Secure Programming: Software Testing Overview

Questions and Answers

What is a functional behavior in the context of secure programming specifications?

Functional behavior describes what the system should do, such as how an online shopping website allows users to add items to their cart.

Identify and explain one desirable attribute of software specifications.

Testable is a desirable attribute that ensures a function can be easily verified, such as being able to check if the app correctly adds two numbers.

What is the primary goal of unit testing in secure programming?

The primary goal of unit testing is to confirm that individual subsystems are correctly coded and perform their intended functions.

Explain what is meant by erroneous behavior in secure programming.

Erroneous behavior refers to how the system should handle errors or unexpected issues, such as displaying an error message when a user logs in with an incorrect password.

How does consistency in software specifications contribute to secure programming?

Consistency ensures that conflicting information is avoided, like stating in one section that users can edit details while another states they cannot.

What is the purpose of creating a test harness in software testing?

A test harness is used to automate the testing process by providing the necessary environment and tools for executing test cases.

How does regression testing ensure software reliability after changes?

Regression testing involves re-executing previously passed test cases to ensure that new changes haven't introduced new errors.

Describe the function of test drivers and test stubs in integration testing.

Test drivers simulate the behavior of missing components, while test stubs provide predefined responses for untested components.

What is a test oracle, and why is it important?

A test oracle is a source of truth for expected outcomes, often established from the first successful test execution.

What steps can be taken to minimize duplicate test cases during the development of test cases?

Cross-checking test cases thoroughly can help identify and eliminate duplicates.

What are the main factors to consider when choosing test cases in black-box testing?

The main factors to consider are the number of possible logical paths, the nature of input data, the amount of computation, and the complexity of algorithms and data structures.

What is the significance of developing test cases during the testing process?

Developing test cases is significant because they provide a structured set of data or situations to exercise the unit being tested and ensure all requirements are met.

Why is it important to create a test oracle before testing begins?

Creating a test oracle before testing is important because it defines the expected results for the test cases, ensuring a clear reference for validation.

What role does analysis play in the first step of the testing process?

Analysis in the first step is crucial for assessing the completeness of requirements to ensure all aspects of the system are covered during testing.

What is one drawback of black-box testing according to the content?

A drawback of black-box testing is that it cannot detect missing use cases or extraneous features not specified in requirements.

How can desk checking source code help during the testing phase?

Desk checking source code can reduce testing time by allowing developers to identify potential errors before formal testing occurs.

What is the purpose of code inspection in the testing process?

The purpose of code inspection is to systematically review the code to find defects and ensure conformance to design specifications.

What does it mean to test for cohesion during the design step of testing?

Testing for cohesion during the design step means ensuring that all components of a module or system work together effectively and are focused on their intended purpose.

What is the primary goal of software testing?

To reveal failures in the software.

Why is it important to assess the quality of software during testing?

To determine the software's performance and ensure user satisfaction.

How can testing clarify the specification of a software program?

Testing can reveal inconsistencies between the actual behavior and the intended specifications.

In what way does testing help teams learn about their program?

It reveals how the program behaves under various conditions.

Explain how testing can verify contracts related to software.

Testing ensures the software adheres to legal standards and user requirements.

Give an example of what could be revealed by testing a banking app.

It might show if alerts are sent for transactions that do not meet specified limits.

What can happen if a shopping website is not tested for high traffic?

It may slow down or crash during peak user activity.

What might be a failure revealed during the testing of a calculator app?

If the app crashes when trying to divide by zero, it indicates a mistake.

What is the goal of integration testing?

The goal of integration testing is to test the interface among subsystems.

What distinguishes system testing from other types of testing?

System testing evaluates the entire system to determine if it meets functional and global requirements.

In acceptance testing, who typically conducts the tests?

Acceptance testing is typically conducted by the client.

What is the significance of incremental coding in unit testing?

Incremental coding, or 'write a little, test a little,' allows developers to identify issues early in the development process.

How does static analysis differ from dynamic analysis?

Static analysis is performed without executing the code, while dynamic analysis involves testing the code during execution.

What types of testing are involved in dynamic analysis?

Dynamic analysis includes black-box testing, white-box testing, and data-structure based testing.

What are the benefits of static analysis in programming?

Static analysis helps find errors early, is quicker, and catches coding standard violations before the code runs.

Why is dynamic analysis necessary in software testing?

Dynamic analysis is necessary to check how the code operates in practice, revealing issues that occur only during execution.

What does the function FindMean calculate in regard to the scores read from a file?

The function FindMean calculates the mean of positive scores read from a file.

In the context of loops, what significance does the while (!EOF(ScoreFile)) condition have?

The while (!EOF(ScoreFile)) condition ensures that the loop continues to read scores until the end of the file is reached.

Identify a situation in which the Mean value would not be calculated in FindMean.

The Mean value would not be calculated if NumberOfScores is 0, indicating no valid scores were found.

