Professional Documents
Culture Documents
Collaborative Media
Bu
PR Ma
BE CTIC gem
ild
A na
ST ES en
: t
VOLUME 6 • ISSUE 2 • FEBRUARY 2009 • $8.95 www.stpcollaborative.com
Special STPCon
Preview Issue
Increase Test
Your Apps Alive page 8
Validit y With
Live Data Loads
The premier event for senior executives
and testing/QA management to share the
latest strategies and stay on top of
emerging best practices
FutureTest 2009
Roosevelt Hotel
New York, NY
February 24-25
REDWOOD
Turbulent Times By Breaking Web Apps Presented by
AmiBug.com Time Inc.
Robert Sabourin Ryan Townsend Collaborative Media
President, development, testing and Lead security engineer
management consultancy
FEEDBACK: Letters should include the writer’s name, city, state and e- Electric Cloud www.electric-cloud.com 17
mail address. Send your thoughts to feedback@stpcollaborative.com.
Letters become the property of Redwood Collaborative Media and may be Hewlett-Packard www.hp.com/go/alm 20
edited for space and style.
Contents A REDWOOD
Collaborative Media
Publication
08
COV ER STORY
A Survival Kit For
The Jungle That Is
Enterprise App Performance
The tester’s job is anything but easy. There are preda-
tors, road blocks and traps of every kind. What you
need is some everyday wisdom to help you survive
and thrive. By Justin Callison Performance Testing With
13 Live Data—Don’t Get Boxed In
Some experiments are best performed with the living. Learn
the best ways to select and use live data to increase the valid-
ity and efficiency of your tests. By Ross Collard
Depar t ments
4 • Contributors 16 • Best Practices
Get to know this month’s Getting the build right means
experts and the best practices playing by the rules. Bottom
they preach. line? Maintain control and
evolve the infrastructure as
4 • Feedback the needs of the organization
It’s your chance to tell us where change. By Joel Shore
to go.
18 • ST&Pedia
6 • Editorial Industry lingo that gets you up
Nothing ever goes quite the way to speed.
you think. Everything takes
longer than you thought. Some 19 • Future Test
thoughts about planning a tran- When planning test automa-
sition and when thinking it tion, it’s the script writing that
through is the best you can do. demands the greatest skill and
stands to provide the most long-
7 • Out of the Box term benefit. Here are 10 steps
Latest news and products for to automated validation.
testers. By Matthew Hoffman
Editor
Edward J. Correia
ecorreia@stpcollaborative.com
Contributing Editors
Things Always
Take Longer
Joel Shore
Matt Heusser
Chris McMahon
Art Director
LuAnn T. Palazzo
lpalazzo@stpcollaborative.com
•
stpmag@halldata.com
847-763-1958 job, adjusting and tweaking among scores of others. In the
business processes, and hiring Redwood transaction, my
Circulation and List Services
Lisa Fiske and dividing workloads, you department was the acquisition
lfiske@stpcollaborative.com tend to lose track of all the target. The technical problems
pieces and parts that go into If you’ve ever were neither unexpected nor
Cover Photograph from Fotolia.com
running a business. Once the insurmountable. They were
ties are severed and a task thought ‘My boss just another story of organiza-
comes due that someone else tional change taking place
used to perform, as is com- has no idea what each day in the thousands of
mon following the consolida- companies in an economy that
tion of an acquisition, the peo- I do,’ you could expands and contracts.
ple that remain must some-
President Chairman
how fill the void. very well have Rise to the Challenge
Andrew Muns Ron Muns If you’ve ever thought (and Tell us your story. In January
n the world of software quality assur- when they want access to the complete knowledge base of
response time. It is also helpful to prepare test specifications development organization to support your initiatives. Developing
that clearly document how your tests were run so that others a relationship with architects is worth the time and energy for
can interpret your metrics. This communication is important both you and them. You can learn a lot from them, but you can
for ensuring that action is taken based on your findings. It is also provide the support they need to achieve their goals. It is a
also critical to job security. If the VP of development does not two-way, productive relationship that is well worth pursuing.
understand what you do and what value you provide, that can
be a somewhat tenuous place to be. Admit When You Do Not Understand
Performance is complicated; there will be lots of things you do
Find One Hole and Dig Deep not understand. Get comfortable saying “I don’t know,” but do
This may seem to contradict my earlier suggestion of devel- not stop there. Demand further explanation, whether that
oping broad but shallow technical fluency. You do not need demand is made of a colleague or of you (i.e. further research).
to be an expert in all areas, but it is well worth it to become At school, my teachers always encouraged us to ask questions. It
an expert in at least one. For me, my hole was the Oracle is almost certain that others will have the same questions but
DBMS. Through gaining my OCP certification and working might be too uncomfortable to ask. This is often the case in
closely with other DBAs, I learned a great deal about core product development teams, in which no one has the courage to
performance concepts, specifically caching, locking, data say that the Emperor has no clothes.
consistency concerns, failure/recovery, clustering, language
parsing, networking, and I/O systems. It gave me a solid Perfect is the Opposite of Good
framework to build on and I was then able to apply these In performance testing, it’s easy to blame failure or lack of
core concepts to understand problems and possible solutions progress on inadequate conditions. The build is not stable
in other realms. There are not enough. The hardware we have
many truly unique problems is insufficient. I do not have the
or solutions, but by concen-
trating on this mature and
highly scaled technology, I was
exposed to most of them.
• right tools. We do not have
enough time. These are all real
impediments, but the biggest
impediment is to wait until you
By learning about a highly You can apply this have a perfect build, the perfect
specific situation and the core testing infrastructure, and as
concepts involved in solving it, knowledge to many other much time as you need. That
you can then apply this knowl- will never happen. If your cost
edge to many other difficult technical situations estimates are based on perfec-
technical situations. A former tion, it is likely you will not get
colleague, whom I worked with approval to start.
early in my career, is a grizzled
veteran who started adminis-
tering Unix systems in the early
1970’s. Every time I would
• Effective performance test-
ing does not require perfec-
tion. Useful work can be done
with a partial implementa-
bring up some fancy new technical term, he would ask for an tion, a desktop, one person with a stopwatch and an after-
explanation. Then he would say “Ah, I get it. We did some- noon. Does that mean you should stop there? Absolutely
thing like that back in the old days. But we called it something not. But it shows that you don’t need perfection to get
different.” The knowledge you learn now will often be appli- started. The biggest mistake and cause of failure in per-
cable down the road. formance testing is starting too late.
