Secure Programming: Testing Methods

Questions and Answers

What is the primary goal of software testing?

• To reduce development costs
• To assess market demand
• To reveal failures (correct)
• To increase the software's functionality

Which type of testing focuses on individual subsystems and is typically performed by developers?

• Unit Testing (correct)
• Acceptance Testing
• Integration Testing
• System Testing

What does system testing primarily determine?

• If the system meets the functional and global requirements (correct)
• Whether the software is easy to maintain
• If the software is user-friendly
• The total number of bugs in the code

What is the role of acceptance testing?

To evaluate the system delivered by developers and ensure it meets client expectations (B)

What is one important aspect of testing related to specifications?

Testing can prove either the specification or the program to be wrong (D)

What is the primary goal of implementing a system on a trial basis?

To demonstrate that the system meets customer requirements (B)

What does black-box testing primarily focus on?

The input/output behavior of the module (D)

Which type of analysis involves reading source code and checking for errors?

Static Analysis (C)

What approach is typically used in static analysis to ensure quality?

Conducting a code inspection meeting (A)

How does equivalence partitioning help in black-box testing?

By reducing the number of test cases through classifying inputs (B)

Which of the following statements about dynamic analysis is true?

It tests the internal logic of the program. (B)

What is a characteristic of unit testing?

It typically involves incremental coding and testing. (A)

Which of the following describes a limitation of black-box testing?

It is unable to account for all possible test cases. (C)

What will the program print if no scores are found in the ScoreFile?

No scores found in file (D)

In the logic flow diagram, what does 'F' signify in the branching paths?

False condition leading to another decision (D)

What must be true for the path to continue past node 2 in the flow diagram?

At least one score must be present (A)

Which of the following is a key characteristic of white-box testing?

Internal logic of the code is examined (A)

What type of path does the flow of the program take if a score file is empty?

The program will reach the exit point directly (D)

In determining test cases, what condition checks for negative scores?

Condition node e (B)

What does the term 'extreme testing' imply in the context of testing methods?

Testing under maximum operational limits (D)

What must the program do when encountering a positive score while reading the ScoreFile?

Accumulate it towards the sum of scores (C)

Why is white-box testing considered necessary alongside black-box testing?

It ensures that all paths and conditions are checked (C)

Which step occurs after reading a score in the loop until EOF?

Compare the score to 0 (D)

What does an oracle in software testing contain?

Predicted results for a set of test cases (A)

Which type of testing focuses on examining the functionality of the software without looking at the internal workings?

Black-box testing (D)

What is a key feature of unit testing?

It examines individual components or functions. (B)

Which testing strategy is primarily focused on large-scale integration of system components?

Integration testing (D)

What should a secure programming strategy include regarding testing?

A specified set of test cases written down (C)

What is the purpose of proofs in the context of software testing?

To validate the design against requirements (A)

Which of the following is NOT a type of testing mentioned?

Feature testing (A)

What does code inspection primarily focus on?

Reviewing the code for errors or defects (D)

What is the primary goal when developing test cases?

To find the minimal number of test cases needed (A)

What should be done every time a change is made?

Re-execute test cases (D)

What is a common challenge in regression testing?

Maintaining a balance between performance and thoroughness (B)

What is essential for ensuring no duplication in test cases?

Cross-checking the test cases (A)

What should be compared to assess the success of test execution?

The results of tests with the test oracle (B)

Why is covering multiple paths important in testing?

To ensure comprehensive error detection (D)

How can test cases be executed efficiently?

By categorizing them into high, medium, and low priority (B)

What is a significant consequence of insufficient regression testing?

Undetected bugs in new and old features (C)

What does white-box testing primarily focus on?

The internal implementation of the software (A)

Which of the following is a limitation of black-box testing?

It may not detect extraneous use cases (D)

What must be selected first in the four steps of testing?

Select what has to be measured (A)

In the context of black-box testing, what does 'combinatorial explosion' refer to?

The exponential growth of possible test cases (A)

Why might white-box testing fail to detect certain errors?

It cannot detect missing use cases (D)

Which of the following statements about test cases is true?

Test cases are a set of inputs and expected results (B)

What is a critical aspect of developing test cases?

