Please enable JavaScript.
Coggle requires JavaScript to display documents.
4 Quality characteristics for technical testing (PERFUM) (Security Testing…
4 Quality characteristics for technical testing (PERFUM)
general planning issues - factors to consider
organisational considerations
if system components are distributed, need to organise time to test
test environment requirements
production-like environment
scaled-down environment
plan test execution times
data security considerations
date encryption
data anonymization
use prod data as test data may be possible
stakeholder requirements
use current system version as benchmark
elicit NFRs from various stakeholders- customers,users,operations staff,maintenance staff
required tools acquisition and training
estimate cost and time for training
Security Testing Threats
breaking encryption code
man-in-the-middle attack
denial of service
unintended side effects of sw - eg writing temp files to disk
unauthorized copying of data
unauthorized access control
code inserted into web page XSS
buffer overflow
logic bomb
security testing planning
unit, system, integration testing, regular basis
needs approval by TM to conduct 'attacks'
plan and coordinate testing with stakeholders or devs and TAs
improvements to security might affect performance of system
security test specification
gather info
vulnerability scan
develop attack plan
Reliability Testing
Maturity - MTTR, MTBF - SLA
Fault Tolerance
example: disk full, service not available, file not found, out of memory
aka, robustness, error-tolerance
Recoverability
failover tests
load balancing
more than 1 instance of S/W
redundant dissimilar systems
simulate failure in a controlled environment and test failover mechanism
backup and restore tests
evaluate procedures
technical reviews
operational acceptance tests
e.g. time take to perform backups, to restore data, tx data no more than an hr
reliability test planning
continuous reliability monitoring even after go live
reliability growth model
tests should be conducted in a production-like environment
reliability tests require long execution times
some tests may specify memory-intensive actions to locate memory leak issues
performance testing
individual components - CPU cycles
client-based systems - time take to respond to user request
client, server,database - transaction between individual components - bottlenecks
Types: Load Testing, Stress Testing, Scalability Testing
Performance testing planning
operation profiles
resource utilization
evaluate resource usage against a benchmark
dynamic analysis
memory, disk space, network bandwidth, connections