|
Featured Partner
Cyx is a leading software development and testing consulting service provider. Cyx was founded by Masahiko Soh, in a Tokyo basement in 2000. Cyx has a strong expertise in consulting for testing and quality management system development. It has extended its speciality into requirements engineering and overall project management. Cyx also acts as RBCS's exclusive agent for our testing courses in Japan.
Today, Cyx is providing consulting services to world class clients who need innovative improvement of their software development and testing capability. Notable clients include leading global manufacturers of embedded systems and leading system development outsourcers.
|
|
E-Learning Courses
ISTQB Test Engineering Foundation
US$ 999
ISTQB Advanced Test Analyst
US$ 999 *
Managing the Testing Process
US$ 999
Software Test Estimation
US$ 499
Assessing Your Test Team
US$ 499
ISTQB Advanced Test Manager
US$ 999
Each course includes three months of on-line access, notesets, exercises and either sample exam questions (for ISTQB course) or knowledge-check questions (for other courses). ISTQB courses are written against the latest ISTQB Foundation and Advanced syllabi released in 2007. Prices shown are for asynchronous courses (pure e-learning). Blended courses (with a facilitator) and custom training packages are also available.
*Advanced Test Analyst and Advanced Test Manager have been submitted to the American Software Testing Qualifications Board (ASTQB) for accreditation. |
|
ISTQB Certified Tester Training
June 23-26
Toronto, Canada
Test Engineering Foundation
$2,000
July 22-25
San Francisco, CA
Test Engineering Foundation
$2,000
July 28-August 1
Toronto, Canada
Advanced Test Analyst*
$2,650
September 2-5, 2008
Austin, TX
Test Engineering Foundation
$2,000
September 8-12
Ottawa, Canada
Advanced Test Analyst*
$2,650
September 22-26
Las Vegas, NV
Advanced Test Analyst *
$2,650
September 29-October 3
NYC Area, New York
Advanced Test Manager**
$2,650
October 20-24
Toronto, Canada
Advanced Test Manager**
$2,650
November 10-14
Washington DC
Advanced Test Manager**
$2,650
December 1-5
Ontario, CA
Advanced Test Manager**
$2,650
December 8-12
Atlanta, GA
Advanced Test Manager**
$2,650
*Advanced Test Analyst has been submitted to the American Software Testing Qualifications Board (ASTQB) for accreditation.
**Advanced Test Manager course has been submitted to the American Software Testing Qualifications Board (ASTQB) for accreditation.
|
|
Other Public Courses
June 25-27
Dallas, TX
Managing the Testing Process $2,500.
September 22-24
Denver, CO
Performance Testing Immersion Workshop
$2,500
October 21-23
Austin, TX
Performance Testing Immersion Workshop
$2,500
| |
| Greetings!
Welcome to the May 2008 newsletter. As you know, one of our main focus areas at RBCS is the application of the concepts of risk management to improving software quality. With the rash of recent security-related incidents, a natural question to ask is, "Can the kind of risk-based testing techniques RBCS promotes work for me to improve software security?" The answer is, "Yes, absolutely."
Security is a software quality attribute, just like functionality, performance, and usability. While each quality attribute has its own unique test design techniques, the standard concepts of risk-based test analysis and risk-based test planning apply across the board. So, to help you extend your risk-based testing techniques into the realm of software security, we're featuring a recent article on the topic.
This article was originally published in SD Times, but is available here in an expanded form. The United States Department of Homeland Security cited this article in their handbook on writing secure software.
We also have, as usual, a featured partner, this time from Japan. We've worked with Cyx since 2005, both on training and some fascinating client assessment engagements. In addition to our current relationship with Cyx, we are working with them to expand the scope of our partnership. More news to come on that in a later newsletter.
Finally, speaking of risk-based testing, we are working with a major software vendor to help them implement risk-based testing and risk-based results reporting. Our work with them will be the topic of two upcoming articles, co-authored by me and our client. We're excited with the progress we're making with them, using our standard risk-based testing techniques. I look forward to providing you with further details on this project in the July newsletter.
Regards,
Rex Black, President |
|
|
Seven Steps to Reducing Software Security Risks
by Rex Black
If you are a software developer, software development manager, or software quality assurance staff member, you probably know that developing secure software is no longer simply desirable-it's completely essential.
Some developers might assume that most security problems arise from the operating system or networking layers, well below the application code they are working on. However, recent figures for Web-based applications show that over three-quarters of security exploits arose from applications (see Table 1).