What are the two main comparisons discussed in the context of white-box and black-box testing?

White-box testing evaluates the internal workings of a program, while black-box testing assesses its external behavior without knowledge of its internal code.

Explain why the flow diagram is crucial in the context of constructing test cases.

The flow diagram visually represents decision points and possible paths, aiding in identifying which test cases to cover.

What is the outcome when the score dataset is empty in the FindMean function?

When the score dataset is empty, the function will not calculate a mean and will display 'No scores found in file'.

In white-box testing, what challenge arises from the potentially infinite number of paths?

The infinite number of paths poses a challenge as it becomes impractical to test all possible execution routes in a program.

What does the logic flow diagram start and exit with in the given programming context?

The logic flow diagram starts with 'Start' and exits with 'Exit'.

Why is it important to include test cases for both positive and negative scores in the FindMean function?

Including test cases for both positive and negative scores ensures the function behaves correctly under various input scenarios.

What signifies the paths labeled 'f', 'g', and 'h' in the testing logic flow?

'f', 'g', and 'h' signify specific decision outcomes that must be covered by relevant data inputs during testing.

Flashcards

Software Testing Goal: Reveal Failures

Finding mistakes or errors in software by executing code with test data.

Software Testing Goal: Assess Quality

Evaluating the goodness or badness of software, such as speed or user experience.

Testing & Specifications

Ensuring software adheres to its intended function and requirements.

Testing & Program Understanding

Learning about software behavior in different situations.

Testing & Contracts

Verifying compliance with legal regulations and user needs.

Testing Goal

The primary objective of testing a program, which includes identifying errors, evaluating quality, and clarifying specifications and contracts.

Testing Environment

Controlled setting where software is executed with test data.

Test Data

Input values used for testing software by executing code.

Secure Programming Specification

A document that details the desired behavior, error handling, and quality attributes of a software system, like an online shopping cart.

Unit Testing

Testing individual parts (subsystems) of a software program to check if they work as designed.

Functional Behavior

Describes what a software system should do (e.g., calculate, allow users to add products to cart).

Erroneous Behavior

Describes how a software system should react to errors or unexpected situations.

Testable Specification

A specification that is written in a way that clearly shows how different functions of the system can be tested.

Unit Testing

Testing individual units (parts) of a program to see if they work correctly.

Integration Testing

Testing how different parts of a program work together as a group.

System Testing

Testing the whole program to see if it meets requirements and works as planned.

Acceptance Testing

Testing by the customer to see if the program is ready for use.

Static Analysis

Examining the program code without running it to find errors.

Dynamic Analysis

Testing the program by running it with different inputs and looking for errors.

Black-box Testing

Testing a program without knowing its internal logic, just the output from the input.

White-box Testing

Testing a program by understanding and testing its internal logic.

Black-box Testing

Testing software without knowing its internal structure. Focuses on user inputs and expected outputs, not internal code.

Test Case

A specific set of inputs and expected outputs used to test a piece of software

Test Oracle

Predicted output for a test. It tells you what the software should do.

Unit Testing

Testing the smallest individual units or modules of a software program.

Integration Testing

Testing how different parts of a software program work together.

Code Inspection

Examining source code to find errors, flaws, or security vulnerabilities.

Testing Steps

Four stages in the software testing process: measure, decide how to test, create test cases, and oracle prediction.

Combinatorial explosion

A rapid increase in potential test cases due to numerous input combinations.

Loop Structure

A programming construct that repeatedly executes a block of code as long as a certain condition is met.

Unstructured Programming

A programming style that doesn't use structured control statements like loops or conditional statements.

White-box Testing

A software testing technique that examines the internal structure of a program to identify potential errors.

Logic Flow Diagram

A visual representation of the control flow in a program, showing the sequence of steps and decisions.

Test Case Design

The process of creating specific sets of inputs and expected outputs to test a program's functionality.

Finding Mean

Calculating the average value of a set of numbers from a file.

EOF (End of File)

A condition encountered when a program reaches the end of a file while reading its data.

Path Testing

A method in white-box testing that examines all possible execution paths within a program.

Black-box Testing

A software testing technique that examines the functionality of a program without looking at its internal structure.

Testing Continuum

A range of testing approaches, from testing the program's functionality from the outside to examining its internal structure.

Test Harness

A framework or setup designed to facilitate the execution of tests on software.

Test Cases

Specific sets of steps or conditions designed to test a particular feature or functionality of software.

Test Oracle

The expected output or result of a test case.

White-box Testing

Testing that examines the internal workings of a program's code.

Integration Testing

Testing how different parts of a software system work together.

Study Notes

Secure Programming

• Course outline covers topics related to testing software
• Includes testing goals, standards, test suite assessment, effective practices, limits, and complementary approaches.
• Detailed explanation of software testing, including revealing failures, assessing quality, clarifying specifications, learning about the program, and verifying contracts.

