Other Software QA and Testing Resources
- Top Resources
- Software QA and Testing-related Organizations/Certifications/Conferences
- Links to QA and Testing-related Magazines/Publications
- General Software QA and Testing Resources
- Agile Testing Resources
- Test Automation Resources
- Mobile Testing Resources
- Web QA and Testing Resources
- Web Security Testing Resources
- Web Usability Resources
Stickyminds.com - Comprehensive software testing resource site associated with 'Better Software' Magazine, with articles, news, information on software testing and quality engineering, books, tools, conferences, message boards.
Cem Kaner's software testing site - Cem Kaner's site contains a large selection of his articles about software testing, legal issues, test management, and more (see the 'Publications' section of the site). Also see his 'badsoftware.com' website , a consumer and legal-issues orientation to software quality issues.
DevelopSense - Large collection of articles, blog posts, resources, etc on Michael Bolton's web site.
SEI - Software Engineering Institute web site; info about SEI technical programs, publications, bibliographies, some online documents, SEI courses and training, links to related sites.
EOQ-SG - European Organization for Quality - Software Group, an independent not-for-profit organization founded in 1983. It is comprised of more than 30 national quality organizations and other institutions, enterprises and specialists.
American Society for Quality - American Society for Quality (formerly the American Society for Quality Control) web site; geared to quality issues in general, not just Software QA. ASQ is the largest quality organization in the world, with more than 100,000 members. Provides a wide variety of general quality-related certifications, as well as the CSQE (Certified Software Quality Engineer).
Association for Software Testing - A nonprofit professional organization dedicated to advancing the understanding and practice of software testing. For scholars, students, and software development practitioners. Sponsors conferences, publications, web sites, newsletter.
QAI Global Institute -
QAI is a global workforce development and consulting organization addressing the education and 'Operational Excellence'
needs of information technology, information technology enabled organizations and knowledge intensive organizations.
Information on associated QAI local chapters around the world can be found via their QAI Chapters site.
SPIN - Software Process Improvement Network, for those interested in improving software engineering practices. Organized into regional groups called "SPINs" that meet and share their experiences initiating and sustaining software process improvement programs. Annual meeting at the Software Engineering Process Group (SEPG) Conference, which is co-sponsored by the SEI and a regional SPIN. Web site lists links to regional SPINs worldwide.
Society for Software Quality - Has chapters in San Diego and Washington DC area; each with monthly meetings.
Northern Virginia Test Automation Interest Group - Monthly meetings on software test automation in the Washington DC area.
SQuAD - Software Quality Association of Denver - software QA monthly meetings and an annual conference, in Denver, Colorado.
TCQAA - Twin Cities Quality Assurance Association of Minneapolis and St. Paul, Minnesota. Has monthly meetings.
Southern California Quality Assurance Association - Software QA organization in Orange County Califiornia near Los Angeles.
SQSQAG - Seattle Area Software Quality Assurance Group
VANQ - Vancouver Canada area association for software quality assurance and testing.
KWSQA - Software QA/Testing group with monthly meetings in Kitchener-Waterloo region (Ontario, Canada).Note: The above is only a partial listing. There are many other local QA- and Testing-related meetings in cities around the world. Check with local software-related professional organizations or sites such as meetup.com for information about current local meetings in your location.
Certification Information for Software QA and Test Engineers:
ISTQB Certified Tester - The International Software Testing Qualifications Board, based in Belgium, was initially a part of the European Organization for Quality - Software Group. Certifications and testing are administered by ISTQB organizations in each of a number of countries around the world. Multiple certification levels are available, including: Foundation, Advanced, and Expert.
CSQE - ASQ (American Society for Quality) CSQE (Certified Software Quality Engineer) program - information on requirements, outline of required 'Body of Knowledge', listing of study references and more.
ISEB Software Testing Certifications - The British Computer Society Information Systems Examinations Board (ISEB) maintains a program of several levels of testing certifications. Some levels are equivalent to the ISTQB Certifications.
ASTQB - The American Software Testing Qualifications Board is a branch of the ISTQB Certifications are based on experience and a written test. Two primary levels are available: Foundation and Advanced. The 'Advanced' level has multiple types of certifications.
CSQA/CSTE - QAI Global Institute's program for CSQA (Certified Software Quality Analyst), CSTE (Certified Software Tester), and Certified Software Project Manager (CSPM), Certified Associate in Software Quality (CASQ), and many other certifications.
Software QA and Testing Conferences:
Conferences - Conferences listing at Kerry Zallar's 'Software Testing Stuff' web site.
