how to break software: robustness edition
Post on 20-Jan-2015
60 Views
Preview:
DESCRIPTION
TRANSCRIPT
TH AM Tutorial
4/30/13 8:30AM
How to Break Software: Robustness
Edition
Presented by:
Dawn Haynes
PerfTestPlus, Inc.
Brought to you by:
340 Corporate Way, Suite 300, Orange Park, FL 32073
888-268-8770 ∙ 904-278-0524 ∙ sqeinfo@sqe.com ∙ www.sqe.com
Dawn Haynes
Dawn Haynes is COO, principal trainer, and consultant for PerfTestPlus, Inc., and a former director of the Association for Software Testing. Dawn’s unique blend of experience, humor, and effectiveness at providing tools and techniques that help students at all levels generate new approaches to common and complex software testing problems has resulted in her international recognition as an elite trainer of testers. She provides consulting services and is a frequent speaker at testing conferences, local groups, and intimate gatherings of testers. Dawn has more than twenty-eight years of experience supporting, administering, developing, and testing software and hardware systems—from small business operations to large corporate enterprises.
1
© 2013 PerfTestPlus, Inc.
© 2013 PerfTestPlus, Inc.
2
© 2013 PerfTestPlus, Inc.
© 2013 PerfTestPlus, Inc.
3
© 2013 PerfTestPlus, Inc.
© 2013 PerfTestPlus, Inc.
4
© 2013 PerfTestPlus, Inc.
© 2013 PerfTestPlus, Inc.
5
© 2013 PerfTestPlus, Inc.
© 2013 PerfTestPlus, Inc.
RandomStrikes
ExploratoryTesting
FaultInjection
BugSafari
ErrorGuessing
6
© 2013 PerfTestPlus, Inc.
© 2013 PerfTestPlus, Inc.
7
© 2013 PerfTestPlus, Inc.
© 2013 PerfTestPlus, Inc.
8
© 2013 PerfTestPlus, Inc.
© 2013 PerfTestPlus, Inc.
Description Miles
9
© 2013 PerfTestPlus, Inc.
© 2013 PerfTestPlus, Inc.
10
© 2013 PerfTestPlus, Inc.
© 2013 PerfTestPlus, Inc.Ref: How to Break Software - Whittaker
• Directed and focused attempt to evaluate the quality, especially reliability, of a test object by attempting to force specific failures to occur.
Attack
11
© 2013 PerfTestPlus, Inc.
Input Force all error messages to occur
Force software to use default values
Explore data types & character sets
Overflow input buffers
Find interacting inputs
Repeat inputs/sequence
Output
Force different outputs to be generated for same input
Force invalid outputs to be generated
Force output properties to change
Force the screen to be refreshed
Data Apply inputs using a variety of initial conditions
Force a data structure to store too many or too few values
Try to modify alternate data constraints
Computation
Experiment with invalid operand and operator combinations
Exploit recursion
Force computation results to be too large or too small
Find features that share data or interact poorly
Ref: How to Break Software - Whittaker
© 2013 PerfTestPlus, Inc.
12
© 2013 PerfTestPlus, Inc.
© 2013 PerfTestPlus, Inc.
File Fill the file system to capacity
Force media to be busy or unavailable
Damage the media
Assign invalid file name
Vary access permissions
Vary/corrupt file contents
Kernel Restrict or constrain resources like memory, CPU, threading, etc.
Other Software
Make unavailable (uninstall, move or rename files, kill process)
Restrict or block access (disable methods, close ports, etc.)
Concurrency check (execute actions in other interacting software)
Ref: How to Break Software - Whittaker
13
© 2013 PerfTestPlus, Inc.
© 2013 PerfTestPlus, Inc.
• A test design technique where the experience of the tester is used to anticipate what defects might be present in the component or system under test as a result of errors made, and to design tests specifically to expose them.
Error Guessing
14
© 2013 PerfTestPlus, Inc.
Business rules; logic
• Subvert rules• Bend/break logic
Workflows; state models
• Skip steps• Illegal U-turn
• Create zombies• Interacting models
Concurrency • Doing the same thing• Doing different things
Algorithms• Bust sorting logic
• Trick search operations• Subvert parsing schemes
© 2013 PerfTestPlus, Inc.
15
© 2013 PerfTestPlus, Inc.
© 2013 PerfTestPlus, Inc.
16
© 2013 PerfTestPlus, Inc.
© 2013 PerfTestPlus, Inc.
17
© 2013 PerfTestPlus, Inc.
© 2013 PerfTestPlus, Inc.
18
© 2013 PerfTestPlus, Inc.
© 2013 PerfTestPlus, Inc.
19
© 2013 PerfTestPlus, Inc.
© 2013 PerfTestPlus, Inc.
• Testing to determine the robustness of the software product.
Robustness Testing
• The process of testing to determine the reliability of a software product.
Reliability Testing
• An attribute of a component or system specified or implied by requirements documentation (for example reliability, usability or design constraints). [After IEEE 1008]
Feature
Source: ISTQB Glossary, 2007
20
© 2013 PerfTestPlus, Inc.Source: ISTQB Glossary, 2007
• Confirmation by examination and through provision of objective evidence that the requirements for a specific intended use or application have been fulfilled. [ISO 9000]
Validation
• The capability of the software product to maintain a specified level of performance in cases of software faults (defects) or of infringement of its specified interface. [ISO 9126] See also reliability, robustness.
Fault Tolerance
© 2013 PerfTestPlus, Inc.
21
© 2013 PerfTestPlus, Inc.
© 2013 PerfTestPlus, Inc.
22
© 2013 PerfTestPlus, Inc.
© 2013 PerfTestPlus, Inc.
23
© 2013 PerfTestPlus, Inc.
© 2013 PerfTestPlus, Inc.
24
© 2013 PerfTestPlus, Inc.
© 2013 PerfTestPlus, Inc.
25
© 2013 PerfTestPlus, Inc.Source: ISTQB Glossary, 2007
© 2013 PerfTestPlus, Inc.
The ability of software to deliver value during normal use without stressing out
users (or failing)
Robustness
The ability of software to The ability of software to deliver value consistently –throughout the longevity,
intermittence, or frequency of interactions
Reliability
top related