Software Testing Tweets

I have been curating tweets on software testing.  I create a weekly list of popular tweets.  I also try to curate tweets from conferences.

Here is the latest weekly update.  Here is a sample from a conference.

You can subscribe to my rss feed for regular updates.

 Subscribe in a reader

Subscribe via email:
Subscribe to The Weekly Scowl – Popular Tweets on Software Testing by Email

Powered by FeedBurner

Let me know if there is an event for which you want me to analyze data.  Feedback on the tweet collections is welcome.

Weekly Scowl

Weekly Scowl

Agile Testing Days 2012 Buzz

Agile Testing Days 2012 is being held in Berlin on November 19th.  Here is my concise summary.  I have included links when available.  Some of my summaries are so concise that you’ll have to stare at the words for a few minutes.  If you get tired of staring, click on the links.

Management Successful automation Transition to agile
Ambler on agile Legacy code? Performance
“Mindful Team Member: Working Like You Knew You Should” Mindmaps Spec by example
Really hands-on no ppt Ambler on agile “5A – assess and adapt agile activities”
Data->quality story Endusers Distributed teams
Understanding agile Distributed teams Line Managers
Exploratory What is A testing Agile->Culture
World of Warcraft Communication Developers exploratory
“Self Coaching” “How to change the world” Factory requirements
Shorter releases Good news CI experience
New techniques Continuous Delivery Test developer
Markus on 21st century tester Advanced CI “Testers Agile Pocketbook”
Continous testing Sapient “Reinventing software quality”
“Fast Feedback Teams” User stories RIA BDD
Test Oracle Slack=creativity Requirements+testing
Javascript TDD BDD Open source tools
Test data Change “Technical Debt”
Bank context driven “The ongoing evolution of testing in agile development” Rigid environment
Right thing right Mobile automation CI
Winning the game

blackhat US 2012 arsenal – security testing tools

blackhat US 2012 has sessions when researches can showcase tools, projects and demos.  Here is my super concise summary of the arsenal.  I have tried to highlight if tools are free/opensource.  Also see my summary of the conference.

 Binary visualization, evolution of hex editor ..cantor.dust..
 Collaboration on Metasploit Armitage
 ARP and DNS poisoning ARPwner
 Amazon Web Services AWS Scout
 Python tool for protocol fuzzing backfuzz
 Burp Suite extensions Burp Extensibility Suite
 Bypass CAPTCHA Bypassing Every CAPTCHA provider with clipcaptcha
 Crowd reverse engineering CrowdRE
 Network simulation to study malware FakeNet
 Fuzzing PHP GDFuzz
 Metasploit NTLM relay (open source) Generic Metasploit NTLM Relayer
 Python scriptable pen testing Gsploit
 Python tool exploit HTACCESS HTExploit bypassing htaccess restrictions
 Java email phishing test social engr defenses ice-hole 0.3 (beta)
 Machine learning to security incidents pre-breach Incident Response Analysis Visualization and Threat Clustering through Genomic Analysis
 Sniff iphones and ipads (open source) iSniff GPS
USB human interface devices in pen tests Powershell scripts for offensive security and post exploitation Kautilya and Nishang
 Volatile memory from Linux/Linux based LiME Forensics 1.1
 Add security features to apps post development MAP
 Better host based incident response MIRV
 Web application fireall (open source) ModSecurity Open Source WAF
 OWASP project for training, experimentation OWASP Broken Web Applications Project
Assess OData Oyedata for OData Assessments
 Python tool to explore PDF peepdf
 PHP eval function phpmap
 Incidence response and investigation (free) Redline
 Registry analysis (free?) Registry Decoder
 SAP GUI network traffic SAP Proxy
 iOS apps Semi-Automated iOS Rapid Assessment
 Opensource smartphone pen testing Smartphone Pentesting Framework
 Search engine hacking (Free) Tenacious Diggity – New Google Hacking Diggity Suite Tools
 Vulnerability aggregation and management (open source) ThreadFix
 Web security scanner (open source) Vega
 Manual and automated approach to web app assessment (ruby, open source) WATOBO – Web Application Toolbox
 Attack XMPP connections XMPPloit
 Mobile IPS zCore IPS

blackhat US 2012 – Ultimate security testing conference Buzz

To me security testing is the ultimate testing challenge.  blackhat conferences are the premier conferences on information security.  I have included a concise summary of the Blackhat 2012 US conference, to give you a feel for current security topics.  It’s worth spending a few hours reading the conference schedule – it’s a very interesting read. e.g.,

