sss ssss rrrrrrrrrrr ssss ss rrrr rrrr sssss s rrrr rrrr ssssss rrrr rrrr ssssssss rrrr rrrr ssssss rrrrrrrrr s ssssss rrrr rrrr ss sssss rrrr rrrr sss sssss rrrr rrrr s sssssss rrrrr rrrrr +===================================================+ +======= Quality Techniques Newsletter =======+ +======= March 2000 =======+ +===================================================+ QUALITY TECHNIQUES NEWSLETTER (QTN) (Previously Testing Techniques Newsletter) is E-mailed monthly to subscribers worldwide to support the Software Research, Inc. (SR), TestWorks, QualityLabs, and eValid WebTest Services user community and to provide information of general use to the worldwide software and internet quality and testing community. Permission to copy and/or re-distribute is granted, and secondary circulation is encouraged by recipients of QTN provided that the entire document/file is kept intact and this complete copyright notice appears with it in all copies. (c) Copyright 2003 by Software Research, Inc. ======================================================================== o 13th Annual International Software & Internet Quality Week 2000 o Software Testing - Myth or Reality? (Part 3 of 3) o Denial Of Service Attack -- Additional Information o CAPBAK/Web Release Now Supports Java Applets, Built-In Charting o Advisory for the Happy99 Virus o First Asia-Pacific Conference on Quality Software (APAQS 2000) o New Thinking OObjectively Column for CACM by M. E. Fayad o QTN SUBMITTAL, SUBSCRIPTION INFORMATION ======================================================================== 13th International Software/Internet Quality Week (QW2000) QW2000 Theme: New Century! New Beginnings! The Y2K event has passed. The celebrations are over. It's a new century and it's time for new beginnings. It's time for change. The explosive growth in interest in the Internet (WWW) is the main driving factor in much of what's happening in software testing and quality assurance. WebSites are very complex pieces of software, and many of the proven application-based and client-server approaches software quality approaches ought to apply to websites as well. QW2000's theme, "New Century! New Beginnings!" reflects this shift. This year our Keynoters have real-world experience that can be used on your projects, our QuickStart speakers' expertise will save you time and effort, and our over 60 speakers are focused on Technology, Applications, Internet and Management topics. QW2000 is an event NOT to be missed! What They Say About Quality Week Here are some samplings of attendee's comments about past Quality Week Conferences: o ...Quality Week in San Francisco was a valuable experience. The content of the tracks was kept at a educational level and anything that involved a specific product was very clearly identified. No unpleasant surprises... o ...Well organized, stimulating event... o ...In meeting with speakers and attendees at Quality Week I have been impressed with their breadth of experience, breadth of languages, and diversity of fields. o ...I need to mention to you how impressed I have been with the thought you have given to promoting the big picture. QW2000 papers are selected based on reviews and recommendations from our distinguished whose members represent a broad range of expertise in the software and internet quality area from Industry and Academic positions worldwide. International Advisory Board The "Quality" of the Quality Week Conferences is a direct result of the contribution of their expertise. QW2000's Advisory Board includes: Selim Aissi (Intel Corporation) - Larry Apfelbaum (Teradyne) James Bach (Satisfice) - Vic Basili (UOM) Boris Beizer (Analysis) - Bill Bently (Mu_Research) Robert Binder (RBSC, Inc.) - Robert Birss (Talarian) Jack Bishop (SVN) - Nick Borelli (Microsoft) Rita Bral (SR/Institute) - Taz Daughtrey (ASQC/SQP) Tom Drake (CRTI) - Sam Guckenheimer (Rational Software) Dick Hamlet (Portland State) - Doug Jacobson (Iowa State) Andre Kok (CMG/Netherlands) - Ara Kouchakdjian (Q-Labs/Netherlands) Edward Miller (SR/Institute) - John Musa (Consultant) Michael O'Duffy (CSE/Ireland) - Lee Osterweil (UMASS) Greg Pope (AZOR) - Otto Vinter (Delta/Denmark) Mark Wiley (nCUBE) - Denise Woit (Ryerson) Who Should Attend QW2000 is an educational experience aimed at many levels. Attendees should include: o Lead senior quality assurance managers and web chiefs looking for powerful testing methods and an opportunity to check out the latest tools and methodologies. o Software developers and website developers -- beginners and experts alike -- who need exposure to authoritative sources for improving their products. o Programmers, software developers, website designers -- anyone who wants to learn more about producing better quality products. o Managers and senior Technologists who want to catch up on the state-of-the-art in software and website testing and quality assurance. Participating Companies Here is a sampling of 100 of the more than 1200 companies that have sent delegates to Quality Week Conferences in past two years: 3Com, ABN AMRO, Adobe Systems Inc., ADP, AGFA Gevaert, AirTouch, Alcatel, Amazon.com, Amdahl, Andersen Consulting, AT&T, Autodesk, Inc., Bank of America, Barclays