Software Review Testing Flashcards

1
Q

Formal Code Review

A

Fagan Testing: 6 steps

Planning
Overview
Preparation
Inspection
Rework
Follow-up

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

Testing Types (2)

A

Static: Analyze the code without running it or compiling it. Can find common vulnerabilities such as buffer overflows. Have access to the code and use tools to analyze the code.

Dynamic: Tests performed while software is running. Used when there is no access to the code. Common example is a web application scanner used to detect CSS or SQL Injection.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

Synthetic Transactions

A

Type of dynamic testing using scripted transactions with know results to test system.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

Fuzz Testing

A

Type of dynamic testing where varied input is provided into system to see if vulnerabilities can be identified.

Mutation Fuzzing: Takes previous inputs and alters them for new input to see if it causes issues.

Generational Fuzzing: Creates data model of new inputs based on data used by the system.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly