Issue: “Issue No. 17 – Security Testing in an Agile Environment”

Security Testing Using Infrastructure-As-Code

Infrastructure-As-Code means that infrastructure should be treated as code – a really powerful concept. Server configuration, packages installed, relationships with other servers, etc. should be modeled with code to be automated and have a predictable outcome, re-moving manual steps prone to errors. That doesn’t sound bad, does it?

Read More

Advanced Product Owners

We are going to argue that the normally defined role of Product Owner (PO) is inadequate for projects that have serious multiple quality requirements, and consequent architecture processes, to deliver the necessary levels of performance and quality.

Read More

Cross-Site Scripting Attack (XSS) – A Major Security Threat for Agile Environments

The most effective way to get rid of XSS vulnerabilities is to ensure that developers understand the dangers of XSS attacks and have tools that both rescue and allow them to create secure web applications without hindering their productivity.

Read More

By the way…

“I had an unproductive day today. Sarah busted the stand-up meeting, although she has known the rules for it for a long time. She complained that she doesn’t feel supported by the developers. But that’s crap. It’s up to her to work on her own tasks that are required for the Sprint, and that’s that. She was babbling something about pairing, team cohesion, and shared responsibility. I could clearly see that she had just finished her Agile Tester Training – a lot of theory, which only keeps us from doing our work in practice.“

Read More

Maintaining the Art of Distrust in Agile Development Projects

These days, IT organizations are looking for ways to adapt to changing market conditions, customer requirements and competition. The Agile methodology allows businesses to respond to changing customer demands quickly without compromising on the quality of the software being delivered. With Agile rapidly becoming the norm for project development, time-intensive QA activities such as security testing are being brought under the radar and IT Managers are devising new ways to make security testing viable and practical for Agile projects.

Read More

Behavior-Driven Development (BDD): Value Through Collaboration

The goal of software projects is to deliver value to stakeholders. Even though that might sound an obvious statement, it can be easily forgotten in traditional Waterfall projects. The very nature of the Waterfall process fosters the creation of different departments whose job is to receive work from the previous stage, produce something, and pass it on.

Read More

Challenges in Tool Selection and Deployment

With the advancement in technology, IT costs are rising across the globe. This trend is forcing organizations to adopt innovative methods to reduce testing expenses and increase the breadth of testing services. Software testing tools offer a solution to these issues, but concerns remain over evaluation and selection of the right set of testing tools. Widespread availability of these tools can make the decision-making process biased or complex.

Read More

Is It All in a Day’s Job?

Remember the bad performance and security of Healthcare.gov? Or the hack on Facebook? In the Netherlands every year around Christmas the King’s speech is published by a hacker before it is broadcast. Everybody knows stories about failing performance, usability, or security. I order loads of books and other stuff online. If web shops are slow, I click away and go to another web shop. I use my credit card online and basically hope the web shop cares about security. Only once have my credit card details been stolen and luckily it did not cost me anything.

Read More

Security Testing in Agile Software Development

Many people fancied becoming systems security specialists after watching popular movies such as Hackers (1995) and Wargames (1983), or immersed themselves in games like Uplink (2001) and Hacker (1985). Just the thought of hermitizing in the garage or basement trying to access remote systems (even non secure ones) using a dialup modem was enough to pump your system so full of adrenalin that it would push you through the night but you would still be capable of dragging yourself to school or work.

Read More

Sprint Health Line

Whether it is a traditional model or Agile, tracking the schedule is a common constraint which cannot be ignored or avoided in the eyes of delivery. Scrum boards or Kanban boards that I have seen so far do not project the sprint duration. As the team starts working on stories from day one of the sprint, they move tasks in the swim lanes, ensuring WIP (work-in-progress) is minimized. Sprint Health Line is a zero-cost method for the team to see where they are.

Read More