Reach Your
Peak Performance
The premier technical conference for
software testers, QA managers and
software developers and managers
Unparalleled Education
• 60+ sessions covering software test/QA and perform-
ance issues across the entire application life cycle
• Full-day tutorials offer complete immersion in the topic
Ultimate Networking
• Share experiences, challenges, ideas, and solutions with
your peers and industry leaders — the STPCon faculty
Presented by
Exciting New Tools & Technologies
• Get a first look at the latest tools and services. Visit with
vendors in a relaxed environment. See the products in
action, and find the tools and technologies that can help
your organization reach its peak performance
Don’t miss the best STPCon yet! Register by March 13th and save up to $300!
Visit www.stpcon.com to register today!
Testing by the Numbers!
Contents N umbers are everything. They’re the bottom line. They’re in your bug list,
your budget and your bank account. They’re the number of days left till
release, the number of people on your team and the number of test cases
Event Schedule 3 they ran. How many bugs did they find? How many were fixed? How many
remain? Of those, how many are critical? It’s all in the numbers.
Conference Planner 4–5 Unfortunately, numbers also dominate the headlines. The number of job losses, the highs and lows of the
stock market, the number of billions for the latest corporate bailout.
Full-Day Tutorials 6
The Software Test & Performance Conference is here to help. With the high cost of software failures,
employing the most effective software testing techniques is one important way to keep costs low. And
Technical Classes 7 – 13
we’ve lowered the price to help make sure that STPCon will not break your budget.
Faculty 14 Security flaws, usability problems, functional defects, performance issues—they all carry a tremendous
price tag. It’s more important than ever to be sure that new applications are written to be secure from the
Hotel & Travel Information 15 start and are deployed only after they’ve been thoroughly tested. Shorter software development cycles and
tightening budgets require testing and performance processes that are as cost-effective as possible.
Pricing and Registration 16
If you’re a software developer trying to gain performance, a test/QA or development manager responsible
for improving the quality of your company’s software, or a test/QA specialist who wants to take your skills to
a higher level, the Software Test & Performance Conference is just right for you. Every year we combine the
“If you want to learn about industry’s best trainers with professional testers from companies just like yours to give you a program that
appeals to testers and managers of all abilities and skill levels.
the latest test and perform-
On March 31–April 2 in San Mateo, select from nearly 70 classes and tutorials given by testers at Cisco,
ance techniques from the Expedia.com, Intuit, Microsoft, Progressive Insurance, Verizon and Volvo. Many of our usual favorites also
industry experts, you want will be there, including Ryan Berg, Hans Buwalda, Bob Galen, Chris Sims and Mary Sweeney. Learn from
these experts how to implement quality assurance across an entire project, pinpoint and fix performance
to attend STPCon!” bottlenecks and adapt testing methods both familiar and emerging.
So join us at STPCon in San Mateo for the newest techniques, tips and tricks to help you improve require-
MICHAEL MARQUIZ,
SOLUTIONS ARCHITECT, ments gathering, UI design, function testing, and load and performance testing—techniques that will have
CISCO SYSTEMS your applications humming in no time.
I hope to see you there.
Get a first look at the latest tools and services from Thursday, April 2
the industry’s top companies. Visit with vendors in Wednesday, April 1 7:45 am – 4:00 pm Registration Open
a relaxed environment. See the products in action, 3:00 pm – 7:00 pm 7:45 am – 8:45 am Continental Breakfast
and find the tools and technologies that can help Thursday, April 2, 8:45 am – 9:45 am Technical Classes – 500 series
your organization reach its peak performance. 9:30 am – 1:15 pm 9:30 am – 1:15 pm Exhibit Hall Open
9:45 am – 10:30 am Coffee and Doughnuts
in Exhibit Hall
10:30 am – 11:30 am Technical Classes – 600 series
11:30 am – 1:00 pm Lunch Break
12:00 pm – 1:00 pm STPCon Prize Patrol
in Exhibit Hall
1:00 pm – 2:00 pm Technical Classes – 700 series
2:00 pm – 2:15 pm Break
2:15 pm – 3:15 pm Technical Classes – 800 series
3:15 pm – 3:30 pm Break
3:30 pm – 4:30 pm Technical Classes – 900 series
T-1 First Steps to Test 101 Quality Through- 201 Model-Based 301 Balancing 401 Techniques for
Automation out the Software Testing for Java Test-to-Break, Influencing
Life Cycle and Web-based Test-to-Validate Upstream
—Walsh GUI Apps and Metrics Decisions
—Feldstein
—Feldstein —Feldstein —Feldstein
T-2 Managing the 102 Agile Test 202 The Most Effective 302 Performance- 402 Performance-
Test People Development Ways to Improve Tuning Java Tuning Java
—McKay —Buwalda Software Quality Applications, Part Applications,
—Sims 1 Part 2
—Bartow —Bartow
T-3 Improving Web 103 Effective Use of 203 The 5% Rules of 303 Requirements 403 Moving to a
Application Static-Analysis Test Automation Analyses and Truly Virtual QA
Performance Testing —Buwalda Collection Lab
Using Six Sigma —Anderson —Quigley and Pries —Knox
—Jain
T-4 Agile & High 104 The Makings 204 Assess Your 304 How to Break 404 The Path To A
Speed Testing of a QA Leader Way to Better Web Software Secure
Techniques —Sims Test Team —Basirico Application
—Galen Performance —Berg
—Hackett
T-5 Automated Data- 105 Testing with 205 Training the 305 Releasing 405 Releasing
base Testing: Stochastic Test Next Generation Products Products
Using Stored Data Of Testers in an Agile in an Agile
Procedures —Rollison —Rollison Enterprise, Part 1 Enterprise, Part 2
—Sweeney —Galen —Galen
T-6 Managed Test 106 Test-First GUIs: 206 Maximizing SQL 306 Automated 406 Static Analysis
Automation The Model-View- Server 2005 Testing on Steroids
—Buwalda Presenter Performance in the .NET —daVeiga
Approach —Sweeney Environment
—Walsh —Sweeney
T-7 Combinatorial 107 Managing the 207 TTo be announced 307 To be announced 407 To be announced
Analysis: A Pair- Test People Please check the Please check the Please check the
Wise Testing Primer —McKay website. website. website.
