Authored and Presented by Wonil Kwon,Executive Director, STA Consulting Inc., Korea

Abstract

The new international software testing standard has been developed for more than 2 years and formed a concrete shape at the moment. The “ISO/IEC29119, Software Engineering Software Testing” standard incorporates the other current software testing standards such as IEEE 829, BS7925-1&2, IEEE1008, etc. It will eventually supersede all other standards meaning that other national and international standards are to be changed in compliance with the ISO standard. The structure of ISO/IEC29119 and its core software testing process, so called 4-layered model, will be presented and discussed. Recent development, time line, future work, and invitation to the standardization are to be followed. Our effort and contribution to ISO/IEC29119 by forming the Local Working Group in Korea will be shared with you all. The audience will see why Korea is so keen on the ISO software testing standard.

Wonil Kwon, Executive Director, STA Consulting Inc.,Korea.

Wonil is the Executive Director of STA Consulting Inc., one of the leading software testing consulting & training companies in Korea. He is also the Representative of KTB (Korea Testing Board of ISTQB), the Korean representative of ISO/IEC 29119 (Software and Systems Engineering: Software Testing), one of co-founders of ASTA (Asian Software Testing Alliances) and a board member of SW quality certification by MKE (Ministry of Knowledge and Economy). He is also a member of the National Defense CIO Advisory Committee as well.
As the founder and representative, Wonil is actively involved in STEN (Software Test Engineers Network, www.STEN.or.kr), which is currently the biggest software testing community with over 10,000 members across the country.

He has renowned for his enthusiasm and expertise for his work, and innovative way of his consulting and training. Companies and organizations for which he has served include Samsung Electronics, LG Electronics, ETRI(Electronics and Telecommunications Research Institute), TTA(Telecommunications Technology Association), Hyundai Mobis, Prudential Life Insurance, SUN Microsystems, IBM, Samsung SDS, LG CNS and AhnLab, etc.

He has presented in various international software testing conferences and seminars (such as ICS Test in Europe, Agile Testing Conference in Europe, TSTC Conference in China, Softech Conference in Malaysia, etc.), and his influential training skills lead to delivering training courses in other countries as well.

As an author he has been producing books and testing journals including “Testers Insight (quarterly testing journal)”, "Practical Software Testing Foundation", "Learn Software Testing Through Questions", "Software Testing Terminology", "Testing Embedded Software (Translated)" , and “How we test software at Microsoft (Translated)”.

Authored and Presented by Phil Robinson, Principle Consultant, Lonsdale Systems, Australia

Abstract

The approach to software quality adopted by many software projects is to include a single activity optimistically labelled "Testing" towards the end of the project timeline. Many mangers believe that the purpose of this activity is to quote "QA the software and find all the bugs".

Most software testing professionals understand that this approach demonstrates a poor understanding of software quality but fear the consequence of telling their boss that they have got it wrong.

This session reviews a number of popular management assumptions about software testing and points out why they are wrong and how they can be corrected. The result is a catalogue of management errors that can be discretely passed to the "boss".

Phil Robinson, Principle Consultant, Lonsdale Systems, Australia 

Phil Robinson has worked with information technology, in a variety of roles since 1975. He has been involved in the planning, analysis and implementation of a diverse range of business, scientific and technical information systems.

Phil is an experienced workshop facilitator and has led numerous workshops in the course of his consulting assignments. He has extensive training experience, earning a reputation as a lucid and knowledgeable presenter. Phil has presented training courses for organizations in Australia, Thailand, Philippines, India, Malaysia, Hong Kong, Singapore and Indonesia.

Phil teaches courses on Software Testing, Requirements Analysis, Introduction to UML, SDLC Process Design Course, Enterprise Architecture, UML Modeling with Enterprise Architect and Requirement Analysis using Enterprise Architect.

Phil is a regular presenter at conferences and has authored numerous industry training courses in addition to three University units. He has also had two books published on programming Apple computers. The books were published in a number of countries including the USA, UK and as translations in Germany and France. More recently, he co-authored a number of articles that describe an original framework for the analysis of enterprise architectures.

Phil is a resident of Perth, Australia and frequently travels to South East Asia to perform assignments.

Authored and Presented byAndrew Bearsley, Hewlett Packard, Singapore

Abstract

Your application functions as expected. It performs well under load. But what about security defects?

The easiest way to break into a company is through the web application.