Understanding the code being tested (D)

What does the analysis phase of testing typically assess?

The completeness of requirements (D)

Which aspect is NOT considered in black-box testing?

Internal code structure (D)

What is a key focus area for black-box testing?

Functional specifications and requirements (C)

Flashcards

Software Testing

Direct execution of code against test data to uncover flaws in a controlled environment.

Unit Testing

Testing individual units (subsystems/codes) for correct functionality. Done by developers.

Integration Testing

Testing the interaction between different units (subsystems) to ensure they work together correctly. Done by developers.

System Testing

Testing the entire software system to ensure it meets all requirements (functional and overall). Done by developers.

Acceptance Testing

Final testing done by the client to verify the software meets their needs and expectations.

Unit Testing

Testing individual units (subsystems or code) for correct functionality, performed by developers.

Static Analysis

Examining code without running it to find errors, such as syntax problems or coding standard violations. Tools and manual inspections are used.

Dynamic Analysis

Testing the code by executing it with real inputs to observe results and verify correctness. Different types include black-box and white-box testing.

Black-box Testing

Testing a system's functionality without any knowledge of the internal code structure. Focuses on inputs and outputs.

Equivalence Partitioning

Dividing input values into groups (equivalence classes) to reduce the number of test cases needed by picking one valid example from each class.

Test Cases

Specific set of inputs and expected outputs used in testing a program; used in black-box & white-box testing.

Validation Testing

Ensuring that a system meets the specified requirements and specifications. It checks how well the system meets specifications.

Trial Basis Implementation

Executing typical transactions with a system on-site, testing feasibility and customer requirements.

White-box Testing

A software testing method that examines the internal structure and workings of a program to find defects.

Logic Flow Diagram

A graphical representation of the sequence of steps or decisions in a program.

Test Case

A set of inputs, execution conditions, and expected outcomes designed to test a specific aspect of the software.

Path Testing

A white-box testing technique that focuses on verifying all possible paths or routes through the program's code.

Secure Programming

The practice of developing software systems with security in mind.

SumOfScores

Variable used to store the total score from a file.

NumberOfScores

Variable storing the count of valid scores in a file.

FindMean Function

A function to calculate and display mean score from a file.

Black-box Testing

A software testing method focused on the functionality of a program without examining its internal structure or design.

Testing Continuum

The range of testing methods, from white-box to black-box testing.

Test Oracle

Contains predicted results for a set of test cases, used in testing.

Code Inspection

A way to test code by examining the code itself, not running it, to find issues.

Proofs (Design by Contract)

A testing method in software engineering using predicted results and sets of test cases to validate functionality.

Black-box Testing

Testing software by only examining its input and output from an outside perspective.

White-box Testing

Testing inside a piece of software to see how it works.

Integration Testing Strategy

A plan for testing how different parts of software work together.

Unit-testing Heuristics

Guidelines for creating effective unit tests.

Create Unit Tests

Developing tests to check if individual units of software work correctly.

Minimal Test Cases

Finding the fewest test cases that cover as many paths as possible in software testing.

Execute Test Cases

Running the created test cases to check if the software works as expected.

Eliminate Duplicates

Identifying and removing repeated test cases to save time and effort during testing.

Test Oracle

The expected result of a test case, used to compare against the actual results.

Regression Testing

Re-executing test cases after code changes to ensure existing functionalities are not broken.

Cross-check Test Cases

Verifying the test cases for completeness and accuracy by examining them alongside other tests.

Test Case Goal

Ensuring the system operates correctly, covering as many potential issues as possible.

Code Change Impact

Re-executing test cases after every code modification to verify the impact on existing functionality.

White-box testing

A software testing method that focuses on the internal structure and logic of the code, rather than the external behavior and requirements.

Black-box testing

A software testing method that focuses on the functionality of the software without examining the internal structure or implementation details.

Test case

A set of input values, execution conditions and expected results to test a specific aspect of the software.

Test data

The input values used during software testing to evaluate the program responses.

Test Selection

The process of choosing relevant test cases for testing.

Test Completeness

Ensuring comprehensive testing satisfying all requirements and use cases.

