SqaВфны8
-
Upload
catherine-tipanova -
Category
Technology
-
view
834 -
download
0
Transcript of SqaВфны8
SQA Days 1 , .
19-20 2010 - Software Quality Assurance Days
, :
; ; ; ; ; (usability); (security); ; ; ; ; ; ( Web), ; .
, , .
* * - * * testing is more than checking * checking * * , *
,
Two Futures of Software Testing
: , .. , :
* * *
, - ( ). , .. .
:
* * * *
.
, ( ) , - .
?
- ?
: * , ! * , . * ! eat your own dog food!
: - ( , , , ) - ( , , ) - ( , , , ) - ( ?) - ( )
: - ( . , ) - - - - - - .
, .
: .: * * * : * * * * : * * : * * ,
: 5 ,
5 , :
* : , ( ) , ( - , ) * (): , * : * : , * :
, ?
* , : - , - - - , * : - * : - ( ) - ( ) * * : - - * : - - - - * : - - * : - *
Risk Driven Testing
: , . 1. 2. 3. - 4. -
: * ( , ) * (, ) * ( ) : * * * * .. : * * * *
(4 , ), , 3-4 , .
:
1. , 2. , ,
:
* * * * * *
:
* * * *
, , . . .
:
Phantom web-, 80 . . . .
Jira (420 000 ).
: , , Jira . - , jabber . .
, . , ( ). , .
, , , . , , . , , .
. . ?
: * * * * - *
: . =)
: * * wifi * GPS * BlueTooth * * *
: * (IPhone/Android); * / / ; * / ; * : ,
:
* ; * , * *
* (, , , .. ). * (OSSTMM, OWASP Testing Guide, PROTOS, NIST). * * * , . * , .
- (Mind-Maps)
* - * brain-storming * * - * ( ) * * * - * scrum-
: * Mind Jet Mind Manager * xMind * Mind Mapper
- , . : * ; * ; * ; * ; * ; * .
, , , . , -, API -, . windows, linux. , ? API :
: - .
: API
: POST : JSON
:
* * * * .
: .
( ): * - * - * * * ( ): * * * ( ) * ( ): * StableBuild * Change Log * , * * * * * ( ): * , * * *
, .
, 100%- , , , , , . , , ?
* , "" * , * , * -
.
.
:
* * * *
- .
. , . , . .
, :
* - * * *
* QA
*
* :
Parasoft SOAtest
arasoft SOAtest - .
, , , - .
, , .
Parasoft , .
* SOATest * , (- ) * . * Advanced mode: Python, J, JS * JTest, .Test "" ( )
, , . , , , , , , , . . , , , , , ( ). .
http://www.slideshare.net/astenix/sqa8-urazov
OSSTM: (cost, time)
* Vulnerability scanning (1,1) * Security scanning (2,4) * Penetration testing (3,2-3) * Risk assessment (6,2-3) * Security auditing (7,7) * Ethical hacking (4,5) * Posture assessment & security testing (5,6)
OSSTM: ,
* * * *
OSSTM. , , . .
Open Source Security Testing Methodology