So, you know you need secure code, but how to get there? What are your security risks? What security failures and bugs do you have? What do these security risks, failures, and bugs mean? How can you reduce security risk in a way that doesn't create new problems? How do you monitor your progress over time? This article will outline seven steps that will allow you to answer these and other questions as you improve your software's security.
Exploited Vulnerability Percent Occurrence
Server Applications 41%
Non-Server Applications 36%
Operating System Issues 15%
Hardware Issues 4%
Communication Protocol Issues 2%
Others 2%
Network and Protocol Stack Issues 1%
Encryption Issues 0%
Table 1: Occurrence of Security Exploits by Vulnerability
Of course, risk-based testing is just one of a number of testing strategies. Smart test professionals know how to select and blend strategies on their projects. You can learn more by clicking here to read Rex's article on the topic in this month's "Testing Experience" magazine.
|
|
Some of you may have heard Rex's sayings over the years. We decided to coin them "Rexisms" for your reading pleasure. So here they are to ponder - some useful aphorisms to help you plan, prepare, perform, and perfect your testing activities, compiled from over a quarter-century of software and systems engineering experience.
-
"The most dangerous kind of bad idea is the one that sounds reasonable. Bad ideas that sound stupid stand little chance of implementation, but bad ideas that sound reasonable often carry the day, with disastrous results."
-
"The most recurring, pernicious, and corrosive testing mistake is overestimation of the percentage of test cases that will pass. Such false optimism is the root of the failure of many a carefully-considered test estimate, a thoroughly-vetted test plan, and a painstakingly-crafted test design."
-
"Test documentation templates are great, except when they're not. They're great when they serve as a way to remind you of important considerations, questions, and decisions you must address in your test plans, test cases, test policies, and test reports. They're not great when you use them as an excuse to turn off your brain and fill in the blanks." |
Transition Plan for the 2007 ISTQB Advanced Level Syllabus
On October 12, 2007, the ISTQB General Assembly released the new Advanced Level Syllabus. Effective July 1, 2008, all Advanced Level exams will run against the new syllabus. Visit the ASTQB website to view the new syllabus.
RBCS is working diligently to make the transition from the current syllabus to the new syllabus as seamless as possible for our clients and customers. We will continue to offer the current Functional Testing Advanced Level course and prep guides until July 1, 2008 (exams will be offered by the ASTQB until October 15, 2008.) On July 1, 2008 the Functional Testing Advanced Level course will be replaced by ISTQB Advanced Level Test Analyst. Likewise, we will continue to offer the current Test Management Advanced Level course and prep guides until July 1, 2008. On July 1, 2008 the current Test Management Advanced Level course will be replaced by an updated version commensurate with the new syllabus.
For additional information, download the ISTQB Advanced 2007 Release Plan.
|
QA Zone Interviews Rex Black On Risk Based Testing
If you've been following this newsletter for a while, or if you've read any of Rex Black's books, you know that RBCS is a pioneer and a leader in risk-based testing. We've been developing ways to do risk-based testing and showing them to our clients since 1995. RBCS is currently working with a major client to help them implement risk-based testing, and that work will be the subject of a major case study article to be published this fall. In the meantime, you might want to read this interview of Rex Black, where he discussed risk-based testing, test automation, ISTQB certification, and the skills required to be a good software tester. See the entire article today! |
|
Foundations of Software Testing is Translated into Japanese
Foundations of Software Testing: ISTQB Certification is currently being translated into Japanese! |
|
Managing the Testing Process, Third Edition, Coming in 2009
Rex's first book, Managing the Testing Process, has proven a real hit in the decade since its initial publication, with around 30,000 copies sold, including Indian, Japanese, and Chinese editions. Now, just in time for the ten-year anniversary of its initial publication in July 1999, Rex has embarked on work on a third edition, due to hit the shelves around July 2009. The third edition will update the existing material and add new material on improving your testing processes, testing in agile lifecycles, understanding the testing business case, writing more effective test plans, creating more accurate test estimates, communicating your test results in a way that really effects change, and more.
Rex said, "I've been very gratified over the last decade at the response to this book and the training course we derived from it. With feedback from the thousands of course attendees, another half-dozen years of experience under my belt, and an even broader geographical, industry, and organizational range to our consultancy, I expect to make the third edition an even more useful, comprehensive, and comprehensible resource for test managers around the world." |
|
Remembering our Fellow Countrymen and International Neighbors
As we celebrate our successes, we are reminded every day of the tragedies that have recently fallen upon the victims of the Myanmar cyclone, the tornadoes in the Midwest and Southeast, and the catastrophic earthquake in China. We have only been touched by these events by several degrees of separation. This is not the case for some of our colleagues and associates. Please take a moment to help those affected by these crises. | |
|
|
|