Web application security defects are costly, embarrassing, surprisingly frequent... and easily preventable.

The QA team is a critical (and often ignored) line of defense for detecting security vulnerabilities before they make it into production.

Tasked with simple requirements, and armed with cutting-edge automated tools, the QA team can be highly effective for detecting security defects.

This action-packed session demonstrates

• commonly used hacking techniques such as SQL injection and cross site scripting
• innovative technologies for finding security defects in web applications
• everything your QA team needs to be a proactive and valuable part of the security lifecycle

Andrew Bearsley, Hewlett Packard, Singapore

Andrew loves to break applications... before criminal organisations do.

Andrew leads HP's APJ technical community and is an industry authority in the application quality, performance and security space. With over 12 years of experience in application delivery, he has the experiences and scars to show for it.

Today, Andrew helps companies to discover and fix vulnerabilities in their own applications - before they become newspaper headlines.

Authored and Presented by Lian Tian Tse, Assistant Director (Command and Control Information Technology Competency Community), DSTA, Singapore

Abstract

In the last decade we have seen the pervasive use of software in almost every aspect of our daily life:  from the washing machines, hand phones, cars to much more sophisticated navigational systems found onboard ship and aircraft.  Whose responsibility is it to ensure the quality of the source codes?  Is it the developers, the software vendors, or the customers buying the piece of software system? 

This presentation explains the responsibilities and expectations of each of these players in the software lifecycle eco-system.  The audience will understand why ISO 9000, CMMI and other equivalent standards are necessary but not sufficient to ensure software quality.  The motivations to enforce governance and the challenges faced in building up a Software QA and Testing framework will also be discussed.  The presentation will also show why there is a need for the IT industry to go beyond the traditional user acceptance test (UAT) as a proxy for system acceptance if we are really serious about software quality.  Some guiding principles in the setting up of an independent Software QA & Testing outfit will also be shared.  Some pointers on how we could leverage on automated software testing tools and examples of software metrics collected to measure software quality will also be discussed.

Lian Tian Tse, Assistant Director (Command and Control Information Technology Competency Community), DSTA, Singapore

Lian Tian Tse is Assistant Director (Command and Control Information Technology Competency Community) and is concurrently heading the Software QA & Testing Programme in DSTA.  He has extensive experience in the solutioning and implementation of Decision Support Systems for the Ministry of Defence and the Singapore Armed Forces. For the last 15 years, he has been working in the IT arena leading projects and programmes that cover a wide domain ranging from Logistics, Operations, Manpower, Training and Education.  He set up the DSTA Software QA & Testing Program, an independent outfit that provides pre-deployment software code quality audit in April 2006.  Under his leadership, DSTA implemented coding violations and cyclomatic complexity metrics in addition to the traditional UAT as criteria for software acceptance.

A recipient of the Defence Technology Group Scholarship, he obtained his degree in Mechanical Engineering from the National University of Singapore.  He also holds a Master of Science in Operations Research from the Naval Postgraduate School, USA.

Authored and Presented by KiranKumar Marri, Group Test Manager, Infosys Technologies, India

Abstract

Two things have grown and exploded in the IT industry. One is the effect and impact of IT in every string of our activities, and the other is the metrics associated with the IT projects. The need for metrics for measurement and improvement is understandable. However, it is also important to measure the right metrics and its implication on the projects. The standards and processes around the testing metrics are in the process of maturing yet it is difficult to answer “What is the one metric that I should use in the testing project”. In the given tons of metrics, has it helped the software quality to make it more predictable, quantifiable, or reliable/dependable: No. There is enough evidence of failures of IT projects and defects coming in the later stages. The need of metrics is important but how does it get mapped to the business. Is there a hidden value that can bring out more meaning to the metric. This paper makes an attempt to address the need of metrics in testing projects based on the data from several IT companies and inputs from different stakeholders. The paper details the difference between program metrics and business metrics, and some simple methods to check if the metric has any value or applicability for the project.

KiranKumar Marri, Group Test Manager, Infosys Technologies, India

Kiran Marri PMP® is currently working as a Group Test Manager at Infosys Technology Limited, Bangalore. He has over 13 years of experience in IT industry and associated with the testing practice - Independent Validation Solutions Unit, managing clients in Banking & Finance service domain. He has extensive software experience in the field of Life sciences, Biomedical applications, Banking & Finance domain, and Retail domain.

