Verify/ATI Conference Site

Ole Lensmar, SmartBear Software

Recent incidents at some of the webs largest websites show that potential security exploits are something you definitely cannot ignore if you are handling sensitive information on your web-site or application. If you’ve been thinking about how to test your application for SQL Injections, XML Bombs and Cross-Site Scripting exploits then this presentation is for you. It will give you a thorough understanding of functional security testing; what it is, how it works, and how it can be automated using popular free tools to detect if your system is vulnerable to common attacks as it grows and changes.

Edwin Reynolds, ALPI

Are your web sites ready for Success?  Users today will abandon you if the site or service is not available when they need it. A sites availability and ability to scale with viral success can make or break your initiative or in some cases your fledgling business.  Load & Performance testing is how you understand and minimize the risks of that abandonment. Join this presentation to obtain guidance on how to obtain the knowledge and techniques you need to be successful with Load and Performance testing.  Ed Reynolds will share best practices that help you: 1) Recognize the difference between load ,performance and stress testing, 2) Identify objectives for load or performance testing, 3) Identify key scenarios and metrics, 4) Learn how to create test cases, 5) Learn how to prepare/understand your load environment & how to run a load test, 6) Learn how to analyze and evaluate the results, 7) Make an informed decision when selecting load and performance tools

Peter Varhol, Seapine Software

A potential by-product of development is technical debt – a working implementation that does not conform to best practices for architecture and implementation. Almost all projects have some element of technical debt. Technical debt must typically be repaid, with interest, later in the application lifecycle.

Most teams are capable of recognizing that technical debt has been incurred, but assessing that debt can be difficult, especially under an aggressive development schedule. But having a good measure of at least one aspect of technical debt makes it possible for the team to assess whether it is better to address now or later.

One operational measure of technical debt is scalability. A robust architecture and implementation theoretically should be able to scale indefinitely. Knowing the ability of the application to scale gives the team significant information about the quality of the architecture and coding practices. Ideally, load testing can be a key indicator of when to pay down debt.

This session discusses the role of technical debt and how to assess technical debt with frequent use of load testing. It will provide a protocol for using load testing as a part of the testing process, and using it to assess the architecture and coding quality. Last, it provides a mechanism for testers and developers to collaborate in decisions surrounding design and coding practices.

Edward Bonver, Symantec

Threat Modeling is one of the most important security activities that a development/QA team needs to perform as part of a Security Development Lifecycle. This activity allows the team to build a complete security profile of the software system. More importantly, it can be used as a learning method to involve software testers early on, to make sure they develop a thorough understanding of the system. Threat Modeling is not always easy to get going for a team that has little or no security experience. In this presentation you’ll get to take a look at why Threat Modeling is so important; you'll also get to explore the process behind it, and how the process is being successfully implemented and followed across Bonver's organization, where development and deployment environments, as well QA team compositions vary drastically across hundreds of products.

Dan Bartow, SOASTA Inc

TBD