06 PM Feb 19th, 2010
Vanish - Self Destructing Digital Data - http://vanish.cs.washington.edu/

7:35 AM Feb 15th, 2010
Making the IE voodoo doll - http://bit.ly/8nZW

8:53 PM Feb 12th, 2010
2010 Pacific NW Software Quality Conference Call for Papers - http://www.pnsqc.org/2010-conference/call-for-abstracts

6:59 AM Feb 8th, 2010
When should I use a semicolon? - http://cache.gawker.com/assets/images/17/2010/01/500x_semicolon.jpg

10:17 AM Feb 7th, 2010
Top 10 Themes from 2010 Davos - http://www.businessweek.com/managing/content/feb2010/ca2010022_162429.htm

8:56 PM Feb 5th, 2010
I wish I could drop support for IE6 - http://lifehacker.com/5460043/google-apps-drops-support-for-ie6

6:17 PM Feb 2nd, 2010
RT @Conenza: If you’re having trouble getting your bosses to adopt social networking, the Pope may be your ally. http://tinyurl.com/ydj4g2q

7:20 PM Feb 1st, 2010
James Whittaker’s “Interviewing Insights and Test Frameworks” - http://www.testingreflections.com/node/view/8437

Posted in twitter | No Comments »

February 27, 2010 by mensming.

The 2010 CWE (Common Weakness Enumeration) / SANS Top 25 Most Dangerous Programming Errors has been released. The full report should be required reading for all web programmers and testers. A pdf version is also available.

Here are the 25 items:

1. Failure to Preserve Web Page Structure (’Cross-site Scripting’)
2. Improper Sanitization of Special Elements used in an SQL Command (’SQL Injection’)
3. Buffer Copy without Checking Size of Input (’Classic Buffer Overflow’)
4. Cross-Site Request Forgery (CSRF)
5. Improper Access Control (Authorization)
6. Reliance on Untrusted Inputs in a Security Decision
7. Improper Limitation of a Pathname to a Restricted Directory (’Path Traversal’)
8. Unrestricted Upload of File with Dangerous Type
9. Improper Sanitization of Special Elements used in an OS Command (’OS Command Injection’)
10. Missing Encryption of Sensitive Data
11. Use of Hard-coded Credentials
12. Buffer Access with Incorrect Length Value
13. Improper Control of Filename for Include/Require Statement in PHP Program (’PHP File Inclusion’)
14. Improper Validation of Array Index
15. Improper Check for Unusual or Exceptional Conditions
16. Information Exposure Through an Error Message
17. Integer Overflow or Wraparound
18. Incorrect Calculation of Buffer Size
19. Missing Authentication for Critical Function
20. Download of Code Without Integrity Check
21. Incorrect Permission Assignment for Critical Resource
22. Allocation of Resources Without Limits or Throttling
23. URL Redirection to Untrusted Site (’Open Redirect’)
24. Use of a Broken or Risky Cryptographic Algorithm
25. Race Condition

Posted in security, web testing | No Comments »

February 20, 2010 by mensming.

Software Engineering Radio some time ago had a great podcast covering the basics of continuous integration with Chris Read. Highly recommended for both the beginner and the experienced needing a reminder of the basics. Recommended. The episode can be found here.

Posted in process improvement, test tools | No Comments »

February 13, 2010 by mensming.

It is that time of year again. My favorite conference, Pacific Northwest Software Quality Conference (PNSQC), has opened their call for papers. This years theme is "Achieving Quality in a Complex Environment". A new twist is that there are two calls - one for traditional papers and one for poster papers. The conference will be held October 18-20, 2010.

Look at the Call for Abstracts page for full details.

Posted in conferences | No Comments »

February 6, 2010 by mensming.

1:52 pm Jan 30th, 2010
Conenza is looking for an SDET - http://conenza.com/index.php?option=com_content&task=view&id=81&Itemid=26

8:56 PM Jan 29th, 2010
James Bach’s "Logging: Exploratory Tester’s Friend" - http://www.satisfice.com/blog/archives/401

5:32 PM Jan 28th, 2010
Brett Kelly’s "How to Make Today a 25-Hour Day" - http://brettkelly.org/2010/01/20/how-to-make-today-a-25-hour-day/

6:54 AM Jan 28th, 2010
"The Real Reason Outsourcing Continues To Fail" - http://www.lessonsoffailure.com/developers/real-reason-outsourcing-fails/

7:12 PM Jan 27th, 2010
Reading Joel Spolsky’s "Why testers?" - http://www.joelonsoftware.com/items/2010/01/26.html

6:03 PM Jan 27th, 2010
"Only worry once" - Phil Kaplin quoting his father on This Week in Startups #twist

10:34 AM Jan 24th, 2010
January Software Test & Performance magazine available for download (free membership required) - http://www.stpcollaborative.com/magazine

2:51 PM Jan 22nd, 2010
RT @Hexawise "Quality means that the customer keeps coming back, not the product." - Navaraj Javvaji #softwaretesting #quality

8:23 PM Jan 21st, 2010
RT @Conenza: A Conenza-hosted corporate alumni community delivers lasting financial and business benefits. http://tinyurl.com/ydcp7×4