He has published & presented several papers in conferences in the field of project management, software testing, clinical data management and biomedical engineering. His current research interest and publications are primarily in Project Management and Quantitative Test Management. He received his Bachelors in Electronics & Communication engineering from Madras University in 1993 and a Masters by Research in Biomedical Engineering from Indian Institute of Technology Madras, Chennai in 1996.

Authored and Presented by Koay Yee Ven, Senior Software Engineer, Motorola, Malaysia

Abstract

There were 44 software defects reported by customer from September 2006 to August 2007. Based on the study on large project (Project A & Project B), there were 31 defects reported by customer which was equivalent to the cost of poor quality is 3.1 Million USD. Among 31 defects, 25 of them are within the scope of test development. This paper will share with the audience on how DMAIC helped to resolve the problem. In measure phase, it will present the performance measurement plan on how to identify the indicator for defects arrival and how to measure the quality of existing test case and requirement

In analyse phase, it will present how to conduct defect root causes analysis on how to identify and select the proposed solution. In improve phase, this paper will present the result on how well we manage to reduce the number of customer defects by implementing the improvement plan on pilot projects. In Control phase, it will present on how to maintain the good work that we have done in Improve phase.

The result is proven as we managed to reduce the number of software defects by improving the test case development process. And it helped to increase the screening effectiveness at earlier stage which is during box testing stage or test case creation stage and help to reduce the cost of poor quality for the tested products.

This paper will benefit those eager to find an approach in reducing customer escape defects via test development process. It will also benefit to those who going to start a new product testing, this presentation will lead them to do the right thing at the first time.

Koay Yee Ven, Senior Software Engineer, Motorola Technology, Penang, Malaysia.

Yee Ven is a CTFL (Certified Tester Foundation Level). She is pursuing her six sigma green belt certification by working on reducing customer found software defects. She's also involved in software test improvement initiatives for test cases and requirement management. She is responsible for software test project management and customer profiling.

Authored and Presented by A N Sreekumar, Zoliotech, Singapore

Abstract

Mobile application and mobile web are becoming more and more popular. As any other emerging domain, mobile application and mobile web testing have their own challenges such as:

• Variety of mobile phone and networks in the market
• Variety of Operating System in Mobile phones
• Browsers used in the mobile
• Complexity of functions (small device, too many functions)
• Data connectivity issues (to be tested too)
• Lack of standard tools

The presentation will discuss some these issues within the context of module testing and system testing. Practical examples based on our company's experience in development/test of mobile applications will be elaborated. Also compare and contrast the mobile apps testing with web application testing.  And finally some of the latest trends in mobile applications testing will be discussed.

Mobile applications are mainly developed on mobile phone simulators.  This simplifies the problem of module testing to any other module testing.  System level testing, when the software is tested on a real mobile phone, gives all of the complications in management of the test cases as well as the test coverage (sufficient testing) aspect.  One normal practice followed is to keep a matrix of mobile phone models, OS and browser versions (for browser dependent ones) and pick up the right combination for maximum coverage of testing.

Test automation to some extent is possible using conventional test automation tools with extension scripts.  Based on a small statistics, defects escaped into the customer hands are nearly double that of a conventional software application project.  However, mobile users seem to be more tolerant for such defects in the current industry scenario.

A N Sreekumar, Zoliotech, Singapore

Sreekumar has been working in Telecom software domain for almost 2 decades.  He has worked on landline switching software in his initial days and moved on to Wireless mobile industry with the first trial of 3G technology in the US while he was working for Motorola.  He has managed projects for wireless networks, as well as embedded software for the mobile devices. Currently he is heading the business for Zoliotech Pte Ltd in Singapore.  The company specializes on Mobile phone applications and Mobile enabled web development.

Authored and Presented by Ori Sasson, Practice Assistant Professor, Singapore Management University, Singapore

Abstract

Software testing is an integral part of the software development cycle. Smaller companies potentially have fewer resources to dedicate for testing. We study several projects in small to medium companies in Singapore (we define small to medium companies as companies with less than fifty employees). The projects range in size from 1 man-year to 40 man years, in C++, C#, and Java. The challenges faced in these projects, similar to many other IT projects are vague requirements, changing requirements, and high level of complexity.

We review the lessons learnt from these projects with regards to testing. Our key findings highlight the importance of dedicated testers, as well as the usefulness of white-box testing tools and automated tools, even in smaller organisations.

