Yesterday at the testnet meeting at the Belastingdienst there were two presentation. As you can see it’s not a boring looking place.
The first presentation Het addendum van de Belastingdienst op TMapNEXT was given by Eibert Dijkgraaf. I don’t believe in TMapNEXT as an silver bullet. But I needed to know why people say it can work. Therefore I went to this presentation. I like that they added a “lean” kind of focus on what is needed based on risk.
If the risk is high they amount of work we put in specification / review / test / reports depends can follow the risk level.
They have a double V model one for IT and one for the business. With formal handover points were the deliveries are fixed, a quite strict process. The thing that I was missing is the connection to the test techniques in practice. Eibert talked about that they use different test techniques. But 2 thinks I don’t understand. 2 point that they see as an important improvement.
1 SW development is more focussed on the process
2 more strict test script give higher quality of SW
1 I thought that it should be focussed on the software where a process or framework should provide help in creating higher quality.
2 If you follow more strict the steps you forget to think. Testing is a thinking activity. Not production work.
I have made a mind map in mind node (in dutch) TmapNext (het addendum van belastingdienst)
The second “presentation” – Security Testen: Rocket Science of gezond verstand? is about security testing by martin Knobloch.
It was an inspiring talk with a lot to laugh. Where Martin was telling about his experience and the focus was on how security testers think. Just like James Bach tells you in an RST training how to think and how to act as a good tester. Martin gave examples how security testers think.
How to manipulates data like dates and settings.
How hackers normal act. They don’t leave a trail of disaster behind like a burglar.
How do you know you have been hacked
Although it is difficult to mind map a experience talk I tried at least see – Security Testen- Martin Knobloch