—Rollison
Thursday, April 2
7:45 am – 4:00 pm Registration Open
9:30 am – 1:15 am Exhibit Hall Open
9:45 am – 10:30 pm Coffee & Doughnuts in Exhibit Hall
12:00 pm – 1:00 pm STPCon Prize Patrol in Exhibit Hall
Technical Classes
8:45 am – 9:45 am 10:30 am – 11:30 am 1:00 pm – 2:00 pm 2:15 pm – 3:15 pm 3:30 pm – 4:30 pm
501 The Hunt for 601 Is Your Inversion 701 Effective 801 Performance 901 Tools and
Malicious Code of Control Training Bugs and Techniques for
—Berg Framework of an Offshore Investigation Fixing Memory
Secure? Test Team Strategies Errors
—Berg —Hackett —A. Wong —Gottbrath
502 Tester Career 602 Test Automation 702 A Buzz About 802 Performance 902 GUI Bloopers:
Paths For an of Search Results Fuzz: Finding Testing of Large Avoiding
Outsourced and Other Data- Software Distributed Common Design
Economy driven Apps Vulnerabilities Systems Mistakes
—Hackett —Bulgakov —Basirico —Quigley and Pries —Johnson
503 Strategies for 603 Strategies for 703 The Business 803 Designing with 903 Testing Visibly
Unit Testing in Unit Testing in Value of the Mind in —Kapfhammer
Spite of Legacy Spite of Legacy Usability Mind
Code, Part 1 Code, Part 2 —Johnson —Johnson
—Loeb —Loeb
504 Setting Agile- 604 Testing in an 704 End-to-End Perfor- 804 Performance 904 Test Destiny:
Centric Release Agile mance Process: Engineering for The Psyche of a
Criteria Environment Requirements to Large Application Professional
—Galen —Walsh Production Monitoring Clusters Tester
—A. Wong —Bartow —Massey
505 Testing Live 605 Managing 705 Optimizing The 805 Web Services/ 905 Finding
Apps with Embedded Testing Effort With SOA Testing Vulnerabilities
Virtualization Product Testing Keyword-Driven Made Easy Without
—Ewe —Quigley and Pries Frameworks —Subbarao Attacking
—Massey —McPhee
506 The Marriage of 606 Experience 706 Optimizing Web 806 Testing in the 906 Finding .NET
Agile and Test with Keyword 2.0 Application Cold (And Ideas Performance
Management Automation Performance to Warm You Up) Bottlenecks
—Massey —Buwalda —H. Wong —Buwalda Using PerfMon
—Nandi
507 To be announced 607 To be announced 707 Five Common Mis- 807 To be announced 907 To be announced
Please check the Please check the takes When Secur- Please check the Please check the
website. website. ing Web Applications website. website.
—Ewe
covered in the NEW Adapted from her book of the same name, “Man- T-6 Managed Test Automation
aging the Test People” explores techniques and methods
for working through problems unique to the software QA Hans Buwalda
Tutorial and Tech profession. Intended for managers, test leads and people NEW Test-case automation—UI and non-UI based—is
Classes exceeded who may soon be in leadership positions, this class is an important objective for test projects. It’s also complex,
about the real world, real problems and real people, pre- and can easily backfire. Using his 5% rules for test
my expectations. sented from a practitioner’s viewpoint, and provides automation—no more than 5% of test cases should be
viable solutions that can actually be implemented. You’ll manual, and automation should be achieved with no
As did the presen- hear stories illustrating concepts and get practical advice more than 5% of testing resources—Hans will teach you
for the novice and affirmation for the expert. how it’s all possible with Action Based Testing, a key-
ters!” NOTE: A one-hour version of this class will be presented word-based test design and automation method. He will
on April 1. also offer ideas for cross-platform automation, device
ROBERT LEE, testing, multimedia, and testing with communication pro-
ENGINEERING MANAGER, tocols.
PROGRESS SOFTWARE T-3 Improving Web Application
Performance With Six Sigma T-7 Combinatorial Analysis:
Mukesh Jain A Pairwise Testing Primer
EXPANDED Quality means more than having a defect- Bj Rollison
free product that meets requirements. Performance is an
implied need; its absence will impact your business. NEW Pairwise testing reduces the number of tests by
Learn practical Six Sigma techniques that can improve selecting a test set that evaluates every pair combina-
Web application performance. Learn how you can plan tion. Historical and root-cause analyses show that most
the right thing, do the right thing and get the right things errors caused by the interaction of variables occur
for users at the right time, every time. Hear how Six between two parameters rather than among the variables
Sigma techniques at Microsoft improved performance of for three or more parameters. This class compares
Outlook and Windows Live services. orthogonal arrays to pairwise analysis and demonstrates
the use of a powerful combinatorial analysis tool—Micro-
soft’s Pairwise Independent Combinatorial Testing
T-4 Agile & High Speed Testing (PICT)—to systematically test complex, interdependent
Techniques parameters.
Bob Galen
NEW Approaching the testing challenge with nimble-
ness and speed, this workshop explores practices, tools,
techniques and philosophies that will allow allow testers
to meet any schedule or product challenge with integrity
and professionalism. You’ll learn a variety of testing tech-
niques to maximize focus, engage stakeholders in deci-
sion-making, and guide the trade-offs that are inevitable
in any successful testing project. The types of testing
covered in this class include context-based testing, just-
in-time, lean, exploratory, risk-based, Pareto-based and
all-pairs testing.
202 The Most Effective Ways To 206 Maximizing SQL Server 2005
Improve Software Quality Performance
Chris Sims Mary Sweeney
What are the best ways to improve software quality? It might be dated, but SQL Server 2005 still performs in a
More testers, better specs, more time for testing? Yes to good many organizations. Do you need help handling
all three, but are they under your control? For most, the bottlenecks and performance problems? Learn tips and
answer is no. So what’s a QA pro to do? More interest- techniques to gain the most from your SQL Server from
ingly, what have you done? Share your most effective an experienced practitioner working on the nation’s
tips, tactics and practices, and tap into the collective fourth largest database. Discover what’s new in SQL
wisdom in the room using the Nominal Group Technique Server 2008 and how it’s different from its predecessor.
(NGT). Walk out ready to make a bigger impact with the You’ll also learn how to fix quirks that stall large queries,
resources already at your disposal. as well as important techniques for boosting SQL Server
2005 and 2008 performance.
