How to Break Software: A Practical Guide to Testing

James A. Whittaker

  • 出版商: Addison Wesley
  • 出版日期: 2002-05-09
  • 售價: $1,530
  • 貴賓價: 9.5$1,454
  • 語言: 英文
  • 頁數: 208
  • 裝訂: Paperback
  • ISBN: 0201796198
  • ISBN-13: 9780201796193
  • 相關分類: 軟體工程軟體測試
  • 立即出貨(限量) (庫存=2)

買這商品的人也買了...

商品描述

How to Break Software takes a very applied and non-rigid approach to teaching how to test software for common bugs. It is a departure from conventional testing in which testers prepare a written test plan and then use it as a script when testing the software. Instead of relying on a rigid plan, it should be intelligence, insight, experience and a “nose for where the bugs are hiding” that guide testers. This book helps testers develop this insight.

The techniques presented in this book not only allow testers to go off-script, they encourage them to do so. Don't blindly follow a document that may be out of date and that was written before the product was even testable. Instead, use your head! Open your eyes! Think a little, test a little and then think a little more.

Table of Contents

Preface.
Dedication.

Chapter Summaries.

 

I. INTRODUCTION.

 

 

1. A Fault Model to Guide Software Testing.

The Purpose of Software Testing.
Understanding Software Behavior.
Understanding Software's Environment.
The Human User.
File System User.
The Operating System User.
The Software User.

Understanding Software's Capabilities.
Testing Input.
Testing Output.
Testing Data.
Testing Competition.

Summary and Conclusion.
Exercises.
References.
 

II. USER INTERFACE ATTACKS.

 

 


2. Testing from the User Interface: Inputs and Outputs.

Using the Fault Model to Guide Testing.
Exploring the Input Domain.
First Attack: Apply inputs that force all the error messages to occur.
Second Attack: Apply inputs that force the software to establish default values.
Third Attack: Explore allowable character sets and data types.
Fourth Attack: Overflow input buffers.
Fifth Attack: Find inputs that may interact and test various combinations of their values.
Sixth Attack: Repeat the same input or series of inputs numerous times.

Exploring Outputs.
Seventh Attack: Force different outputs to be generated for each input.
Eighth Attack: Force invalid outputs to be generated.
Ninth Attack: Force properties of an output to change.
Tenth Attack: Force the screen to refresh.

Conclusion.
Exercises.
References.


3. Testing from the User Interface: Data and Computation.

Testing Inside the Box.
Exploring Stored Data.
Eleventh Attack: Apply inputs using a variety of initial conditions.
Twelfth Attack: Force a data structure to store too many/too few values.
Thirteenth Attack: Investigate alternate ways to modify internal data constraints.

Exploring Computation and Feature Interaction.
Fifteenth Attack: Force a function to call itself recursively.
Sixteenth Attack: Force computation results to be too large or too small.
Seventeenth Attack: Find features that share data or interact poorly.

Conclusion.
Exercises.
 

III. SYSTEM INTERFACE ATTACKS.

 

 


4. Testing from the File System Interface.

Attacking Software from the File System Interface.
Media-based Attacks.
First Attack: Inject faults that simulate memory access problems.
Second Attack: Inject faults that simulate network problems.
Third Attack: Damage the media.

File-based Attacks.
Fourth Attack: Assign an invalid file name.
Fifth Attack: Vary file access permissions.
Sixth Attack: Vary/corrupt file contents.

Exercises.


5. Testing from the Software/OS Interface.

Attacking Software from Software Interfaces.
Record-and-Simulate Attacks.
Observe-and-Fail Attacks.
Conclusion.
Exercises.
 

IV. CONCLUSION.

 

 


6. Some Parting Advice.

You'll Never Know Everything.
Bug Hunts.
Friday Afternoon Bug Fests.
Conclusion.
References.
 

APPENDICES.

 

 


Annotated Glossary of Programming Terms.
Appendix A. Testing Exception and Error Cases Using Runtime Fault Injection.

Introduction.
A Mechanism for Runtime Fault Injection.
Fault Selection.
Conclusions.
Acknowledgments.
References.


Appendix B. Using HEAT: The Hostile Environment Application Tester.

Canned HEAT User Guide.
The Application Band.
The Monitor Band.
Fault Injection Bands and Their Functionality.
The Network Band.
Disk Storage.
Memory.


Appendix C. What is Software Testing? And Why is it so Hard?

Introduction.
The Software Testing Process.
Phase One: Modeling the Software's Environment.
Phase Two: Selecting Test Scenarios.
Phase Three: Running and Evaluating Test Scenarios.
Phase Four: Measuring Testing Progress.
Conclusion.
References.


The Software Testing Problem.

商品描述(中文翻譯)

《如何破解軟體》採用了一種應用性和非嚴格的方法來教授如何測試常見軟體錯誤。這是一種與傳統測試不同的方法,傳統測試中測試人員會準備一份書面測試計劃,然後在測試軟體時按照計劃進行操作。但是,這本書提倡的是不依賴於嚴格的計劃,而是依靠智慧、洞察力、經驗和“發現錯誤藏身之處的直覺”來指導測試人員。這本書幫助測試人員培養這種洞察力。

本書介紹的技巧不僅允許測試人員不按照計劃進行測試,而且鼓勵他們這樣做。不要盲目地遵循可能已經過時且在產品可測試之前就編寫的文件,而是要動腦!睜大眼睛!多思考一點,多測試一點,然後再多思考一點。

目錄

前言
獻辭
章節摘要

第一部分:介紹

第一章:引導軟體測試的錯誤模型

軟體測試的目的
理解軟體行為
理解軟體的環境
人類使用者
文件系統使用者
操作系統使用者
軟體使用者
理解軟體的能力
測試輸入
測試輸出
測試數據
測試競爭
總結和結論
練習
參考文獻

第二部分:使用者界面攻擊

第二章:從使用者界面進行測試:輸入和輸出

使用錯誤模型來指導測試
探索輸入域
第一種攻擊:應用輸入以觸發所有錯誤消息
第二種攻擊:應用輸入以設置默認值
第三種攻擊:探索允許的字符集和數據類型
第四種攻擊:溢出輸入緩衝區
第五種攻擊:找到可能相互作用的輸入,並測試它們的各種組合
第六種攻擊:重複相同的輸入或一系列輸入多次
探索輸出
第七種攻擊:強制每個輸入生成不同的輸出
第八種攻擊:強制生成無效的輸出
第九種攻擊:強制更改輸出的屬性
第十種攻擊:強制屏幕刷新
結論
練習
參考文獻

第三章:從使用者界面進行測試:數據和計算

在盒子內部進行測試
探索存儲的數據
第十一種攻擊:應用具有各種初始條件的輸入
第十二種攻擊:強制數據結構存儲過多或過少的值
第十三種攻擊:研究修改內部數據約束的其他方法
探索計算和功能交互
第十五種攻擊:強制函數遞歸調用自身
第十六種攻擊:強制計算結果過大或過小
第十七種攻擊:找到共享數據或交互不良的功能
結論
練習

第三部分:系統界面攻擊

第四章:從文件系統界面進行測試

從文件系統界面攻擊軟體
基於媒體的攻擊