2 cissp ® Official Study Guide Eighth Edition



Download 19,3 Mb.
Pdf ko'rish
bet828/881
Sana08.04.2023
Hajmi19,3 Mb.
#925879
1   ...   824   825   826   827   828   829   830   831   ...   881
Bog'liq
(CISSP) Mike Chapple, James Michael Stewart, Darril Gibson - CISSP Official Study Guide-Sybex (2018)

 Software Testing 
As part of the development process, your organization should thoroughly test any software 
before distributing it internally (or releasing it to market). The best time to address testing 
is as the modules are designed. In other words, the mechanisms you use to test a product 
and the data sets you use to explore that product should be designed in parallel with the 
product itself. Your programming team should develop special test suites of data that exer-
cise all paths of the software to the fullest extent possible and know the correct resulting 
outputs beforehand. 
One of the tests you should perform is a
reasonableness check
. The reasonableness check 
ensures that values returned by software match specifi ed criteria that are within reasonable 

892
Chapter 20 

Software Development Security
bounds. For example, a routine that calculated optimal weight for a human being and 
returned a value of 612 pounds would certainly fail a reasonableness check!
Furthermore, while conducting software testing, you should check how the product 
handles normal and valid input data, incorrect types, out-of-range values, and other 
bounds and/or conditions. Live workloads provide the best stress testing possible. However, 
you should not use live or actual field data for testing, especially in the early development 
stages, since a flaw or error could result in the violation of integrity or confidentiality of the 
test data.
When testing software, you should apply the same rules of separation of duties that you 
do for other aspects of your organization. In other words, you should assign the testing of 
your software to someone other than the programmer(s) who developed the code to avoid a 
conflict of interest and assure a more secure and functional finished product. When a third 
party tests your software, you have a greater likelihood of receiving an objective and non-
biased examination. The third-party test allows for a broader and more thorough test and 
prevents the bias and inclinations of the programmers from affecting the results of the test.
You can use three software testing methods:

Download 19,3 Mb.

Do'stlaringiz bilan baham:
1   ...   824   825   826   827   828   829   830   831   ...   881



Ma'lumotlar bazasi mualliflik huquqi bilan himoyalangan ©hozir.org 2024
ma'muriyatiga murojaat qiling
kiriting | ro'yxatdan o'tish
    Bosh sahifa
юртда тантана
Боғда битган
Бугун юртда
Эшитганлар жилманглар
Эшитмадим деманглар
битган бодомлар
Yangiariq tumani
qitish marakazi
Raqamli texnologiyalar
ilishida muhokamadan
tasdiqqa tavsiya
tavsiya etilgan
iqtisodiyot kafedrasi
steiermarkischen landesregierung
asarlaringizni yuboring
o'zingizning asarlaringizni
Iltimos faqat
faqat o'zingizning
steierm rkischen
landesregierung fachabteilung
rkischen landesregierung
hamshira loyihasi
loyihasi mavsum
faolyatining oqibatlari
asosiy adabiyotlar
fakulteti ahborot
ahborot havfsizligi
havfsizligi kafedrasi
fanidan bo’yicha
fakulteti iqtisodiyot
boshqaruv fakulteti
chiqarishda boshqaruv
ishlab chiqarishda
iqtisodiyot fakultet
multiservis tarmoqlari
fanidan asosiy
Uzbek fanidan
mavzulari potok
asosidagi multiservis
'aliyyil a'ziym
billahil 'aliyyil
illaa billahil
quvvata illaa
falah' deganida
Kompyuter savodxonligi
bo’yicha mustaqil
'alal falah'
Hayya 'alal
'alas soloh
Hayya 'alas
mavsum boyicha

yuklab olish