chapter 17 code review, test data, and code comparison
Post on 21-Dec-2015
240 views
TRANSCRIPT
![Page 1: Chapter 17 Code Review, Test Data, and Code Comparison](https://reader036.vdocuments.us/reader036/viewer/2022062304/56649d565503460f94a33e76/html5/thumbnails/1.jpg)
Chapter 17
Code Review, Test Data, and Code Comparison
![Page 2: Chapter 17 Code Review, Test Data, and Code Comparison](https://reader036.vdocuments.us/reader036/viewer/2022062304/56649d565503460f94a33e76/html5/thumbnails/2.jpg)
Audit Evidence Collection and Evaluation
What was expected to happen / not happen?
What did happen?/not happen? What type of evidence do we have? Is the evidence reliable? What is the exposure and $ of risk
![Page 3: Chapter 17 Code Review, Test Data, and Code Comparison](https://reader036.vdocuments.us/reader036/viewer/2022062304/56649d565503460f94a33e76/html5/thumbnails/3.jpg)
Evidence Collection Techniques
Program Code Review obtain program source-code listings
to evaluate the quality of the program code
Test Data design a sample of data to be
executed by the program Code Comparison
compare two versions of a program’s source or object code to determine if attributes are common
![Page 4: Chapter 17 Code Review, Test Data, and Code Comparison](https://reader036.vdocuments.us/reader036/viewer/2022062304/56649d565503460f94a33e76/html5/thumbnails/4.jpg)
Where Do Program Defects Occur?
Tentative Conclusions a small number of program modules
will have a large number of faults Requirement specifications and
design errors are as prominent as coding errors
Design errors relate to interface problems with users
![Page 5: Chapter 17 Code Review, Test Data, and Code Comparison](https://reader036.vdocuments.us/reader036/viewer/2022062304/56649d565503460f94a33e76/html5/thumbnails/5.jpg)
Objectives of Code Review
Identify erroneous code Identify unauthorized code Identify ineffective code Identify inefficient code Identify nonstandard code
![Page 6: Chapter 17 Code Review, Test Data, and Code Comparison](https://reader036.vdocuments.us/reader036/viewer/2022062304/56649d565503460f94a33e76/html5/thumbnails/6.jpg)
Source-Code Review Methodology
1. Source Code Selection2. Review Programming Standards3. Understand the Program
Specifications4. Obtain Source Code5. Review Programming Language Used6. Review Source Code7. Formulate Flaw Hypotheses
![Page 7: Chapter 17 Code Review, Test Data, and Code Comparison](https://reader036.vdocuments.us/reader036/viewer/2022062304/56649d565503460f94a33e76/html5/thumbnails/7.jpg)
Review Source Code
![Page 8: Chapter 17 Code Review, Test Data, and Code Comparison](https://reader036.vdocuments.us/reader036/viewer/2022062304/56649d565503460f94a33e76/html5/thumbnails/8.jpg)
COBOL Reserved WordsSelect IfRedefines Go ToOpen/Close Go To…
Depending OnFile Status Perform…UntilInvalid Key Search/Search AllAccept InspectDisplay Evaluate…WhenCopy Call
![Page 9: Chapter 17 Code Review, Test Data, and Code Comparison](https://reader036.vdocuments.us/reader036/viewer/2022062304/56649d565503460f94a33e76/html5/thumbnails/9.jpg)
Benefits & Costs of Code Review
Primary Benefit provides a level of detailed knowledge
about a program that auditors will find difficult to acquire using other evidence-collection techniques
Primary Disadvantage Cost
![Page 10: Chapter 17 Code Review, Test Data, and Code Comparison](https://reader036.vdocuments.us/reader036/viewer/2022062304/56649d565503460f94a33e76/html5/thumbnails/10.jpg)
![Page 11: Chapter 17 Code Review, Test Data, and Code Comparison](https://reader036.vdocuments.us/reader036/viewer/2022062304/56649d565503460f94a33e76/html5/thumbnails/11.jpg)
Black-Box Test-Data Design Methods
user interface errors errors in interfacing w/
external systems or databases efficiency problems initialization errors termination errors
![Page 12: Chapter 17 Code Review, Test Data, and Code Comparison](https://reader036.vdocuments.us/reader036/viewer/2022062304/56649d565503460f94a33e76/html5/thumbnails/12.jpg)
Equivalence Partitioning The objective during test-data design
is to select a test-data design element that falls within the class and one that falls outside the class.
