Other Software QA and Testing Resources
- Top Resources
- Software QA and Testing-related Organizations/Certifications/Conferences
- General Software QA and Testing Resources
- Agile Testing Resources
- Test Automation Resources
- Mobile Testing Resources
- Web QA and Testing Resources
- Web Security Testing Resources
- Web Usability Resources
Google Testing Blog - Public blog site for Google's testers. Includes archives going back to 2007.
James Bach's Blog - Large collection of thoughtful postings/articles on Jame's Bach's Satisfice web site; organized into a wide selection of categories.
Stickyminds.com - Comprehensive software testing resource site from Techwell Corp., with articles, news, information on software testing and quality engineering, books, tools, conferences, message boards.
Return to top of resources listings
Software QA and Testing-related Organizations/Certifications/Conferences
Association for Software Testing - A nonprofit professional organization dedicated to advancing the understanding and practice of software testing. For scholars, students, and software development practitioners. Sponsors conferences, publications, web sites, newsletter.
American Society for Quality - American Society for Quality (formerly the American Society for Quality Control) web site; geared to quality issues in general, not just Software QA. Has a Software Division that focuses on Software QA, and publishes Software Quality Professional Journal. ASQ is the largest quality organization in the world, with more than 100,000 members. Provides a wide variety of general quality-related certifications, as well software-specific ones such as the CSQE (Certified Software Quality Engineer).
SEI - Web site of Software Engineering Institute (at Carnegie Mellon University); info about SEI technical programs, publications, bibliographies, some online documents, SEI courses and training, links to related sites.
New York Software QA/Dev Meetup - New York City area meetup group for anyone interested in software testing, mobile, web, automation.
Rose City Software Quality Engineers - Portland, Oregon meetup group.
NOVA Software Quality Engineering and Automation Meetup - Northern Virginia (Washington DC suburbs) meetup group.
VanQ - Vancouver Testing and Quality Assurance Group - Vancouver, Canada area meetup group.
Software Test & Automation - Montreal - Montreal, Canada area meetup group.
TCQAA - Twin Cities Quality Assurance Association of Minneapolis and St. Paul, Minnesota. Has monthly meetings. Site has link to past presentations
KWSQA - Software QA/Testing group with monthly meetings in Kitchener-Waterloo region (Ontario, Canada).
Seattle QASIG - Seattle, Washington area group with monthly meetings.
Software QA and Testing Meetups - Worldwide listing of Software QA and Testing Meetups.
Note: The above is only a partial listing. There are many other local QA- and Testing-related meetings in cities around the world. Check with local software-related professional organizations for information about current local meetings in your location.Certification Information for Software QA and Test Engineers:
ISTQB Certified Tester - The International Software Testing Qualifications Board, based in Belgium, was initially a part of the European Organization for Quality - Software Group. Certifications and testing are administered by ISTQB organizations in each of a number of countries around the world. Multiple certification levels are available.
CSQE - ASQ (American Society for Quality) CSQE (Certified Software Quality Engineer) program - information on requirements, outline of required 'Body of Knowledge', listing of study references and more.
ISEB Software Testing Certifications - The British Computer Society Information Systems Examinations Board (ISEB) maintains a program of several levels of testing certifications. Some levels are equivalent to the ISTQB Certifications.
ASTQB - The American Software Testing Qualifications Board is a branch of the ISTQB Certifications are based on experience and a written test. Multiple types of certifications are available. The ISTQB Body of Knowledge, Terms, and sample exams are available as free downloads.
CSQA/CSTE - QAI Global Institute's program for CSQA (Certified Software Quality Analyst), CSTE (Certified Software Tester), and Certified Software Project Manager (CSPM), Certified Associate in Software Quality (CASQ), and many other certifications. (Note: the QAI certifications are run by PeopleCert since 2022)
Software QA and Testing Conferences:
Conferences - Testing-related conferences listing at Kerry Zallar's 'Software Testing Stuff' web site.
Return to top of resources listings
General Software QA and Testing Resources
Alan Page's 'Tooth of the Weasel' Blog - The blog's subtitle is: 'Notes and rants about software and software quality'. Alan spent 22 years at Microsoft including a two year position as Microsoft’s Director of Test Excellence, and among other publications was the lead author of the book “How We Test Software at Microsoft”.
Stories From a Software Tester - Jeff Nyman's wide-ranging blog postings on topics related to software testing, with a comprehensive archives index going back to 2011.