Ori Sasson, Practice Assistant Professor, Singapore Management University, Singapore

Ori is a Practice Assistant Professor at the School of Information Systems in the Singapore Management University (SMU). He holds a B.Sc., M.Sc. and Ph.D. in Computer Science from the Hebrew University of Jerusalem in Israel.

Ori has over 20 Years of experience in architecting large scale software systems in the defence, telecom, and utility domains. He is the author of five technical books, and numerous research and practice papers, on diverse topics ranging from Theoretical Computer Science and Bioinformatics to Simulation and Software Testing. Ori is the faculty in charge of the SMU Student Chapter of the Singapore Computer Society, and is the president of the Singapore Testing Qualifications Board, the local chapter of ISTQB.

Consulting Services, India

Abstract

Many organizations are now rapidly using agile methodologies in their projects for the benefits it brings to all the concerned stakeholders. Many times it is seen that the agile practices are more development focused leaving the testers confused about their role in the project, activities that are supposed to be done and how they are going to contribute in the team success. Agile talks about testing ingrained with the development cycles. To do this, along with having appropriate testing practices, it is also essential that there are supporting governance and tracking mechanisms to ensure success.

The presentation gives an overview of a case study on how testing in agile was done for a program at a global financial company complying with regulatory and security requirements. The program was a transformation program where goal was to transform the financial advisory services in wealth management from offline to online. The program had team strength of about 70 team members belonging to different vendors. The team was completely new to agile and spread across multiple-geographies. The presentation elaborates on the agile execution process and how testing was incorporated in the agile process. The presentation also covers governance mechanism, test strategy planning, metrics captured and the types of testing done within a constrained test environment.

Takeaway from the session: The challenges and lessons learnt in implementing testing for the agile program will be highlighted.

Who should attend: Any one who is interested in knowing an experience of how testing was done for an agile program. Basic knowledge of agile methods is desirable.

Archana Joshi, Manager – Agile Practice, Wipro Consulting Services, India

Archana is a certified Scrum Practitioner (CSP) and Prince 2 Practitioner. Archana brings with her more than 9 years of software industry experience to her role as Manager – Agile practice at Wipro Consulting Services and has extensive expertise towards methodologies like Agile and Lean with the ability to apply them across industries & technologies thereby generating benefits to the project with reduced defects, higher productivity and lower cost.

Authored and Presented by Antony Prabhu Raj, Test Manager, Accenture, India

Abstract

There are various factors that affect the quality of the software product / application and these affect the behavior of the application. This leads to various combinations of Test suites which results in exponentially increasing the overall cost of quality. Mature industries such as manufacturing spend almost less than 10 % of the total cost on quality assurance activities and have far better results. Test design using orthogonal arrays results in an efficient and concise test suite without compromising on the overall test coverage. It also increases the confidence level of the team by executing a concise number of tests, uncovering most of the defects.      

Testing is a critical component of the SDLC process. Development of high quality software at reasonable cost is becoming a primary focus in the industry today. Much of emphasis (cost) is given on estimation and improving the prediction of quality also paving way for productivity improvement. There are three popular ways of improving productivity (a) Generation of more efficient set of test cases (b) automation of test suite (c) Improving test mgmt processes. In this white paper we are much focused in generating efficient test cases.

Orthogonal Arrays help in reducing testing effort though the use of fewer test conditions without compromising on defect detection.

Antony Prabhu Raj, Test Manager, Accenture, India

Antony has close to 12 yrs of experience in IT industry, demonstrating diversified roles in application support, systems development, application reengineering, application testing and Project management.  At present Prabhu is working for Accenture – India delivery center as “Test manager”

He had worked on all facets of the testing process (7 yrs) which include test planning, estimation, strategy, test case design, construction, review, metrics and implementation. He has presented white papers on Test optimization & planning in various international conferences.  He is also a certified coach for taking PMP & PM-School sessions within the organization.

He is capable of establishing high performance standards with strong loyalty to company goals. Adding flavor to his qualities, he is highly motivated, hardworking with excellent communication skills. At leisure times he engages himself listening music and reading books related to leadership and management.  

Some of his areas of research are: Design of experiments – using Orthogonal array test design patterns, Risk based testing and process engineering, Socket programming and Inter process communication,
Data structures – Single linked list, double linked, heterogeneous linked list, stacks and queues, Drafting White papers – connected to testing and project management Regulatory and compliance testing – Sarbanes Oxley Act.

The organizing committee thanks the following authors for submitting their paper abstracts.