Software Review Testing Flashcards
Formal Code Review
Fagan Testing: 6 steps
Planning
Overview
Preparation
Inspection
Rework
Follow-up
Testing Types (2)
Static: Analyze the code without running it or compiling it. Can find common vulnerabilities such as buffer overflows. Have access to the code and use tools to analyze the code.
Dynamic: Tests performed while software is running. Used when there is no access to the code. Common example is a web application scanner used to detect CSS or SQL Injection.
Synthetic Transactions
Type of dynamic testing using scripted transactions with know results to test system.
Fuzz Testing
Type of dynamic testing where varied input is provided into system to see if vulnerabilities can be identified.
Mutation Fuzzing: Takes previous inputs and alters them for new input to see if it causes issues.
Generational Fuzzing: Creates data model of new inputs based on data used by the system.