Secure Programming: Testing Methods

Questions and Answers

What is the primary goal of software testing?

To reduce development costs

To assess market demand

To reveal failures (correct)

To increase the software's functionality

Which type of testing focuses on individual subsystems and is typically performed by developers?

Unit Testing (correct)

Acceptance Testing

Integration Testing

System Testing

What does system testing primarily determine?

If the system meets the functional and global requirements (correct)

Whether the software is easy to maintain

If the software is user-friendly

The total number of bugs in the code

What is the role of acceptance testing?

To evaluate the system delivered by developers and ensure it meets client expectations

What is one important aspect of testing related to specifications?

Testing can prove either the specification or the program to be wrong

What is the primary goal of implementing a system on a trial basis?

To demonstrate that the system meets customer requirements

What does black-box testing primarily focus on?

The input/output behavior of the module

Which type of analysis involves reading source code and checking for errors?

Static Analysis

What approach is typically used in static analysis to ensure quality?

Conducting a code inspection meeting

How does equivalence partitioning help in black-box testing?

By reducing the number of test cases through classifying inputs

Which of the following statements about dynamic analysis is true?

It tests the internal logic of the program.

What is a characteristic of unit testing?

It typically involves incremental coding and testing.

Which of the following describes a limitation of black-box testing?

It is unable to account for all possible test cases.

What will the program print if no scores are found in the ScoreFile?

No scores found in file

In the logic flow diagram, what does 'F' signify in the branching paths?

False condition leading to another decision

What must be true for the path to continue past node 2 in the flow diagram?

At least one score must be present

Which of the following is a key characteristic of white-box testing?

Internal logic of the code is examined

What type of path does the flow of the program take if a score file is empty?

The program will reach the exit point directly

In determining test cases, what condition checks for negative scores?

Condition node e

What does the term 'extreme testing' imply in the context of testing methods?

Testing under maximum operational limits

What must the program do when encountering a positive score while reading the ScoreFile?

Accumulate it towards the sum of scores

Why is white-box testing considered necessary alongside black-box testing?

It ensures that all paths and conditions are checked

Which step occurs after reading a score in the loop until EOF?

Compare the score to 0

What does an oracle in software testing contain?

Predicted results for a set of test cases

Which type of testing focuses on examining the functionality of the software without looking at the internal workings?

Black-box testing

What is a key feature of unit testing?

It examines individual components or functions.

Which testing strategy is primarily focused on large-scale integration of system components?

Integration testing

What should a secure programming strategy include regarding testing?

A specified set of test cases written down

What is the purpose of proofs in the context of software testing?

To validate the design against requirements

Which of the following is NOT a type of testing mentioned?

Feature testing

What does code inspection primarily focus on?

Reviewing the code for errors or defects

What is the primary goal when developing test cases?

To find the minimal number of test cases needed

What should be done every time a change is made?

Re-execute test cases

What is a common challenge in regression testing?

Maintaining a balance between performance and thoroughness

What is essential for ensuring no duplication in test cases?

Cross-checking the test cases

What should be compared to assess the success of test execution?

The results of tests with the test oracle

Why is covering multiple paths important in testing?

To ensure comprehensive error detection

How can test cases be executed efficiently?

By categorizing them into high, medium, and low priority

What is a significant consequence of insufficient regression testing?

Undetected bugs in new and old features

What does white-box testing primarily focus on?

The internal implementation of the software

Which of the following is a limitation of black-box testing?

It may not detect extraneous use cases

What must be selected first in the four steps of testing?

Select what has to be measured

In the context of black-box testing, what does 'combinatorial explosion' refer to?

The exponential growth of possible test cases

Why might white-box testing fail to detect certain errors?

It cannot detect missing use cases

Which of the following statements about test cases is true?

Test cases are a set of inputs and expected results

What is a critical aspect of developing test cases?

Understanding the code being tested

What does the analysis phase of testing typically assess?

The completeness of requirements

Which aspect is NOT considered in black-box testing?