The Future of the Testing Role - Youtube video of a James Bach presentation in March 2017 on what it means to be a test engineer in an agile CI/CD environment. Includes: what is unique about the task of software testing, what is unique about good testing specialists, the objective of 'an informed client', how test specialists may become at risk of becoming tool jockeys or developer assistants, the 'right shifting' of testing - sometimes to the point of minimizing or eliminating pre-production testing, and impacts of current practices on software risk.
The challenge of verification and testing of machine learning - Article in cleverhans-blog by Ian Goodfellow (Staff Research Scientist at Google Brain) and Nicolas Papernot (Google PhD Fellow in Security). The article points out such things as: "It is clear that testing of naturally occurring inputs is sufficient for traditional machine learning applications, but verification of unusual inputs is necessary for security guarantees. We should verify, but so far we only know how to test. Current machine learning models are so easily broken that testing on unusual inputs is sufficient to expose their flaws." They also provide 'cleverhans', an open source Python library to benchmark machine learning systems' vulnerability to adversarial examples. It provides standardized reference implementations of adversarial example construction techniques and adversarial training, and may be used to develop more robust machine learning models. Also see this article on '10 AI Failures', and this article from Infosys on 'Testing Imperatives for AI Systems' that includes some examples of AI failures. An article from the Machine Intelligence Research Institite 'Ensuring smarter-then-human intelligence has a positive outcome' states 'It’s much easier to make code that works well on the path that you were visualizing than to make code that works on all the paths that you weren’t visualizing. AI alignment needs to work on all the paths you weren’t visualizing'. Also see this Nov. 2024 article 'Risk-Based Testing for AI' .
Pass vs. Fail: Is There a Problem Here? - Interesting blog article on testing vs checking and the issues in 'pass/fail' type testing and reporting, from Michael Bolton's DevelopSense blog.
Cloud: beyond infrastructure thinking - Article from Thoughtworks discussing cloud-adoption hype vs reality. Includes a discussion of cloud adoption and such issues as vendor choice lock-in.
Lean Software Development: The Backstory - Long article by Mary Poppendieck, author of the book 'Lean Software Development'. Includes sections on 'The State of Lean Software Development', 'The Difference between Lean and Agile Software Development', 'Lean is about Flow Efficiency', 'The Future of Lean Software Development', 'Case Study: Hewlett Packard LaserJet Firmware' and more. From Mary Poppendieck's The Lean Mindset blog site.
Thoughtworks Testing Insights - Articles, posts, and podcasts on Software Testing, from Thoughtworks .
Agile Versus Lean - Article from Martin Fowler's site discusses the relationship between lean and agile philosophies, in that both stress adaptive planning and a people focused approach. Also how Mary Poppendieck, a proponent of lean software development and author of related books, had a background in lean manufacturing and subsequently brought lean philosphies into Agile as a founding board member of the Agile Alliance.
Why the Great Glitch of July 8th (2016) Should Scare You - Thought-provoking post by Zeynep Tufekci regarding multiple major computer system failures reported in July 2016, in which she writes: "The big problem we face isn’t coordinated cyber-terrorism, it’s that software sucks. Software sucks for many reasons, all of which go deep, are entangled, and expensive to fix". Her summary of the causes includes: layers of old/fixed/patched software, technical debt, complexity, and 'lack of interest in fixing the real problem'.
Heuristic Test Strategy Model - A 5 page checklist-based approach to test strategy by James Bach. Essentially a set of things to consider for a testing strategy, in 4 categories. Includes checklists for 'General Test Techniques', 'Quality Criteria Categories', 'Project Environment', 'Product Elements'.
Context-Driven Testing - Article about the 'context-driven' approach to testing; lists 7 main principles and includes descriptions and examples.
The Value of Checklists and the Danger of Scripts - Presentation at CAST conference by Cem Kaner; old presentation but still valid.
Health Exchange Mess - Post-mortem on the 2013 implementation problems of the Maryland State Health Exchange, authored by Charles Hayward, a retired US Government Accountability Office auditor. The April 2014 article is in 2 parts: 'Health Exchange Mess Part I: Failures in leadership', and 'Health Exchange Mess Part II: Assigning blame, recouping money.' Also see LA Times articles summarizing problems with implementations including those in Hawaii, Massachusetts, and Oregon in a March 2014 2-part series by Maeve Reston: 'States that have struggled with healthcare sites consider lawsuits' .