Here is my summary:

Malware author evasion Rodrigo Branco
CPU instruction vulnerability Rafal Wojtczuk
ARM exploitation (embedded) Stephen Ridley
Beat Google Bouncer Nicholas Percoco
Action Message Format testing Luca Carettoni
Identifying .NET vulnerabilities James Forshaw
Javascript browser blended threats Phil Purviance
Various techniques Dan Kaminsky
Stochastic forensics Jonathan Grier
Detecting unrelated external code Silvio Cesare
Web application firewall Ivan Ristic
Security card game Tadayoshi Kohno
MAC EFI rootkit Loukas K
Android’s DEX file format Timothy Strazzere
Browser Flash sandboxes Paul Sabanal
Mobile Near Field Communication protocol Charlie Miller
Windows kernel vulnerabilities Cesar Cerrudo
Security industry watchgroup Jericho
Microsoft Exchange->devices Peter Hannay
Windows 8 Matt Miller
Windows 8 Metro apps Sung-ting Tsai
Jemalloc Firefox exploitation Patroklos Argyroudis
Polymorphic viruses Mario Vuksan
Oracle index (database) David Litchfield
Malware analysis environment detection Chengyu Song
Iris recognition Javier Galbally
Air traffic control systems Andrei Costin
Google Chrome native client Chris Rohlf
Better Communication=Security acceptance James Philput
HTML5/Websockets Sergey Shekyan
Hardware backdoor Jonathan Brossard
Industrial firmware Ruben Santamarta
Browser EEF Steve Ocepek
Reverse Engineering 3G microcell Mathew Rowley
Embedded systems code using electrical consumption Yann Allain
HTML5 top 10 threats Shreeraj Shah
Intrusion detection complete failure John Flynn
iOS/Appstore vulnerability Justin Engler
iOS kernel memory allocators Stefan Esser
iOS security Dallas De Atley
Legal Robert Clark
Smart Grid Don Weber
Hotel Onity locks Cody Brocious
Javascript botnets analyze villians Chema Alonso
Pin Pads Nils
Attacking PHP apps, e.g., Mediawiki George Argyros
Cellular networks Collin Mulliner
Java vulnerabilities Jeong Wook Oh
Remote smartphone attack/Baseband processor Ralf-Philipp Weinmann
Proactive defense Iftach Ian Amit
Security vision Jeff Moss
Social media/business networks Dan Gunter
SQL Injection exploit routers Zachary Cutlip
SSRF attack SAP/ERP Alexander Polyakov
Hash corruption Ryan Reynolds
 Web exploit toolkits Jason Jones
Kerberos, NTLM, domain hashes Alva Duckwall
Intrusion remediation Jim Aldridge
Dept Homeland Sec. – research, training, hiring opps Mark Weatherford
Internal dev processes rather than external vendor tools David Mortman
 ASLR Fermin J. Serna
IPV6, DNSSEC, new top level domains Alex Stamos
Attacking hardware Valeria Bertacco
Social trust systems Bruce Schneier
Windows gadgets Mickey Shkatov
Web user tracking Gregory Fleischer
Windows Phone 7 Tsukasa Oi
Windows 8 heap Chris Valasek

Let’s Test 2012 Buzz

The Let’s Test conference in 2012 got great reviews from the test community.  The conference was blatantly context-driven.  The presentation slides and blog posts on the conference can be seen here: Presentation slides and blog posts. Here is a concise summary of the sessions (the speaker names should help you find the presentations):

Hypnosis mapped to testing Alan
Scripting -> exploratory Alexandru
Systems perspective to black swan IT incidents Anders
Coaching Anne-Marie
Ineffective testers Ben
Context driven defect management Carsten
Artificial intelligence Chris
Scientific method Christin
Zen Approach Dawn
SIT strategies Fiona
Mental models Henrik
Learning Huib
Mixup (Bugbash..ish++) Johan
Dialogue Leo
Financial Services Louise
Charters Markus
xBTM (Sessions) Michael
Congruence,  systems thinking, emergence Neil
Exploratory as a service Oliver
Binary disease Rikard
Developers exploratory Sigge
Rolling Stones Lessons Simon
Effect map/requirements Torbjorn
Fine arts -> testing Zeger