Internal code structure

What is a key focus area for black-box testing?

Functional specifications and requirements

Study Notes

Secure Programming

• Course Instructor: Dr. Haroon Mahmood
• Institution: Al-Ain University, UAE

Outline

• What is testing?: Includes why testing is performed

• Testing Standards: Specifications for behavior and quality

• Selecting Good Tests: Methods like functional (black-box) and structural (white-box) testing

• Assessing Test Suites: Testing techniques including coverage, mutation, capture/recapture

• Effective Testing Practices: Different testing levels (unit, integration, system) along with lifecycle and metrics integration

• Limits of Testing: Discusses complementary approaches, inspections, static and dynamic analysis

• Software Testing: Direct execution of code on test data within a controlled environment

  • Goals of testing: revealing failures, assessing quality, clarifying specifications, learning about the program, and verifying contracts.

• Specification: Contains functional behavior, erroneous behavior, and quality attributes. Desirable attributes include completeness, minimal, unambiguous, consistent, testable, correct, and representing end-user needs.

• Types of Testing:

  • Unit Testing: Individual subsystems, performed by developers to verify functionality.
  • Integration Testing: Testing interactions between subsystems (classes), leading to complete system testing.
  • System Testing: The entire system is tested to ensure it meets required functionalities and global requirements. Terminology: System testing = validation testing
  • Acceptance Testing: The system is evaluated by the client, may involve trial transactions, and ensures it meets customer needs. Two kinds of Acceptance Testing.

• Unit Testing:

  • Informal: Incremental coding with "write a little, test a little" approach.
  • Static Analysis: Reading the source code, walk-throughs, and code inspections using automated tools for errors.
  • Dynamic Analysis: Black-box testing (input/output behavior), white-box testing (internal logic), and data-structure based testing.

• Black-box Testing:

  • Focus: input/output behavior (predicting output for an input).
  • Goal: Reduce test cases
  • Equivalence Partitioning: Divides input conditions into classes

• Continues blackbox testing:

  • Equivalence class selection (no rules, only guidelines) – inputs are valid across a range of values—select test cases below, within, and above the range; also input is valid discrete value.

• Black-box Testing (Continued):

  • Solutions to select limited amount of test cases
  • Another method of selecting cases: understanding the inner workings of the unit being tested (white-box testing)

• Types of black-box testing:

  • Requirements based, Positive/negative, Good/bad results, Boundary value analysis, decision tables, equivalence partitioning, state-based diagrams (based on object), compatibility testing, user documentation testing, and domain testing.

• White-box Testing:

  • Focus: Thoroughness (coverage). Every statement is executed at least once.
  • Four types include statement, loop, path, and branch testing.

• White-box Testing (Continued)

  • Statement testing: test single statements.
  • Loop testing: executing loops completely, exactly once, or more than once.
  • Path testing: verifying all paths in a program are executed.
  • Branch testing: making sure all outcomes from conditions are tested.

• Example of white-box testing:

  • A programming example, showing how code works, and how to create a flow-chart for it

• Constructing the Logic Flow: Flow charts of logic and branching.

• Finding the Test Cases: How to create test cases based on a logical flow-chart

• Comparison of White & Black Box Testing:

  • Both are necessary. -White-box testing focuses on the internal structures and paths, potentially missed scenarios; black-box testing focuses on the inputs and outputs, may not find every error -White-box is often more difficult; black-box often has more test cases

• The 4 Testing Steps: Selecting what to measure (analysis, completeness, design, and implementation of code tests); deciding on testing methods (code inspection, proofs, etc.); developing test cases; and creating the test oracles (prediction of results).

• Unit-testing Heuristics: Creating, verifying, and checking for duplicates

Description

This quiz covers essential concepts in secure programming focusing on various testing methods. You will learn about testing standards, the significance of selecting effective tests, and the assessment of test suites. Delve into the limits of testing and explore software testing practices crucial for ensuring code quality.