Please enable JavaScript.
Coggle requires JavaScript to display documents.
3 - Testing your software - Coggle Diagram
3 - Testing your software
Code review (aka peer review)
Fagan inspections
Planning
Inspection
Preparation
Rework
Overview
Follow-up
Static Application Security Testing (SAST)
Dynamic Application Security Testing (DAST)
Synthetic transactions
Scripted transactions with known expected results
Benchmarks
Predefined standards or baseline values against which the performance, efficiency, or effectiveness of a system is measured
Interactive Application Security Testing (IAST)
Perform real-time analysis of runtime behavior, application performance, HTTP(S) traffic, frameworks, components, and backend connections.
Runtime Application Self-Protection (RASP)
Runs on a server and intercepts calls to and from an application and validate data requests
Fuzz Testing
Mutation (Dumb) Fuzzing
Takes previous input values from actual operation of the software and manipulates (or mutates) it to create fuzzed input.
Applies bit flipping: slight changes for the fuzzing
Generational (Intelligent) Fuzzing
Develops data models and creates new fuzzed input based on an understanding of the types of data used by the program
Interface testing
APIs
UI
Network interfaces
Physical interfaces
Misuse Case Testing (aka abuse case testing)
== business logic issue
Test Coverage Analysis
Branch coverage
Condition coverage
Function coverage
Loop coverage
Statement coverage
Website Monitoring
Passive monitoring
Analyze actual network traffic sent to a website
Real User Monitoring (RUM) = track user interactions with the website
Synthetic monitoring (aka active monitoring)
Perform artificial transactions against a website to assess performance.