Software Test and Performance, January 2006, Page 26
Total Page:16
File Type:pdf, Size:1020Kb
A Publication P B RA E Un C ST it T T IC es ES ti : ng VOLUME 3 • ISSUE 1 • JANUARY 2006 • $8.95 www.stpmag.com XP’s Balanced Approach to Test Stressing Software With Open Source Tools A MMethodethod to Build Visibility Into Your DevelopmentDevelopment Process MakingMaking YourYour QAQA EEfffoforrttss FFlyly The Importance of Life Cycle Management A MESSAGE FROM THE EDITOR VOLUME 3 • ISSUE 1 • JANUARY 2006 Publisher Editorial Director Better Life Cycle Ted Bahr Alan Zeichick +1-631-421-4158 x101 +1-650-359-4763 [email protected] [email protected] Editor Director of Events Management Lindsey Vereen Donna Esposito [email protected] +1-415-785-3419 [email protected] Associate News Editor Everyone is familiar with the ground. While you Director of Circulation Alex Handy Agnes Vanek the rule of thumb that says can’t download a hard- [email protected] +1-631-421-4158 x111 at each step of the way, the ware patch, neither can [email protected] Art Director cost to fix a problem you get into a software LuAnn T. Palazzo Circulation Assistant increases tenfold, and hav- system with a wrench. [email protected] Advertising Traffic Phyllis Oakes ing to fix a problem in the And getting to the site Copy Editor +1-631-421-4158 x115 field is the most expensive. can pose a challenge. George Ellis [email protected] [email protected] (Granted, the Internet It is an unfortunate fact Office Manager/ somewhat mitigates the of life that despite lofty Contributing Editors Marketing Scott Barber Cathy Zimmermann cost of patches for de- intentions, test cycles will [email protected] [email protected] ployed software, but still, Lindsey Vereen always get truncated. And Esther Schindler Customer Service/ what patch doesn’t intro- Editor as Feldstein points out in [email protected] Subscriptions duce a glitch somewhere?) his article, “No matter +1-847-763-9692 Contributing Writers [email protected] No matter that we already know the how well the software is tested, some Alan Berg Jeff Feldstein Controller rule; we still have to file this one in the bugs will inevitably escape the testing Matt Hargett Viena Isaray lessons-we-have-to-learn-over-and-over process.” And you know those will be Steve Lemme [email protected] Tracy Ragan folder. In this month’s lead story, Jeff the expensive ones to fix. Article Reprints Feldstein reminds us that too many The solution is successful manage- Director of Editorial Lisa Abelson Operations Lisa Abelson & Co. bugs are still found late in the process, ment of the application development David Rubinstein +1-516-379-7097 when they are expensive to fix. Serious cycle. And the inducement for man- +1-631-421-4158 x105 fax +1-516-379-3603 [email protected] [email protected] performance issues or integration aging it well is an understanding of issues are uncovered in the latter part the business value for doing so. In Cover Photograph by Peter Nguyen of the development cycle and can managing the application life cycle, require a costly rework of large parts of product quality is only part of the Advertising Sales Manager the code, which will have repercus- equation, but it is undeniably a signif- David Karp +1-631-421-4158 x102 sions for the product team and the cus- icant part. [email protected] tomers and will affect when the com- Quality assurance is about doing pany receives revenue. things right the first time. While it’s a My favorite example of the increas- good idea to make sure that a product ing cost of repair comes from the can be repaired in the field, it’s a bet- realm of hardware: the Hubble Space ter idea to make sure it doesn’t need Telescope. Shortly after the Hubble to be. That means taking control of President BZ Media LLC was deployed, a flaw was discovered in the application life cycle and estab- Ted Bahr 7 High Street, Suite 407 its ability to focus—one thing you have lishing quality as a priority. That way, Executive Vice President Huntington, NY 11743 Alan Zeichick +1-631-421-4158 high expectations for a telescope to be you can catch the bugs before they fax +1-631-421-4045 www.bzmedia.com able to do. The problem got through get out the door. As Feldstein says, “A [email protected] because of—what else?—a truncated carefully planned application devel- test cycle. Getting it repaired required opment life cycle is a key requirement Software Test & Performance (ISSN #1548-3460, sending field service out to the site— to successful delivery of on-time, qual- USPS #78) is published 12 times a year by BZ via the Space Shuttle. ity software.” Media LLC, 7 High Street, Suite 407, Huntington, NY 11743. Periodicals privileges pending at There are software problems in Success takes a team effort, involv- Huntington, NY and additional offices. space as well. Perhaps the most famil- ing product management, develop- POSTMASTER: Send address changes to BZ Media, iar is the software bug that caused the ment, test and documentation. 