LogiGear Magazine - Online testing magazine from Logigear; site includes archived articles from past issues by year and by category (such as Test Methods & Metrics, Agile, Mobile, etc.). Published 5-6 times per year.
Tea Time With Testers Magazine - Free online testing magazine available as PDF file; web site includes back issues.
Professional Tester Magazine - Bi-monthly testing publication from Professional Tester Inc. Free access to PDF version, archive, individual articles and news and events agenda.
Software Quality Professional Magazine - Published by the American Society for Quality; web site includes table of contents and abstracts of all articles, and full text of selected articles.
Better Software Magazine - Web site has full text of each print issue's featured article. Published by Software Quality Engineering, Inc.
Methods and Tools - Software Methods and Tools e-newsletter web site by Martinig and Associates; regular articles are included on process improvement, testing, modeling, management, etc. Site includes current issues and past issues with full text of all articles; as well as extensive additional information and resources.
(Note: also see the 'Books' section for a listing of books on Software QA, Testing, and related subjects.)
Thoughtworks Testing Portal - Testing articles and blogs from Thoughtworks.
Google testers' blog - Public blog site for Google's testers.
The Value of Checklists and the Danger of Scripts - Presentation at CAST 2008 by Cem Kaner. Summary of the presentation available from his blog, and a link to the pdf file of the presentation.
Software Engineering: An Idea Whose Time Has Come and Gone? - An interesting 2009 article from 'IEEE Software' by Tom DeMarco in which he indicates, among other things, that his early ideas and advice regarding quantified work, project planning, and metrics for software projects - such as those in his 1982 book 'Controlling Software Projects: Management, Measurement, and Estimation', may have been wrong.
Exploring Exploratory Testing - Article by Cem Kaner and Andy Tinkham from 2003 about the exploratory testing approach to software testing; includes discussions of questioning strategies and heuristics.
Exploratory Testing Explained - Article by James Bach on exploratory testing; includes attributes of a software project and tester that impact decisions on testing approaches, exploratory testing examples, etc.
Pass vs. Fail vs. Is There a Problem Here? - Interesting blog article on testing vs checking and the issues in 'pass/fail' type testing and reporting, from 2009 in Michael Bolton's DevelopSense blog.
The Seven Basic Context-Driven Principles - Article about the 'context-driven' approach to testing on the Association for Software Testing web site, by Cem Kaner and James Bach. Lists the main principles and includes description, examples.
They Write the Right Stuff - Summary of the original article 'How to write near-perfect software' by Charles Fishman that was in Fast Company magazine - about how software was developed for the U.S. Space Shuttle. "The group's most important creation is not the perfect software they write -- it's the process they invented that writes the perfect software."
Tom Gilb Web Site - Site includes a large collection of articles, papers, course slides, etc concerning risk, metrics, and other QA-related software engineering topics.
AYE Conference Articles - Collection of articles by hosts, guest presenters, and attendees from past 'Amplifying Your Effectiveness' conferences. The conference and articles explore both the technical and human sides of software and IT development. Example articles include 'Multiprojecting: The Illusion of Progress', 'Planning for Delays', 'Who Decides What Done Means for a Program?', 'Coaching Whiners', 'The Liar's Contest', 'Transitioning to Agile in the Middle of a Project', 'Estimates: Precision vs. Accuracy', 'Schedule Chicken', and many more.
Software Negligence and Testing Coverage - Article by Cem Kaner contains an old but still very informative list of 101 types of testing coverage measures; shows the complexities in any discussion of 'testing coverage'. Selected quotes of interest from the article: "Even if you achieve complete coverage for a given population of tests (such as, all lines of code tested), you have not done complete, or even adequate, testing." and "The decision as to whether to try for 1%, 10%, 50% or 100% coverage against any given population is non-obvious. It involves tradeoffs based on thoughtful judgment."
What is a Test Architect? - Discussion re test architects by Microsoft's Alan Page.
Testing 'crash courses' - Large collection of short articles ('crash courses') on a wide variety of testing topics written by and for the uTest Community.
RBCS Testing articles - RBCS Consulting Services web site's collection of software testing articles on a wide variety of testing-related subjects.
Errors in Scientific Software - Article titled 'The T experiments: errors in scientific software' by Les Hatton; old but still alarming article from 1997.