Combinatorial explosion

The rapid increase in the number of test cases when dealing with a lot of input combinations.

4 Testing Steps

A systematic procedure with 4 steps: select, create, develop, and execute test cases to measure the software.

Test case analysis

Evaluating test cases to ensure thorough coverage and validity.

Software Testing

The process of evaluating a software product to discover defects and assess its quality, using test cases.

Study Notes

Secure Programming

• Course Instructor: Dr. Haroon Mahmood
• Institution: Al-Ain University, UAE

Outline

• What is testing?: Includes why testing is performed

• Testing Standards: Specifications for behavior and quality

• Selecting Good Tests: Methods like functional (black-box) and structural (white-box) testing

• Assessing Test Suites: Testing techniques including coverage, mutation, capture/recapture

• Effective Testing Practices: Different testing levels (unit, integration, system) along with lifecycle and metrics integration

• Limits of Testing: Discusses complementary approaches, inspections, static and dynamic analysis

• Software Testing: Direct execution of code on test data within a controlled environment

  • Goals of testing: revealing failures, assessing quality, clarifying specifications, learning about the program, and verifying contracts.

• Specification: Contains functional behavior, erroneous behavior, and quality attributes. Desirable attributes include completeness, minimal, unambiguous, consistent, testable, correct, and representing end-user needs.

• Types of Testing:

  • Unit Testing: Individual subsystems, performed by developers to verify functionality.
  • Integration Testing: Testing interactions between subsystems (classes), leading to complete system testing.
  • System Testing: The entire system is tested to ensure it meets required functionalities and global requirements. Terminology: System testing = validation testing
  • Acceptance Testing: The system is evaluated by the client, may involve trial transactions, and ensures it meets customer needs. Two kinds of Acceptance Testing.

• Unit Testing:

  • Informal: Incremental coding with "write a little, test a little" approach.
  • Static Analysis: Reading the source code, walk-throughs, and code inspections using automated tools for errors.
  • Dynamic Analysis: Black-box testing (input/output behavior), white-box testing (internal logic), and data-structure based testing.

• Black-box Testing:

  • Focus: input/output behavior (predicting output for an input).
  • Goal: Reduce test cases
  • Equivalence Partitioning: Divides input conditions into classes

• Continues blackbox testing:

  • Equivalence class selection (no rules, only guidelines) – inputs are valid across a range of values—select test cases below, within, and above the range; also input is valid discrete value.

• Black-box Testing (Continued):

  • Solutions to select limited amount of test cases
  • Another method of selecting cases: understanding the inner workings of the unit being tested (white-box testing)

• Types of black-box testing:

  • Requirements based, Positive/negative, Good/bad results, Boundary value analysis, decision tables, equivalence partitioning, state-based diagrams (based on object), compatibility testing, user documentation testing, and domain testing.

• White-box Testing:

  • Focus: Thoroughness (coverage). Every statement is executed at least once.
  • Four types include statement, loop, path, and branch testing.

• White-box Testing (Continued)

  • Statement testing: test single statements.
  • Loop testing: executing loops completely, exactly once, or more than once.
  • Path testing: verifying all paths in a program are executed.
  • Branch testing: making sure all outcomes from conditions are tested.

• Example of white-box testing:

  • A programming example, showing how code works, and how to create a flow-chart for it

• Constructing the Logic Flow: Flow charts of logic and branching.

• Finding the Test Cases: How to create test cases based on a logical flow-chart

• Comparison of White & Black Box Testing:

  • Both are necessary. -White-box testing focuses on the internal structures and paths, potentially missed scenarios; black-box testing focuses on the inputs and outputs, may not find every error -White-box is often more difficult; black-box often has more test cases

• The 4 Testing Steps: Selecting what to measure (analysis, completeness, design, and implementation of code tests); deciding on testing methods (code inspection, proofs, etc.); developing test cases; and creating the test oracles (prediction of results).

• Unit-testing Heuristics: Creating, verifying, and checking for duplicates

Description

This quiz covers essential concepts in secure programming focusing on various testing methods. You will learn about testing standards, the significance of selecting effective tests, and the assessment of test suites. Delve into the limits of testing and explore software testing practices crucial for ensuring code quality.