Secure Software Testing: Concepts and Techniques, Exams of Computer Science

A concise overview of key concepts and techniques used in secure software testing. It defines terms like attack surface validation, black box testing, functional testing, fuzz testing, load testing, penetration testing, pseudo-random number generation, regression testing, test cases, test harnesses, test plans, test scripts, test strategies, test suites, and white box testing. Valuable for students and professionals seeking to understand the fundamentals of secure software testing.

Typology: Exams

2024/2025

Available from 01/18/2025

healthpro
healthpro 🇺🇸

3.8

(5)

2.6K documents

1 / 1

Toggle sidebar

This page cannot be seen from the preview

Don't miss anything!

bg1
Official (ISC)² CSSLP - Domain 5: Secure Software Testing with best solutions
Attack surface validation - Correct Answer Determining if the software has exploitable weakness (attack surface).
Black box test - Correct Answer Usually described as focusing on testing functional requirements.
Functional testing - Correct Answer Software testing is performed primarily to attest to the functionality of the software as expected
by the business or customer.
Fuzz testing - Correct Answer A software testing technique, often automated or semi- automated, that involves providing invalid,
unexpected, or random data to the inputs of a computer program.
Load testing - Correct Answer Usually defined as the process of exercising the system under test by feeding it the largest tasks it
can operate with.
Penetration test (pen test) - Correct Answer A validation and verification measure that is an evaluation of a software or network's
current state of security
Psuedo Random Number Generator (PRNG) - Correct Answer A deterministic algorithm to generate a sequence of numbers with
little or no discernible pattern in the numbers, except for broad statistical properties.
Regression Test - Correct Answer Performed on existing operational software to verify that existing functionality didn't break when
other aspects of the environment are changed; it is advisable to have a library of tests that you would run in each regression test.
Test case - Correct Answer Answers the question, "What am I going to test?" Normally consists of a unique identifier, requirement
references from a design specification, preconditions, events, a series of steps (also known as actions) to follow, input, output,
expected result, and actual result.
Test harness - Correct Answer The software, tools, samples of data input and output, and configurations.
Test plan - Correct Answer A document detailing a systematic approach to testing a system such as a machine or software.
Test script - Correct Answer A procedure or programing code that replicates user actions. Initially, the term was derived from the
product of work created by automated regression test tools.
Test strategy - Correct Answer An outline that describes the testing approach of the software development cycle.
Test suite - Correct Answer A collection of test cases.
White box test - Correct Answer A design that allows one to peek inside the "box," and focuses specifically on using internal
knowledge of the software to guide the selection of test data.

Partial preview of the text

Download Secure Software Testing: Concepts and Techniques and more Exams Computer Science in PDF only on Docsity!

Official (ISC)² CSSLP - Domain 5: Secure Software Testing with best solutions

Attack surface validation - Correct Answer Determining if the software has exploitable weakness (attack surface).

Black box test - Correct Answer Usually described as focusing on testing functional requirements.

Functional testing - Correct Answer Software testing is performed primarily to attest to the functionality of the software as expected by the business or customer.

Fuzz testing - Correct Answer A software testing technique, often automated or semi- automated, that involves providing invalid, unexpected, or random data to the inputs of a computer program.

Load testing - Correct Answer Usually defined as the process of exercising the system under test by feeding it the largest tasks it can operate with.

Penetration test (pen test) - Correct Answer A validation and verification measure that is an evaluation of a software or network's current state of security

Psuedo Random Number Generator (PRNG) - Correct Answer A deterministic algorithm to generate a sequence of numbers with little or no discernible pattern in the numbers, except for broad statistical properties.

Regression Test - Correct Answer Performed on existing operational software to verify that existing functionality didn't break when other aspects of the environment are changed; it is advisable to have a library of tests that you would run in each regression test.

Test case - Correct Answer Answers the question, "What am I going to test?" Normally consists of a unique identifier, requirement references from a design specification, preconditions, events, a series of steps (also known as actions) to follow, input, output, expected result, and actual result.

Test harness - Correct Answer The software, tools, samples of data input and output, and configurations.

Test plan - Correct Answer A document detailing a systematic approach to testing a system such as a machine or software.

Test script - Correct Answer A procedure or programing code that replicates user actions. Initially, the term was derived from the product of work created by automated regression test tools.

Test strategy - Correct Answer An outline that describes the testing approach of the software development cycle.

Test suite - Correct Answer A collection of test cases.

White box test - Correct Answer A design that allows one to peek inside the "box," and focuses specifically on using internal knowledge of the software to guide the selection of test data.