Certifications - Cem Kaner's perspective on software testing certifications from a 2007 article - includes a discussion of a proposed 'Open Certification Process'; section 3 of the paper has a long discussion of "Project Manager?s Perspective: Problems With the Current Certification System"
'Good programmer' definitions/discussions - Since testers and developers often need to work closely together, and since many testers also do some programming, it is helpful to get some perspective on 'what is a good programmer'. Also see the discussion in the old Joel on Software forum..
WSR Consulting Group publications - Good collection of QA and Testing related articles from WSR consulting, a computer crisis/litigation consulting company. The articles have an emphasis on proper management of problem projects and engineering-customer relationships for software projects.
Practical Software and Systems Measurement - Web site with extensive information on software development metrics, sponsored by U.S. government. Site contains articles, reports, examples, and a free PC-based software tool to assiste in project-specific metrics development.
Where is the Science in Computer Science? - October 2012 article in Communications of the ACM by Vinton Cerf (VP at Google, past winner of the Turing Award, one of the acknowledged 'Fathers of the Internet', and president of ACM). In the article he states, among other things, '....Even though we design software systems and ought to have some clues about how these systems behave and perform, we generally do not have a reliable ability to anticipate the states these systems can get into, their vulnerabilities, their performance, and ability to adapt to changing conditions.' He also goes on to note our generally poor ability to predict how long it will take to find and fix bugs, or to have an idea how many new bugs will be created by fixes.
Software Estimation - December 2005 interview about software metrics and estimation from the IT Metrics and Productivity Journal .
Testing Education Articles - Collection of articles on software testing and the teaching of software testing from the Florida Institute of Technology funded by the U.S. National Science Foundation.
'Software Experts' site - Software engineering site oriented to microcontroller/embedded system environments, by Eberhard De Wille and Dana Vede. Site has sections on design, coding, refactoring, process, and a large section on testing.
ITIL - 'IT Infrastructure Library' - a set of best-practices guides on the management and provision of operational IT Services. From the British Office of Gevernment Commerce and the itSMF, the 'IT Service Management Forum' a UK-based organization comprised of 1000 companies and government organizations worldwide. There is a related ISO/IEC 20000 Standard against which organizations can be assesses and certified. An online organizational ITIL Service Management Self Assessment is available. There is a good summary of the ITIL approach in Wikipedia.
Big Ball of Mud - Outstanding essay on the 'de-facto standard software architecture', by Briane Foote and Joseph Yoder of the U. of Illinois at Urbana-Champaign. The 'Big Ball of Mud' architecture is defined as 'a casually, even haphazardly, structured system. Its organization, if one can call it that, is dictated more by expediency than design....The overall structure of the system may never have been well defined. If it was, it may have eroded beyond recognition.' They discuss why this architecture is so popular, advantages and disadvantages, and what can be done to improve such systems.
Satisfice.com Web Site - James Bach's Satisfice.com Web Site with a great collection of his articles on various aspects of software testing.
DevelopSense Web Site - Web site of Michael Bolton, who collaborates with James Bach, has a large collection of articles and blog postings with interesting perspectives on software testing.
Bret Pettichord's Web Site - Web site of Bret Pettichord with articles and links to various test and QA-related info including his Watir open source web testing framework.
BetaSoft Web Site - Wide variety of QA, testing, and automated testing discussion forums, sections for jobs and resumes, other resources.
SQATester.com - QA and Testing information, discussion forums, other resources.
Search Software Quality - TechTarget's software QA and testing site with a collection of articles, tutorials, blogs, and news.
Illustrative Risks to the Public in the Use of Computer Systems - Enormous list of software, system, and related problems compiled by Peter Neumann/SRI International. Organized by categories such as space, defense, medical, stock market, elections, insurance, cryptography, etc. Includes related book list, other information. (Also see 'Risks Digest' listed below.)
Process Improvement Case Study Featuring Reviews and Inspections - Article titled 'Process Improvement: Case Study of an Improvement Program Featuring Reviews and Inspections' in Software Quality Professional magazine.
ARIANE 5 Flight 501 Failure Report by the Inquiry Board - A rare and instructive detailed public analysis of a major software failure - the 1996 launch failure of the new Ariane 5 rocket. This is the official report of the inquiry board appointed by the French National Center for Space Studies and the European Space Agency. Also see the article 'Design by Contract: The Lessons of Ariane' which includes a discussion of the code reuse issues brought to light by the Ariane 5 failure.
Eiffel FAQ - FAQ site for a programming approach, based on the ideas of Bertrand Meyer, with the goal of improving software component reusability, extendibility and reliability using assertions, preconditions, and postconditions.
