Lightning Talks Presented at Better Software 2005 By Matt Heusser … and the gang

Slides:

Advertisements

Similar presentations

Infosec 2012 | 25/4/12 Application Performance Monitoring Ofer MAOR CTO Infosec 2012.

Advertisements

Trusted Ring: A Security Enhancing Software Architecture Michael DiRossi, Inventor The Johns Hopkins University Applied Physics Laboratory.

Web Application Security “The Forgotten Layer” Paul Klahn, CISSP November 21, 2002.

Information Networking Security and Assurance Lab National Chung Cheng University The Ten Most Critical Web Application Security Vulnerabilities Ryan J.W.

Computer Science 162 Section 1 CS162 Teaching Staff.

Chapter 4 Application Security Knowledge and Test Prep

Quality Assurance and Testing CSE 403 Lecture 22 Slides derived from a talk by Ian King.

Web Application Security 101 Steve Carter (special thanks to SPI Dynamics)

DBMS1 Database Management System (DBMS) Introductory Concepts Week-1.

Grievance Handling. Grievance Handling. Why? Offer security & protection to workers Ensure management right to take arbitrary decisions on workers is.

PROFESSIONAL OUTSOURCED CUSTOMER SUPPORT On your website at affordable price. EU & America– Save up to 30% on your current customer support based Agents.

Global Systems Division (GSD) Information and Technology Services Web Services Gateway Implementation Michael Doney Bobby Kelley Peter Lannigan John Parker.

Michael Burnside Blog: Software Quality Assurance, Quality Engineering, and Web and Mobile Test.

Principles of Computer Security: CompTIA Security + ® and Beyond, Third Edition © 2012 Principles of Computer Security: CompTIA Security+ ® and Beyond,

An anti-hacking guide.  Hackers are kindred of expert programmers who believe in freedom and spirit of mutual help. They are not malicious. They may.

What is Workflow?  Workflow or Business Process Management (BPM) consists of Processes, States and Actions.  A Process (e.g. Customer Order fulfillment)

Penetration Testing James Walden Northern Kentucky University.

Software Engineering CSCI 201L Jeffrey Miller, Ph.D. HTTP :// WWW - SCF. USC. EDU /~ CSCI 201 USC CSCI 201L.

Raven Services Update December 2003 David Wallis Senior Systems Consultant Raven Computers Ltd.

The field of my scientific and professional interests Murenko Tatyana Department of Accounting and Auditing Odessa National Economic University.

May 2, 2007St. Cloud State University Software Security.

Development Strategies for Web Applications Jonathan Babbage National Superconducting Cyclotron Laboratory.

PHP meets MySQL.

Security Testing Case Study 360logica Software Testing Services.

OSI and TCP/IP Models And Some Vulnerabilities AfNOG th May 2011 – 10 th June 2011 Tanzania By Marcus K. G. Adomey.

Room 41 Kristi Smith.  Excited to be teaching 6 th grade again  Reading/writing skills stressed  Prediction, summarizing, inference, main idea, critical.

The Services Model: Transitioning Your Mind & Your Team Bonnie M. Robertson The Robertson Company.

Virtis-Opis Beta Testing Todd S. Thompson, PE South Dakota DOT Office of Bridge Design August 3, 2011.

Time Collection with Mobile Devices Session Presented by JP Issock Quality Business Consulting.

SQL Server User Group Meeting Reporting Services Tips & Tricks Presented by Jason Buck of Custom Business Solutions.

Tina Urness Minnesota School of Business June 15, 2009.

OWASP Top Ten #1 Unvalidated Input. Agenda What is the OWASP Top 10? Where can I find it? What is Unvalidated Input? What environments are effected? How.

Top Down View of Estimation Test Managers Forum 25 th April 2007.

An Ad Hoc Writable Rule Language for White-Box Security Scanners Author:Sebastian Schinzel Referent:Prof. Dr. Alexander del Pino Korreferent:Prof. Dr.

Dropbox security glitch CASE STUDY Lewis Scaife SYSM 6309 Advanced Requirements Engineering Summer 2013 Professor – Dr. Lawrence Chung.

Cloud Computing Project By:Jessica, Fadiah, and Bill.

Web Application Security Raymond Camden

Common Core Learning Standards Math. What is “Common Core”?  Common Core refers to a new curriculum that will implemented in grades PK – 12 (starting.

COMP9321 Web Application Engineering Semester 2, 2015 Dr. Amin Beheshti Service Oriented Computing Group, CSE, UNSW Australia Week 9 1COMP9321, 15s2, Week.

Module 9 User Profiles and Social Networking. Module Overview Configuring User Profiles Implementing SharePoint 2010 Social Networking Features.

Multiplication Facts X 3 = 2. 8 x 4 = 3. 7 x 2 =

Chapter 9  2000 by Prentice Hall. 9-1 Client/Server Computing.

Hello and Welcome! I’m Mr. Specter, your teacher. The objective for each day will be on the back board when you come in. No need to wait for me to start.

