Tips

Tips

• Five steps to fostering better software tester and QA results

  Separating the activities of software quality assurance analysts and testers can ensure application quality. This tip suggests steps for keeping QA and testing focused on quality.  Continue Reading

• Performance testing tools- Commercial, less expensive and free

  Finding affordable, quality performance testing tools is a major concern in the software industry. This expert tip sheds light on some of the most reputable cost effective ones.  Continue Reading

• How to stop developer vs. tester, quality-killing blame game

  Agile expert Zach Nies offers ways to improve software quality by stopping Agile developer-versus-tester fingerpointing. In his 20 years in software development, he's seen human squabbles block quality assurance efforts too often. Here, he explains ...  Continue Reading

• How to improve software user acceptance testing practices

  How application user acceptance testing (UAT) differs from functional testing and ways to improve UAT processes are explained in this tip. Likening UAT to show biz, expert John Overbaugh describes the UAT process and the "rehearsals" that lead up ...  Continue Reading

• Testers debate differences between waterfall, Agile test automation

  Two professonal testers continue the timeless debate, agile vs waterfall, which is the best methodology for test-driven software development.  Continue Reading

• Test-driven development face-off: Waterfall vs. Agile

  Most software test pros pick a preferred methology and stand by it, in this tip two testers square-off, one advocating for agile development, the other in the waterfall corner.  Continue Reading

• Rich Internet applications security testing checklist

  Fix common RIA and Web 2.0 application problems typically caused by Ajax, Flash and other technologies with these tips. Software expert Kevin Beaver explains why add-ons, plug-ins and multimedia features are causing more security flaws.  Continue Reading

• Finding cross-site scripting (XSS) application flaws checklist

  Cross-site scripting (XSS) is a major concern, it can be unpredictable and requires multiple tools to test it . Expert Kevin Beaver sheds light on the history of XSS issues and recommends tools to prevent XSS application issues.  Continue Reading

• Seven steps for a quality change and configuration management program

  This tip outlines several ways to ensure you have a topnotch change and configuration management (CCM) division on your project team which is vital in protecting software code.  Continue Reading

• Calculating mean time to failure in performance testing

  Calculating MTTF (mean time to failure) can be a difficult for testers in order to develop a performance test pass as there are multiple steps. This expert tip will guide you through process,  Continue Reading

• Winning responses to "Why is QA always the bottleneck?"

  Executives are notorious for criticizing QA and test pros, often labeling them as the "bottleneck" of software projects. Learn appropriate responses to upper management's unfair and difficult inquiries in this useful tip.  Continue Reading

• Defining report requirements with use cases

  This tip offers a new and interesting way to go about defining and reporting requirements for use cases. There are a number of details that need to be attended to in defining requirements such as taking a look at users and then constructing use ...  Continue Reading

• How requirements use cases facilitate the SDLC

  Learn software use case processes and techniques that result in better application requirements in this tip. Takeaways include use case diagrams and user acceptance test case examples.  Continue Reading

• 5 ways to answer executives' unfair software test, QA questions

  Learn how respond to these difficult management questions and other common software test-related inquiries in this tip. Veteran tester Matt Heusser offers answers to executives' commonly-asked unfair questions about test and QA results.  Continue Reading

• Essentials of static source code analysis for Web applications

  Running security analysis tools against your source code has been the cornerstone test method for years, but many do not understand the value of testing in this way, or the money it can save you.  Continue Reading

• Expert shows seven ways to improve your project management abilities

  Project management offices can benefit when the team has a diverse portfolio of skills. Learn how to become a better project manager by reading these seven suggestions, which range from developing talents and group leaders to better assessing ...  Continue Reading

• Streamlining test planning and design

  Test planning is a crucial step in the design process that is often overlooked or even ignored thought to be needless busy-work that aggravates progress. Expert Robin Goldsmith says otherwise in this two part tip on the Test planning.  Continue Reading

• Five roles test managers play in agile development: Tutorial, part one

  This two-part tutorial explores five higher-order functions where an experienced test manager contributes to an agile organization. This installment covers interfacing with senior management; providing vision and leadership; and fostering ...  Continue Reading