203 The 5% Rules of Test
“It solidifies the total
Automation 300 Series: 2:00 pm – 3:00 pm
Hans Buwalda
testing experience UPDATED No more than 5% of test cases should be 301 Balancing Test-to-Break, Test-to-
and opens your manual, and no more than 5% of effort should be spent Validate and Metrics
creating the remaining automation. Learn Hans
Buwalda’s 5% rules (challenges) of test automation, their Jeff Feldstein
eyes to alternative
rationale and how they can be achieved (and missed)
Software is tested to answer two questions: Does it
approaches and from accounts of real projects. Also includes an introduc-
work? Will it break? The tester’s job is to balance invest-
tion to the keyword-driven Action Based Testing meth-
ments in each. Learn how to generate a feedback loop
methods that you ods (which are covered in detail in his full-day tutorial).
among three major areas—test-to-validate, test-to-break
and test metrics—with examples and guidelines for opti-
simply cannot get 204 Assess Your Way to Better Test mizing resources in each. Example metrics also will be
Team Performance explored, along with suggested actions based on results
from books.” and suggestions for communicating these concepts to
Michael Hackett your test team.
JOHN CROFT,
QA MANAGER, Want a road map to quality? Everyone—all development
I4COMMERCE managers, test managers and their organizations—is 302 Performance-Tuning Java
looking for ways to improve quality. Quality improvement Applications, Part 1
can come in many forms: reducing risk by delivering
products of higher, more predictable quality; optimizing Daniel Bartow
time-to-market; increasing productivity; and building a
NEW The Java virtual machine presents an interesting
more manageable organization. Some managers look for
performance challenge. Look at the Java virtual machine
quality improvement by attempting to implement a more
from the inside out with a focus on performance-tuning
standard or formal process. This sounds good, but how
Java applications. Learn how to tweak the JVM to per-
do you get there? In this class, you’ll learn how to evalu-
form better under load. Understand Java memory gener-
ate your test process and strategy, create a culture for
ations, garbage collection and threading, and how they
change, implement change and use effective methods
affect your application. Expand all of these topics to the
for measuring improvement.
system level for a top-down view of your application’s
performance and capacity.
205 Training the Next Generation of
Testers 303 Requirements Analyses and
Bj Rollison Collection
NEW The challenges facing software testers multiply as Jon Quigley and Kim Pries
software and system complexity grow. A fraction of
NEW Requirements analysis follows multiple paths. If
testers have formal training in the discipline and even
user specifications are present, requirements can be
fewer have read more than a single book on software
derived from them; if not, requirements must be elicited
testing. Most university computer science programs lack
from the customer and from the dictates of the environ-
significant discussion of software testing beyond getting
ment, potential regulatory factors and the market seg-
code to compile. This talk discusses specific objectives
ment. Learn how to gather requirements for software
and grass-roots strategies to help managers with on-
quality function deployment, performance, and docu-
boarding new software testers to help them become
ment derivation and creation. Also covered are require-
more productive more quickly.
ment types, attributes of good requirements, prioritization
400 Series: 3:45 pm – 4:45 pm the bugs that pose real risks, without having to spend
time examining those that are merely false positives.
Robert Walsh Working with offshore teams is a fact of life, but many
still struggle to do it effectively. Training your offshore
Contrary to what some believe, the agile view of testing team is as critical to the success of your project as get-
is not “Don’t test” or “Only developers should test.” Agile ting the right information to and from these remote work-
augments traditional testing by professionals with tests ers. Learn through real-world examples the key elements
written and executed by developers and customers. TDD of successful offshore testing, including training in the “Excellent confer-
and unit testing; user acceptance; and exploratory, areas of process, product/domain knowledge and testing
usability, load and performance, and integration testing, techniques, and how training can be used as a retention ence — provided a
along with other techniques, play significant roles in agile tool for offshore staff.
environments. Learn how various testing efforts are used wide range of top-
in responsible approaches to agile development, and
explore ways that traditional QA efforts can be adapted 702 A Buzz About Fuzz: Finding ics for a variety of
to fit neatly agile processes. Software Vulnerabilities experience levels.
Joe Basirico
605 Managing Embedded Product It provided tools
Fuzzing feeds random inputs to applications in an
Testing attempt to choke them. It’s a simple, highly automatable and techniques
Jon Quigley and Kim Pries way to trap uncommon and unforeseen errors that may
have been overlooked. Learn how to include fuzz testing that I could apply
NEW Testing starts well in advance of the physical work. in your QA efforts, explore fuzz testing tools and tech-
Successful test creation and deployment mean planning niques, and discover how fuzzing provides insight into when I got back,
for testing early in the development effort. By the end of application behavior. Hear examples of how fuzz testing
the class, participants will know how to plan and execute has uncovered hard-to-find bugs and how it can provide as well as many
tests, report results, and record metrics. Learn how verifi- metrics on software correctness. After this class, you’ll
cation via reviews, simulation code, design inspections be able to apply fuzz testing immediately. additional sources
and test fixturing brings an objective set of eyes to the
results of the development team. We’ll also cover soft- of information.”
ware quality attributes, test planning, supporting sys- 703 The Business Value
tems, test statistics and alternatives to testing. Of Usability CAROL RUSCH,
SYSTEMS ANALYST,
Jeff Johnson
606 Experiences with Keyword ASSOCIATED BANK
NEW Learn, in business terms, why it is important for
Automation software development organizations to strive for highly
Hans Buwalda usable products. This class describes how investing in
usability can increase customer satisfaction, reduce the
NEW Keywords are now in the mainstream of test cost of sales and support, increase return on investment,
automation, but they are not a silver bullet. Hear a short decrease time-to-profitability and reduce business risk.
introduction of keyword automation, with an emphasis We will also cover how, when and how much to invest in
on Action Based Testing. Then delve into its pitfalls usability.
through actual project cases involving keyword automa-
tion implementation. This session revolves around the
sometimes reluctant, and often very funny, implementa- 704 End-to-End Performance
tion of this practice. The cases will show the lessons Process: From Requirements
learned—in some cases, quite painfully—and typical do’s
and don’ts.
To Production Monitoring
Alfred Wong
Performance test engineers often engage in projects only
during planning and execution of performance tests.
There are more ways they can contribute, such as by fix-
ing performance bugs or avoiding them in the first place.