9:39 AM Jan 18th, 2010
Five success factors for branded online communities: http://econsultancy.com/blog/5227-five-success-factors-for-branded-online-communities

5:21 PM Jan 17th, 2010
Brent Strange’s "Tips for Automation Success: Toot Your Horn" - http://bit.ly/6PSnR4

10:58 PM Jan 16th, 2010
"Quantity is rarely an indicator of quality; if it were, spammers would be the definition of email quality" - Jono Bacon

7:06 PM Jan 16th, 2010
Ops Folks - "You will lose power, so be prepared." - http://bit.ly/3o5tiP

7:55 PM Jan 11th, 2010
Programming competition based on the ACM International Collegiate Programming Competition (ICPC) available to all - http://bit.ly/6yPaYq

7:53 PM Jan 8th, 2010
Two VCs predict my old company Varolii will IPO in 2010: http://bit.ly/8eHP4J

8:46 PM Jan 5th, 2010
How to do a slideshow in XHTML: http://www.w3.org/2005/03/slideshow.html

7:20 AM Jan 4th, 2010
Why fresh eyes are important in testing: http://bit.ly/kELup - search for "The Risks of Autopilot"

4:46 PM Jan 3rd, 2010
The Y2K10 bug - Australian bank date jumps to 2016. From the Sydney Morning Herald. http://bit.ly/5aezgd

7:26 PM Jan 1st, 2010
It’s twenty-ten - not two thousand and ten. http://www.sfgate.com/cgi-bin/article.cgi?f=/c/a/2010/01/01/MN621BB41U.DTL

Posted in twitter | No Comments »

January 30, 2010 by mensming.

This is another in a series of posts of my reactions to watching the videos from the Google Test Automation Conference 2008 held in Seattle. The talk The Value of Small Tests (38 minutes long) presented by Christopher Semturs on October 24, 2008 was not what I expected. The slides from the talk can be found here.

I was hoping for a discussion around the broader test case / test suite management and the intersection with test automation. Instead, it discussed the value of creating small tests with limited dependencies and using dependency injection, mocking, etc. Not to say that it is a bad talk - just a quick introduction for these topics. I would say the talk is aimed at getting developers writing and enabling automated testing.

If you are already familiar with dependency injection and mocking, I would not spend the time watching. However, if these concepts are new, it may be valuable.

Posted in test tools, conferences | No Comments »

January 23, 2010 by mensming.

Even if you are not working on the Microsoft platform, the December 2009 MSDN Magazine has some articles which can be of use to all testers.

In particular, Pairwise Testing with QICT by James McCaffrey provides enough insight into the QICT tool that it can be easily ported to any platform. While Automated Unit Tests for Legacy Code with Pex by Nikhil Sachdeva is specific to Microsoft technologies, Pex is a tool that all testers should become familiar. Finally, Using Agile Techniques to Pay Back Technical Debt by David Laribee has tips that are useful to most test organizations.

Posted in professional development, process improvement, test tools | No Comments »

January 16, 2010 by mensming.

I am in the process of watching the videos from the GTAC (Google Test Automation Conference) held in Seattle in October 2003. This post contains my notes for the presentation Taming the Beast - How to Test an AJAX Application (1 hour 1 minute) by Markus Clermont & John Thomas held on October 23, 2008.

I am not recommending spending time watching this video. The presentation is not bad. However, it does not translate well to video. There is a lot of interaction with the audience - which is great when you are present at the presentation. However, in the video the audience cannot be heard and the presenters do not repeat many of the questions / responses. In addition, the talk is misnamed. While an AJAX application is used as the example throughout the application, most of the talk is not about how to test an AJAX application. The talk is a good discussion of how to tame automation - automation of any application.

Here are the slide titles:

• AJAX: A Different Beast
• An Example GWT Application - (GWT = Taming the Beast - How to Test an AJAX Application)
• Some Statistics - (At this point there are questions to the audience regarding their automated testing experience.)
• System Architecture
• Small Medium Large - (Essentially how much of the application is under test)
• Testing Layer Pairs
• Are we done?
• Comparison
• Conclusion

Posted in training, test tools, web testing, conferences | No Comments »

January 9, 2010 by mensming.

6:10 PM Dec 28th, 2009
Read Johanna Rothman’s "Manage Your Project Portfolio: Increase Your Capacity and Finish More Projects". Recommended. http://bit.ly/8K9X3l

5:56 AM Nov 4th, 2009
Fascinating trip down startup / vc memory lane: http://bit.ly/1jo3Ve

Posted in twitter | No Comments »

January 2, 2010 by mensming.

I commute by bus. I have been doing this for over 9 years. Every work day, I have time set aside where I can read, listen to podcasts, unwind, etc. However, over the last few years, the amount of test (and more generally - technical) literature I can read on the bus has declined. Some have simply gone away (Software Development). Others have converted to an online only presence (InfoWorld). Some no longer provide paper editions to those subscribers who receive copies based on professional qualifications (Better Software). In addition, more and more of the test related content is only available in blogs or other online forums.

Overall, I like online content. It is easier to find items at a later time. Unfortunately, I find that I do not read as carefully/thoroughly when I read something online. I am now purposely trying to read professional development material online with more focus — but it is an effort. Who knows what other changes are ahead of us.

Posted in professional development | No Comments »