Bank, Bayer Corporation, Bechtel, Becton Dickinson, BellSouth, Blue Cross/Blue Shield, Boeing, Bomardier, Bosch, British Telecom, Cadence Design System, Cap-Gemini, CERN, Cisco, CMG, CNET, Compaq, Compuware, Coopers & Lybrand, CSC, Cypress Semiconductor, Daimler-Benz, Deutsche Telekom, DHL, Dresdner Bank, Eastman Kodak, EDS, Ericsson, Eurocontrol, FedEx, Ford Motor Company, Fujitsu, GE, Hewlett-Packard, Hitachi, Honeywell, Hughes, IBM Corporation, Informix, Intel , Intuit, J.D.Power, JPL, Johnson Controls, KPMG, Lernout & Hauspie, Lockheed Martin, Lucent, McGraw-Hill, MCI, Mentor Graphics, Merryll Lynch, Microsoft, MITRE, Motorola, NASA, NCR, Netscape, Nokia, Nortel, Northwestern Mutal, Novell, Oracle, Pacific Bell, PeopleSoft, Perkins Elmer, Philips, Platinum Technology, QUALCOMM, Raytheon, Rockwell Collins, SAS Institute, SGI, Shell, Siemens, Sony, Sun Microsystems, Sybase, Tektronix, TRW, Underwriters Laboratories, UNISYS, VeriFone, VISA, Volvo, Xerox C O M P L E T E C O N F E R E N C E P R O G R A M T U T O R I A L S Tuesday, 30 May 2000, 8:30 - 12:00 -- AM Tutorials Ms. Johanna Rothman (Rothman Consulting Group) "Life as a New Test Manager (A1) [USA]" Dr. Norman Schneidewind (Naval Postgraduate School) "A Roadmap to Distributed Client-Server Software Reliability Engineering (B1) [USA]" Mr. Michael Deck (Cleanroom Software Engineering, Inc.) "Requirements Analysis Using Formal Methods (C1) [USA]" Mr. Bill Deibler (SSQC) "Making the CMM Work: Streamlining the CMM for Small Projects and Organizations (D1) [USA]" Mr. Ross Collard (Collard & Company) "Test Planning Workshop (E1) [USA]" Dr. G. Bazzana & E. Fagnoni (ONION s.r.l.) "Testing Web-based Applications: Techniques for Conformance Testing (F1) [Italy]" Mr. Edward Kit (Software Development Technologies) "Software Testing in the Real World (G1) [USA]" Tuesday, 30 May 2000, 1:30 - 5:00 -- PM Tutorials Mr. Robert Binder (RBSC Corporation) "How to Write A Test Design Pattern (A2) [USA]" Dr. John Musa (Consultant) "Developing More Reliable Software Faster and Cheaper (B2) [USA]" Mr. Tom Gilb (Result Planning Limited ) "Requirements Engineering for Software Developers and Testers (C2) [Norway]" Mr. Tim Koomen & Mr. Rob Baarda (IQUIP Informatica BV) "Stepwise Improvement of the Testing Process using TPI(tm) (D2) [Netherlands]" Dr. Linda Rosenberg, Ms. Ruth Stapko, & Mr. Albert Gallo (NASA GSFC) "Risk-based Object Oriented Testing (E2) [USA]" Mr. Adrian Cowderoy (MMHQ) "Cool Q - Quality Improvement for Multi- disciplinary Tasks in Website Development (F2) [England]" Mr. Chris Loosey & Eric Siegel (Keynote Systems) "Internet Performance Measurement (G2) [USA]" T E C H N I C A L P R O G R A M Wednesday, 31 May 2000, 8:30 - 10:00 -- KEYNOTE SESSION #1 Dr. Stu Feldman (IBM Corporation) "Internet and E-Commerce: Issues and Answers (1P1) [USA]" Mr. Bill Gilmore (Intel Corporation) "The Intel Corporate Software Quality Network (1P2) [USA]" Wednesday, 31 May 2000, 10:30 - 5:00 -- Parallel Technical Tracks TECHNOLOGY TRACK Mr. Michael Silverstein (SilverMark, Inc.) "Automating Testing of Object-Oriented Components Using Intelligent Test Artifacts (2T1) [USA]" Mr. James Elder & Mr. Ricard Roma i Dalfo (Microsoft) "Object Based Machine Automation ("OSIRIS Project") (2T2) [USA]" Mr. Robert Bauer & Mr. Russell F. Ingram (Levetate Design Systems) "Building a Parallel Test Environment (3T1) [USA]" Mr. Robert Oshana (Raytheon Systems Company) "Performance Engineering of an Embedded System Application (3T2) [USA]" Dr. Rainer Stetter (Software Factory GmbH ) "Software Quality for Embedded Systems (4T1) [Germany]" Dr. Mark Blackburn (Software Productivity Consortium) "Application of the Test Automation Framework for Model Analysis and Test Generation (4T2) [USA]" APPLICATIONS TRACK Mr. James Andrews (The Open Group) "Automated Conformance Testing for IT & T Product Certification (2A1) [USA]" Mr. Juichi Takahashi (Florida Institute of Technology) "Is Special Software Testing Necessary Before Releasing Products to an International Market? (2A2) [USA]" Mr. David Carman (Telcordia Technologies) "Measuring Test Effectiveness: The Use and Misuse of Test Coverage (3A1) [USA]" Ms. Linda Hayes (WorkSoft) "Advanced Scripting Techniques: Making Automation Accessible (3A2) [USA]" Mr. William Lorensen & Mr. James Miller (GE Corporate Research & Development) "Visualization Toolkit Extreme Testing: A Production Release Every Day (4A1) [USA]" Mr. Kevin VanFlandern (Microsoft, Inc.) "Benchmarking Large Windows Based Applications (4A2) [USA]" INTERNET TRACK Mr. Ted Fuller (Agency.com) "Notes From The Front Lines: How to Test Anything and Everything on a Web Site (2W1) [USA]" Mr. Steven Porter (API / Independent) "From Web Site to Web App: Ensuring Quality in a Complex Environment (2W2) [USA]" Mr. Alberto Savoia (Velogic Inc.) "The Science of Website Load Testing (3W1) [USA]" Dr. B.M. Subraya & Mr. S. V. Subrahmanya (Infosys) "Performance Testing: A Methodical Approach to E-Commerce Applications (3W2) [USA]" Mr. Pat Garverick (Landmark Systems Corporation) "Testing the Performance Impact of a Web-based Application (4W1) [USA]" Mr. Steven Rabin (Interworld Corp.) "eCommerce Performance Management Lifecycle -- Benchmarking, Methodology