Learn a process from requirements to production moni-
toring that focuses on performance each step of the way.
Enhance the performance role of your current process
toward increasing tester contribution, forewarning of NOTE: This class builds on End-to-End Performance
possible challenges, and explaining how tools and tech- Process (704) but also may be taken separately.
niques can overcome them.
NOTE: See related class 801. 802 Performance Testing
Of Large Distributed Systems
705 Optimizing The Testing Effort Jon Quigley and Kim Pries
With Keyword-Driven Frameworks
NEW As with other kinds of software, large-scale dis-
Brian Massey tributed embedded systems have a basic tool set. Learn
a four-mode testing approach used at Volvo comprising
Time is always in short supply. Learn about automating
compliance testing, extreme scenario testing, combina-
reusable manual tests created early in a project by using
“This is a conference a keyword-driven framework. Take away that framework
torial testing and stochastic testing. Also covered will be
special handling of specifications, software attributes,
and learn how to integrate it with an automated func-
to help both testers tional testing tool.
interrupts, polling (when and why to use), walkthroughs,
inspections and simulation testing. Learn about testing
and developers as data buses, communication protocols, emergent system
706 Optimizing Web 2.0 Application phenomena and other system-related issues as well as
well as managers Performance effects of code modification on the system and the sub-
system.
and leads. There is Hon Wong
enough variety and NEW The Web has become a dynamic platform where 803 Designing with the Mind In Mind
users and agents work together, share ideas and add
Jeff Johnson
content for every- value across myriad interests. Examine the shortcomings
of today’s Web monitoring techniques. Learn a new, NEW If you’re a software designer, developer or tester
body.” holistic approach to managing the performance of Web who never took cognitive psychology in school, this
2.0 applications, and see how it is applicable to complex class is for you. There’s a psychological basis for UI
MICHAEL FARRUGIA, SOA and Web services technologies. design rules; they’re not simple recipes to be applied
SOFTWARE ENGINEER, mindlessly. To apply them effectively, you must determine
AIR MALTA
707 Five Common Mistakes When their applicability (and precedence) in specific situations.
It also requires balancing the trade-offs that arise when
Securing Web Applications design rules appear to contradict. By understanding the
Lars Ewe underlying psychology, designers enhance their ability to
interpret and apply the rules of good UI design.
Despite the published security practices of the OWASP
and WASC threat classifications, a number of mistakes
are still commonly made. This class explores five com-
804 Performance Engineering for
mon mistakes of securing Web applications and the Large Application Clusters
impact that these design flaws have on the overall secu-
Daniel Bartow
rity of an application. Issues such as client-side trust
relationships, failure to properly secure application redi- NEW When it comes to testing large n-tier applications,
rection mechanisms, and other design and configuration new teams are underequipped and can’t simulate the
elements can quickly undermine application security, expected number of users. The class covers perform-
even when diligent security practices are in place. ance concerns that are unique to large clusters, such as
network crosstalk and bandwidth utilization. Learn how
to conduct performance testing on applications with tens
to hundreds of instances running in production, plan for
800 Series: 2:15 pm – 3:15 pm anticipated user loads in the millions, identify perform-
ance objectives, scale out the right environment for test-
ing, and see the performance testing through to produc-
801 Performance Bugs And tion.
Investigation Strategies
805 Web Services/SOA Testing
Alfred Wong
Made Easy
NEW Performance bugs appear in many shapes and
forms, and each requires its own investigation strategy. Meera Subbarao
Learn about the different types of performance testing. NEW Learn how SoapUI can be used to write functional
Explore the performance bugs common to Web applica- tests by creating and executing test cases against your
tions and the corresponding performance tests that Web services. Includes a demonstration using Groovy
expose them. Discover how to participate actively in a scripts for assertions, properties setup and teardown for
performance bug investigation and how to apply the each test case. Also covers use of the tests in a continu-
strategies to projects. ous integration environment, with the Hudson Java
806 Testing in the Cold (And Ideas to 904 Test Destiny: The Psyche of a
Warm You Up) Professional Tester
Brian Massey
Hans Buwalda
NEW Let’s face it, software testers are different. As kids,
NEW “Testing in the cold” happens when a test project we wanted to break things—not to be destructive, but to
is not going your way. Commitment and cooperation are understand how things worked and use them in unin-
lacking, people might show resistance, you might be tended ways. We ask, “What if?” We push the big red
blamed for project failures, or the testing and automation button marked “Don’t push” because we want to know
work might prove more complicated than expected. As a what will happen. We’ve been testing from the begin-
tester or test manager, you can feel left out in the cold. ning—it’s our destiny. Learn how testers are perceived by
Learn more than 45 tips and techniques you can use to peer groups and how that knowledge can help you add
get yourself out of typical situations of testing in the cold. value to your organization. “Great information
from a variety of
905 Finding Vulnerabilities Without
experts in the field.
900 Series: 3:30 pm – 4:30 pm Attacking
they were able to
Rick McPhee
901 Tools and Techniques NEW Dynamic taint propagation allows testers to find provide tried and
For Fixing Memory Errors vulnerabilities without modifying existing functional tests.
It enables security testing inside a QA organization true current infor-
Chris Gottbrath because it allows tight integration with existing QA infra-
NEW An application on the server needs to be restarted
structure and solid usability for security nonexperts. This mation which was
talk will explain how dynamic taint propagation works,
every few days or it slows to a crawl. Is it a memory easy to adapt to
show how to retrofit an existing executable to perform
leak? Do you even know how to find out? Learn how in
dynamic taint propagation, and demonstrate how a
this class, and help developers stop writing leaky code. our environment.”
tester can use a typical suite of functional tests to find
Finding memory leaks is an acquired skill that requires
vulnerabilities without the need for malicious input or
constant vigilance to remain effective. And there is a
security expertise. KAREN KREYLING,
wrong way. Learn the right way, and keep memory errors
AVP SOFTWARE PRODUCT
a distant memory.