![Page 13: Chapter 17 Code Review, Test Data, and Code Comparison](https://reader036.vdocuments.us/reader036/viewer/2022062304/56649d565503460f94a33e76/html5/thumbnails/13.jpg)
Decision Tree for Test-Data Design
![Page 14: Chapter 17 Code Review, Test Data, and Code Comparison](https://reader036.vdocuments.us/reader036/viewer/2022062304/56649d565503460f94a33e76/html5/thumbnails/14.jpg)
White-Box Test-Data Design Methods
Focus is on whether defective execution paths exist in a program
Primary goal is to identify the control structure underlying the code full statement coverage full branch coverage full path coverage
![Page 15: Chapter 17 Code Review, Test Data, and Code Comparison](https://reader036.vdocuments.us/reader036/viewer/2022062304/56649d565503460f94a33e76/html5/thumbnails/15.jpg)
![Page 16: Chapter 17 Code Review, Test Data, and Code Comparison](https://reader036.vdocuments.us/reader036/viewer/2022062304/56649d565503460f94a33e76/html5/thumbnails/16.jpg)
![Page 17: Chapter 17 Code Review, Test Data, and Code Comparison](https://reader036.vdocuments.us/reader036/viewer/2022062304/56649d565503460f94a33e76/html5/thumbnails/17.jpg)
Fig 17-8
![Page 18: Chapter 17 Code Review, Test Data, and Code Comparison](https://reader036.vdocuments.us/reader036/viewer/2022062304/56649d565503460f94a33e76/html5/thumbnails/18.jpg)
![Page 19: Chapter 17 Code Review, Test Data, and Code Comparison](https://reader036.vdocuments.us/reader036/viewer/2022062304/56649d565503460f94a33e76/html5/thumbnails/19.jpg)
![Page 20: Chapter 17 Code Review, Test Data, and Code Comparison](https://reader036.vdocuments.us/reader036/viewer/2022062304/56649d565503460f94a33e76/html5/thumbnails/20.jpg)
Loop Testing Tested as part of a basis path testing
strategy Types of Loops
Simple loops have no other loops embedded within their control structure
Nested loops have other loops embedded within their control structure
![Page 21: Chapter 17 Code Review, Test Data, and Code Comparison](https://reader036.vdocuments.us/reader036/viewer/2022062304/56649d565503460f94a33e76/html5/thumbnails/21.jpg)
![Page 22: Chapter 17 Code Review, Test Data, and Code Comparison](https://reader036.vdocuments.us/reader036/viewer/2022062304/56649d565503460f94a33e76/html5/thumbnails/22.jpg)
Automated Aids Test data/file generators Test capture/playback tools Test coverage/execution path
monitor tools Test drivers/harnesses Test output comparators Static analyzers
![Page 23: Chapter 17 Code Review, Test Data, and Code Comparison](https://reader036.vdocuments.us/reader036/viewer/2022062304/56649d565503460f94a33e76/html5/thumbnails/23.jpg)
Benefits & Costs of Test Data Major Benefit
allows auditors to examine the quality of program code directly
Major Disadvantage often time-consuming and costly
![Page 24: Chapter 17 Code Review, Test Data, and Code Comparison](https://reader036.vdocuments.us/reader036/viewer/2022062304/56649d565503460f94a33e76/html5/thumbnails/24.jpg)
Program Code Comparison Provides some assurance that the
correct version of software is being audited
Provides some assurance that any software used as an audit tool is the correct version of the software
![Page 25: Chapter 17 Code Review, Test Data, and Code Comparison](https://reader036.vdocuments.us/reader036/viewer/2022062304/56649d565503460f94a33e76/html5/thumbnails/25.jpg)
Types of Code Comparison Source-code Comparison
software provides meaningful listing of any discrepancies between two versions of source code
Object-code Comparison software provides listing of any
discrepancies between two versions of source code (does not identify nature and cause of discrepancies)
![Page 26: Chapter 17 Code Review, Test Data, and Code Comparison](https://reader036.vdocuments.us/reader036/viewer/2022062304/56649d565503460f94a33e76/html5/thumbnails/26.jpg)
Benefits & Costs of Code Comparison
Primary Benefit easy was of identifying changes made
to programs neither costly to purchase nor to
execute Primary Cost
does not provide any evidence directly on the quality of the code being compared
![Page 27: Chapter 17 Code Review, Test Data, and Code Comparison](https://reader036.vdocuments.us/reader036/viewer/2022062304/56649d565503460f94a33e76/html5/thumbnails/27.jpg)