Software Testing

As more applications get "web-ified" moving from the desktop or legacy systems onto the web, attackers follow the vulnerabilities. Without sophisticated tools or "1337 5x1llz", web applications are now the most attacked technology, with the majority of attacks categorized as "easily exploitable".

So, before your application is placed out into one of the most hostile environments, how do you stop your software from being "0wn3d" by the 14 year old in their blacked-out bedroom, or being used by a Russian crime cartel?

GUI-level regression test tools are the most commonly used black box test automation tools. There is a huge business (vendors and consultants) invested in these tools. But one of the most common ways of using them (capture-replay) yields poorly designed, unmaintainable code. It is possible to use (most of) the tools in ways that go beyond capture/replay but this requires programming skill, thoughtful design, and a good enough understanding of the tool's (often very poorly documented) programming language

t's impossible to fully test a program. In the face of an infinitely large testing task, we must be skeptical of statements that some people make that the testing project must always do this or always deliver that. In the face of an infinitely large task, everything is a tradeoff--work spent on one task is work not allocated to another. Wise allocation of resources to tasks and deliverables must be a function of the information objectives of the project at hand.

s more teams are adopting Agile practices such as XP and Scrum, ... all » software testing teams are being asked to become "Agile" as well. But what does that mean?