White Box Testing – Loop Testing Loop Testing• Loop testing is the testing of resource(s) multiple times under program control. • The most important aspect of this test is to en sure that the control loop is executed multiple times and exited when a particular condition is satisfied. # Typical bugs that arise are • Variable not incremented, hence an infinite loop is established, • Specifying the loop exit criteria incorrectly, hence the resultant output will be incorrect. # Typical examples are While not rs.EOF then statement 1 statement 2 rs.MoveNext Wend Will generate an infinite loop, due to non-availability of the next incrementing record. Important tip for Loop testing • Note that unstructured loops are not to be tested. • They need to be RE-DESIGNED for better performance. Summary • Ensuring an effective White Box test for your code, will generate an efficient, and performance oriented code, will less memory leaks and unwanted memory usage. • Needs to be done with a lot of concentration and dedication. • Usage of data flow graph is an effective tool for reducing unwanted d ata declaration and usage. Other Techniques/ Tools # Profiling tool : • Helps the tester to uncover bottlenecks as regards performance. • Uncovers memory leaks and memory memor y access errors. # Code Based Fault Injection. • Changes program states by injecting software source code to force changes into the state of the program as it executes. • this technique forces non-normative behavior of the software, and the resulting understanding can help determine whether a program has vulnerabilities that can lead to security violations. • This technique can be used to force error conditions to exercise the error handling code, change execution paths, input unexpected (or abnormal) data, change return values, etc.
Abuse Cases • Abuse cases help security testers view the software under t est in the same light as attackers do . • With access to the source code, a tester is in a better position to quickly see where the weak spots are compared to an outside attacker.
• The simplest, most practical method for creating abuse cases is usually through a process of informed brainstorming, involving security, reliability, and subject matter expertise. Error Handling techniques • Testing Exceptions and error -handling should be verified thoroughly by simulating partial and complete fails. • Proper error recovery, notification and logging should be checked. Transactions test • This test is employed for Data test as regards datab ase. • Systems that employ transaction (either local or distributed) should be validated to ensure ACID (Atomicity, Consistency, Isolation, Durability). Thank you, Everybody
• You can use these techniques for those little programs you create, so that you are confident on creating efficient, performance oriented programs. • Do get back for any clarification, whatsoever