Risks Digest - Digest of the 'Forum on Risks to the Public in Computers and Related Systems'. Includes latest issue and archives covering software and system problems, vulnerabilities, disasters; based on the comp.risks newsgroup.
SEI Capability Maturity Models - SEI's CMMI web site, with info and documentation downloads on the CMMI for Development and the CMMI for Acquisition models.
Construx Software Resources - Site with many useful resources, estimation info and resources, various checklists, and Steve McConnell's 'Software Survival Guide' website.
CM FAQ - Configuration Management FAQ edited by David Eaton; includes 'What is CM?', 'How should a CM system relate to process enforcement?', CM books and other resources, etc. Not updated in recent years but still a useful FAQ.
Uniform Computer Information Transactions Act (UCITA) - The controversial proposed U.S. laws (formerly Uniform Commercial Code Article 2B) concerning software quality (implemented in a few states, such as Virginia in this case). It would essentially implement new laws in all 50 states in the U.S. Additional info on UCITA controversies at Ralph Nader's CPT (Consumer Project on Technology) web site and Cem Kaner's BadSoftware.com web site. . As of 2010, only the states of Maryland and Virginia had enacted UCITA since it was first proposed in 1999. In 2009 the American Law Institute proposed an alternative version for software contracts but it resulted in similar controversy to UCITA.
The Life and Death Testing of Medical Devices - Short article by Brendan Quinn on medical device testing; also contains a 24-minute video with slides of a presentation 'Ensuring Software Quality in Lifesaving Medical Devices' by Florian Moesch.
FDA Medical Device Software Validation Guidelines - U.S. Food and Drug Administration's 2002 guidelines for medical device software validation.
Negotiating Testing Resources - Excellent article by Cem Kaner about testing project planning and budgeting; from a 1996 software quality conference - old but still relevant.
Software Engineering Resources - Large collection of useful information and links to many other sites and resources, all related to the SW engineering process including project planning and management, metrics, risk analysis, programming methods, OO SW engineering, testing, QA, CM. From R.S. Pressman, author of the book 'Software Engineering, A Practitioner's Approach'.
Software Test Coverage Analysis article - Article containing a good discussion of test coverage analysis from Bullseye Testing Technology, maker of "C-Cover Test Coverage Analyzer" tool.
10x Software Development - Technical Debt - Steve McConnell blog post on 'technical debt'; one of many excellent articles/posts on his Construx web site.
Managing Technical Debt in Software-Reliant Systems - Good overview article about technical debt from Software Engineering Institiute
Object-Oriented Concepts - Basics of object-oriented programming concepts, from Oracle's (formerly Sun's) Java site. Good quick intro.
CMMI (Capability Maturity Model Integration) - A suite of process improvement models for product and service development and maintenance. The suite includes the CMMI-SW model, and there is a 'staged' and 'continuous' version. Each of the CMMI models can be coordinated with other CMMI models to enable enterprise-wide process improvement. CMMI-SW builds on the previous SW-CMM model which was 'sunsetted'.
Comp.software.testing Usenet News Group - Via Google Groups web site (formerly the Deja News site), can be used to search through past postings; postings go back to 1995.
Manifesto for Agile Software Development - The origin of the 'Agile' approach and the twelve guiding principles of agile software development.
Agile Testing Articles - Large collection of articles related to Agile testing at Agile Alliance web site.
Agile Methodologies - Martin Fowler's online discussion of 'agile' methodologies (XP, Scrum, Crystal, FDD, DSDM, etc.) includes summaries of various approaches as well as reference information, and factors to consider in choosing these approaches.
Perils and Pitfalls of Agile Adoption - Article by Matt Heuser at InformIT site, includes discussion of risks such as that agile methods are easy to misunderstand, that it's easy to think you're doing Agile right, and be wrong, and that agile methods make value (or lack of value) visible.
Agile Testing - What is it? Can it work? - PDF version of an article by Bret Pettichord that summarizes considerations and issues in testing in agile environments.
An Uncomfortable Truth about Agile Testing - Article by Jeff Patton on the StickyMinds site about some of the potential difficulties of testing on an Agile project.
XP Resources - Large collection of resources from Ron Jeffries about 'Extreme Programming' including a discussion of how QA fits into the XP approach, XP Magazine archives with articles such as 'Test-First Design', 'Incremental Requirements', 'Extreme Programming and the CMM', and more. Also see 'The Rules and Practices of Extreme Programming ' at the www.extremeprogramming.org web site.
