Secure Software Testing: Definitions and Concepts, Exams of Advanced Education

Definitions and explanations of key concepts related to secure software testing. It covers various testing techniques, including black box testing, functional testing, fuzz testing, load testing, penetration testing, regression testing, and white box testing. The document also defines essential terms like test case, test harness, test plan, test script, test strategy, and test suite. It is a valuable resource for understanding the fundamentals of secure software testing.

Typology: Exams

2024/2025

Available from 03/03/2025

EXAMDOC
EXAMDOC 🇺🇸

4.4

(9)

22K documents

1 / 2

Toggle sidebar

This page cannot be seen from the preview

Don't miss anything!

bg1
OFFICIAL (ISC)² CSSLP - DOMAIN 5: SECURE
SOFTWARE TESTING
Attack surface validation CORRECT ANSWER Determining if the software has
exploitable weakness (attack surface).
Black box test CORRECT ANSWER Usually described as focusing on testing functional
requirements.
Functional testing CORRECT ANSWER Software testing is performed primarily to attest
to the functionality of the software as expected by the business or customer.
Fuzz testing CORRECT ANSWER A software testing technique, often automated or
semi- automated, that involves providing invalid, unexpected, or random data to the
inputs of a computer program.
Load testing CORRECT ANSWER Usually defined as the process of exercising the
system under test by feeding it the largest tasks it can operate with.
Penetration test (pen test) CORRECT ANSWER A validation and verification measure
that is an evaluation of a software or network's current state of security
Pseudo Random Number Generator (PRNG) CORRECT ANSWER A deterministic
algorithm to generate a sequence of numbers with little or no discernible pattern in the
numbers, except for broad statistical properties.
Regression Test CORRECT ANSWER Performed on existing operational software to
verify that existing functionality didn't break when other aspects of the environment are
changed; it is advisable to have a library of tests that you would run in each regression
test.
Test case CORRECT ANSWER Answers the question, "What am I going to test?"
Normally consists of a unique identifier, requirement references from a design
specification, preconditions, events, a series of steps (also known as actions) to follow,
input, output, expected result, and actual result.
Test harness CORRECT ANSWER The software, tools, samples of data input and
output, and configurations.
Test plan CORRECT ANSWER A document detailing a systematic approach to testing
a system such as a machine or software.
Test script CORRECT ANSWER A procedure or programing code that replicates user
actions. Initially, the term was derived from the product of work created by automated
regression test tools.
pf2

Partial preview of the text

Download Secure Software Testing: Definitions and Concepts and more Exams Advanced Education in PDF only on Docsity!

OFFICIAL (ISC)² CSSLP - DOMAIN 5: SECURE

SOFTWARE TESTING

Attack surface validation CORRECT ANSWER Determining if the software has exploitable weakness (attack surface). Black box test CORRECT ANSWER Usually described as focusing on testing functional requirements. Functional testing CORRECT ANSWER Software testing is performed primarily to attest to the functionality of the software as expected by the business or customer. Fuzz testing CORRECT ANSWER A software testing technique, often automated or semi- automated, that involves providing invalid, unexpected, or random data to the inputs of a computer program. Load testing CORRECT ANSWER Usually defined as the process of exercising the system under test by feeding it the largest tasks it can operate with. Penetration test (pen test) CORRECT ANSWER A validation and verification measure that is an evaluation of a software or network's current state of security Pseudo Random Number Generator (PRNG) CORRECT ANSWER A deterministic algorithm to generate a sequence of numbers with little or no discernible pattern in the numbers, except for broad statistical properties. Regression Test CORRECT ANSWER Performed on existing operational software to verify that existing functionality didn't break when other aspects of the environment are changed; it is advisable to have a library of tests that you would run in each regression test. Test case CORRECT ANSWER Answers the question, "What am I going to test?" Normally consists of a unique identifier, requirement references from a design specification, preconditions, events, a series of steps (also known as actions) to follow, input, output, expected result, and actual result. Test harness CORRECT ANSWER The software, tools, samples of data input and output, and configurations. Test plan CORRECT ANSWER A document detailing a systematic approach to testing a system such as a machine or software. Test script CORRECT ANSWER A procedure or programing code that replicates user actions. Initially, the term was derived from the product of work created by automated regression test tools.

Test strategy CORRECT ANSWER An outline that describes the testing approach of the software development cycle. Test suite CORRECT ANSWER A collection of test cases. White box test CORRECT ANSWER A design that allows one to peek inside the "box," and focuses specifically on using internal knowledge of the software to guide the selection of test data.