Hands-on training for Software Security!

OWASP has a project called WebGoat that allows you to learn about software security by testing and fixing an intentionally insecure web site. http://www.owasp.org/index.php/Category:OWASP_WebGoat_Project Leave a comment if you've worked through this and let everyone know your experiences!

The Stack is 54 years old! (at least the German Patent for it is)

The following link is a copy of the Patent application for the use of a stack to perform mathematical operations. We take this idea for granted today as a method for processing data, but the idea can be traced back at least this far. http://www.fh-jena.de/~kleine/history/software/BauerSamelson-patent-de1094019.pdf

QA Comics

I posted a comic series a few years ago,

http://www.webcomicsnation.com/not-bob/sqa/series.php?view=single&ID=70234

While the following strip isn't the first, clicking on the link will take you to the beginning :), Enjoy!

"If it weren't so sad, it would be enough to make you laugh. But instead it makes you cry"

While the quote sounds like it came from Yogi Berra, it summarizes how you may feel when it takes more than $7 million dollars to cancel a project.

http://randallrice.blogspot.com/2011/03/minnesota-taxpayers-to-foot-725-million.html

Mr. Fails

Here is a link to a story about testing software in the form of a children's book

http://blog.softwaretestingclub.com/2010/12/mr-fails/

It's good, check it out!

The origins of 'Software Engineering'

The first of four articles on the origins of 'Software Engineering' was published today on the Software Testing Club blog. Here is the video that goes along with the article.

Proposal for QA Certification

Poking around, I found this image (click the image for the original blog) that was claiming the quality of a piece of code being described. I realized that lots of us do this, our only claim to the quality of our code is that on one particular day on one particular computer, the code worked as expected. We should formalize this by putting this logo on our products.

What do you think?

What if network lag happened in real life? (video)

http://www.youtube.com/watch?v=ZcP9jiCbakw&feature=player_embedded

"Reflections on Trusting Trust"

http://cm.bell-labs.com/who/ken/trust.html

This is an interesting read. It talks about security by working through the seemingly innocuous act of writing self-replicating programs.

New Language / Compiler Features

Here are some proposed compiler / language options that most modern programming languages can benefit from. These are based on common errors that have occured on systems that I have used and/or tested. Consider implementing these if you feel moved to do so.

Feel free to add your own in the comments.

Feature	Preventing
Find all files - When enabled, this will allow the program to search not only the local computer, but all computers on the network and then through files available through major search engines. One optional parameter is a timeout, given in hours.	"File Not Found" error
Instantiate all Objects - Each object referenced in the project will be instantiated and when the condition is detected where an object appears to have no instance provided, a suitable instance from the pre-instantiated collection of each object type will be retrieved. Care should be taken when this feature is used in conjuction with 'Universal Cast'	"Object reference not set to an instance of an object" error
Universal Cast - Allow the casting between any two types. How hard could that be?	"Cannot implicitly convert type 'a' to 'b'" and "Type Mismatch" error
Expect the Unexpected - When enabled, the compiler will just ignore anything it doesn't expect.	"Unexpected character "?"" error
Trust Everyone - As a society, we are trusing each other too little. This can cause all sorts of issues with regards to full and complete access. When this feature is enabled, all means (legal and otherwise) are used to obtain the information or resources requested.	"Access Denied" and "Unauthorized" errors
Pass Mac - Give the MAC a passing grade, even when it hasn't really tried all that hard. Eventually, this will be someone else's problem.	"Vewstate Mac Failed" errors
Handle all Exceptions - Surely this error has been seen before. When enabled, the program will search online for a solution related to handling this exception and do that.	"Unhandled Exception" errors
All Knowing - Nothing happens by accident. So finding out the error can't be all that difficult, right?	"Unknown Error" errors
Virtual Valium - Instead of freaking out when there's an issue, give the kernel some virtual valium when it starts to get confused.	"Kernel Panic" error (aka BSOD)
Allow Infinity - When enabled, allow infinity to be used in calculations. For the purposes of this feature, there is no distinction between a positive infinity and a negative infinity.	"Index out of Range" and "Attempt to Divide by Zero" errors
Ethics Committee - When this is enabled, the Heap is investigated for corruption prior to the corruption starting to ensure that all ethics guidelines are followed.	Heap Corruption error
Stack Bowl - when enabled, the stack will be placed in a bowl to catch any overflow. This bowl will also be partially filled to fill in the stack when 'underflow' occurs.	Stack Overflow\Underflow
Auto-initialize everything - For times when you think "I just declared that, why can't I start to use it?" (Thanks to Shmuel Gershon for this new feature)	Errors when using variables before initializing
Do/Catch - As Yoda says "Do or not do, there is no try". (Thanks to Dwain)	Try/Catch
.correctSpelling, .toPresentTense, .toPastTense, .toFutureTense, .toSingular, .toPlural, .toFirstPerson, .toSecondPerson, .toThirdPerson etc. - Allows you to validate responses (such as from security challenges) with users that have difficulty remembering the spelling, tense, etc. of their original answers. (Thanks to Chris/Chad)	Security challenge response validation issues.

Upgrading Windows Video

Here is a summary of upgrading to every major release of MS windows. Ah... memories...

http://www.youtube.com/watch?v=vPnehDhGa14