and Criteria (4W2) [USA]" MANAGEMENT TRACK Mr. Joel Fleiss (VeriTest) "The ABCs of Managing a Software Testing Project (2M1) [USA]" Ms. Johanna Rothman (Rothman Consulting Group) "The Influential Test Manager (2M2) [USA]" Mr. Phil Lones (Lucent Technologies) "A Practical Approach to Testing Software in an Evolutionary Delivery Environment (3M1) [USA]" Mr. Cem Kaner "Yes, But What Are We Measuring? (3M2) [USA]" Mr. Doug Whitney and Pete Nordquist (Intel Corporation, Home Products Group) "Protecting Intellectual Property in an Open Source World (Panel) (4M1) [USA]" QUICKSTART Mr. James Bach (Satisfice, Inc.) "The Heuristic Approach to Testing (2Q) [USA]" Mr. Tom Gilb (Result Planning Limited ) "Pitiful and Powerful Measures of Software Metrics (4Q) [Norway]" Thursday, 1 June 2000, 8:30 - 10:00 -- KEYNOTE SESSION #1 Mr. Leon Osterweil (University of Massachusetts) "Determining the Quality of Electronic Commerce Processes (5P1) [USA]" Mr. Rainer Pirker (IBM / Austria) "The Need for Quality -- e-business Performance Testing (5P2) [Austria]" Thursday, 1 June 2000, 10:30 - 5:00 -- Parallel Technical Tracks TECHNOLOGY TRACK Mr. Alan Myrvold (Entrust Technologies Limited) "Feeling Tcl-ish? Applying Tcl to Real Test Tasks (6T1) [Canada]" Ms. Elisabeth Hendrickson (Aveo Inc.) "Quality in an ASP Environment (6T2) [USA]" Dr. Andreas Spillner & Dr. Ulrich Breymann (Hochschule Bremen) "Semantic Differences Between C++ and Java: Consequences for the Review and Test Process (7T1) [Germany]" Mr. Charles White (Segue Software, Inc.) "Functional Testing of CORBA based Systems in Java (7T2) [USA]" Mr. Atif Memon, Dr. Martha E. Pollack, & Dr. Mary Lou Soffa (University of Pittsburgh) "A Planning-Based Approach to GUI Testing (8T1) [USA]" Mr. Stephen Sullivan (Mathcom Solutions, Inc.) "Performance Engineering for Java and the Web (8T2) [USA]" APPLICATIONS TRACK Dr. Jean Hartmann & Mr. Claudio Imoberdorf (Siemens Corporate Research) "Functional Testing of Distributed, Component-Based Software (6A1) [USA]" Dr. Jerry Gao, Mr. Kamal Gupta & Ms. Shilina Gupta (San Jose State University) "Design for Testability of Software Components (6A2) [USA]" Dr. Yingxu Wang (Centre for Software Engineering) "A Practical New Approach to COTS Testing (7A1) [Sweden]" Mr. Scott Trappe (Reasoning Inc.) "Find the Defects that Traditional Testing Misses with Automated Software Inspection Services (7A2) [USA]" Dr. John Musa (Consultant) "SRE: A Good Idea But How Do We Get People To Use It? (8A1) [USA]" Mr. Giuseppe Lami, Ms. Stefania Gnesi, Prof. Mario Fusani & Mr. Fabrizio Fabbrini (Istituto di Elaborazione dell'Informazione) "Quality Evaluation of Software Requirements Specifications (8A2) [Italy]" Mr. Nick Borelli (Microsoft) "Ask The Experts (Panel Session) (8A3) [USA]" INTERNET TRACK Mr. Anand Sundaram (RSW Software, Inc.) "Managing E-Business Quality in Internet Time (6W1) [USA]" Ms. Lisa Crispin (TRIP.com) "Stranger in a Strange Land -- Bringing Quality Assurance to a Web Startup (6W2) [USA]" Ms. Jeanette Folkes & Mr. Bert Lamar (Ogilvy Interactive) "The Challenges of Web Testing (7W1) [USA]" Ms. Andrea MacIntosh & Mr. Wolfgang Strigel (QA Labs Inc.) "The Living Creature - Testing Web Applications (7W2) [Canada]" Mr. Adrian Cowderoy (MMHQ) "Technical Quality is Just the Start -- The Real Battle is Commercial Quality (8W1) [England]" Mr. Steven Watson (CNET Inc.) "Quality Assurance Challenges in the Internet Industry (8W2) [USA]" MANAGEMENT TRACK Ms. Lisa Crispin (TRIP.com) "Guerilla Tool Selection (6M1) [USA]" Mr. Brian Lawrence & Ms. Johanna Rothman (Coyote Valley Software / Rothman Consulting, Inc.) "Testing in the Dark (6M2) [USA]" Mr. Patrick Copeland (Microsoft) "Redesigning a Testing Organization for Delivery to the Web (7M1) [USA]" Mr. Rex Black (Rex Black Consulting Services, Inc.) "The Fine Art of Writing a Good Bug Report (7M2) [USA]" Mr. D.J. Law (QWest Communications) "Certification Programs for Software Quality and Test Professionals (8M1) [USA]" Mr. Marc Zasada (VeriTest) "What Does "Application Certification" Mean in the Software Industry? (8M2) [USA]" QUICKSTART Mr. Tobias G. Mayer (eValid, Inc.) "WebSite Testing (6Q) [USA]" Mr. Brian Marick & Mr. James Bach & Cem Kaner "Evaluating Test Suites (Workshop) (7Q) [USA]" Mr. Thomas Drake (CRTI ) "Testing Network Based Software Systems -- The Future Frontier (8Q) [USA]" Friday, 2 June 2000, 8:30 - 10:00 -- Parallel Technical Tracks TECHNOLOGY TRACK Mr. Sam Guckenheimer (Rational Software Corporation) "Enabling Testable Architectures with UML (9T1) [USA]" Mr. Tim Szymanski (Advanced Software Technologies, Inc.) "Quality Starts with Requirements: How the UML Can Help (9T2) [USA]" APPLICATIONS TRACK Mr. Rob Baarda & Tim Koomen (IQUIP Informatica BV) "Risk Based Test Strategy (9A1) [Netherlands]" Mr. Jerrold Landau (IBM Canada) "An Overview of Testing Methodology and Experience at IBM Corepoint Banking Solutions (9A2) [Canada]" INTERNET TRACK Dr. Wen-Kui Chang & Mr. Shing-Kai Hon (Tunghai University) "A Systematic Framework for Ensuring Link Validity under Web Browsing Environments (9W1) [Taiwan]" Mr. Michael Weider (Watchfire) "The Web Application Process: Development & Testing (9W2) [Canada]" MANAGEMENT TRACK