XP in a Safety-Critical Environment - Interesting article by Mary and Tom Poppendieck concerning the applicability of XP practices in safety-critical software development.
Software Negligence and Testing Coverage - Article by Cem Kaner contains an old but still very informative list of 101 types of testing coverage measures; shows the complexities in any discussion of 'testing coverage'. Selected quotes of interest from the article: "Even if you achieve complete coverage for a given population of tests (such as, all lines of code tested), you have not done complete, or even adequate, testing." and "The decision as to whether to try for 1%, 10%, 50% or 100% coverage against any given population is non-obvious. It involves tradeoffs based on thoughtful judgment."
What is DevOps? - Article from New Relic discribing the common themes, tools, and ideas behind 'DevOps', a widely-used term having widely-varying interpretations including it's relation to testing.
Software Engineering: An Idea Whose Time Has Come and Gone? - An interesting article by Tom DeMarco in which he indicates, among other things, that his early ideas and advice regarding quantified work, project planning, and metrics for software projects - such as those in his 1982 book 'Controlling Software Projects: Management, Measurement, and Estimation', may have been wrong.
TDD is dead. Long live testing - A perspective on unit testing vs system testing, by David Heinemeier Hansson (creator of Ruby on Rails), in which he suggests considering a rebalancing of the testing spectrum from unit to system. Steve Sanderson in his blog has posted 'Selective Unit Testing – Costs and Benefits' in which he discusses considerations for when to focus on unit testing vs when to focus on integration testing.
Exploring Exploratory Testing - Article by Cem Kaner and Andy Tinkham about the exploratory testing approach to software testing; includes discussions of questioning strategies and heuristics.
Exploratory Testing Explained - Article by James Bach on exploratory testing; includes attributes of a software project and tester that impact decisions on testing approaches, exploratory testing examples, etc.
Cem Kaner's software testing site - Cem Kaner's site contains a large selection of his articles about software testing, legal issues, test management, and more (see the 'Publications' section of the site).
They Write the Right Stuff - Summary of the original article 'How to write near-perfect software' by Charles Fishman that was in Fast Company magazine - about how software was developed for the U.S. Space Shuttle. "The group's most important creation is not the perfect software they write -- it's the process they invented that writes the perfect software."
What does the software quality process for NASA's SLS look like? - NASA is building the Space Launch System (SLS) to land the first woman and next man on the Moon by 2024. These Stack Exchange postings have links to information and documents detailing the software development and QA processes for SLS software.
What is a Test Architect? - Discussion re test architects by Microsoft's Alan Page.
Errors in Scientific Software - Article titled 'The T experiments: errors in scientific software' by Les Hatton; old but still alarming article. For more recent articles on software bugs slipping unknowingly into scientific research, sometimes resulting in retraction of published papers or invalidating medical research, see 'Computational science: ...Error: …why scientific programming does not compute' by Zeeya Merali in Nature magazine; or see A Bug in FMRI Software Could Invalidate 15 Years of Brain Research (2016).
Perspective on software testing certifications Article by Cem Kaner - includes a discussion of a proposed 'Open Certification Process'; section 3 of the paper has a long discussion of 'Project Manager’s Perspective: Problems With the Current Certification System' .
'Good programmer' definitions/discussions - Since testers and developers often need to work closely together, and since many testers also do some programming, it is helpful to get some perspective on 'what is a good programmer'. Also see the discussions in the Joel On Software blog.
Where is the Science in Computer Science? - Article in Communications of the ACM (from October 2012) by Vinton Cerf (VP at Google, past winner of the Turing Award, one of the acknowledged 'Fathers of the Internet', and president of ACM). In the article he states, among other things, '....Even though we design software systems and ought to have some clues about how these systems behave and perform, we generally do not have a reliable ability to anticipate the states these systems can get into, their vulnerabilities, their performance, and ability to adapt to changing conditions.' He also goes on to note our generally poor ability to predict how long it will take to find and fix bugs, or to have an idea how many new bugs will be created by fixes.
ITIL - Originally the 'IT Infrastructure Library' - a set of best-practices guides on the management and provision of operational IT Services, covering 5 main topics: Service Strategy, Service Design, Service Transition, Service Operation, and Continual Service Improvement. ITIL was initially developed by of the British Office of Government Commerce and the itSMF, the 'IT Service Management Forum' a UK-based organization comprised of 1000 companies and government organizations worldwide; ITIL is now owned by PeopleCert (formerly AXELOS). The ISO/IEC 20000 standard is based on ITIL.