MANAGER, SMS
906 Finding .NET Performance
902 GUI Bloopers: Avoiding Bottlenecks Using PerfMon
Common Design Mistakes Joy Nandi
Jeff Johnson NEW We’ve all heard of Microsoft’s Performance Moni-
tor, but does anyone actually use it? Learn how this
Will your application pass the test, or will users be
powerful, free tool can identify performance bottlenecks
gnashing their teeth and shaking their fists? Attend this
in .NET applications by watching six critical areas of per-
session and discover all the blunders that might be in
formance. Learn the significance of each performance
your interface. Based on the book “GUI Bloopers 2.0”
counter and how they can be used to identify critical per-
and presented by its author, this talk is not just about
formance thresholds.
making apps pretty. Bring your sense of humor; this talk
is sprinkled with humorous screen images illustrating NOTE: A working knowledge of Microsoft .NET Frame-
common problems and their solutions. It will leave you work, networking, IIS 2.0 and operating system concepts
better able to critically review apps you develop or test. is recommended.
O
Laboratory, GE, Lockheed Martin and his career, he has been a software tice director for the Quality Assurance
O
Boeing to apply automated code analy- developer, tester, development man- and Testing Solutions organization at
sis to critical projects. His experience includes static ager, and computer consultant. His Keane. He is experienced in all aspects
analysis and automated testing and program trans- specialties include internetworking, of systems design and implementation
formation, and his research on static analysis tools real-time embedded systems, communications sys- including organizational leadership,
and techniques has been widely published. tems, hardware diagnostics and firmware, data- technical solution, quality mechanisms and enter-
Dan Bartow is the manager of bases and test technologies. prise architecture. He’s also a doctoral student at
performance engineering at Intuit. Pre- George Mason University.
Bob Galen is an agile methodolo-
O
need of application security expertise. debugging tool maker. Previously, Chris industry veteran. She has managed
O
He has trained developers and testers wrote cosmological simulations using C departments encompassing all aspects
from Microsoft, HP, EMC, Symantec, Liberty and MPI on a small-scale Beowulf clus- of the software life cycle, including
Mutual, Sony, State Farm, Credit Suisse, ter as a graduate student of astro- requirements design and analysis, soft-
Amazon.com, Adobe, ING and other world class physics at the University of Arizona. ware development, quality assurance,
organizations. testing, technical support, professional services,
Michael Hackett is a founding
Ryan Berg is a co-founder and partner of testing services company
configuration management, technical publications
O
lead security architect of Ounce Labs, and software licensing. Her career has spanned
LogiGear. His experience includes soft-
O
senior software engineer at GTE Internetworking, Applications on the Web: Test Planning for Mobile Fortify. Previously he held vice presi-
where he led the architecture and implementation of and Internet-Based Systems. dent of engineering positions at data
new managed firewall services. encryption vendor Vormetric and
Mukesh Jain is quality manager
Vitaly Bulgakov joined Veri- for Microsoft Global Foundation Ser-
Sychron, a developer of virtual desktop
O
zon’s Superpages online directory – solutions. Rick holds a PhD in computer science
vices. He is a Six Sigma Black Belt,
O
tion. He was a professor at Moscow CSQA, CSTE and Microsoft Office specialist and where he is responsible for perform-
State University of Civil Engineering, and has been has led companies through Six Sigma, ITIL, MOF, ance testing and engineering of .NET-
recognized by the Alexander von Humboldt Foun- TSP/PSP, ISO 9000 and SEI CMM Level 3-5 imple- based Web services and infrastructure
dation and the Norwegian Research Society. mentation and certification. capacity planning. He graduated from
Hans Buwalda leads Jeff Johnson is a respected Arizona State University with a dual MS in com-
LogiGear’s Action Based Testing (ABT) puter-aided-design and IT.
expert and consultant in the field of
O
ager of Java solutions at Parasoft. Carnegie Mellon University and teaches the ASQ
years. He is director of product man-
O Nada’s background includes develop- Six Sigma Black Belt Certification class for UTEP
agement for Skytap. Previously, he was professional education. He is author of Six Sigma
ment of service-oriented architecture group product manager for Microsoft’s
for integration of rich media applica- for the Next Millennium: A CSSBB Guidebook.
Visual Studio, and principal consultant
tions such as Artesia Teams, IBM Con- at Pricewaterhouse-Coopers, where he worked on Jon Quigley is manager of Volvo
tent Manager, Stellent Content Server and Virage global software delivery projects for Fortune 500 Trucks 3P’s Electrical/Electronic Sys-
O
Video Logger. clients. tems and Verification group, where he
Lars Ewe is CTO and vice presi- Bill Loeb is an engineering man- creates system engineering specifica-
dent of engineering at Cenzic. His tions for the electrical and electronics
ager at SaaS company ChannelAdvisor,
O O
background includes Web application systems, and manages test and verifi-
which helps retailers maximize profits cation activities. He has secured four U.S. patents
development and security, middleware across multiple e-commerce channels.
infrastructure, software development, and has others pending, and is co-author of Project
He is also experienced in software Management of Complex and Embedded Systems:
and application/system manageability development and management for the
technologies. Previously, he was software develop- Ensuring Product Integrity and Program Quality.
airline and medical industries and with coding class
ment director at Advanced Micro Devices, where he libraries for developers, and is a champion of auto-
O
San Francisco Airport
facilitator, consultant, coder, and agile
evangelist. He’s also founder of the 1770 South Amphlett Blvd.
Technical Management Institute, facili-
tator of the Bay Area Engineering Man-
San Mateo, CA 94402
agers Support Group, chair of the IEEE Phone: +1-650-653-6000
Technical Management Council of Silicon Valley, and
is on the board of the Bay Area chapter of the Agile Fax: +1-650-653-6088
Project Leadership Network.
Meera Subbarao is a senior Reservations
software consultant for Stelligent, where The Software Test & Performance Conference Spring has reserved a block of rooms
and has had several articles published. You can also use the hotel link on the STPCon website, www.stpcon.com.
Mary Sweeney has been devel- To make reservations through www.marriott.com/sfosa, use the code STPSTPA to
oping, using, and testing relational receive the STPCon rate.
Hotel Highlights
wareTest. The San Mateo Marriott San Francisco Airport is the hotel of choice for travelers with
Robert Walsh is president and commitments in Silicon Valley and San Francisco. This 11-acre San Francisco airport
manager of application development at hotel combines the look and feel of a first-class San Francisco luxury resort with the
Centrally located to both San Jose and downtown San Francisco, the reinvented San
Hon Wong is CEO of Symphoniq. Mateo Marriott hotel is convenient for all travelers.
