Original Software teams up with Euronet to keep test data secure

Original Software, the testing software vendor and Euronet USA Inc., the software subsidiary of electronic payments provider Euronet Worldwide Inc. (NASDAQ: EEFT), have teamed up to launch the Integrated Transaction Management (ITM) Test Compliance Kit, addressing the need to secure test data in the financial services industry.

“Testing on real data is commonplace throughout IT departments all over the globe, but nowhere are the potential security issues higher than the banking industry. Since more than 70% of all data breaches in the industry today are ‘inside jobs’, the exposure of very sensitive customer data in the testing phase (which can often be outsourced), carries with it high risk of financial loss, potential lawsuits and poor public image. Although this kind of practice is in breach of many industry regulations, scarce testing resources often force companies to cut corners,” said Colin Armitage, CEO of Original Software.

ITM is Euronet’s proprietary software suite of payment and transaction processing solutions. The partnership between Original and Euronet will provide a software testing solution specifically for ITM installations, allowing users to create a more manageable sub-set of data from their ITM solution and de-identify customer records and other information at risk of data breaches, for use in a testing environment.

The pre-packaged test suite contains relevant data cases and default templates to lead users by the hand through the elements of ITM they should be testing. It also facilitates de-sensitised data-sharing with Euronet and reporting and feedback of any issues that may arise, resolving issues early, enabling faster deployment of ITM and reducing the risk of errors in the live environment.

Doug Goodwin, the senior vice president of global development at Euronet USA Inc., commented on the announcement, “For many of our customers, complying with the various data privacy industry regulations proves difficult and too resource-intensive. We’ve found a solution in Original Software and have implemented it ourselves in-house, providing a good, solid return on investment. We have already invested in building modules, test scripts and data cases for ITM. Naturally, as an innovative solutions provider we like to stay ahead of the technology curve and provide our customers with easy access to the same leading edge solutions.”

The ITM Test Compliance Kit contains elements of Original Software’s leading testing solutions, including Extractor technology – to enable users to create a sub-set of the customer data in their ITM solution and de-identify customer records in line with the various data security standards and regulations, which dictate that production data should not used for testing or development. TestDrive-Assist – the Company’s manual testing support tool, which will make it easy for even non-technical professionals to conduct testing, record for compliance purposes and feedback to Euronet if they come across any issues. TestPlan - will allow them to collect, report on and organize their testing effort with pre-populated placeholders for all the elements and modules of ITM.

“Most software vendors wash their hands of quality issues when the software goes live — that’s where their involvement ends,” continues Armitage. “Euronet recognizes that this is not the end of the story for its customers who need to test the new versions of the software package with their systems before going live. This is an exemplary stance for a vendor to take to the challenging issues of software updates for its clients."

For more information visit: http://www.origsoft.com/Products/itm_compliance_kit.htm

posted by Administrator on Saturday, October 04 2008 permalink | comments (0)

What Do You Want To Know?....

The Testing 1,2,3 Group is up and running - well sort of.  My goal for this group is to provide some useful information for those of you new to software testing or maybe looking to sharpen your testing skills.  My first "paper" will be on "Equivalency Classes" or equivalency class partitioning.  I'm hoping to have it posted by Monday, Oct 6th.  If you have any questions or areas you would like me to cover please feel free to contact me through here or by email at david.whalen@comcast.net .  I look forward to hearing from you!

 

posted by Dave on Friday, October 03 2008 permalink | comments (0)

What does "Section 508" mean for you?

While “section 508” may not be a phrase that all testers will come across, it is a relevant issue that will be good to add to your knowledge base. For those of you not familiar with the term, it is a government standard for making information technology accessible to the disabled.

Section 508 is an amendment to the Rehabilitation Act, and it requires Federal agencies comply with certain standards in order to “eliminate barriers in information technology.” The software, websites, and other IT tools used by these agencies must enable Federal employees with disabilities to gain the same, or comparable access to information and resources as those whom are not disabled.