• Load testing with Microsoft Visual Studio Team System

  Expert introduces new technical tips for users of Microsoft's Visual Studio Team System, making load testing far more efficient for launching VSTS and load testing web applications.  Continue Reading

• Using SBTM for exploratory testing coverage problems

  Learn how to make software testing progress more visible using session-based test management (SBTM), thus improving exploratory testing processes. This article is the second in a series on session-based test management.  Continue Reading

• Quality assurance (QA) and testing's role in requirements

  Common wisdom is to include QA/testing early in the software life cycle, but this practice actually has a number of hidden pitfalls that can reduce the effectiveness of the requirements process.  Continue Reading

• Using session-based test management for exploratory testing

  Two major criticisms of exploratory testing are that progress and coverage are difficult to determine. Session-based test management addresses these concerns.  Continue Reading

• The role of quality assurance (QA) pros in software security

  Along with developers, security managers and IT auditors, QA pros have an active and important role in the information security process.  Continue Reading

• The benefits of exploratory testing in agile environments

  Exploratory testing can help software testers keep up with the rapid development pace of agile software projects. Find out why and how to use exploratory testing in agile.  Continue Reading

• Software testing deliverables: Developing a software testing strategy

  David Johnson updates his popular tip on software testing deliverables with detailed information on forming a test strategy.  Continue Reading

• Common software security risks and oversights

  We have a tendency to focus on the sexy technical side of software security, but many overlooked software security risks have more to do with operational and documentation problems.  Continue Reading

• Defining requirements during software project feasibility analysis

  There are at least two key points in a software project when requirements should be defined. One point people often miss is during feasibility analysis, and failure to define requirements at this stage can doom a project.  Continue Reading

• How project managers can recover from worst case scenarios

  Learn how to recover when a software project goes horribly wrong, due to problems with budgets, clients, stakeholders, schedules or technical failures.  Continue Reading

• How to handle IT project management in a recession

  Even the most profitable IT companies are responding to the recession by slashing budgets and reducing workforces. These tips will help you handle the negative consequences of the economic downturn.  Continue Reading

• Pros and cons of requirements-based software testing

  Learn about the strengths and benefits of requirements-based testing as well as what the detractors say -- which is mostly based on incorrect assumptions about requirements.  Continue Reading

• Two-minute guide to determining software testing coverage

  Get a crash course on deciding which features to test and when and how to test them.  Continue Reading

• Web application security testing checklist

  Testing your Web application security is something that needs be taken seriously. The best way to be successful is to prepare in advance and know what to look for. Here's an essential elements checklist to help you get the most out of your Web ...  Continue Reading

• How to avoid requirements creep

  Despite all the attention placed on defining requirements, creep continues to plague software projects. Learn how a different approach to requirements can curtail that creep.  Continue Reading

• Making requirements walkthroughs more effective (and fun)

  Do you have to twist arms to get people to attend your requirements review sessions? It doesn't have to be this way. Learn how to use a simulation model to get everyone engaged in the walkthrough.  Continue Reading

• QA manager role depends on communication, planning, capacity

  Improve the exchange of information in your organization to better fulfill your role as a QA manager with these three cornerstones.  Continue Reading

• The value of a project manager: Why a PM is the CEO's best friend

  A project manager and the CEO have very similar roles -- which is why they should work together closely in these challenging economic times.  Continue Reading

• Using proactive test design methods to catch requirements issues early

  Proactive test design allows QA testers to identify requirements and design problems at an earlier stage than with traditional test cases.  Continue Reading

• How to develop secure applications

  It's not enough to begin securing applications in the testing phase -- secure applications start with secure code.  Continue Reading

• Software testing affected by pressure to release software

  QA and software test managers often are under pressure to speed the release of software. To ensure adequate testing, they must clearly communicate with project leaders the testing scope, testing plans, and risks involved.  Continue Reading

• REAL business requirements key to calculating ROI for a project

  Before you can accurately calculate your return on investment on a software project, you must first accurately identify the REAL business requirements.  Continue Reading

• Seven Steps to Mastering Business Analysis, Ch. 1

  Chapter 1 of Seven Steps to Mastering Business Analysis explains what business analysis is, its role in software development, the role of a business analyst, and the traits of good business analysts.  Continue Reading