Big Ball of Mud - Outstanding essay on the 'de-facto standard software architecture', by Briane Foote and Joseph Yoder of the U. of Illinois at Urbana-Champaign. The 'Big Ball of Mud' architecture is defined as 'a casually, even haphazardly, structured system. Its organization, if one can call it that, is dictated more by expediency than design....The overall structure of the system may never have been well defined. If it was, it may have eroded beyond recognition.' They discuss why this architecture is so popular, advantages and disadvantages, and what can be done to improve such systems.
Satisfice.com Web Site - James Bach's Satisfice.com Web Site with a collection of his articles on various aspects of software testing. Also see Youtube for videos of his more presentations.
Illustrative Risks to the Public in the Use of Computer Systems - Enormous list of software, system, and related problems compiled by Peter Neumann/SRI International. Organized by categories such as space, defense, medical, stock market, elections, insurance, cryptography, etc. Includes related book list, other information. (Also see 'Risks Digest' listed below.)
ARIANE 5 Flight 501 Failure Report by the Inquiry Board - A rare and instructive detailed public analysis of a major software failure - the 1996 launch failure of the new (At the time) Ariane 5 rocket. This is the official report of the inquiry board appointed by the French National Center for Space Studies and the European Space Agency. Also see the article 'Design by Contract: The Lessons of Ariane' which includes a discussion of the code reuse issues brought to light by the Ariane 5 failure.
Risks Digest - Digest of the 'Forum on Risks to the Public in Computers and Related Systems'. Includes latest issue and archives covering software and system problems, vulnerabilities, disasters; based on the comp.risks newsgroup.
SEI Capability Maturity Models - Software Engineering Institute's CMMI web site, with info and documentation downloads on the CMMI models for for Development, Services, Acquisition, People, and Data Management.
CMMI and Agile - Youtube video showing slides of talk by Srinivas Venkataraman - includes discussion of where CMMI-specific goals and pracitces map or do not map to Agile practices.
Construx Software Resources - Site with many useful resources, estimation info and resources, various checklists, and Steve McConnell's 'Software Survival Guide' website.
Software Engineering Resources - Large collection of useful information and links to many other sites and resources, all related to the SW engineering process including agile processes, project planning and management, metrics, risk analysis, programming methods, OO SW engineering, testing, QA, CM. From R.S. Pressman, author of the book 'Software Engineering, A Practitioner's Approach'.
Software Test Coverage Analysis article - Article containing a good discussion of test coverage analysis from Steve Cornett/Bullseye Testing Technology, maker of "C-Cover Test Coverage Analyzer" tool.
Technical Debt - Short article explaining technical debt, by Martin Fowler. Also see his 'Technical Debt Quadrant' article.
Embrace Technical Debt - Article by Eric Ries (author of book 'The Lean Startup') from his Startup Lessons Learned site. Among other things, he discusses how technical debt concerns might vary depending on context. For example when a design or business model has a high likelihood of changing (such as in a startup), technical debt concerns might be moderated compared to more stable contexts. He discusses how to take a disciplined approach to these context variations.
Object-Oriented Concepts - Basics of object-oriented programming concepts, from Oracle's (formerly Sun's) Java site. Good quick intro.
Return to top of resources listings
Manifesto for Agile Software Development - The origin of the 'Agile' approach and the twelve guiding principles of agile software development.
Agile Methodologies - Martin Fowler's online discussion of 'agile' methodologies (XP, Scrum, Crystal, FDD, DSDM, etc.) includes summaries of various approaches as well as reference information, and factors to consider in choosing these approaches.
Agile Testing - Short article on agile testing at the Atlassian web site.
Agile Testing and Quality Strategies: Discipline Over Rhetoric - Introductory agile testing article by Scott Ambler.
Agile Testing - Long article on agile testing at the SmartBear web site.
A Sprint Framework for Testers - Suggested processes and practices to consider for testers in an Agile environment - from a blog post by Conner Roberts.
Agile Testing - Key Success Factors - Chapter 21 from the book 'Agile Testing: A Practical Guide for Testers and Agile Teams' by Lisa Crispin and Janet Gregory; book excerpt provided by InfoQ.
Perils and Pitfalls of Agile Adoption - Article by Matt Heuser at InformIT site, includes discussion of risks such as that agile methods are easy to misunderstand, that it's easy to think you're doing Agile right, and be wrong, and that agile methods make value (or lack of value) visible.
