the legend of software hollow: defeating the headless horseman of faulty applications
TRANSCRIPT
Parasoft Copyright © 2016 1Tweet @Parasoft #SoftwareHollow
2016-10-31The Legend Of Software HollowDefeating the Headless Horsemen of Faulty Applications
Parasoft Copyright © 2016 2Tweet @Parasoft #SoftwareHollow 2
Open and hide your control panel
Join audio:
• Choose “Mic & Speakers” to use
VoIP
• Choose “Telephone” and dial
using the information provided
Submit questions and comments via
the Questions panel
Note: Today’s presentation is being
recorded and will be provided within
48 hours.
Your Participation
GoToWebinar Housekeeping
Parasoft Copyright © 2016 3Tweet @Parasoft #SoftwareHollow 3
Your Presenter
Arthur “Code Curmudgeon” Hicken has been
involved in automating various practices at
Parasoft for over 20 years. He has worked on
projects including database, the
Software development lifecycle,
cybersecurity, web publishing
and monitoring, and integration
with legacy systems.
Arthur has worked with IT
departments in companies
such as Cisco, Vanguard,
And Motorola to help
improve their software
development practices.
The Code Curmudgeon’s goal is
to scare you into improving your
application quality and security.
Parasoft Copyright © 2016 4Tweet @Parasoft #SoftwareHollow 4
Win a Parasoft Shirt
Show us your costume
Tweet @Parasoft #SoftwareHollow
Mail costume picture to
Winner will be chosen and random
Tweet: @Parasoft
#SoftwareHollow
Parasoft Copyright © 2016 5Tweet @Parasoft #SoftwareHollow 5
Agenda
Halloween Fun
Dangers lurking
Lessons learned from others
Parasoft Copyright © 2016 6Tweet @Parasoft #SoftwareHollow 6
Story Overview
Parasoft Copyright © 2016 7Tweet @Parasoft #SoftwareHollow 7
Parasoft Copyright © 2016 8Tweet @Parasoft #SoftwareHollow 8
Headless Horseman and Software
Relentlessly attack
Security
Performance
•Negative attack
•Too much success
Quality
•if it can break, he’ll break it
Bad user experience
•Do they give up and run away?
Parasoft Copyright © 2016 9Tweet @Parasoft #SoftwareHollow 9
Poll #1
• What is your biggest software scare?
• Missing deadlines
• Software failing after release
• Competition
• Being hacked
Parasoft Copyright © 2016 10Tweet @Parasoft #SoftwareHollow 10
Parasoft Copyright © 2016 11Tweet @Parasoft #SoftwareHollow 11
Villagers
Fearful
Belief in legends rather than facts
Not well prepared
(Money instead of action?)
Avoid the problem or addressing it
Parasoft Copyright © 2016 12Tweet @Parasoft #SoftwareHollow 12
Villagers release plan
Write the code
Poke at it and see if it works
It’s ready because “Developers feel it”
Celebrate
Parasoft Copyright © 2016 13Tweet @Parasoft #SoftwareHollow 13
Parasoft Copyright © 2016 14Tweet @Parasoft #SoftwareHollow 14
Katrina Van Tassel
Beauty / proud of appearance
• UI over quality
Rich / Fortune
• No attention to bottom line
Whimsical
• Sometimes does the right things
• Inconsistent
Pampered
• Throw the code over the fence
Parasoft Copyright © 2016 15Tweet @Parasoft #SoftwareHollow 15
Who is Katrina?
Overly agile (flirting with too many things, –
never promised)
Ultimately unsure – without vision
Short-term success but nothing long term
Parasoft Copyright © 2016 16Tweet @Parasoft #SoftwareHollow 16
Parasoft Copyright © 2016 17Tweet @Parasoft #SoftwareHollow 17
Brom Bones (Abraham Van Brunt)
Willing to battle
• Bugs in the field
Physically fit over brains
• Pen test over static analysis
Practical joker – full of mischief
• Easter eggs leading to potential exploits
Lied about exploits vs Horseman
• No metrics for readiness
Doesn’t believe in ghosts
• Which doesn’t help him in the end
• You may think security doesn’t matter, but it does.
Parasoft Copyright © 2016 18Tweet @Parasoft #SoftwareHollow 18
Who is Brom?
Agile to a fault
Constant re-work
Do what’s interesting or fun
Avoid boredom
Ultimately missing real success
Parasoft Copyright © 2016 19Tweet @Parasoft #SoftwareHollow 19
Poll #2
• Which of the following do you do all the time:
• Static analysis
• Peer review
• Unit test
• Performance test
• Penetration test
Parasoft Copyright © 2016 20Tweet @Parasoft #SoftwareHollow 20
Parasoft Copyright © 2016 21Tweet @Parasoft #SoftwareHollow 21
Ichabod Crane
Schoolmaster
• Ongoing education
Not physically fit
• No brute techniques
Brainy
• Work smarter
Steady
• Do the tedious tasks like static analysis
Eager to help
• Peer review and pair programming
Ladies man
• Wanted users to have good experience
Do the right thing rather then be brave
Parasoft Copyright © 2016 22Tweet @Parasoft #SoftwareHollow 22
What Ichabod does ALL THE TIME
Static analysis
Unit test
Peer review
Functional test
Load test
Security – static and penetration
Coverage
Metrics
Parasoft Copyright © 2016 23Tweet @Parasoft #SoftwareHollow 23
Honorable Mention – Johnny Depp
Detective
Never gives up
Seeking the root cause rather than simple fixes
Parasoft Copyright © 2016 24Tweet @Parasoft #SoftwareHollow 24
In the End
Brom and Katrina forced to merge to save
money
Ichabod moved on to a more successful
company and was a large success and
became a household name
Parasoft Copyright © 2016 25Tweet @Parasoft #SoftwareHollow 25
Conclusions
Delivering software can be scary!
• And dangerous!
Ad hoc approach fails in the end
Basic quality practices succeed
• Thorough measured testing
• Static analysis
• Metrics
• Peer review
Prepared for security, compliance, safety
Parasoft Copyright © 2016 26Tweet @Parasoft #SoftwareHollow 26
Blog: http://alm.parasoft.com
Web: http://www.parasoft.com/jsp/resources
Facebook: https://facebook.com/parasoftcorporation
Twitter: @Parasoft @CodeCurmudgeon
LinkedIn: http://www.linkedin.com/company/parasoft
Google+ Community: Continuous Testing
Nov 7-9 – QCon San Francisco
Nov 16 – Testing Microservices
Nov 16-17 – Better Software East