Now, why is this relevant to the QA and testing community? It boils down to a matter of opportunity. The government, and companies providing products to Federal agencies need their products, tools and resources to be tested for compliance.

The process requires both automated and human testing. For the automated testing, there are quite a few tools out there that work with Dreamweaver. Usablenet.com has an accessibility platform that can help you test for compliance with section 508, ADA, W3C and more. AccVerify SE is another tool that integrates into Microsoft FrontPage.

Human testing is, of course, often required to catch details of accessibility an automated test has no way of doing. It will require a detailed test plan and a focus group to effectively cover everything. We all know the human element can bring up unforeseen issues.

How many of you have worked with section 508 compliance? What were the challenges you faced? What tools, resources, or general wisdom could you share with testers that may be working with it soon? I’m sure the whole community would appreciate your thoughts.

Far more detailed information, including the legal terms of section 508 compliance, can be found at www.section508.gov/.

Tags: employment, jobs, testing, test, qa, 508, section 508

posted by Administrator on Friday, October 03 2008 permalink | comments (0)

Ballmer offers more on 'Windows Cloud'

 Microsoft CEO Steve Ballmer on Thursday promised it won't be long before the world gets to meet what he is calling "Windows Cloud"--something that acts like Windows but operates over the Internet.

"Just as we have an operating system for the PC, for the phone, and for the server, we need a new operating system that runs in the Internet," Ballmer said Thursday in a speech before France's CIGREF (Club Informatique des Grandes Entreprises Françaises). "I bet we'll call it Windows something. We're going to announce it in four weeks. We might even have a trademark by then. So, for today I'll call it Windows Cloud. And Windows Cloud will be a place where you can run arbitrary applications up in the Internet that runs .NET."

Ballmer first mentioned the "Windows Cloud" name in a speech in London earlier this week. Microsoft is expected to unveil "Windows Cloud" (whether it bears that name or not) at its Professional Developers Conference, which takes place the last week of October in Los Angeles.

Microsoft has already unveiled its Live Mesh, a consumer-based service that synchronizes data across multiple devices. The software maker has promised that application developers will also be able to write Mesh-based applications and that the tools to do so will be detailed at the PDC. Windows Cloud appears to go significantly beyond that, however.

The move into cloud computing, Ballmer said, will require a shift in Microsoft's overall developer tools, Ballmer said on Friday. "Part of that means putting .Net in the browser, which we've done with our Silverlight technology," Ballmer said, according to a transcript posted on Microsoft's Web site. "And yet I don't think the whole world lives in a browser. PC applications have better user interface, and you can integrate them more. Browser applications run on non-Windows machines, and they're easier to manage. We need to bring the benefits of both of those things together on Windows, and through our Silverlight technology permit the targeting of other systems."

Ballmer also talked about desktop Windows at the event, first addressing Vista and then talking briefly about its successor, Windows 7.

"Windows Vista is a product where we made some very conscious choices for some very good reasons that have been very painful," Ballmer said. However, he said that the company has now shipped about 180 million copies of the operating system.

"Deployments in large corporations are now ramping up quite nicely across the world, but in the enterprise I would say we are still earlier."

He then promised that Windows 7, as the company has been saying, will be compatible with Vista.

"No more breaks," Ballmer said. "So, any work we're doing together with you or you're doing on your own to test your applications for Vista compatibility will also apply to Windows 7. We hope you choose to deploy with Vista, but all of that work is good, important work for the long term."

Microsoft plans to release a pre-beta version of Windows 7 to developers attending the PDC.

He also said that Vista has lived up to its target of being, statistically speaking, the most secure version of Windows to date.

Ballmer also talked about the shifting expectations people have for software, pointing to the MySpace generation as one that expects people to have social capabilities built-in to their software.

"The young people you hire today, they grow up on MySpace, Facebook, and instant messaging," Ballmer said. "They grow up with a fundamental notion that applications have knowledge of other people. In order for business applications to go that direction, we need to provide fundamental platform operating system services that really provide what I might call the social web or the social graph."