• Integrating application lifecycle management (ALM) processes provides additional benefits

  Dominic Tavassoli explains how you can benefit from integrating the five processes of application lifecycle management (ALM) -- requirements management, test management, configuration management, change management, and modeling.  Continue Reading

• Overcoming user acceptance testing difficulties

  Often there are problems with user acceptance testing (UAT), such as user reluctance to participate and poor test planning. Robin F. Goldsmith explains the issues and provides tips for successful UAT.  Continue Reading

• Software testing on an agile project: How to get started

  Increasingly there is more talk and are more questions about software testing on "agile" projects. What does it take to be a successful tester on an agile project? Tester Mike Kelly and project manager David Christiansen explain.  Continue Reading

• Clean Code: A Handbook of Agile Software Craftsmanship, Chapter 1 -- What Is Clean Code?

  Agile software development calls on developers to write clean code, according to Robert "Uncle Bob" Martin. This free chapter introduces the concepts and methods programmers can adopt to write truly clean code.  Continue Reading

• How to maintain, enhance legacy applications

  The challenge of maintaining legacy applications is in developing new functionality and enhancements, often without a clear understanding of how the system works. The good news is that products and approaches are emerging to help solve these ...  Continue Reading

• Secure software measures: Their strengths and limitations

  The best approach to software security is to develop code that does not have security flaws. What do you do if you need to go back and ensure an application's security? Do you select a Web application firewall, conduct black box testing, or conduct ...  Continue Reading

• Software testers: Identity crisis or delusions of grandeur?

  Without a clear understanding of what software testers do, it's only natural that people try to interpret what they do from their job title. The problem is the number of different titles people have creates confusion, says Scott Barber.  Continue Reading

• What to include in a performance test plan

  Before performance testing can be performed effectively, a detailed plan should be formulated that specifies how performance testing will proceed from a business perspective and a technical perspective. David W. Johnson outlines what to include in ...  Continue Reading

• Unit testing in the enterprise: Five common myths dispelled

  Surprisingly few organizations have tried implementing unit testing due in part to misinformation developers and managers receive. Andrew Chessin from Cisco dispels some of the myths that are keeping organizations from reaping the benefits of unit ...  Continue Reading

• Determining the testing organization's place within a company

  Software testing organizations are a vital part of the SDLC, but where do testing groups fit within a company? Mike Kelly and Rob Apmann offer advice on finding the proper place for testing.  Continue Reading

• Approaches to defining requirements within Agile teams

  Agile development methods focus on defining "just enough" requirements detail for the next sprint. Martin Crisp explains three things to consider when eliciting those requirements.  Continue Reading

• How to test a data warehouse

  Testing a data warehouse is not very different from a typical testing project. Baher Malek advises testers on creating robust test cases and basing test design and execution on context.  Continue Reading

• Getting started with Web application misuse cases

  When developing applications it isn't enough to think about how they will be used. You must also consider how they will be misused -- or abused -- so that you can prevent attacks. Kevin Beaver gives some examples of Web application weak spots that ...  Continue Reading

• Magic formula for successful performance testing

  Is there a magic formula to ensure successful performance testing? Not really. But Scott Barber points out what factors contribute to a testing projects success or failure.  Continue Reading

• Requirements Management Using IBM Rational RequisitePro: Chapter 1, Requirements Management

  Requirements management is made easier through planning and tools. This free chapter introduces readers to requirements gathering and how IBM Rational RequisitePro can be used to engineer and maintain requirements.  Continue Reading

• Defining good performance requirements a joint effort

  When dealing with performance requirements you need to look at a bigger picture -- one that includes business, operations and development organizations -- as well as consider changes to the system over time. Doing so helps you produce systems that ...  Continue Reading

• The essentials of Web application threat modeling

  A critical part of Web application security is mapping out what's at risk -- or threat modeling. Kevin Beaver outlines the essential steps to get you started and help you identify where your application vulnerabilities may be.  Continue Reading

