TH AM Tutorial

4/30/13 8:30AM

How to Break Software: Robustness

Edition

Presented by:

Dawn Haynes

PerfTestPlus, Inc.

Brought to you by:

340 Corporate Way, Suite 300, Orange Park, FL 32073

888-268-8770 ∙ 904-278-0524 ∙ sqeinfo@sqe.com ∙ www.sqe.com

Dawn Haynes

Dawn Haynes is COO, principal trainer, and consultant for PerfTestPlus, Inc., and a former director of the Association for Software Testing. Dawn’s unique blend of experience, humor, and effectiveness at providing tools and techniques that help students at all levels generate new approaches to common and complex software testing problems has resulted in her international recognition as an elite trainer of testers. She provides consulting services and is a frequent speaker at testing conferences, local groups, and intimate gatherings of testers. Dawn has more than twenty-eight years of experience supporting, administering, developing, and testing software and hardware systems—from small business operations to large corporate enterprises.

1

© 2013 PerfTestPlus, Inc.

© 2013 PerfTestPlus, Inc.

2

© 2013 PerfTestPlus, Inc.

© 2013 PerfTestPlus, Inc.

3

© 2013 PerfTestPlus, Inc.

© 2013 PerfTestPlus, Inc.

4

© 2013 PerfTestPlus, Inc.

© 2013 PerfTestPlus, Inc.

5

© 2013 PerfTestPlus, Inc.

© 2013 PerfTestPlus, Inc.

RandomStrikes

ExploratoryTesting

FaultInjection

BugSafari

ErrorGuessing

6

© 2013 PerfTestPlus, Inc.

© 2013 PerfTestPlus, Inc.

7

© 2013 PerfTestPlus, Inc.

© 2013 PerfTestPlus, Inc.

8

© 2013 PerfTestPlus, Inc.

© 2013 PerfTestPlus, Inc.

Description                Miles

9

© 2013 PerfTestPlus, Inc.

© 2013 PerfTestPlus, Inc.

10

© 2013 PerfTestPlus, Inc.

© 2013 PerfTestPlus, Inc.Ref: How to Break Software - Whittaker

• Directed and focused attempt to evaluate the quality, especially reliability, of a test object by attempting to force specific failures to occur.

Attack

11

© 2013 PerfTestPlus, Inc.

Input Force all error messages to occur

Force software to use default values

Explore data types & character sets

Overflow input buffers

Find interacting inputs

Repeat inputs/sequence

Output

Force different outputs to be generated for same input

Force invalid outputs to be generated

Force output properties to change

Force the screen to be refreshed

Data Apply inputs using a variety of initial conditions

Force a data structure to store too many or too few values

Try to modify alternate data constraints

Computation

Experiment with invalid operand and operator combinations

Exploit recursion

Force computation results to be too large or too small

Find features that share data or interact poorly

Ref: How to Break Software - Whittaker

© 2013 PerfTestPlus, Inc.

12

© 2013 PerfTestPlus, Inc.

© 2013 PerfTestPlus, Inc.

File Fill the file system to capacity

Force media to be busy or unavailable

Damage the media

Assign invalid file name

Vary access permissions

Vary/corrupt file contents

Kernel Restrict or constrain resources like memory, CPU, threading, etc.

Other Software

Make unavailable (uninstall, move or rename files, kill process)

Restrict or block access (disable methods, close ports, etc.)

Concurrency check (execute actions in other interacting software)

Ref: How to Break Software - Whittaker

13

© 2013 PerfTestPlus, Inc.

© 2013 PerfTestPlus, Inc.

• A test design technique where the experience of the tester is used to anticipate what defects might be present in the component or system under test as a result of errors made, and to design tests specifically to expose them.

Error Guessing

14

© 2013 PerfTestPlus, Inc.

Business rules; logic

• Subvert rules• Bend/break logic

Workflows; state models

• Skip steps• Illegal U-turn

• Create zombies• Interacting models

Concurrency • Doing the same thing• Doing different things

Algorithms• Bust sorting logic

• Trick search operations• Subvert parsing schemes

© 2013 PerfTestPlus, Inc.

15

© 2013 PerfTestPlus, Inc.

© 2013 PerfTestPlus, Inc.

16

© 2013 PerfTestPlus, Inc.

© 2013 PerfTestPlus, Inc.

17

© 2013 PerfTestPlus, Inc.

© 2013 PerfTestPlus, Inc.

18

© 2013 PerfTestPlus, Inc.

© 2013 PerfTestPlus, Inc.

19

© 2013 PerfTestPlus, Inc.

© 2013 PerfTestPlus, Inc.

• Testing to determine the robustness of the software product.

Robustness Testing

• The process of testing to determine the reliability of a software product.

Reliability Testing

• An attribute of a component or system specified or implied by requirements documentation (for example reliability, usability or design constraints). [After IEEE 1008]

Feature

Source: ISTQB Glossary, 2007

20

© 2013 PerfTestPlus, Inc.Source: ISTQB Glossary, 2007

• Confirmation by examination and through provision of objective evidence that the requirements for a specific intended use or application have been fulfilled. [ISO 9000]

Validation

• The capability of the software product to maintain a specified level of performance in cases of software faults (defects) or of infringement of its specified interface. [ISO 9126] See also reliability, robustness.

Fault Tolerance

© 2013 PerfTestPlus, Inc.

21

© 2013 PerfTestPlus, Inc.

© 2013 PerfTestPlus, Inc.

22

© 2013 PerfTestPlus, Inc.

© 2013 PerfTestPlus, Inc.

23

© 2013 PerfTestPlus, Inc.

© 2013 PerfTestPlus, Inc.

24

© 2013 PerfTestPlus, Inc.

© 2013 PerfTestPlus, Inc.

25

© 2013 PerfTestPlus, Inc.Source: ISTQB Glossary, 2007

© 2013 PerfTestPlus, Inc.

The ability of software to deliver value during normal use without stressing out

users (or failing)

Robustness

The ability of software to The ability of software to deliver value consistently –throughout the longevity,

intermittence, or frequency of interactions

Reliability