CSC444F'07Lecture 41 CSC444 Software Engineering Top 10 Practices.

Soroush Dalili 9 Dec Computer Security MSc. of Birmingham University.

One of two things are going on in their mind: 1. I’m not interested, and I’m just throwing up roadblocks 2. I’m interested, I just need help with my own.

User Adoption CRMUG Dallas Chapter Meeting 5/14/2014.

INTRODUCTION TO DESKTOP SUPPORT

Peter Varhol Solutions Evangelist

Leverage your Business with Selenium Automation Testing

Web Application Protection Against Hackers and Vulnerabilities

Agile Scrum Management

of our Partners and Customers

Chapter 18 Software Testing Strategies

Integration And File Imports

MLM SOFTWARE | MLM SOFTWARE CHENNAI | MLM SOFTWARE COMPANY

History, Purpose And Why Is Software Testing Being Outsourced.

Myths About Web Application Security That You Need To Ignore.

Best Approach And Practices For Software Quality Assurance Companies.

Website Security Testing: Why Business Need It Very Badly.

Mcafee updates Mcafee antivirus uses a database of known virus definitions to identify malware and other threats on your computer system. So it is important.

The Challenges of moving Document Creation to the Cloud

Today’s Business Pain Points

Automation Of Software Test

Third-party library mismanagement: How it can derail your plans

Metric to English Conversions

Principles of Information Technology

Please feel free to contact me with any questions or concerns.

ECCouncil v10 Certified Ethical Hacker Exam (CEH V10) Get certified in one attempt!

Presentation transcript:

Lightning Talks Presented at Better Software 2005 By Matt Heusser … and the gang

Timothy Lister Atlantic Systems Guild Overwhelm ‘em with estimates

Ryan English SPI Dynamics The Road to Secure Software Nirvana: Web Application Security in Quality Assurance

Web Applications Breach the Perimeter

Examples of Application Security Vulnerabilities Platform Administration Application Web application vulnerabilities occur in multiple areas. Known Vulnerabilities Platform Extension Checking Common File Checks Data Extension Checking Backup Checking Directory Enumeration Path Truncation Hidden Web Paths Forceful Browsing Administration Application Mapping Cookie Manipulation Custom Application Scripting Parameter Manipulation Reverse Directory Transversal Brute Force Application Mapping Cookie Poisoning/Theft Buffer Overflow SQL Injection Cross-site scripting Application

Why should QA be concerned about Application Security? Design 1 X Development Static Analysis 6.5X Testing Integration Testing System/Acceptance Testing 15X Deployment Customers In the Field 100X This is the cost to fix a security defect. What would the cost be if you were actually hacked?

Michael Feathers ObjectMentor Working Clean

Judy Todd & Gale Anshelm Vertex/Canadian Pacific Agile Vs. Plan-Driven Face Off

Melissa W. Frail The MathWorks, Inc. QE Industry Round Table

QE Industry Round Table Why –To learn from other organizations and share best practices What –Discuss a topic of mutual interest (e.g. Performance, Internationalization, RCAs, Metrics) –2-3 short presentations followed by group discussion Who –QE managers from local companies When –Once per quarter, for an afternoon Melissa W. Frail The MathWorks, Inc Better Software 2005

Getting Started Identify Participants –Invite contacts at other companies –Network within your company –Talk to new hires about their previous companies Ground Rules –No NDAs – share what you are comfortable sharing –No recruiting Melissa W. Frail The MathWorks, Inc Better Software 2005

Matthew Heusser Secrets of the Baby Whisperer

LaBarron Lewis EBSCO/MetaPress Two benefits of test management software

Greg Pope University of California LLNL ‘Test’ is a four-letter word

The Word Test “When was the first time you heard the word test?” “Where were you when you first heard the word test”? “How did the word test make you feel”?

Usual Answer “It was my third grade teacher at school, and I felt nervous and afraid.” Less Frequent - “It was my third grade teacher, and I was happy and excited to show how smart I was.”

Openness to Testing “I’m sure there is nothing wrong with the software, so go ahead and test it, better you find defects than our customers.”

More Common “There is no need to test my software because there is nothing wrong with it.” “You are not qualified to test my software because you don’t know as much as I do about it.” “If any Test Engineers come into our office again to test our software we will throw them through the third floor window.”

Bug Free Software? “The software was so good that the developers felt it to be without bugs and not necessary to test. We did, however, perform some Rapid Requirement Proofs and found a number of cases of Irregular Convergence and Biased Believability. These findings were handled by the developers as trivial enhancements, which have now been fully implemented, and we are ready to ship after performing the mandatory Independent Observational Scoring.”

Matthew Heusser Healing Software Development

Payson Hall Catalysis Group Facts about assumptions

Facts & Assumptions Facts are known - How many widgets did we sell last year? Assumptions are placeholders for facts - How many widgets will we sell next year?

Thanks for coming! Lightning talks will be at STARWest and other upcoming conferences! Call for presentations - and