• The effectiveness of code coverage tools in software testing

  Coverage tools when run with the application under test will tell you how much code is covered by the executed test cases.  Continue Reading

• The six hats of project management

  Software project managers face many different kinds of challenges and should have different perspectives for handling them. PM expert Bas de Baar explains how to switch mindsets to tackle a problem.  Continue Reading

• Testing for performance, part 2: Build out the test assets

  In this second article of our three-part series on testing for performance Michael Kelly looks at how to build test assets and the work required to support that effort.  Continue Reading

• How to prevent XPath injection

  Parameterization and input validation are invaluable to application security. Which method is best for preventing XPath injection attacks? Chris Eng explains.  Continue Reading

• Test software with a user perspective

  When testing software you need to think beyond how users are intended to use software. Think also about how they could misuse it.  Continue Reading

• How to estimate for testing on a new software project

  What do you do if you have a new project and no historical data for reference, and you need to estimate for software testing? Test experts Karen N. Johnson and Mike Kelly explain.  Continue Reading

• Testers' involvement in requirements gathering important

  In this increasingly complex software development era, it is important to include testing as early in the project as possible. And that means starting with requirements gathering.  Continue Reading

• Web application hacking: Inside the mind of an attacker

  Want to prevent your Web application from being hacked? Then you need to think like an attacker. Kevin Beaver helps you change your mindset so you start to think about how people can misuse your application.  Continue Reading

• Software testers need to understand architecture, business domain

  If a software tester is to be successful, he must have expertise in the business domain and in the architecture on which the software is built.  Continue Reading

• How to define the scope of functional security testing

  With a many internal threats originating from applications, functional security testing is one of the most reliable ways to identify internal security vulnerabilities.  Continue Reading

• Cracking passwords the Web application way

  Don't make the mistake of thinking your Web site is secure just because it uses SSL. If you don't have proper login controls in place, attackers can crack passwords and get into the application.  Continue Reading

• Project management calls on a new set of skills

  Project management, Bas de Baar claims, is changing, and PMs will need a new set of skills. This new environment, he says, demands abilities traditionally associated with women.  Continue Reading

• Documenting your software test project

  Test documents are a good way to manage the details of a software test project and keep stakeholders informed of the project's progress. Learn what to include in test artifacts such as test strategy documents, test plan documents and test estimate ...  Continue Reading

• The A-B-C's of software testing models

  Testers can use various models when testing software, such as waterfall, iterative and agile styles. Scott Barber explains their differences to help you decide which is best for your software testing team.  Continue Reading

• Five steps for performing an effective software product review

  Review or inspection is an important activity in any project implementation. Performing a good review of the developed product, along with capturing metrics, helps in building a quality product. In this member-submitted article, Murugan Srinivasa ...  Continue Reading

• How to write an effective test report

  This member-submitted tip provides a guideline for essential information that should be included in a test report.  Continue Reading

• Don't mistake user acceptance testing for acceptance testing

  Despite the many references that concur on the definition of acceptance testing, people still get confused. Scott Barber clarifies things in this month's Peak Performance column.  Continue Reading

• How to get developers to buy into software security

  Getting developers' buy-in on security and secure coding practices can be like pulling teeth. But Kevin Beaver has some ideas to get developers thinking about software security and following security practices.  Continue Reading

• Automated software testing: The role of a test engineer

  A core role within the Testing Center of Excellence, the test automation engineer is responsible for automating as much of the testing effort as possible. The challenge is, however, determining what should be automated and in what sequence in order ...  Continue Reading

• Who does what in a Testing Center of Excellence?

  With a Testing Center of Excellence (TCE) an organization can improve its software testing. Learn how and what each TCE participant does in this article from David W. Johnson  Continue Reading

• Why Programs Fail: A Guide to Systematic Debugging -- Chapter 3, Making Programs Fail

  Debugging software is a crucial and complex process. This free chapter explains how to use testing, such as functional and unit testing, in your debugging program.  Continue Reading

• The benefits of testing software by project phase

  There's something to be said for including software testing in all phases of the SDLC. Here's a look at the advantages and how this approach could improve your software development.  Continue Reading