Posted by Ina Fried CNET

Tags: test, windows, cloud, ballmer

posted by Administrator on Thursday, October 02 2008 permalink | comments (0)

Skytap Announces ISV Alliance Program

Skytap , the cloud-based virtual lab solutions company will distribute testing and training software through its Independent Software Vendor (ISV) Alliance program. The initial partners in the program, include Appistry, AutomatedQA, Borland, iTKO LISA, SmarteSoft and SOASTA. All these partners will make available their products to Skytap customers for a fee.

"Too often application testing is crippled by the fact that IT teams don't have access to adequate test tools or appropriate test environments," said Scott Barber, Executive Director of the Association for Software Testing. "Skytap's ISV partnerships will provide a way for IT organizations to access the tools and environments they need on demand."

With the introduction of the Skytap ISV alliance program, customers can now also access software from leading ISVs within the Skytap environment and gain the benefits of a pay-as-you-go model.

"Significant value that can be achieved through the adoption of this new model," said Steve Brodie, chief product and marketing officer of Skytap.

As part of Skytap's ISV alliance program, Skytap customers will receive:

• ISV tools and solutions available in the Skytap Library
• Pre-built virtual machines of ISV solutions to reduce set-up and configuration time
• A single monthly bill including itemized usage for both ISV software and Skytap Virtual Lab infrastructure

"Software testing is the ideal market for cloud computing," said Drew Wells, CTO of AutomatedQA.

Tags: skytap

posted by Administrator on Thursday, October 02 2008 permalink | comments (0)

TCP flaws puts Web sites at risk

Posted by Robert Vamosi on cnet

Two researchers in Sweden have found multiple flaws in the TCP stack that could lead to massive denial-of-service attacks if exploited. At present there is no workaround and there are no patches available.

The TCP stack defines a set of rules by which a computer can communicate over any network. Robert E. Lee, chief security officer for Outpost24, told CNET News, "the vendors we are in talks with seem to be taking the threat seriously."

The discovery follows a test using a port scanner called UnicornScan, which Lee and senior security researcher Jack Louis created. The tool is used for vulnerability assessment and penetration testing at Outpost24. Lee told a Swedish podcast that when they couldn't get a port scan done soon enough, they decided to move the TCP stack into the program to make it more distributed. That's when Louis started noticing strange behavior.

"Jack found some anomalies in which machines would stop working in some very specific circumstances while being scanned," Lee told CNET News. One of the behaviors experienced was packet loss where the packets just kept trying, and trying, and trying, creating, more or less, a denial of service (DoS) on that machine.

There doesn't appear to be just one vulnerability, but several, according to Robert Hansen who first wrote about this Friday. Hansen says the potential for these vulnerabilities, as he understands it, if exploited, could result in great damage. And fixing it will require coordination with vendors of operating systems, firewalls, and Web-enabled devices.

To exploit the flaws, to see if the TCP vulnerabilities were real, Lee and Louis created a program called "sockstress" that intentionally did some wrong things with the TCP/IP handshake process. The sockstress program was very effective in producing DoS attacks. The pair have no plans to release sockstress.

Lee said he doesn't plan to have a big, public disclosure press conference like Dan Kaminsky did with the DNS flaw this past summer. "We plan to work with vendors to ensure they understand the issues fully and have adequate solutions in place before publicly sharing details on the issues. Since there are multiple issues, we may be able to share information on individual issues as they are individually addressed."

Asked whether someone else could figure this out before the patches are out, Lee said "even though I think Jack Louis is exceptionally brilliant, Outpost24 doesn't have a monopoly on bug-finding abilities. It is a matter of time before someone else independently figures it out."

Tags: test, flaw, risks

posted by Administrator on Thursday, October 02 2008 permalink | comments (0)

EuroSTAR 2008 European Testing Excellence Award!

