Saturday, March 29, 2008

Pentration testing development

Penetration testers can be very innovative people. The drive to look for new vulnerabilities or new ways of exploiting them demands this attitude. Its not good enough just to churn through a list of known issues. So it came as no surprise to hear about a development by a penetration testing company. It has produced a tool that sniffs out passwords, documents, and other sensitive data in a matter of minutes.

"DaisyDukes is a memory sniffer that resides on a USB device. A researcher can plug it into an unattended machine that is turned on but has been locked and reboot the machine off a compact operating system contained on the drive. Depending on the user's needs, it can be configured to capture the entire contents of a computer's memory, or sniff out only certain types of data - say a password to access the company network or unlock a user's private encryption key.

It turns out both Windows and Linux retain "boatloads and boatloads" of passwords in memory, said Sherri Davidoff, a security analyst with IntelGuardians, the penetration-testing firm that developed the tool. It's already been able to isolate passwords for Thunderbird, AOL Instant Messenger, GPG, SSH, Outlook, Putty and TrueCrypt, among others, and with additional research they believe they can find many more.

"The idea here is let's see if we can hit an office building, get in and out in 25 minutes or less and walk out with some interesting passwords," said Tom Liston, an IntelGuardians security consultant who along with Davidoff co-presented the tool at the CanSecWest security conference in Vancouver."

For a fuller article on this visit: The Register

Client side assurance services

Tuesday, March 25, 2008

Microsoft and accessibility testing

Microsoft have released a number of accessability tools (including testing tools) and a new web site -

The new testing tools are AccChecker and UIA Verify. Both are open source test tools and aimed at developers of applications that they wish to be more accessible to disabled people.

The aim of the Microsoft Accessibility Labs Community Portal is to keep you "up-to-date with news, events, and innovative ideas from the accessibility community. Check here to discover and download the latest accessibility-related technologies, tools, projects, and other resources for Microsoft products and platforms---and share your own. "

There is also a forum to post questions or information, although when I looked there weren't a lot of threads on it.

Service provider outsourced software testing

Saturday, March 15, 2008

Software Testing Assessment and Forecast

There is an interesting report out from NelsonHall on software testing. For a summary overview you can visit Earth Times

Some of the key findings it highlights nclude:

  • Specialist testing spending accounts for c. 20% of total testing spending and is happening in majority by U.S. and U.K. clients in the financial services industries and telecom. Demand is spreading across other countries such as the Netherlands, Australia/New Zealand and Nordics to sectors such as energy and utilities.
  • Clients are primarily adopting specialist testing services to achieve cost savings by at least 10% and to improve the quality of their software. However, external factors such as mergers and acquisitions, compliance and industry deregulation are leading clients to engage into new software development and therefore, in additional testing activities.
  • Specialist testing is typically sourced offshore by U.S. and to a lesser degree by U.K. companies. Clients in Continental Europe have used a different approach that is less dependent on labour arbitrage, relying more on best practices and methodologies.
  • A small majority of companies across the world still favour on-site delivery (staff augmentation), whether it is from offshore resources or from onshore staff. Nevertheless, demand is clearly moving towards work delivery from software testing factories both from onshore and low cost countries.
  • Companies predominantly purchase specialist testing services on a professional services basis in the form of time and material or fixed price projects. They are keeping ownership of their contracts and are not yet likely to award full responsibility of testing to a third party.
  • Managed testing services ("outsourcing") contracts are the exception in terms of number. However, they command high TCVs. Typically, most managed services contracts rely on SLAs such as timelines and headcount ramp up objectives that are relatively easy to measure. Clients and vendors are pushing towards productivity-based SLAs such as number of test scripts executed in one day. Managed testing services contracts with SLAs based on software quality commitment are very rare.
  • Clients purchase in majority (c. 55%) specialist testing services from onshore IT services vendors and (c. 35%) from offshore and nearshore IT services vendors. Testing pure-plays catch c. 9% of total spending.

Sunday, March 09, 2008

Software testing FAQ no. 26

What is the future of software testing?

That question came from someone called John Major. I remember a fellow called John Major predicting that the introduction of the minimum wage would lead to the collapse of the UK economy. It was one of many predictions he made that turned out to be wrong. Another was that the Conservative party would win the 1997 election . In fact, they lost, securing 165 seats to the Labour oarty's 418.

Predicting the future is a brave activity. Particularly if you publish it and you can be measured against like the former PM JM. Knowing the dangers, are there people who dare to predict the future of software testing? There certainly are. There are a mass of authoritative sounding articles going back to last century that can easily be found on the web. Hats off to the authors. Those that have made specific predictions that should be in place now can be measured on the accuracy of their vision and praised or mocked accordingly. Of course there are a mass of vague software testing predictions that can't be measured and these authors should just be mocked.

The part I enjoyed most of the predictions I read was looking at the current context at the time they were written, like this one. It's a quote attributed to Bill Gates (yes the Microsoft one) bemoaning the amount of time spent testing software and the lack of automated testing solutions. The quote is from 1996, the year before John Major's inaccurate election prediction. You'd hope that with the level of dissatisfaction he expressed that masses would have happened since then, given the might of Microsoft. Well, I recently attended a presentation by a software testing industry analyst and guess what he predicted. That software testing automation would be the next big area of improvement in software testing. I guess that it must be one of those time independent predictions.

So the short answer is I don't know the future of software testing. In fact, nobody really knows the future of software testing. But a lot of people think they do.

Sunday, March 02, 2008

Software stress testing

Top ten resutls from Google when searching for Software stress testing

15. What's the difference between load and stress testing ?
Top Document: Frequently Asked Questions (FAQ) ... Stress testing is subjecting a system to an unreasonable load >while denying it the

Stress testing - Wikipedia, the free encyclopedia
In software testing, stress testing often refers to tests that put a greater emphasis on robustness, availability, and error handling under a heavy load,

Stress testing (software) - Wikipedia, the free encyclopedia
In software testing, stress testing refers to tests that determine the robustness of software by testing beyond the limits of normal operation.

Load Testing Software Stress Testing Software
OpenDemand - simple and affordable load testing tool for performance testing of ... Stress Testing Software · OpenLoad - What's New in OpenLoad V5.5 (48KB)

Load Testing Tool - Web Stress Testing Software
Web performance management software and services including stress testing, performance monitoring, and professional

Web Test Tools
Funkload - Web load testing, stress testing, and functional testing tool written in Python and distributed as free software under the GNU GPL. - 182k

Software QA and Testing Resource Center - FAQ Part 1
Extensive SOFTWARE QA and TESTING FAQ; site also includes links to other resources, ... stress testing - term often used interchangeably with 'load' and

Paessler Web server performance software - stress testing and ...
Test web server performance with Webserver Stress Tool. This software can carry out a variety of different tests that can help you identify issues that

Software testing services - Acutest
UK software testing consultancy, providing outsourced technical and business assurance services. These include performance and load testing, user acceptance ...

Software stress testing services
Stress testing. Testing conducted to evaluate a system or component up to ... A software tool which automates the recording of a user’s activity in an IT ...