Mrs. Hong Guo, Prof. Graham King, Ms. Margaret Ross & Mr. Geoffe Stable (Southampton Institute) "Using BOOTSTRAP to Improve the Management of Software Process in a Virtual Software Organization? (9M1) [England]" Mr. Richard Kasperowski (Altisimo Computing) "Opportunistic Software Quality (9M2) [USA]" QUICKSTART Mr. Otto Vinter (DELTA Danish Electronics, Light & Acoustics) "Experience-Based Approaches to Process Improvement (9Q) [Denmark]" Friday, 2 June 2000, 10:30 - 12:00 -- KEYNOTE SESSION #3 Mr. Marcelo Dalceggio (Banco Rio de la Plata SA) "Automated Software Inspection Process (10P1) [Argentina]" Mr. Sanjay Jejurikar (Microsoft) "The Engineering Process of Windows 2000 (10P2) [USA]" Prof. Gene Spafford (CERIAS / Purdue University) "Information Security Requires Assurance (10P3) [USA]" Friday, 2 June 2000, 8:30 - 10:00 -- Post-Conference Workshops Mr. Douglas Hoffmann (Software Quality Methods LLC) "Oracle Strategies for Automated Testing (W1) [USA]" Mr. Cem Kaner "Bug Advocacy (Workshop) (W2) [USA]" Dr. Edward Miller (Software Research, Inc.) "WebSite Quality Workshop (W3) [USA]" Mr. Robert Sabourin (Purkinje Inc.) "The Effective SQA Manager - Getting Things Done (W4) [Canada]" R E G I S T R A T I O N I N F O R M A T I O N Complete registration with full information about the conference is available on the WWW at <http://www.soft.com/QualWeek/QW2K> where you can register on-line. We will be pleased to send you a QW2000 registration package by E-mail, postal mail or FAX on request. Send your E-mail requests to: qw@sr-corp.com or FAX or phone your request to SR/Institute at the numbers below. QW2K: 30 May 2000 - 2 June 2000, San Francisco, California USA +-----------------------------------+----------------------------------+ | Quality Week 2K Registration | Phone: [+1] (415) 861-2800 | | SR/Institute, Inc. | TollFree (USA): 1-800-942-SOFT | | 1663 Mission Street, Suite 400 | FAX: [+1] (415) 861-9801 | | San Francisco, CA 94103 USA | E-Mail: qw@sr-corp.com | | | WWW: http://www.soft.com | +-----------------------------------+----------------------------------+ ======================================================================== Software Testing - Myth or Reality? (Part 3 of 3) By Romilla Karunakaran InterWorld Corporation Filing the right bugs also allows managers to make the right decisions about what changes and fixes are due within the application. Bugs are also those features within the application that works well but is not a desirable feature that the clients or users want. It could be that the feature is not user friendly or that it may not be what the user intends to apply within the user environment. It is obvious therefore that testers have a unique responsibility towards making expert decisions on what sort of "deviance" can be considered a bug as these people are required to develop real test case scenarios that a typical user might use when employing the use of the software. A good tester is one who attempts to understand the users and to report bugs that a typical user might be inclined to do so. The tester's ability to deliver the required bugs however depends on the quality of the specifications that he/she receives. Incorrect specifications and poorly written requirements documentation interferes in the tester's ability to report qualified bugs. The experienced tester also reports bugs in a manner that developers can understand explaining the nature of the bug and how users can be affected by the presence of such a bug. Bug reports should have the required information that would in addition, allow developers to visualize the state of the bug if the developers do not have a proper idea of what the customers really want. Capable of an Interdisciplinary Approach A skillful tester is a jack of all trades, having carefully nurtured the required skill-sets that would allow him/her to approach testing from a multi-disciplined approach. A tester is also one who is creative and capable of finding new ways of making his job exciting and creative. Testing is not a mere humdrum of sitting at one's computer and waiting for a new build to commence testing but can be a creative process of developing a means of assimilation within the overall software development process. This can happen when the tester makes a genuine concern towards understanding his/her contributions towards the software testing process and the means of improving workflow and communication with the other parties involved in the process. People Skills It is the good tester who takes the initiative to seal the glitch between the developers and the users. This should be the individual who understands the point of view of the customer, simulates the typical business test scenarios and environment, and who communicates to the developer the reason why a bug needs to be fixed in the right way. Most testers unfortunately do not take the trouble to understand the need to maintain good communication with teammates and fellow workers. Communication skills are an essential criteria in a good tester. Having the right people skills enables the tester to maintain a healthy relationship with the developers and management, while enabling the tester to develop an appreciation for the