Previously, he co-founded NetIQ and • 10 minutes from San Francisco International Airport
ern University and an MBA from the Wharton • Less than 30 minutes from the Golden Gate Bridge, Chinatown, Pier 39, Alcatraz,
School. Union Square, Fisherman’s Wharf and Half Moon Bay
Three-Day Full Event Passport Two-Day Technical Conference One-Day Tutorials Only Exhibit Hall Only Registration
Registration Includes: Only Registration Includes: Registration Includes: Includes:
• Admission to tutorials and technical • Admission to technical classes • Admission to tutorials • Admission to Exhibit Hall
classes • Admission to keynote(s) • Admission to Lightning Talks and • Admission to Attendee Reception
• Admission to keynote(s) • Admission to Exhibit Hall and Hands-On Tool Showcase • Free WiFi in conference areas only
• Admission to Exhibit Hall and Attendee Reception • Conference materials: CD ROM of
Attendee Reception • Conference materials: CD ROM of all presentations available
• Admission to Lightning Talks and all presentations available • Free WiFi in all areas
Hands-On Tool Showcase • Continental breakfast, coffee • Continental breakfast, coffee
• Conference materials: CD ROM of breaks, and lunch where indicated breaks, and lunch where indicated
all presentations available • Free WiFi in all areas • Free WiFi in all areas
• Continental breakfast, coffee
breaks, and lunch where indicated
• Free WiFi in all areas Register Today: -1-415-785-3419 or www.stpcon.com
How to Register Register online at www.stpcon.com and use one
of the following payment methods: Special Discounts Use the discount codes below to save on your
registration fees. Codes cannot be combined.
Credit Card. You can use the secure online form to pay via credit card and get Group. Get an additional $100 off per person if you register 4 or more people
immediate confirmation of your classes. MasterCard, Visa and American from one company for the Full Event Passport. Use code GROUP in the discount
Express are accepted cards. You’ll receive a REGISTRATION RECORD and code field.
RECEIPT. Please print out these pages and bring them with you to the Confer-
Government. Federal, State and Local Government employees can receive an
ence. Present them at the Registration Desk to pick up your badge and any
additional $100 off the Full Event Passport. Enter code GOV in discount code
course materials.
field.
Check. Fill out the online registration form. Print out the REGISTRATION
Educational Institutions. Personnel employed by or attending educational
RECORD and RECEIPT and mail to Redwood Collaborative Media, 105 Maxess
institutions can get $100 off the Full Event Passport with discount code EDU.
Road, Suite 207, Melville, NY 11747 with your payment. Online registrations
that are mailed without payment will not be confirmed until payment is received. Alumni. Have you attended any of previous Software Test & Performance
Conferences? If so, you’re eligible for a $100 alumni discount on the Full Event
Purchase Order. If you register using a P.O., you will be invoiced immediately
Passport. Enter the code ALUMNI in the discount code field.
for the registration amount. Payment must be received before your registration
can be confirmed. User Groups. Contact Donna Esposito, desposito@stpcollaborative.com, to see
if your group is eligible for a discount.
Cancellation PolicyYou can receive a full refund, less a $50 registration fee, for cancellations made by February 24, 2009. Cancellations after this date are non
refundable. Send your cancellation in writing to registration@stpcollaborative.com. Registrations may be transferred to another person.
Questions: Contact Donna Esposito at desposito@stpcollaborative.com or +1-415-785-3419.
March31–
March 31 –April
April2, 2, 2009
2009
San
San Mateo
MateoMarriott
Marriott
San
San Mateo,CA
Mateo, CA
SPRING
Redwood Collaborative
Redwood Media
Collaborative Media
105 Maxess
MaxessRoad,
Road,Suite 207207
Suite
Melville, NY
Melville, NY11747
11747
www.stpcollaborative.com
www.stpcollaborative.com
1-631-393-6051
1-631-393-6051
SWAT TEST
P
question so that you can get an answer that will be useful.
Do not get too caught up in the tool itself or the paradigm ERFORMANCE QUICK REFERENCE
it imposes. Remember, the tool is simply a means to an
end. “A fool with a tool is still a fool,” as the saying goes. • Be a Technical Rosetta Stone
• Learn To Translate
Extract, Aggregate, and Visualize • Find One Hole and Dig Deep
When it comes to data, having too much can be just as bad
• Automation is Software Development!
as not having any. Performance testing, diagnosis and trou-
• Get to know the Architect
bleshooting can generate such massive amounts of data
that there is no way you will ever be able to review it all. • Admit When You Do Not Understand
This is where I rely on two of my best friends: Perl and • Perfect is the Opposite of Good
Excel. Perl allows me to quickly and flexibly process mas- • Tools are Just Tools
sive amounts of data. Using Perl to convert gigabytes of log • Extract, Aggregate, and Visualize
files into concise csv files then allows me to load it into • Understand Reliability vs. Validity
Excel and visualize it by graphing. It is often only when • Think Like a User
data is visualized that anomalies and important trends
• Get Agreement on Goals and Objectives
become apparent.
• Develop Process and Methodology
Perl and Excel are my tools of choice, but there are
innumerable other options. Whatever your preference, • Data is King
your tool box should allow you to deal with massive vol- • Learn From Production
umes of data. It should allow you to extract important • Performance with Manual Testing
information from myriad sources. It should allow you to
aggregate this information into concise, pertinent, and
structured forms. And it should enable you to visualize this ally use them. This distance is often caused by layers of
information such that you can identify trends, outliers, bureaucracy and management that are intended to sepa-
and differences. This will ensure that full value is derived rate product development from end-users. To be success-
from your Performance Testing activities. ful as a performance tester, you need to understand how
the system will really be used in the field. This will allow
Understand Reliability vs. Validity you to design tests effectively and efficiently.
