This CERT Vulnerability Note crossed my mailbox recently. It’s over 3 years old, but I had never seen it before.

From the note: The HTTP TRACE method returns the contents of client HTTP requests in the entity-body of the TRACE response. Attackers could leverage this behavior to access sensitive information, such as cookies or authentication data, contained in the HTTP headers of the request..

I’m not really sure how much of a Real World concern this is, but heres a python script to quickly check if your website is affected.
(more…)

Every VCS has some way of describing the history of a file: who changed it last, when and how. Similarly, they all have some way of embedding this information inside the file which is under revision control. Generally, they use the set of tags first developed by CVS. Since this is useful information, it should be present in all non-binary files.

This is another area where a bit of process definition is enforceable/monitored through python. The following script will crawl through all .java and .jsp files and check if any cvs keywords are present. You can then produce reports based upon the an organization-wide defined policy (for instance, all files should have the $Header: $ keyword).
(more…)

There will be a bit of a slowdown on the frequency of posts for the next little while as I find myself laptopless. As alluded to in a couple posts, I did most of the posts while commuting on the train, but with the change of job I find myself working at a desktop computer instead of a portable.

Hopefully the lack of laptop will be temporary as I’m seriously considering getting a used iBook (for OS X) to be yet again to hack/blog on the train.

Anyone else local have such a beast available to purchase in likely the next 6 weeks or so?

One of the more polarizing issues in the database community is whether having NULL as a valid entry is a Good Thing, or a Bad Thing. I am quite firmly in the Bad Thing camp.
(more…)

Managing the Software Process by Watts S. HumphreyChapter 11 – Software Testing

(more…)

It’s that time again

FitNesse
Agile Testing
CMMi

(more…)

One of the the best keynotes I have heard was at a telecom conference when I was in college. The speaker was Captain James A Lovell who commander of the Apollo 13 mission. After retiring from NASA, he ran a phone company which is why he was invited to speak. Of course, he didn’t mention phones except during his introduction. The entire hour was about space, and orbiting the earth etc.. Fantastic talk.

Where is this going? Well, today Guy Kawasaki posted a blog entry with an MP3 of a keynote Jim Whittaker gave at a conference Mr. Kawasaki’s company sponsered. Mr. Wittaker is most known for being the first American to summit Everest, as well as being the first American to summit K2.

While not specifically Process or Quality related, some of the stuff could be applied to Testing. It’s a good listen irregardless. And as usual I took notes.
(more…)

During the flurry of emails that happened while being convinced to demo at last month’s DemoCamp, the topic of Code Ownership, or more correctly, the Feeling of Code Ownership came up since most people who demo appear to either be employed full-time somewhere are work on something in their off hours or start-ups who are intimately involved in the product. What somewhat surprised me was that I have very little feelings of Ownership, or Attachment to the product I work on. And I think that is a Good Thing.
(more…)

I stumbled across RedMonk Radio – episode 6 (via Sandy Kemsley) last week in which they talk a bit about Testing in the realm of SOA. The inspiration for the topic came from a company called Green Hat Consulting which has a product called GH Tester (Wow! Original name or what) who is not a client, but did brief them.
(more…)

There comes a point in any enterprise J2EE application’s life when sitting on a single instance of the server on a single piece of hardware just doesn’t seem to cut it anymore. Enter the cluster; load-balancing, failover and distribution for free!. But that is not quite so accurate or quite so free. Having been involved in two new products that evolved to work on a cluster, it seems that applications built from the ground up to work in a cluster will work outside of a cluster, but not necessarily the other way around. It makes sense then to start your testing efforts in a clustered environment right from the get go. Don’t have a pool of machines to make a cluster with? No Problem. The following is a step-by-step hand holding on how to install a WebLogic 8.1 and then cluster it on a single piece of hardware.
(more…)