It's that time of year again when we ask you to please take a moment to consider the people who have most influenced your testing career - be it a colleague, a mentor, a coach, a team-leader, a trainer... Think about the people who've inspired teams and companies to new levels of excellence, or greater standards of quality, or personally helped you and others to achieve more than you thought possible.

This is a call for nominations for the European Testing Excellence Award 2008. 
This year marks a very special milestone as it is the 10th anniversary of this award.
Its your chance to acknowledge your testing "hero" - please invest a small amount of time in saying thank you to someone who has earned your respect, or maybe even changed your entire career.
 
Nominate before October 17th
 
You have until October 17th 2008 to send your completed nomination package to Lorraine at QualTech Conferences
All nominations are reviewed in strictest confidence.
 
This award recognises leadership in and contribution to the field of software testing, and promotes the sharing and collaboration of best practices across the European Testing Community. Please click here to read and follow the nomination instructions carefully.

 

We look forward to receiving your nominations!
 
Lorraine Banks,
QualTech Conferences

   

Tags: software testing conference, eurostar 2008, the hague, testing excellence award

posted by Susan on Wednesday, October 01 2008 permalink | comments (0)

A couple more webinars

Here are a couple more free webinars I've come across.

• There is a list of free Events and Web Seminars available over at NetObjectives.com. Register for these events before the seats fill up. The webinars are live, so you must schedule some time for them, they are not on-demand. If you happen to be in the area, check out the Atlanta Agile Open.
• SDTimes.com has a great list of free webinars. Currently only one is directly targeted at testing, and you can watch that here (requires RealPlayer). If you have the time, check out some of the others, as they cover some interesting topics.

Keep those brains active and keep on learning!

Tags: testing, qa, training, education, free, webinars

posted by Mike on Wednesday, October 01 2008 permalink | comments (0)

Test Common Welcomes SQuAD Members

I was pleased to see Test Common featured in the SQuAD October newsletter. For those of you who aren't familiar with SQuAD or the Software Quality Association of Denver (http://squadco.com/), it is a non-profit orgainziation that supports QA professionals in Denver. SQuAD meets monthly and provides a great opportunity for networking and learning.Our goal at Test Common is to supplement or extend the monthly SQuAD meetings by providing an online community to network inbetween meetings or continue the meeting after the meeting. Click here to see the SQuAD Group on Test Common. Hope to see you in the group and at the next meeting!

Tags: squad, networking, education

posted by Administrator on Thursday, October 02 2008 permalink | comments (1)

New Software Quality Testing Certification

The Quality Assurance Management Professional (QAMP) certification helps technology organizations increase the effectiveness of, and achieve better business outcomes with, applications that meet business needs with reliable performance.

Product development, whether it is defining requirements or implementation, is no longer a centralized project as most companies operate development teams that work concurrently from locations worldwide. As a result, it is increasingly important to ensure that project teams are on the same page throughout the entire process.

"Worldwide standardization is the key to the success of quality testing services," said Stephan Goericke, director, iSQI, and inventor of QAMP.

QAMP professionals must be certified and demonstrate standardized knowledge in requirements gathering, software testing and test management. To ensure that testers are trained on each step of the development process, QAMP incorporates several industry-standard certifications, including International Software Testing Qualifications Board (ISTQB) Foundation Level, ISTQB Advanced Level - Test Manager and the International Requirements Engineering Board (IREB) Certified Professional for Requirements Engineering - Foundation Level. The QAMP certification also requires two years of experience in software quality assurance.

"Widespread adoption of QAMP will help certified professionals effectively and efficiently work together to build quality software," said Rex Black, president, RBCS.

""We are committed to having all of our test professionals certified in accordance with this standard," said Andy Mattes, senior vice president, Application Services, EDS.

More information about the QAMP certification and training is available at qamp.org.

Tags: istqb, qamp, rex, black, andy, mattes, stephan, goericke

posted by Administrator on Tuesday, September 30 2008 permalink | comments (0)