XP in a Safety-Critical Environment - Interesting article by Mary and Tom Poppendieck concerning the applicability of XP practices in safety-critical software development.
Scrum - web site of ScrumAlliance.org which describes the basics of the Scrum agile approach, a team-based agile approach to iteratively, incrementally develop software with rapidly changing requirements; has lots of articles and other resources.
GTAC - Web site for the Google Test Automation Conferences includes links to past conferences and slides and videos for each, going back to 2006.
NoVaTAIG Test Automation Resources - Test automation presentations, articles and resources from the Northern Virginia Test Automation Interest Group monthly meeting summaries ('Recent past meetings' link on site main page).
Seven Steps to Test Automation Success - Good introductory article on how to approach automated testing; by Bret Pettichord.
Architectures of Test Automation - Long article on test automation by Cem Kaner, includes discussions on GUI regression testing, maintainability, a classification scheme for test automation, an automation evaluation scheme, 'test automation' vs 'computer assisted testing' and more.
Test Automation Snake Oil - Old but still relevant article by James Bach about how to approach test automation.
Effective Performance Testing articles - Extensive collection of how-to and other information on performance testing at Scott Barber's web site.
Evaluating and Choosing the Right Tool - Elisabeth Hendrickson describes a five-step process for comparing, evaluating, and choosing the right test tool; from the Stickyminds.com web site.
Java GUI Testing - Short discussion of automated Java GUI testing issues, includes interesting discussion of methods of identifying a component in a GUI hierarchy for use in developing automated test scripts.
See the Softwareqatest.com Bookstore section on Automation for books on test automation.
Test Automation Interfaces for Mobile Apps - Article in LogiGear Magazine by Julian Harty discusses mobile automation considerations from the perspective of 3 automation stages - Discovery, Design, and Execution. There is discussion of the mobile app's interfaces which he groups into a) Human?computer Interaction ( HCI) - touch, proximity, movement, sound, light, controls; and b) Sensor interfaces such as accelerometers, magnetism, GPS, Orientation, Camera, etc. Possible automation interfaces discussed include the GUI, code (unit testing), API's, accessibility capabilities, etc.
Browser compatibility: viewports - Mobile device/browser compatibility information from Peter-Paul Koch's web site.
Testing Mobile Web Apps with WebDriver - From the Open Source at Google blog - discussion of how to write automated tests to test a site when viewed from an Android or iOS browser. The WebDriver web testing framework includes a touch API that allows a test to interact with a web page through finger taps, flicks, finger scrolls, and long presses. It can rotate the display and provides an API to interact with HTML5 features such as local storage, session storage and application cache.
Considerations in Testing Mobile Apps - Article by Dhanasekar on the Moolya Testing blog site discusses strategies and considerations in mobile app testing.
Mobile Wireless Test Automation - Site with a collection of information by Julian Harty on practical experiences in automating aspects of software testing for mobile wireless applications; also has information on effective mobile manual testing. Includes testing techniques for iPhone, Android, SMS; and information on common tools, app testing over WiFi, more. Also has links to some presentations and tutorials and lists of other resources.
Mobile Application Security Testing - Whitepaper from Foundstone/McAfee about mobile app security testing.
MobiForge - Testing - MobiForge mobile development community web site section on mobile software testing.
Mobile Application Testing blog - Mobile app testing blog by Anurag Khode
Mobile Web Development Resources - Mobile web development resources including some testing resources and standards resources, etc.
See the 'Mobile Web/App Testing Tools' section of the Web Test Tools List page for mobile testing tools.
Web Consistency testing - Site by Kevin Menard about web consistency testing - "does this page look right? It's an automated approach to making sure a page looks the way we expect, whether that be cross-browser, over time (regression), in multiple locales..." From 2011 but still with useful information.
Why Load Testing Ajax is Hard - Article by Patrick Lightbody on the Ajaxian blog site on the challenges of load testing sites incorporating Ajax.
Web Site Testing Checklist - More of a web site development checklist, but it is extensive and still useful as a way to generate ideas for testing a web site.
Performance Testing Guidance for Web Applications - Online 18-chapter guide for an end-to-end approach for implementing web performance testing. Part of the Performance Testing Guidance Project web site. Covers: managing and conducting performance testing in both Agile and structured environments; load testing, stress testing, and other types of performance related testing; identifying objectives, designing tests, executing tests, analyzing results, and reporting. Published 2007 but still useful.
