excuse (5)

End-users as security testers

Increasingly security testing of web applications are left to the end-user to discover. The web is generally seen as an imperfect thing, so it is not surprising that most users do not expect a website that works well 100%. What I have seen on the best Agile and Lean projects, is this is omitted to much further down the cycle, if at all – but why? Yes, they are skilled testing areas (and hence higher cost to secure fully skilled resource), but there is a lot that can be done, with the right tools and approach.

Agile Defect Management Lifecycle

Issue Trackingv12I struggled to find anything close to an Agile/SCRUM defect management cycle diagram, so have done one (click on thumbnail to see large version). What struck me as I was doing this, is it was largely no different to any other defect management lifecycle.  Just substitute the following.

  • Scrummaster=Project Manager
  • Product Owner=Client
  • User Story=Requirement/Use Case
  • Sprint=Release

The only addition I have made,  as it seems to be forgotten in most modern methodologies,  is the test manager role.   Developers need managing so it seems a little odd that it is assumed testers are basically just “developer pets”, according to Agile/SCRUM.   Not so – testers should have an impartiality, not be totally lost in same world as development.   I could be harsh here, and say that Agile is an excuse to get testers to do developers unit testing 🙂 but that would be churlish!

5 quick effective steps for “emergency testing”

xhtml_dtd5 quick effective steps for “emergency testing”, i.e. when testing is left until last minute!

1. Your site should be passing XHTML Transitional – there are no excuses! Most of the standards are relaetd to code quality and there is no excuse for omitting important data such as form labels, Alt texts, etc. Conforming to these standards will help with any potential issue with browser compatibility and accessibilty.

osbrowser2. Use Browsercam service to get a quick view on what you site looks like in ALL OS/Browser combinations. Debian/Konqueror is included, just to give you idea on how extensive this test is!

wcag2-sc3. Use Accessibility tools such as WAVE (Web Accessibility Evaluation Tool) – they are no replacement for testing with devices and software, but pragmatic given the costs that full accessibility testing can entail. If Accessibility is a real business imperative then companies such as Shoretrust have real disabled users who use equipment/software, and can report on your site.

broken-link4. Broken links program will highlight any glaring omissions or dead links. There are many services that will do this – this is a link checker that I use. If you want to check reciprocal links, then seperate checker exists here.

homepage5. Homepages can easily suffer from size issues, and running the homepage through a webpage analyzer, can not only report but suggest on how to optimize. Images are still most common area for improvement – images should ALWAYS be optimised for web.

US Senator says “the internet should never have been invented”

The internet is under attack not only from corporate interests, but from politicians using the excuse of “homeland security”. http://visionon.tv

Fake Marlboro Inc.

OK, so smoking is a disgusting habit, especially for some who habitually runs, but this seemed significant for the times.   A fake pack of cigarettes – and I mean really fake, as they didnt even contain any fake cigarettes, in fact nothing but folded up empty envelopes.  I have long suspected that supermarkets have to passing on fake cigarettes, as without actually smoking the things, it is pretty impossible to tell a fake. But getting this fake pack of cigarettes was definitely not something I am used to.

Firstly, probably worth defining a fake cigarette – one that does not contain the glorious combination of quality tobacco and over 4000 chemicals to make it “smoke right”. Fake cigarettes usually are obvious for the poor quality materials, and the cack inside which no doubt is a mixture of foliage/balsa wood that removes layers from the throat, and leaves an ugly sticky tar stain at the end of the filter. Bad enough.

Whenever there is financial crisis, it is usually used as a poor excuse for companies to rip off consumers further. It is laughable though that the criminal world, also increase their criminality – does the credit crunch affect crime business in fake products? The demand is higher I would imagine, so the sweat shops were obviously having a hard time keeping up with demand for floor-sweepings cigarettes. I wonder if there is any lower in actually quality of fake cigarettes – real fake ones I mean 🙂