Keynotes/Tutorials

Delivery room ~ testing Rob & Anne
Opensourcing Julian
Context Performance Scott
Leadership Fiona
Software Diagnosis James
Exploratory test design Rikard

CAST 2012 Buzz

CAST is being held in San Jose on July 16th.  The theme of the conference is “The thinking tester”.  CAST is organized by the Association of software testing which is “dedicated to advancing…testing according to context driven principles“.  (You’ll click on those links if you know what’s good for you).  Here is a very concise summary of the sessions at CAST 2012.

Automation heuristics Adam
Much more than acceptance criteria Anand
Continuous deployment Andrew
Motivate testers to think/Make horses drin Anna
Agile/waterfall not either/or Bart
Ineffective testers Ben
Thinking visually Bill
Session feedback Carsten
Scientific method Christin
Personae Curtis
Set context-impact thinking Geordie
Thinking Offshore teams Gerie
Collaborative test Griffin
Bank move to exploratory Huib
Medical approach Iain
Mobile thought processes Jean
Like-hate standards Jon
Brainstorming Karen
Exploratory performance Mark
Systems thinking, team building, communication TA Markus  
Hands on testing Nancy
Interview testers Paul
Data->quality story Peter
Ethics Scott
Developers exploratory Sigge
Expectation management/Test coaching Wade
Service stakeholders Lynn
Kaner on metrics Nawwar
Describing Henrik
Counter-intuitive truths, systems, change Tripp  
Role of testers Elisabeth

STARWEST 2012 Buzz

STARWEST 2012 is on September 30th in Anaheim, California.  Here is a compressed summary.  This should give you an idea of the overall theme of the conference and a pulse of what’s happening in testing.  I haven’t included the workshops, tutorials and keynotes.

Security

  • Penetration testing…………………………………………Edward
  • Security/Attacks……………………………………………..Frank

Mobile

  • Improve mobile testing…………………………………………Yoram
  • Automating mobile/Monkeytalk……………………………….Stu
  • Automating mobile……………………………………………..  Eing
  • Mobile test automation…………………………………………Manish

Metrics

  • Requirements coverage………………………………………….Lee
  • Bolton on metrics……………………………………………………Michael

Test Techniques

  • Big data……………………………………………………………………Ken
  • Data generation………………………………………………………..Rajini
  • Unit test coverage……………………………………………………..Michael
  • Combinatorial……………………………………………………………Karen
  • Business Intelligence/Data Warehouse………………………..Karen
  • Continuous Integration……………………………………………….Ayal
  • Forms of exploratory testing……………………………………….Gitte

Test management

  • Agile techniques on non-agile………………………………….Brian
  • Transform test org…………………………………………………Mari
  • Hierarchy of quality~Maslow……………………………………Anu
  • Organizations……………………………………………………….Mike
  • SoLoMo – Social, Local, Mobile………………………………..Matt
  • Great Testing teams………………………………………………Peter
  • Cloud, SOA, multi-tenant systems…………………………..Klaus

Cloud

  • Testing in the cloud – change in mindset………………..Steven
  • GoDaddy’s cloud…………………………………………………Brent
  • Cloud apps…………………………………………………………Kiran

Agile

  • Test automation – agile……………………………………….Alexander
  • Prevent defects in agile………………………………………David
  • Inspections in agile…………………………………………….Anne

Performance

  • Database load………………………………………………….Ron
  • Performance in agile…………………………………………Sai

Test automation

  • Web testing tools……………………………………………..Dawn
  • Selenium framework…………………………………………Brian
  • Test Automation Framework……………………………..Matt
  • Test Automation ROI sucks………………………………Bob
  • Improve UI-based test automation……………………..Michael

Other

  • Document system safety – safety case………………Shabbir
  • Dev testing……………………………………………………..Andrew
  • Open source tools…………………………………………  Frank
  • Cross-platform at Microsoft……………………………. Jean
  • Work better with requirements………………………… Ken
  • Collaboration………………………………………………….Dorothy
  • Devops………………………………………………………….Manoj