Page 1418 - (ISC)² CISSP Certified Information Systems Security Professional Official Study Guide
P. 1418

routine that calculated optimal weight for a human being and returned
               a value of 612 pounds would certainly fail a reasonableness check!

               Furthermore, while conducting software testing, you should check

               how the product handles normal and valid input data, incorrect types,
               out-of-range values, and other bounds and/or conditions. Live
               workloads provide the best stress testing possible. However, you
               should not use live or actual field data for testing, especially in the
               early development stages, since a flaw or error could result in the

               violation of integrity or confidentiality of the test data.
               When testing software, you should apply the same rules of separation

               of duties that you do for other aspects of your organization. In other
               words, you should assign the testing of your software to someone
               other than the programmer(s) who developed the code to avoid a
               conflict of interest and assure a more secure and functional finished
               product. When a third party tests your software, you have a greater

               likelihood of receiving an objective and nonbiased examination. The
               third-party test allows for a broader and more thorough test and
               prevents the bias and inclinations of the programmers from affecting
               the results of the test.

               You can use three software testing methods:

               White-Box Testing White-box testing examines the internal logical
               structures of a program and steps through the code line by line,
               analyzing the program for potential errors.


               Black-Box Testing Black-box testing examines the program from a
               user perspective by providing a wide variety of input scenarios and
               inspecting the output. Black-box testers do not have access to the
               internal code. Final acceptance testing that occurs prior to system
               delivery is a common example of black-box testing.

               Gray-Box Testing Gray-box testing combines the two approaches
               and is popular for software validation. In this approach, testers

               examine the software from a user perspective, analyzing inputs and
               outputs. They also have access to the source code and use it to help
               design their tests. They do not, however, analyze the inner workings of
               the program during their testing.
   1413   1414   1415   1416   1417   1418   1419   1420   1421   1422   1423