developers' viewpoints and being diplomatic about the nature of bugs filed for fixing. Regular meetings should be organized to allow the testers and developers to exchange feedback that would facilitate their workflow. Both parties should also understand the kind of feedback expected in meetings and should develop a roadmap on the various stages involved in the problem solving process. Such a process should be directed towards improving the communication channels and the responsibility of each individuals or parties towards ensuring a mutually productive relationship with all parties concerned. Being Responsible The testing function requires the tester to be alert and aware of feature changes within the software product under test at all times and to be capable of making the right decisions at the required time. Testers should always find the means of updating their skillsets and knowledge as it helps to sharpen their existing technical skills in understanding the work of their development mates. Training oneself to understand the finer points of the software testing process will also allow one to polish one's judgement skills when making a quick decision about which high-risk areas should be focussed for testing given a limited time. Most testers unfortunately do not keep their test suite up to date and often rely on outdated test suites of a few months ago. Testing is a progressive state and should always be followed through with prompt and updated test cases and test suites. In a high rapid development environment, it is a cause for concern when a tester continues to employ a test suite that was done few months ago for an application that has experienced added functionalities over a course of time. Such irresponsibility only increases the risks of delivering a poorly tested software product. Understanding the Testing Realm Most testers seldom take the trouble to understand the software development lifecycle process and the importance that the quality assurance role plays in this larger process. Often, they are not aware of the business goals and objectives of the quality assurance process as part of the larger business function of the organization. These individuals do not understand the developers, finding them blunt and unfriendly, and feeling comfortable keeping a distance away from people they should work with. Tact and diplomacy is a prerequisite for any tester as it allows the tester to share the views of many and make valuable decisions about the testing effort. Testers should also be given a chance to meet end-users so that they can understand the type of testing which is expected of them. This will also help prioritize the high-risk testing areas that could be validated by the end-users and clients. Testers come in all shapes and sizes and naturally with a varying background in terms of skillsets, discipline, creativity and experience. The quality of the product shipped depends on the worth of these individuals in contributing towards the testing effort and the general success of the testing process. It is therefore important that testers be given the required training in understanding their part in the testing effort. A Final Thought The quality assurance process serves as the organization's watchdog in ensuring that the quality of the software product developed meets clients' or end-users' expectations. The software testing process, which is in turn a subset of the quality assurance process, can be facilitated through the employment of good quality assurance people or testers and the participation of management in prioritizing quality issues and the importance of the customer. Customer focus is an integral feature in the development of a high-quality software product and it is important that all participants in the process understand the meaning of quality in this respect. The success of the testing effort depends in part on the careful evaluation of customer needs and feedback into the development of a successful software product. Suffice to say software testing is no myth. Its importance and credibility cannot be reiterated enough. It is the reality and decisive process for any successful software development project. With the current move towards the development of high-performing Internet applications, the reality and importance of software testing has certainly defied the role of a mythical order in today's modern software development world. With the high uncertainties involved in web testing where several constraints govern the effectiveness of the testing effort in a web environment, it comes as no wonder why there is a need to ensure that testers develop the required skillsets and develop the right posture towards the software testing effort. ======================================================================== Denial Of Service Attack -- Additional Information From The SANS InstitueGary Flynn of James Madison University has posted substantial additional information about the copies of trinoo-like code found on Windows PCs, described in the NewsBites that you received earlier today. In a report entitled "Wintrinoo" Gary noted the following: 1. The number of machines infected was not 160. He reported that he found 149 machines that were listening on port 34555, but that the number of machines actually infected may have been substantially less because of possibility of false positives. 