Book Image

Software Test Design

By : Simon Amey
Book Image

Software Test Design

By: Simon Amey

Overview of this book

Software Test Design details best practices for testing software applications and writing comprehensive test plans. Written by an expert with over twenty years of experience in the high-tech industry, this guide will provide you with training and practical examples to improve your testing skills. Thorough testing requires a thorough understanding of the functionality under test, informed by exploratory testing and described by a detailed functional specification. This book is divided into three sections, the first of which will describe how best to complete those tasks to start testing from a solid foundation. Armed with the feature specification, functional testing verifies the visible behavior of features by identifying equivalence partitions, boundary values, and other key test conditions. This section explores techniques such as black- and white-box testing, trying error cases, finding security weaknesses, improving the user experience, and how to maintain your product in the long term. The final section describes how best to test the limits of your application. How does it behave under failure conditions and can it recover? What is the maximum load it can sustain? And how does it respond when overloaded? By the end of this book, you will know how to write detailed test plans to improve the quality of your software applications.
Table of Contents (21 chapters)
1
Part 1 – Preparing to Test
6
Part 2 – Functional Testing
13
Part 3 – Non-Functional Testing
17
Conclusion
Appendix – Example Feature Specification

Validating file inputs

Any files that users can upload to your system also need to be scanned for malicious content. For the filename, check all the variables listed in Chapter 5, Black-Box Functional Testing. These tests are standard across many applications, and this section draws heavily from the OWASP website, which I highly recommend you visit for further reading and details.

Testing file uploads

For the file uploads, consider testing the following requirements:

  • Only authorized users should be allowed to upload files
  • Only accept specific file extensions
  • Check the file type rather than relying on the Content-Type header
  • Check the minimum and maximum file sizes
  • Virus-check all files
  • Protect the file against Cross-Site Request Forgery (CSRF) attacks (see the CSRF attacks section for more details)

Acting as an attacker, you should attempt all those attacks to see whether your system is vulnerable.

Within the file, does your application scan...