Web Site Performance Testing - A collection of useful information on various aspects of performance testing, from Scott Barber's web site. Topics include: "Pinpointing and Exploiting Specific Performance Bottlenecks", "Common Performance Testing Challenges", "How Fast is Fast Enough", and "Introduction to Performance Testing". Although some of the information is not specifically oriented to web performance testing, it is still highly applicable.
Load Testing Of Web Sites - Article from IEEE Internet Computing about web load testing; useful overview from 2002.
Keynote Systems Resources Page - Useful collection of articles and information on web site performance testing. Also see the related site performance indices which lists a variety of business, consumer, government, and other web sites along with their 'performance index'.
Evaluating Web Sites for Accessibility - Article on the World Wide Web Consortium web site's 'Web Accessibility Initiative' section on how to assess and test web sites for accessibility issues.
Automated local accessibility testing using WAVE and WebDriver - Interesting article from WatirMelon Testing Blog by Alister Scott; refers to some other interesting related resources.
StopBadware.org - Web site security guidelines and information from the StopBadware site, based at Harvard University?s Berkman Center for Internet & Society.
OWASP - The Open Web Application Security Project (OWASP) is dedicated to finding and fighting the causes of insecure software. Everything available in site is free and open source. 'How To' section includes 'Guide to Building Secure Web Applications and Web Services', 'Testing Guide', 'Code Review Guide'. Also security news, articles such as 'How to Write Insecure Code', tools, code, filters, downloads, and more.
Computer Audit FAQ - Good introductory information from IsecT Ltd. on 'Computer Audit', which refers to the analysis of computer systems and networks by examining the effectiveness of their technical and procedural controls (information security control systems) to minimise risks. Also has links to other resources, and some articles such as 'Strategic Approach to Information Security Management'
SANS Security Resources - Web site of SANS (SysAdmin, Audit, Network, and Security Institute), a cooperative research and education organization for sysadmins, security professionals, and network administrators for sharing lessons learned and solutions. Includes an Instrusion Detection FAQ; more than 1500 white papers on security; webcasts; security trends, top security risks, and much more are freely available.
SAMATE - Software Assurance Metrics And Tool Evaluation site at the U.S. National Institute of Standards. Has information on web application security issues and technical/security/other vulnerabilities information, lists of Web Application Vulnerability Scanners, source code analysis tools, links to other lists, etc. Also: information on other related security resources, publications, conferences, and more.
CVE - Searchable, downloadable, and on-the-web 'Common Vulnerabilities and Exposures' list hosted by Mitre Corp. CVE goal is to standardize the names for all publicly known vulnerabilities and security exposures, so that security information can be efficiently shared and handled. Many security test tools are utilizing or planning on utilizing this standardized naming/numbering system.
Common Attack Pattern and Enumeration - CAPEC is a publicly available, community-developed list of common attack patterns (descriptions of common methods for exploiting software systems), with a comprehensive schema and classification taxonomy. By MITRE Corporation.
W3 Security Resources - Large collection of information and resources on web security, including an FAQ, hosted by the W3C Consortium (the folks who set web standards/protocols, etc.)
Microsoft Security Site - Microsoft's web site for discussion of security issues for MS products, including their web server products. Includes security self-assessment information, home and business security information, etc.
Security Focus.Com - Site from Symantec for news, forums, resources, vulnerability info, conference info, tools, etc. related to computer security including web and internet security issues. Search vulnerability database by keywords, date, vendor, version, etc.
Computer Emergency Response Team site - CERT's internet security web site; includes web server security information; hosted by the Software Engineering Institute at Carnegie Mellon University.
See the 'Web Tools' section for web security test tool listings.
See the Softwareqatest.com Bookstore section on Security Testing for books on software security testing.
Prioritizing Web Usability - PDF chapter from 2006 book on Web Usability by Jakob Nielsen and Hoa Loranger.
Usability.gov - Web site with a large collection of web usability resources, information, and guidelines. Although the site was developed by the U.S. federal government for use by various federal agencies, the site is a resource available to anyone.
User Interface Engineering - Web site of User Interface Engineering Inc., founded by Jared M. Spool. Many articles on web site and product usability, such as 'Web Application Form Design', 'Seven Common Usability Testing Mistakes', '5 Things to Know about Users', and more.
Jakob Nielsen's articles re interface usability and website design - Jakob Nielsen's web usability/design collection with such articles as 'How Users Read on the Web", 'Costs of User Testing', and 'Differences between Print Design and Web Design'.
UIWizards.com resources list - Jeff Johnson's UIWizards.com listing of usability design and testing resources