Beruflich Dokumente
Kultur Dokumente
1
Users Use, Testers Test
¾ Any fool can stumble across bugs
– Flailing around hoping to find bugs is a job for
amateurs
– Testers celebrate bugs!
¾ Real testing requires:
– efficiency: finding bugs faster than normal use
– effectiveness: finding bugs that users care about
and that developers will fix
– thoroughness: leaving no stone unturned
2
Software Test Training
¾ Mastery requires the development of:
– Understanding of:
» software
» bugs
» failures
» test techniques
– Intuition concerning:
» correct software behavior
» defective software behavior
» and patterns of both
Understanding Behavior
kernel
Soft-
ware Application Under Test UI
file system
3
59 calls to 29 different functions
(GetTickCount called nearly 700 times)
kernel
any of these calls can succeed or fail
establish
interfaces any of these can fail to initialize
to:
mso9.dll Soft-
user32.dll ware Microsoft® PowerPoint® 2000 invoke UI
gdi32.dll
advapi.dll
comctl32.dll any of these can fail to be read or be corrupt
ole32.dll
file system
opens and closes initialization files, persistent
store, temporary files and working files
Tool Demo
Understanding Behavior
kernel inputs can be stored internally
stored data
Soft-
ware Application Under Test UI
computation
outputs are produced via computation
with inputs and stored data
file system
4
Testing Input Behaviors:
Patterns of Attack
1. Force all error messages to occur
Bug Demo
5
Testing Data Behaviors:
Patterns of Attack
11. Apply inputs using a variety of initial
conditions
12. Force a data structure to store too
many/too few values
13. Investigate alternate ways to modify
internal data constraints
Bug Demo
6
How To Contact James A. Whittaker
Snail Mail
Department of Computer Sciences
150 W. University Boulevard
The End
Melbourne, Florida 32901-6975
E-mail & Web
jw@se.fit.edu
www.howtobreaksoftware.com
Telephone
321 674 - 7638
Fax
Questions? 321 674 - 7046
Comments?
Bug Stories?
References
¾ J. A. Whittaker, How to Break Software
(Addison Wesley, Reading MA, 2002).
¾ J. A. Whittaker, “Software’s invisible
users,” IEEE Software, 18, 3, pp. 84-88
(2001).
¾ J. A. Whittaker and H. H. Thompson,
How to Break Software Security (Addison
Wesley 2003.