2. He also reported that he discovered 16 of the computers (all running Windows, and at least 5 running Windows98) "sending out large numbers of UDP packets on random ports." 3. He noted that all 16 machines were infected with the BackOrifice remote control Trojan. 4. After removing BackOrifice from one of the machines, he discovered the computer again participating in a UDP flood. That led to the discovery of a program that was reported to CERT as a possible variant of the trinoo distributed denial of service tool. CERT is analyzing this. Gary's technical expertise and rapid response is helping the entire community to be better informed. We're sorry that our initial report didn't have the precision that Gary's latest posting has provided. We'll keep you informed as we hear of new developments. The bottom line: PCs running Windows at universities have been found participating in distributed denial of service attacks. The next step is to ask the virus detection vendors to find and eradicate the flooding programs -- Gary has forwarded the code to them. ======================================================================== CAPBAK/Web Release Now Supports Java Applets, Built-In Charting We think our new Test Enabled Web Browser(tm) technology will change the way you think about testing a website. CAPBAK/Web has the look and feel of the IE browser -- the most commonly used (and familiar) browser And, CAPBAK/Web is just as easy to use! Besides being a fast and effective browser, CAPBAK/Web has ALL the testing capability you need to measure, test, validate, and confirm your website. You can use CAPBAK/Web to perform WebSite static and dynamic testing, QA/Validation, and load imposition. CAPBAK/Web includes native capabilities that permit it to handle WebSite features that are difficult, awkward or even impossible with other approaches that are based on viewing a website from the Windows OS level or from a Web server. CAPBAK/Web's view of your website is almost exclusively from within the browser. The current build of CAPBAK/Web has a very rich feature list: > Intuitive GUI on the browser to control all functions. > Recording and playback of user sessions in integrated true-time and object mode. > Fully editable recordings/scripts, using an intuitive syntax. > SingleStep/Pause/Resume control to help check out scripts. > Content validation options, including internal HTML document features, selected text fragments, selected images, and all images and Java applets. > Dynamically created, full-color, event charts, timing charts, performance charts. > Wizards create scripts to exercise all links on a page, push all buttons on a FORM, and manipulate a FORM's contents. > Secure zone recording support. > JavaScript and VBScript fully supported. > Special advanced features support recording interactions with Java applets -- other products cannot do this. > Spreadsheet ready event log, messages log, errors log and performance logs are compatible with all popular databases. > Performance timings to 1 msec resolution. > Cache management (you can play back tests without a cache or with an initially empty cache). Take a Tour of CAPBAK/Web at: <http://www.soft.com/Products/Web/CAPBAK/Documentation.IE/CBWeb.GUI5.html> Take a quick look at the Features and Benefits of CAPBAK/Web at: <http://www.soft.com/Products/Web/CAPBAK/features.benefits.html> Prices and On-Line Ordering Details for CAPBAK/Web are at: <http://www.soft.com/Products/Web/CAPBAK/price.order.web.html> Download the latest CAPBAK/Web release at: <http://www.soft.com/Products/Downloads/down.capbakweb.html> +-----------------------------------+-----------------------------------+ | TestWorks/Web | Phone: [+1] (415) 861-2800 | | Software Research, Inc. | TollFree (USA): 1-800-942-SOFT | | 1663 Mission Street, Suite 400 | FAX: [+1] (415) 861-9801 | | San Francisco, CA 94103 USA | Email: sales@sr-corp.com | | | WWW: http://www.soft.com/Products | +-----------------------------------+-----------------------------------+ ======================================================================== Advisory for the Happy99 Virus This is a California Computer Technologies advisory concerning a newly detected virus known as "Happy99.exe" or the "I-Worm" virus. VIRUS NAME: Happy99.exe ALSO KNOWN AS: Win32.ska.a, ska, Wsock32.ska and Ska.exe CLASSIFICATION: Email Trojan or Worm virus STATUS: Verified as valid SYMPTOMS: None apparent WHO IS AFFECTED: Usenet (Newsgroups) users and anyone receiving email from the Internet and AOL service. VIRUS INFORMATION: The virus is apparently intended to spread itself undetected via email messages, and to bring down email servers on the internet and corporate intranets. (From Proland Software): Happy99 is a Win32 based Trojan program. When this program is executed it will display some fireworks. Apart from the fireworks display this program will do some other activity in the background without the user's permission. In the background this program will create two files SKA.EXE and SKA.DLL. It will alter