In performance testing, reliability and validity are key con- Learning how to think like a user can be achieved in
cepts to understand. Reliability refers to the consistency of many ways. You can try to “eat your own dog food” and use
repeated measurements. A reliable test produces the same the system for something important to you. You can find
results each time. Validity refers to how well the test actu- ways to open channels to your users or to those that inter-
ally measures what it is intended to measure. A test might act with them. However you do it, get inside the minds of
reliably indicate that the system can handle five logins per your users so that you can design valid tests.
second, but that same test could also be invalid because
the same user account was used for all the tests. Get Agreement on Goals and Objectives
Both reliability and validity are important to producing Personally, I like to think of goals and objectives as two dif-
useful results. Reliability allows you to trust your results ferent things. I see goals as descriptions of the desired end
and to confidently draw conclusions from them (e.g. dif- state, which can be a bit fuzzy and can extend beyond the
ferences before and after a given change is applied). current scope of work. On the other hand, I see objectives
Validity ensures that your results, and the conclusions you as firm deliverables that define success and can be thought
draw, are truly applicable to the real world. of as steps towards a goal. Regardless of whether you share
While there are ways to improve both, reliability and this perspective, the main point is that it is important to
validity are a bit like position and momentum in know where you are going, how you plan to get there, and
Heisenberg’s Uncertainty Principle. At some point, how you will determine if you actually arrived at your des-
improving one will come at the cost of the other. This is tination. These things need to be nailed down in collabo-
simply a reality that must be dealt with, which is why it is ration with all stakeholders before you set out on your per-
important to understand these concepts, how they apply formance testing activities. It helps a great deal to illumi-
to your particular test, and how they relate to your goals. nate areas of ambiguity or unconscious disconnect
In the end, you will have to choose which is more between groups. And it makes sure that you know what
important for your particular end result. For example, you’re supposed to do and that your boss will be happy
for a broad benchmark that will be repeated regularly, with what you finish. Without clear goals and objectives,
reliability will be of the utmost performance. But for an performance testing can easily degenerate into a never
exploratory test aimed at reproducing a subtle concur- ending cycle of activity that yields nothing of value to the
rency issue, validity will be paramount. Understanding larger organization.
these and considering them explicitly will help you to
make better test-design decisions. Develop Process and Methodology
I am not a big fan of process for the sake of process or
Think Like a User strict methodologies which can sometimes be unnecessar-
It amazes me how much distance can grow between the ily constraining. However, process and methodology are
people who develop and test systems and those that actu- important for success and allow your and your practice to
learn from past experience. Clearly overestimation if the production data- done by different people, using differ-
defining the process and methodology base is actually measured in terabytes. ent test environments, and at different
will provide you with an easy way to com- Undersized or invalid data is one of times. Automation is invaluable, but it
municate with others at your company. the most common reasons why real creates a narrow, optimized, beaten
The process can be used to show your performance problems slip through path. Manual testing involves more valid
manager and other groups which activi- testing undetected breadth and variability. It also allows for
ties are necessary, enable estimation and subjective interpretation that is more
justify resource and time requests. And Learn From Production valuable than any metric.
the methodology continually captures Whenever possible, get involved with To this end, I encourage running per-
new best practices, helping you to get production systems or those who formance tests, calibrated such that the
better and better with time. It also administer them. It can be a tremen- system should handle it while manual
enables others to come up to speed dous boon to your efforts. Your testing testing is underway. This will tell you
quickly and to contribute without need- efforts will always be partial and com- quickly whether performance is really
ing the same level of experience that promises are inevitable. By analyzing sufficient or if manual testers cannot do
you have. real production systems, you can often their jobs. By analyzing the system in the
detect issues before they become prob- same way as you would performing a test
Data is King lems. The production system should in an isolated performance lab, you will
Time and again, I have seen the impor- also inform testing activity, from the identify performance issues that fell
tance of data in performance testing. design of test workloads to the makeup beyond the scope of your testing.
Data in your test system can generally be of test data. And the production system Doing this all the time is not neces-
broken down into two types that I call provides the ultimate feedback and vali- sarily feasible. But when implemented
active and background. Active data is dation of performance improvements. judiciously, combining automated and
what your test users actually use and inter- Building this into your process and manual tests helps you cast a much
act with (user accounts, documents, etc.). methodology allows you to close the wider net than would ever be possible
Background data is not actively used in loop and ensure that resources are with automation alone.
tests, but adds “weight” to the system. focused on the most effective means. This survival guide contains some of
Ensuring that both are valid is critical to the most important things I’ve learned
producing valid test results. Performance with Manual Testing about how to achieve success. I hope
For example, a test run against a 20 Performance, automated functional, that it provides some useful ideas and
megabyte database might yield excel- and manual functional testing are often guidance to help you survive in your
lent results. But it would be a dramatic completely separate efforts. They are own practice. ý
By Ross Collard
Spend less time and money managing scripts, tools, and servers—and more time
producing great software.
Build, test, and deploy. It sounds so simple. While a homegrown approach may have worked in the past, these
systems have grown over time into a giant ball of scripts, redundant work, and costly, manual maintenance tasks.
We solve that. ElectricCommander® automates and accelerates the software build-test-deploy process that
follows the creation of new code.
(OHFWULF&RPPDQGHUUHPRYHVDVLJQL¿FDQWERWWOHQHFNWRVRIWZDUHGHYHORSPHQWHQDEOLQJFRQWLQXRXVLQWHJUDWLRQ
SUHÀLJKWEXLOGVDQGWHVWVIDVWHUF\FOHWLPHDQGEHWWHUVRIWZDUHTXDOLW\ <RX¶OOVDYHWLPHDQGPRQH\DQGIUHH
your teams to focus on producing great software.
© 2009 Electric Cloud, Inc. All rights reserved. Electric Cloud and ElectricCommander are trademarks of Electric Cloud, Inc.
ST&Pedia
Translating the jargon of testing into plain English
Ten Steps To
tion, submitting data then trying to navi-
gate back to previous page to reenter dupli-
cate information, entering incorrect cred-
it card information, etc.
7. Tests should execute on various
>F^[bfioeki[[j^[X_]f_Yjkh[WdZcWdW][j^[Wffb_YWj_ed
b_\[YoYb[$<hecj^[cec[dj_jijWhjiÄ\hecWXki_d[ii]eWb"je
h[gk_h[c[dji"jeZ[l[befc[djWdZgkWb_jocWdW][c[djÄ
WdZ^[h[_ij^[Z_\\[h[dY[ÄWbbj^[mWoj^hek]^jeef[hWj_edi
m^[h[j^[Wffb_YWj_edjekY^[ioekhYkijec[hi$
>F7BCe\\[h_d]i^[bfoek[dikh[j^WjoekhWffb_YWj_edidej
edbo\kdYj_edfhef[hbo"Xkjf[h\ehckdZ[h^[WlobeWZWdZWh[
i[Ykh[\hec^WYa[hi$9WdÉjoek`kij^[WhoekhYkijec[hiY^[[hdem5