DORA DevOps Quick Check - Free online tool for testers or other agile team personnel who would like to get an idea of how far along their organization's agile/devops processes really are, Google provides a quick method of measuring a team's software delivery performance. Compare it to the rest of the industry by responding to five multiple-choice questions. Compare your team's performance to others, and discover which DevOps capabilities should be a focus for improvement. Results are compared to those in relevant industry categories.
An Uncomfortable Truth about Agile Testing - Article by Jeff Patton on the StickyMinds site about some of the potential difficulties of testing on an Agile project.
Ron Jeffries Site - Agile/Scrum/XP - Large collection of articles and posts from Ron Jeffries about Agile, Scrum, and Extreme Programming, including a discussion of how QA fits into the XP approach, XP Magazine archives, and many testing-related articles with relevance to XP/Scrum/Agile. Also see 'The Rules of Extreme Programming' at the www.extremeprogramming.org web site.
Guide to Continuous Delivery - Large collection of articles on Atlassian (whose products include Jira, Confluence, Bamboo etc) web site with basics of CI/CD including different types of testing, code coverage, branching strategies, etc. Other useful articles are contained in their 'Guide to Agile Development' and their 'The secrets behind story points and agile estimation'.
17 Theses on Software Estimation - Long article by Steve McConnell, author of the book 'Software Estimation - Demystifying The Black Art', related to an ongoing online discussion with Ron Jeffries re the agile-related topic '#NoEstimates'. He covers topics such as 'Responding to change over following a plan does not imply not having a plan', and 'Agility plus predictability is better than agility alone.'
Scrum Basics - Web site of Scrum Alliance with a 'Basics of Scrum in Agile' 11-page pdf covering scrum basics.
Return to top of resources listings
Alister Scott blog - A wide-ranging software testing blog by Alister Scott, with articles mostly related to test automation but also about many other topics including tools, test strategies, code coverage, career development, etc. There is also a newer blog at Substack.
Test Guild - Joe Colantonio's site with a long-running blog, podcasts, interviews, and other resources relevant to test automation.
GTAC - Web site for the Google Test Automation Conferences includes links to past conferences and slides and videos for each, covering years 2006 - 2016. Includes archive of presentations, videos, slides.
How to Grade Your Selenium Tests - Slideshare of a Dave Haefner presentation on how to judge how good/bad your selenium test automation is. Provides good guidance on test automation test design and coding.
7 Deadly Sins of Test Automation - Slideshare by Adrian Smith - the 'seven deadly sins' discussed are a set of common anti-patterns found to erode automation's value, resulting in long term maintenance issues and reducing teams' ability to respond to change and continuously deliver.
Behavior Driven Development (BDD) Basics - Wikipedia article covering the basics of BDD, with examples.
Seven Steps to Test Automation Success - Old but still surprisingly relevant introductory article on considerations in successful automated testing; by Bret Pettichord.
Performance Testing vs. Load Testing vs. Stress Testing - Basics of these types of testing, at the BlazeMeter web site.
Udacity Software Programming Courses - Free and paid Udacity software programming courses online - Courses and Nanodegree Programs.
Test Automation University - Free test automation short courses with videos, transcripts, quizzes, etc., from Applitools. Courses include 'Introduction to Cypress', 'BDD with SpecFlow', 'Introduction to PlayWright', 'Intro to Testing Machine Learning Models', 'Continuous Integration with Jenkins', and many more. Most are in the range of 0.5 to 5 hours.
See other automation-related FAQ's such as 'Will automated testing tools make testing easier?' and 'What's the best way to choose a test automation tool?' in the Less-Frequently-Asked-Questions section.
Return to top of resources listings
How to Test a Mobile Application - Article on general considerations for mobile application testing (web, app and hybrid). Includes a variety of topics, such as 'Which is better – Emulators or simulators'.
Android application testing with the Android test framework - Long tutorial by Lars Vogel re how to test Android apps with different Android testing frameworks. Includes test automation, what/how to test, mocking, more.
Return to top of resources listings
Ultimate Website Launch Checklist - Useful comprehensive checklist that can be useful to help drive testing strategy, by Tom Houdmont.
Web Developer Checklist - Categorized checklist with links to other info/guidelines/tools - provides useful considerations for web testing; also available as a Chrome extension or as an extension for Firefox or Edge.