7 High Street, Suite 407, Huntington, NY 11743. Ride along is included. Mars Polar Lander to crash. Feldstein understands this. At his ©2006 BZ Media LLC. All rights reserved. Software I’m not sure you can say that soft- company, he says, everyone is in- Test & Performance is a registered trademark of BZ Media LLC. ware problems are easier to fix than volved with quality. That’s a competi- hardware problems, in space or on tive advantage. ý JANUARY 2006 www.stpmag.com • 5 VOLUME 3 • ISSUE 1 • JANUARY 2006 Contents A Publication COVER STORY Life Cycle Management: Make Your 12 Quality Assurance Efforts Fly A carefully planned application life cycle is key to delivering on-time, quality software—and the test team should be involved in each step. By Jeff Feldstein 18 XP’s Balanced Approach to Test Better software quality will be your reward if you can achieve the right bal- ance between unit and system tests. By Matt Hargett 26 Make Your Development Process Departments More Transparent 5 • Editorial You can use Eclipse to make your Managing your software development process understandable by everyone life cycle. from developers to QA managers to business managers, even if they’re not 8 • Out of the Box IT experts. By Tracy Ragan New products for developers and testers. Compiled by Alex Handy 10 • Peak Performance 31Stress Testing, Alberto Savoia’s hot old topics seem Open Source Style fresher than ever. By Scott Barber This exercise walks you through the process of using Eclipse for controlling 36 • Best Practices Unit testing’s like a box of chocolates. Ant and JMeter to generate and perform By Esther Schindler automated stress tests. By Alan Berg 38 • Future Test Effective management of database performance. By Steve Lemme JANUARY 2006 www.stpmag.com • 7 Out of the Box Compiled by Alex Handy Appscan 6.0 Sniffs Out Security Holes Waltham, Mass.-based Watchfire has been completely re- (www.watchfire.com) has pushed its designed, with an emphasis Appscan security tool to version 6.0. The on ease of use and compre- most significant of the new features are hensible results. fresh remediation capabilities designed “Security teams today are to hold developers’ hands as they mud- under intense pressure, and dle through the security testing process. many cannot keep up with AppScan can detect security holes in Web applications Appscan now helps testers and develop- the volume of applications quickly and easily. ers focus on and fix the issues it finds, they need to test. Currently, instead of simply sounding an alarm bell security professionals are either catching tion testing with innovative capabilities and leaving the rest up to them. issues late in the development cycle or, that not only identify critical application Appscan is a Web applications securi- often, not at all,” said Michael Weider, weaknesses, but also provide intelligent ty testing tool that is typically known for chief technology officer at Watchfire. fix recommendations and new remedia- its speed. With version 6.0, Watchfire has “We spent more than a year working tion capabilities, improving the ease and also added 31 compliance-based tests to on this release, and we were laser-focused speed with which users are able to under- ensure that applications function within on eliminating barriers to fixing critical stand, prioritize and remediate critical the bounds laid out by the SEC, Congress security flaws, boosting the level of Web application security issues.” and other business regulatory bodies. automation and improving efficiency. Appscan 6.0 is available now directly To help users better understand and AppScan 6.0 is a significant milestone and from Watchfire. It is priced at US$15,000 target found holes, Appscan’s interface sets a new benchmark for Web applica- per seat. RadView Secure Splits Up CodeAssure The source code analysis tool CodeAssure with how and where to address the appli- Offers New has been updated by its creators, Secure cation security dilemma, and we believe Software (www.securesoftware.com). The a one-size-fits-all solution does not Performance tool checks code to find security flaws, address the key use cases,” said Kevin and it alerts developers and testers to Kernan, CEO of Secure Software. “Our problems that could arise as a result of expanding product suite enables every- Testing Tool sloppy code, unrestricted inputs and one, from an individual developer or unchecked registers. architect to an organization with hun- WebLOAD Analyzer J2EE Edition is now “Many organizations are still wrestling dreds or thousands of people, to fully available from RadView Software realize the tremendous cost (www.radview.com).