In the past, developers knew every line of code in their applications. They designed it, wrote it, tested it, and controlled it. Today’s applications are far different. Rather than written, they are often assembled―from program language libraries, third-party frameworks, encapsulated web services, and even entire external systems—and glued together with small amounts of code. Before your organization committed to using these external pieces of software, were testers part of the evaluation process? Was the software thoroughly tested before betting your organization’s success on it? Or did everyone just hope for the best? Julie Gardiner explains how to make the business case for including test professionals in the software evaluation to add their unique focus on software quality. If you’re already committed to using vendor supplied software, Julie describes how to ensure quality from your vendors, on a schedule that meets your needs—not theirs.
More InformationKeynotes
Below find information on the featured keynotes at STARWEST.
In his journeys, Bob Galen has discovered that testing takes on many forms. Some organizations have no automated tests and struggle to run massive manual regression tests within very short iterative releases. Other organizations are going “all in”―writing thousands of acceptance tests in Gherkin. The resulting imbalance in their testing approaches undermines an organization’s efficiency, effectiveness, and delivery nimbleness. Bob shares ideas to bring balance to testing. He explores the choices: manual vs. automated testing, designed and scripted test cases vs. exploratory tests, and thoroughly planned test projects vs. highly iterative reactive ones. Bob describes how to balance traditional test leadership with an iterative and whole team view to add value. And finally, he explores the balance of the gatekeeper vs. leading the collaboration with stakeholders to find the right requirements that solve their problems. Take away a strategic approach to structure your testing and a renewed understanding of how testing fits into a healthy and balanced culture.
More Information
Throughout the years, Lightning Talks have been a popular part of the STAR conferences. If you’re not familiar with the concept, Lightning Talks consists of a series of five-minute talks by different speakers within one presentation period. Lightning Talks are the opportunity for speakers to deliver their single biggest bang-for-the-buck idea in a rapid-fire presentation. And now, lightning has struck the STAR keynotes.
More Information
Like millions of other Americans, Ben Simo visited HealthCare.gov in search of health insurance and found a frustratingly buggy website that was failing to fulfill its purpose―to educate people on the new health insurance law and help them purchase health insurance. After failing to create an account, Ben put on his tester hat and turned on his web developer tools. In addition to many functional and performance issues, Ben soon discovered a chain of security vulnerabilities that exposed users to unnecessary risk. Finding HealthCare.gov customer service unequipped to receive reports of security vulnerabilities, he blogged his discoveries, spawning a storm of public attention which hailed Ben as a “web expert,” “methodical IT guru," “folk hero”—and “not too bright.” His reports even came up in congressional hearings, where the Secretary of Health and Human Services referred to Ben as “a sort of skilled hacker.” Ben’s reports helped bring attention to problems that suggested a systematic lack of care and understanding of system design and information security. Join Ben as he shares his experience, the issues he found, and lessons testers can learn from HealthCare.gov.
More Information
Security testing is often shrouded in jargon and mystique. Security conjurers perform arcane rites using supposed “black hat” techniques and would have us believe that we cannot do the same. The fact is that security testing “magic” is little more than specialized application of exploratory test techniques we already understand. In this Defense against the Black Hats, Paco Hope dispels the myth that security testing is a magical art. By deconstructing security activities into techniques we already know well, we expand our testing. Security tests can be seamlessly woven into our existing test practices with just a bit of straightforward effort. Glittering gold security bugs can be tracked and managed right alongside the mundane, garden-variety functional ones. The knowledge that we need to do meaningful security testing is accessible and can be learned. If you can test functionality, you can test security. When our day-to-day tests include security too, our software does not fall prey to the hackers’ sleight-of-hand and conjurers’ tricks.
More Information