Code Quality and Testing 3.6

Question 1

Static Application Security Testing (SAST)

Answer 1

Automation to help to identify security flaws. Many security vulnerabilities will be found easily. Cant find everything this way however. It will get false positives, verify everything.

Question 2

Dynamic Analysis (Fuzzing)

Answer 2

It sends a random input to an application just to see how the app will react. We are looking to see if it will behave abnormally. Fuzzing is very resource and time demanding. There are many types of fuzzing engine options that specialize in different platforms/languages.

Question 3

Stress Testing

Answer 3

The software is intended to work with a single user, but what happens when you add 1000 users? The idea of the stress test is to see how the app will react when under load. We do this using a stress testing tool. When the app hits the limit, you start to see unintended results. Things that aren’t supposed to be seen, start to appear. There are extensive automation options for stress testing.

Question 4

Sandboxing

Answer 4

A testing playground that looks as if its running in a production environment. The QA team can try to run things as they are supposed to be in production and test everything without causing harm to anything.

Question 5

Model Verification and Validation

Answer 5

At the end of the development cycle you verify if the software is working properly and the app is built well. This is where you check to see if the app meets the high level requirements as it was intended.

Question 6

Compiled Code

Answer 6

You don’t see the source code. This is where the blocks of code are put together to see if the application has come together properly. The compiled code is specific to an OS and CPU. Logical bugs can be identified and fixed.

Question 7

Runtime Code

Answer 7

You can see the code. The code instructions execute when the app is run. You will only find the bugs when the app is run.