WSOCK32.DLL to put its code into that file and keep the original file as WSOCK32.SKA. It can not modify the WSOCK32.DLL file if it is in use. In such a case this program will add an entry to the Windows Registry to run SKA.EXE the next time the computer is booted so that it can do these modifications. The size of this trojan file is 10000 bytes. You will not get infected by Happy99 merely by downloading the trojan file. You will have to execute it to get infected. The modified WSOCK32.DLL has routines to detect the email and newsgroup postings made by the user. It will send a copy of the SKA.EXE file renamed as happy99.exe to every user or newsgroup to whom the user has sends an email. Each recipient will get the email only once and the trojan will not send repeat email to the same user. It will send a separate email retaining the subject of the first email with the file as an attachment. The trojan also maintains the file LISTE.SKA which contains the list of all email addresses and newsgroups to which this file has been sent. The unique function of this trojan is that it can spread on its own. Happy99 first appeared in January 1999 and it is reported to have affected a lot of users. (From Data Fellows:) SAN JOSE, February 1, 1999 -- Happy99.exe was first identified approximately around mid-January and is now traveling across the Internet via e-mail attachments and newsgroup postings. The worm modifies e-mails and newsgroup postings by adding unauthorized attachments without the computer user's knowledge. As a side-effect, it can also create network slowdowns and, in a worst-case scenario, even crash corporate e-mail servers. While the computer worm does not destroy or alter files or otherwise cripple computers and networks, it creates a time- and energy-consuming nuisance to network administrators. The computer worm works on Windows 95 and 98 platforms. DETECTING THE VIRUS: 1. If you received the Happy99.exe file, and executed it, you've got it. See the attached .gif file for an example. 2. Check the following: Both you C:\Windows and C:\Windows\System directories for the presence of any of the following files: SKA.EXE SKA.DLL WSOCK32.SKA If any of these files are present, you've been attacked. 3. (Advanced Users Only): Use Windows Regedit program and check for the following in your system registry files: HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce=SKA.EXE You can tell Regedit to do a search for SKA.EXE. If this is in your registry files, remove it. MANUAL REMOVAL OF THE VIRUS: 1. If found, delete SKA.EXE and SKA.DLL from your C:\Windows or C:\Windows\System directories. 2. If you find the WSOCK32.SKA file in either your C:\Windows or C:\Windows\System directories, then you can be assured that your WSOCK32.DLL file is infected and corrupt. Delete WSOCK32.DLL from the system ONLY if the WSOCK32.SKA file is present. Rename WSOCK32.SKA to WSOCK32.DLL. If you cannot delete or rename any of these files, because Windows is actually running them in the background, then I suggest that you print these instructions, then shut Windows down to the DOS mode, then change the file attribute on the files, rename the files, then restart Windows. This time Windows will start up with the real, unaffected Wsock32.dll file. 3. You can also use Windows Explorer's FIND feature, and see if HAPPY99.EXE happens to be residing on your system undetected. If you find that file, delete it without executing it. IMMUNIZING AGAINST THE VIRUS: There is one neat little trick that you can do to stop the virus dead in it's tracks: You can use Windows Explorer, go to your C:\Windows\System folder, and locate your WSOCK32.DLL file. Once found, highlight the file, right mouse click on it, then hit properties. At the bottom of the properties box, you will see selections for the file's attributes .... click ARCHIVE off, and READ ONLY on. This will prevent renaming of the file which starts the infection process. Martinig & Associates Tel: +41-21-922-1300 Rue des Marronniers 25 Fax: +41-21-921-2353 CH-1800 Vevey / Switzerland franco@martinig.ch <http://www.martinig.ch> ======================================================================== First Asia-Pacific Conference on Quality Software (APAQS 2000) http://www.csis.hku.hk/~apaqs HONG KONG OCTOBER 30-31, 2000 ORGANIZED BY The Software Engineering Group, The University of Hong Kong Software Technology Centre, Vocational Training Council, Hong Kong BACKGROUND The quality of software has an important bearing on the financial and safety aspects in our daily lives. Unfortunately, software systems often fail to deliver according to promises. It is well known that there are still unresolved errors in many of the software systems that we are using every day. The Asia-Pacific region is far from being immune to these problems. The prime objective of the conference is to provide a forum to bring together researchers and practitioners from this region to address this issue seriously. CALL FOR PAPERS We are soliciting full-length research papers and experience reports on various aspects of software testing or quality assurance. Specific topics include, but are not limited to, the following areas: - Automated software testing - Configuration