White Box Testing - Part V

Loop Testing

• Loop testing is the testing of resource(s) multiple times under program control.
• The most important aspect of this test is to ensure that the control loop is executed multiple times and exited when a particular condition is satisfied.

# Typical bugs that arise are
• Variable not incremented, hence an infinite loop is established,
• Specifying the loop exit criteria incorrectly, hence the resultant output will be incorrect.

# Typical examples are

While not rs.EOF then
statement 1
statement 2
rs.MoveNext
Wend

Will generate an infinite loop, due to non-availability of the next incrementing record.


Important tip for Loop testing
• Note that unstructured loops are not to be tested.
• They need to be RE-DESIGNED for better performance.

Summary
• Ensuring an effective White Box test for your code, will generate an efficient, and
performance oriented code, will less memory leaks and unwanted memory
usage.
• Needs to be done with a lot of concentration and dedication.
• Usage of data flow graph is an effective tool for reducing unwanted data
declaration and usage.

Other Techniques/ Tools
# Profiling tool :
• Helps the tester to uncover bottlenecks as regards performance.
• Uncovers memory leaks and memory access errors.

# Code Based Fault Injection.
• Changes program states by injecting software source code to force changes into the state of the program as it executes.
• this technique forces non-normative behavior of the software, and the resulting
understanding can help determine whether a program has vulnerabilities that can lead to security violations.
• This technique can be used to force error conditions to exercise the error handling code, change execution paths, input unexpected (or abnormal) data, change return values, etc.

Abuse Cases
• Abuse cases help security testers view the software under test in the same light as
attackers do .
• With access to the source code, a tester is in a better position to quickly see where the weak spots are compared to an outside attacker.

• The simplest, most practical method for creating abuse cases is usually through a
process of informed brainstorming, involving security, reliability, and subject matter expertise.

Error Handling techniques
• Testing Exceptions and error-handling should be verified thoroughly by simulating partial and complete fails.
• Proper error recovery, notification and logging should be checked.

Transactions test
• This test is employed for Data test as regards database.
• Systems that employ transaction (either local or distributed) should be validated to ensure ACID (Atomicity, Consistency, Isolation,
Durability).

Thank you, Everybody

• You can use these techniques for those little programs you create, so that you are confident on creating efficient, performance oriented programs.
• Do get back for any clarification, whatsoever.