Doug Seven has a draft document on his blog, describing the WW Codezone platform vision. Codezone is about connecting people with other community people and connecting communities with other communities.
After outlining the goals and non-goals of the Codezone platform Doug lists the Codezone business requirements.
I'm interested to see how this WW Codezone will move forward. Off course, once the platform has been provided it's up to the Individual Contributors, Communities, Influencers and User Groups to create the necessary "connectivity" (content) to make this a success. I already expressed some of my thoughts on the Codezone initiative here.
At the STARWEST 2004 Software Testing conference, Compuware has previewed and demonstrated two new DevPartner products that will launch early next year.
These new products, Compuware DevPartner Fault Simulator and Compuware DevPartner SecurityChecker, significantly extend the ability to detect and diagnose software quality errors in Microsoft-technology applications during the development process.
DevPartner Fault Simulator
DevPartner Fault Simulator is a tool to test and debug the error-handling code in your applications. Fault Simulator helps you troubleshoot error handlers without disrupting the operating or debugging environment by safely injecting simulated faults into the application code. Fault simulations are repeatable and reliable, and can mimic real-world situations without risking the application under test. Through fault simulation, you can uncover problems in your code prior to deployment.
Fault Simulator is available:
- Integrated into Visual Studio .NET — Analyze and debug error handlers in your source code.
Run as a Standalone — Simulate faults in a running program.
Executed from the Command Line — Use scripts and batch files to automate the testing of applications.
Fault Simulator supports hundreds of .NET Framework Class Library methods and can simulate a large number of exceptions defined for those methods. In addition, Fault Simulator can simulate environmental faults in applications built with unmanaged languages (C++).
Fault Simulator helps you perform your job more efficiently in several ways:
Within Visual Studio .NET, you can select a line of code ,and Fault Simulator identifies the list of exceptions that you can simulate at that location. This helps you understand what faults your code must handle.
Provides the means to safely simulate faults: You can simulate a .NET Framework fault on a line of code or one that is independent of location. You can also simulate an environmental failure in the target application. Properties, parameters, and conditions, associated with every fault allow you to further refine your simulation.
Provides comprehensive results: Fault Simulator displays information about the faults being simulated and how they are being handled as the simulation is taking place. Upon completion of the simulation, it also provides comprehensive results about the error handling in the application code. You can access the results from within the debugger or operating environment. This access includes logs of program functions, stack tracing, and fault details.
DevPartner SecurityChecker
DevPartner SecurityChecker is an Automatic Error Detection tool designed to find the following major types of errors in your ASP.NET application:
Insecure coding practices
Execution errors
Application integrity issues
Deployment issues
DevPartner SecurityChecker provides three types of analysis:
- Compile Time Analysis searches for vulnerabilities in source code, HTML files, and web.config files. Compile time analysis requires your code to compile cleanly, and can be used at any time throughout the development cycle. Because compile time analysis probes only static code, it runs quickly, fitting easily into the early development phase.
- Run time analysis will monitor your ASP.NET application at run time. It searches for security related errors associated with code access security, file system access, etc. Run time analysis can be used to locate hard to find security errors as you exercise your ASP.NET application.
- Integrity analysis will replay a series of known vulnerabilities against your ASP.NET application. It analyzes the application for security related issues including cross site scripting errors, SQL injection attacks, parameter tampering, etc. Any errors found are recorded and clearly presented to the developer along with a detailed description of the problem and possible solutions.
SecurityChecker gives you two options for analyzing your ASP.NET application: You can direct the analysis to specific pages, fields, and links on a page within your application. Or you can choose to let SecurityChecker automatically analyze each page in the application. These analysis options give you the ability to customize analysis to see specific pages, or to get “the big picture” of your application’s security. Once you have analyzed your application, you can generate different levels of reports and distribute the analysis results to your team. They can use the reports to correct security issues and validate that recent changes do not introduce new vulnerabilities.
Technical detail reports retain extensive details about the vulnerabilities discovered. Summary reports cover high level information such as the number of issues found and the category and severity of those issues. SecurityChecker can also export the results to an XML file so that you can use your own stylesheet to generate a custom report format.
When to use SecurityChecker during the application development cycle
Begin with regular Compile time analysis during the coding and building phase.
- Add Run time analysis as the project enters the testing phase.
Perform Integrity analysis at the completion of any work unit, as well as in the debugging phase. Because integrity analysis provides excellent field validation, it should be used often.
As you make changes and repair vulnerabilities, re-run SecurityChecker to verify that no new vulnerabilities have been introduced.
At Code Complete run a full analysis on the application to verify readiness for production.
DevPartner Fault Simulator and SecurityChecker will extend the DevPartner family to enable development teams to achieve still greater benefits in quality and productivity. As both DevPartner Fault Simulator and SecurityChecker are currently still in beta testing, more information concerning the general availability and pricing of these products will be announced at a later date.
Meanwhile I’m alpha/beta testing both products and, even in this early builds, I'm already amazed of the power of both products, especially the SecurityChecker functionality is great!
It should be clear that even with the introduction of the new quality assurance tools in Visual Studio 2005 Team System, these tools show that products like DevPartner can complement Visual Studio capabilities'. They greatly enhance the ability to analyze applications and help delivering guidance on software development best practices.
I'll post my findings later at this location. If you’re interested in the use of these products, drop me a mail!