Software Testing

• Direct code execution on test data within a controlled environment is a key aspect of testing
• Identifying software flaws and failures is the primary goal.
• Assessing quality, even if difficult to quantify, is essential.
• Ensuring the software meets specifications and is consistent.
• Understanding program behavior under various conditions is critical.
• Feedback to the team, including beyond bug identification, is beneficial.
• Verification of contracts that include customer requirements, legal, and standards is vital to prevent problems.

Goals of Testing

• Revealing failures (errors or mistakes) is a primary goal.
• Assessing software quality is another important aspect.
• Understanding program behavior under various conditions is also vital.
• Clarifying specifications and ensuring consistency with those specifications is important.
• Making sure the software does what it is supposed to do is a key part of testing.

Learn About The Program

• Evaluating software behavior across various conditions is important part of understanding software function.
• Identifying how software behaves under high-load or multiple user interactions needs to be tested.
• Confirming adherence to legal rules and user requirements is a critical component of testing.
• Ensuring confidentiality for critical data sets, like medical data, is essential part of testing.

Specification

• Functional behavior describes what the system should do (e.g., performing tasks).
• Online shopping examples are provided.
• Erroneous behavior describes how the system handles errors or unexpected situations.
• Password errors, for example.
• Quality attributes describe how well the system performs (e.g., speed, security).
• Example includes mobile app loading time and concurrent user capacity

Desirable Attributes

• The specification needs to be comprehensive, describing all tool features.
• Only relevant functionalities should be listed and extraneous features should be excluded.
• Specifications should be unambiguous (clear and explicit).
• The specification should be consistent in its description of actions.
• The specifications must be testable, so that test cases are easily generated.
• The specifications must be accurate in describing how the software works.

Types of Testing

• Unit Testing: Individual subsystems are tested. Developers perform these tests, ensuring that individual parts of the program (like functions in a calculator) operate correctly.

• Integration Testing: Subsystems and the whole system are tested, checking interfaces between these components.

• System Testing: Testing the entire system to check if it meets requirements. Similar to validation testing.

• Acceptance Testing: End-users test the system to check if the software meets expected requirements and is suitable for deployment.

Unit Testing

• Informal: Incremental coding, where you write a little code, then test it. This helps in early error detection and fix.
• Static Analysis: Reading the source code, Code Inspection (formal walkthrough and review of code) and automated tool for detecting errors (syntax, semantic, departure from coding standards).
• Dynamic Analysis: Black-box testing (testing the inputs/outputs of modules), and white-box testing (testing the internal logic and paths of a module using its code). These different approaches for testing modules.

White-box & Black-box

• Dynamic testing checks how the program runs, while Static Analysis focuses on the code, syntax, or structure of the code to identify possible issues.
• Black-box testing evaluates how the code behaves without looking at its underlying structure. It uses inputs and outputs.

Black-Box Testing (Continued)

• Equivalence partitioning: Grouping inputs into similar sets where the test cases generated for one input should work on similar inputs.
• Different types of Black-box tests: Requirements-based, positive/negative scenarios, Boundary value analysis, Decision tables, Equivalence partitioning, State-based Diagrams
• Testing on different browsers, user documentation consistency, and domain-specific testing

White-box Testing

• Focuses on the code structure (thoroughness or coverage), guaranteeing that every part of the program runs as expected
• Four types of white-box testing: Statement Testing, Loop Testing, Path Testing, & Branch Testing

Loop Testing

• Various loop types are tested to verify if loops behave like expected
• Simple loop: Testing if code skips a loop completely
• Nested loop: Checking if functions behave predictably under nested conditions.
• Concatenated loops: Verifying the correct functionality in concatenated loops.
• Unstructured loops: Testing unstructured loops

The 4 Testing Steps

• Selection of what needs to be measured: Evaluating completeness of requirements
• Decision about how testing is conducted: Selecting methods (code inspection, proofs, black/white box testing)
• Developing test cases: Determining test inputs and situations.
• Creating a test oracle: Identifying expected outcomes of tests

Unit-testing Heuristics

• Create unit tests early: Testing components immediately as they are designed.
• Develop minimal test cases for thorough coverage: Finding the fewest number of test cases that exercise all possible paths.
• Cross-check test cases: Identifying and removing duplicated test cases for efficiency.
• Desk checking source code: Reviewing code before actual testing begins.
• Create a test harness: Designing tools to support integration tests
• Describe Oracle: Finding out what the correct or expected output for a test should be.
• Test Case Execution: Running all the test cases.
• Compare test results with expected output: Ensuring that the actual is the same as expected, and making changes to code and rechecking the test cases.

Description

This quiz explores the fundamentals of software testing in the context of secure programming. It covers testing goals, standards, and effective practices, emphasizing the importance of assessing software quality and verifying contracts. Understand how to identify flaws and ensure that software meets specifications.