management and version control - Conformance testing - Debugging - Economics of software testing - Formal methods - Metrics and measurement - Performance testing - Process assessment and certification - Quality management - Quality measurement and benchmarking - Reliability - Review, inspection, and walkthroughs - Robustness testing - Safety and security - Testability - Testing tools - Testing standards - Testing of object-oriented software - Testing of real-time systems - Testing processes - Testing strategies - Application areas such as e-commerce, component-based systems, digital libraries, distributed systems, embedded systems, enterprise applications, information systems, Internet, mobile applications, multimedia, and Web-based systems All the papers submitted to the conference will be refereed by three members of the program committee according to technical quality, originality, significance, clarity of presentation, and appropriateness for the conference. The conference proceedings will be published by IEEE Computer Society Press, Los Alamitos, California. Selected papers of the conference will be published in a special issue of the International Journal of Software Engineering and Knowledge Engineering. CONTACT: Dr. T.H. Tse Associate Professor Department of Computer Science and Information Systems The University of Hong Kong Pokfulam Road HONG KONG Tel +852 / 2859 2183 Email mailto:tse@csis.hku.hk Fax +852 / 2559 8447 Web http://www.csis.hku.hk/~tse ======================================================================== New Thinking OObjectively Column for CACM by M. E. Fayad I am writing a column for the Communications of ACM. The column title is "Thinking OObjectively." I started a new sequence of 6-9 columns on Software Engineering in the Small this month. The first column: Mohamed E. Fayad, Mauri Laitinen, and Robert P. Ward, Software Engineering in the Small, Communications of the ACM, Vol. 43, No. 3, March 2000. The second column: Mauri Laitinen, Mohamed E. Fayad, Robert P. Ward, The Problem with Scalability, May 2000. The third column: Robert P. Ward, Mauri Laitinen, Mohamed E. Fayad, Management in the Small, July 2000. You can also obtain some of my columns from my web site: <http://www.cse.unl.edu/~fayad> Please let me know what do you think. Any feedback will be appreciated. Mohamed E. Fayad, Ph.D. Ph: (402) 472-2615 J.D. Edwards Professor Fax: (402) 472-7767 Computer Science & Engineering E-mail: fayad@cse.unl.edu College of Engineering m.fayad@computer.org University of Nebraska, Lincoln fayadm@acm.org 108 Ferguson Hall, P.O. Box 880115 URL: Lincoln, NE 68588-0115 http://www.cse.unl.edu/~fayad ======================================================================== ------------>>> QTN SUBMITTAL POLICY <<<------------ ======================================================================== QTN is E-mailed around the 15th of each month to subscribers worldwide. To have your event listed in an upcoming issue E-mail a complete description and full details of your Call for Papers or Call for Participation to "ttn@sr-corp.com". QTN's submittal policy is: o Submission deadlines indicated in "Calls for Papers" should provide at least a 1-month lead time from the QTN issue date. For example, submission deadlines for "Calls for Papers" in the January issue of QTN On-Line should be for February and beyond. o Length of submitted non-calendar items should not exceed 350 lines (about four pages). Longer articles are OK but may be serialized. o Length of submitted calendar items should not exceed 60 lines. o Publication of submitted items is determined by Software Research, Inc., and may be edited for style and content as necessary. DISCLAIMER: Articles and items are the opinions of their authors or submitters; QTN disclaims any responsibility for their content. TRADEMARKS: STW, TestWorks, CAPBAK, SMARTS, EXDIFF, STW/Regression, STW/Coverage, STW/Advisor, TCAT, and the SR logo are trademarks or registered trademarks of Software Research, Inc. All other systems are either trademarks or registered trademarks of their respective companies. ======================================================================== ----------------->>> QTN SUBSCRIPTION INFORMATION <<<----------------- ======================================================================== To SUBSCRIBE to QTN, to CANCEL a current subscription, to CHANGE an address (a CANCEL and a SUBSCRIBE combined) or to submit or propose an article, use the convenient Subscribe/Unsubscribe facility at: <http://www.soft.com/News/QTN-Online/subscribe.html>. Or, send E-mail to "qtn@sr-corp.com" as follows: TO SUBSCRIBE: Include this phrase in the body of your message: subscribe your-E-mail-address TO UNSUBSCRIBE: Include this phrase in the body of your message: unsubscribe your-E-mail-address NOTE: Please, when subscribing or unsubscribing via email, type YOUR email address, NOT the phrase "your-E-mail-address". QUALITY TECHNIQUES NEWSLETTER Software Research, Inc. 1663 Mission Street, Suite 400 San Francisco, CA 94103 USA Phone: +1 (415) 861-2800 Toll Free: +1 (800) 942-SOFT (USA Only) Fax: +1 (415) 861-9801 Email: qtn@sr-corp.com Web: <http://www.soft.com/News/QTN-Online> ## End ##