Evaluating Web Sites for Accessibility - Articles and information on the World Wide Web Consortium web site's 'Web Accessibility Initiative' section on how to assess and test web sites for accessibility issues.
Return to top of resources listings
Web Security Testing Resources
OWASP - The Open Web Application Security Project (OWASP) is dedicated to finding and fighting the causes of insecure software. Everything available in site is free and open source. Includes a book-length free downloadable 'Web Security Testing Guide' that includes a large section on 'Web Application Security Testing'. There is a 'Cheat sheets' section at https://cheatsheetseries.owasp.org/.
WebGoat - A deliberately insecure web application maintained by OWASP designed to teach web application security lessons. You can install and practice with WebGoat. In each lesson, users must demonstrate their understanding of a security issue by exploiting a real vulnerability in the WebGoat applications. For example, in one of the lessons the user must use SQL injection to steal fake credit card numbers. The application aims to provide a realistic teaching environment, providing users with hints and code to further explain the lesson. Written in Java - installs on any platform with a JVM; installers available for Linux, OS X, and Windows. There are over 40 lessons, dealing with Cross-site Scripting (XSS), Access Control, Thread Safety, Hidden Form Field Manipulation, Parameter Manipulation, Weak Session Cookies, SQL Injection, Web Services, Dangers of HTML Comments, etc.
10 Common Web Attacks: Protect Your Website - Common attacks, and the vulnerabilities exploited, are typically the first and weakest link in a site's defense, and are therefore an appropriate focus for initial efforts in shoring up a defense with at least a minimal level of security. Includes discussion of how to prevent the attacks.
SANS Security Resources - Web site of SANS (SysAdmin, Audit, Network, and Security Institute), a cooperative research and education organization for sysadmins, security professionals, and network administrators for sharing lessons learned and solutions. Includes training courses and certifications, a global incident alert network, white papers on security, podcasts, security trends, top security risks, newsletters, pentest tools, forensic tools, cloud security information, and much more.
Common Vulnerabilities and Exposures (CVE) - Searchable, downloadable, and on-the-web 'Common Vulnerabilities and Exposures' list hosted by Mitre Corp. The CVE goal is to standardize the names and identifiers for all publicly known vulnerabilities and security exposures, so that security information can be efficiently shared and handled. Many security test tools are utilizing or planning on utilizing this standardized naming/numbering system. As of 2024 there are more than 240,000 CVE records.
National Vulnerability Database (NVD) - National Vulnerability Database maintained by U.S. National Institute of Standards. The NVD is the CVE dictionary augmented with additional analysis, a database, and a fine-grained search engine. The NVD is a superset of CVE. The NVD is synchronized with CVE such that any updates to CVE appear immediately on the NVD.
Inside the West's Failed Fight Against China's 'Cloud Hopper' Hackers - Article from June 2019 from Reuters about a long term compromise of multiple major companies worldwide, indicating that 'For those that thought the cloud was a panacea, I would say you haven’t been paying attention', according to Mike Rogers, former director of the U.S. National Security Agency.
Common Attack Pattern and Enumeration - CAPEC is a publicly available, community-developed list of common attack patterns (descriptions of common methods for exploiting software systems), with a comprehensive schema and classification taxonomy. By Mitre Corp.
Computer Emergency Response Team site - CERT's internet security web site at SEI; includes a vulnerability database, blogs, publications, tools, training courses; hosted by the Software Engineering Institute at Carnegie Mellon University.
Return to top of resources listings
Articles from the Nielsen Norman Group web site - Articles, templates, guidelines, and more from the Nielsen Norman Group web site re usability/design with such articles as 'USability Testing 101', 'You Are Not the User: The False-Consensus Effect', 'How Users Read on the Web", 'Costs of User Testing', and 'Differences between Print Design and Web Design'.
User Interface Engineering - Web site of User Interface Engineering Inc., founded by Jared M. Spool. Many articles on web site and product usability, such as 'Seven Common Usability Testing Mistakes', 'The Challenge of Identifying UX Success Metrics', '5 Things to Know about Users', and more.
Web Design Best Practices Checklist - Useful checklist from web site of Terry Ann Morris, covers page layout, browser compatibility, navigation, color and graphics, multimedia, content and presentation, functionality, accessibility.
Usability.gov - Web site with a large collection of web usability resources, information, and guidelines. Although the site was developed by the U.S. federal government for use by various federal agencies, the site is a resource available to anyone.