• Improved software testing via a Testing Center of Excellence

  With a Testing Center of Excellence (TCE) companies bring together testing specialists and components to ensure proper testing techniques are applied. Ultimately, the TCE enables testers to improve their software testing, as well as helps them to ...  Continue Reading

• Using workshops to define project scope

  Workshops can be an effective way to bring stakeholders to a consensus on the scope of a software project.  Continue Reading

• Performance and load/stress tests: Two types of capacity tests

  Both performance and load/stress tests help determine the capacity of a system. But for the tests to be successful, certain guidelines should be followed. David W. Johnson reviews those guidelines and offers advice for planning tests.  Continue Reading

• Don't overlook nonfunctional software requirements

  Nonfunctional software requirements describe how well the software does what it does. By exploring quality attributes during requirements elicitation, you can influence the function, design and architecture of the product and help give customers ...  Continue Reading

• How to test Web site login security

  Input validation is critical for the security of Web sites. Here's a techniques you can use to make sure your site isn't vulnerable to SQL injection.  Continue Reading

• Jumpstart CMM/CMMI Software Process Improvements: Using IEEE Software Engineering Standards -- Chapt

  Software project managers who are curious about CMM, CMMI and IEEE software engineering standards will find answers and explanations in this free chapter.  Continue Reading

• Essentials of Lean Six Sigma -- Chapters 1 and 4, Introduction and Improvement

  Software development projects may benefit from he introduction of lean Six Sigma management principles. To learn more about how lean Six Sigma might benefit you, read these two free chapters.  Continue Reading

• Ways to integrate security into the SDLC

  To successfully integrate security into the software development life cycle (SDLC) you need to make sure you factor time for security into the project plan.  Continue Reading

• Developing an approach to performance testing

  While there's no universal approach to testing application performance, there are some activities that are part of nearly every performance testing effort. Scott Barber reviews what those activities are in this month's Peak Performance column.  Continue Reading

• Software testing deliverables: From test plans to status reports

  Core sets of deliverable are required for any software testing phase. In many cases they include a test plan, test case, defect documentation and status report. Learn what is required for each in this tip from David W. Johnson.  Continue Reading

• Using SLOC to estimate software costs, schedules

  Poor cost and schedule estimates ruin projects more than technical, political or development team problems. But if you can determine the source lines of code (SLOC) in an application, you can better gauge the amount of time and effort needed to ...  Continue Reading

• SEI Checklist

  The SEI Checklist can help you define source lines of code (SLOC) values to enable people to carefully explain and define the SLOC measure used in a project.  Continue Reading

• How to document system, software requirements

  There are various formats you can use to document system and software requirements. However, no single one is sufficient to represent all requirements. You need to follow an integrated approach.  Continue Reading

• Software performance testing: You can't test everything

  It's nearly impossible to simulate all the ways an application will be used, so deciding which scenarios to include in a performance test plays a critical role in estimating performance in production. In this month's Peak Performance column, Scott ...  Continue Reading

• Create one text file that contains all the stored procedures and triggers in a database

  This script will send the contents of all the stored procedures, functions and triggers in a database to a text file, eliminating the need to go through every script to find what you're looking for.  Continue Reading

• How to verify the input of special characters

  Here's a quick tip to verify the input of special characters in text boxes on forms.  Continue Reading

• Web application vulnerabilities you don't want to overlook

  When testing Web applications for security flaws, chances are you will miss some weaknesses. Here's a look at 10 commonly overlooked Web application vulnerabilities you can't afford to miss.  Continue Reading

• The role of a software test manager

  Effective software test managers not only understand the discipline of testing, but they are also able to manage and implement a testing process in their organizations. That requires team leading skills, communication skills, and being able to ...  Continue Reading

• How to evaluate testing software and tools

  Selecting the right testing software that meet's the testing organization's long-term and short-term goals can be challenging. But by following a few simple guidelines and using common sense, you can successfully implement the appropriate tool and ...  Continue Reading

• Web application testing: The difference between black, gray and white box testing

  Security is critical when operating a Web application. Black, gray and white box tests are three tests you can conduct to ensure an attacker can't get to your application. Learn what the differences are in this tip from Denim Group's Dan Cornell.  Continue Reading