Book Image

Software Test Design

By : Simon Amey
Book Image

Software Test Design

By: Simon Amey

Overview of this book

Software Test Design details best practices for testing software applications and writing comprehensive test plans. Written by an expert with over twenty years of experience in the high-tech industry, this guide will provide you with training and practical examples to improve your testing skills. Thorough testing requires a thorough understanding of the functionality under test, informed by exploratory testing and described by a detailed functional specification. This book is divided into three sections, the first of which will describe how best to complete those tasks to start testing from a solid foundation. Armed with the feature specification, functional testing verifies the visible behavior of features by identifying equivalence partitions, boundary values, and other key test conditions. This section explores techniques such as black- and white-box testing, trying error cases, finding security weaknesses, improving the user experience, and how to maintain your product in the long term. The final section describes how best to test the limits of your application. How does it behave under failure conditions and can it recover? What is the maximum load it can sustain? And how does it respond when overloaded? By the end of this book, you will know how to write detailed test plans to improve the quality of your software applications.
Table of Contents (21 chapters)
Part 1 – Preparing to Test
Part 2 – Functional Testing
Part 3 – Non-Functional Testing
Appendix – Example Feature Specification

Testing web application security

There are many common web security issues that you should protect yourself against, of varying degrees of severity. If you run a bug bounty program with these present, these are likely to be the first reports that you get. You will receive many duplicates of the same basic issues, so these are the faults to fix first to encourage researchers to explore more deeply.

Some tools step through these kinds of attacks, but here, we will describe how these attacks work and why.

Information leakage

An attacker looking for vulnerabilities to exploit needs to know what system they are attacking: what kind of web server is this, and what version is running? Web servers generally present this information in headers because it may help client web browsers with compatibility, but that information is not usually needed. Instead, it lets attackers know what exploits are likely to work, so it’s best to disable it. There are settings to implement that...