October 5, 2011

Verify/ATI Conference Highlights

Events
Last week I participated in the Verify/ATI (Automated Testing Institute) Conference held in Arlington, Virginia from September 26-28. I presented two breakout sessions: "When to Ship" on Tuesday afternoon and "Measuring Technical Debt with Load Testing" on Wednesday morning. The sessions were videotaped, and if the links are posted I’ll provide them in an update to this post.  I was also interviewed on video by the conference chair about why I was participating in the conference and what I was getting out of it. I sat in on a variety of sessions, the most compelling being a discussion of testing anti-patterns for Agile projects, and how those anti-patterns could be overcome. The speaker was Bob Galen, an Agile consultant and author of Scrum Product Ownership. Some of the anti-patterns included were that developers and testers didn’t work together, and that certain automation tools and practices were too rigid to adapt to change. Bob’s point was that once these anti-patterns were recognized, they could be overcome to make Agile testing a success. Microsoft also had a well-attended session in which the topic was a highly marketing-oriented talk on Microsoft Test Professional and Team Foundation Server. While product descriptions and demonstrations are normally frowned upon, the audience appreciated the opportunity to see a Microsoft approach to automated testing and test case management. The keynote talks included "Test Automation: Past, Present & Future" by industry veteran Dorothy Graham, and "Preventing Zero Day Attacks Through Automated Security Testing" by Joe Jarzombek of the Department of Homeland Security.  Graham spoke about trends from the past, how they were manifesting themselves today, and what scenarios testers were likely to face in the future. The security talk was geared largely toward the inevitability of threats and vulnerabilities, and the need to understand the nature and characteristics of both in order to successfully test application security. As might be expected by a talk given by a government security expert, it was heavily geared toward a regulatory understanding of the problems, but the definitions and characteristics of threats and vulnerabilities are useful in any security testing practice. Possibly the most important thing I learned at this conference is that Agile and automation are inseparable. Agile methodologies are supposed to make full use of automation to accelerate repetitive tasks and to track data that is too cumbersome or time-consuming to record manually. Too often we interpret Agile as automation-unfriendly, but that’s an oversimplification. The goal is to choose tools and automation opportunities that don’t require more effort to set up and maintain than they save. Tools that are easy to learn and use can go a long way toward accelerating even Agile processes.