Page 113 - SOFTWARE TESTING & QUALITY ASSURANCE
P. 113
Software Testing and Quality Assurance
5. “Buffer overrun is one of the most common security problems today.” What kind of problems do
you oversee with overrun and how can they be overcome?
6. “Threat modeling should be carried out at every level of software development life cycle.” How
is this done?
7. “Good documentation contributes to the productivity of the organization.” Explain.
8. Is there a need for software security testing? Justify.
9. “While rating the threats, a small calculation has to be performed to find the risk value.” Explain
with an example how you will carry out the calculation.
10. If you are a software tester, what are the approaches that you will follow when it comes to
security testing?
11. "Security threat modeling is a structured process that involves various steps to carry out the
process of threat detection." Explain.
Answers: Self Assessment
1. (a) True (b) True (c) False (d) False (e) True (f) True
2. (a) Marketing (b) Registration (c) Error messages
(d) Hackers (e) Template (f) Safe string functions
3. (a) User feedback report (b) End Users License Agreement
(c) Online help (d) Information (e) Document the threats
7.7 Further Readings
Patton R, Software Testing-Second Edition, SAMS Publishing, USA
Hutcheson, & Marnie L. (2003). Software Testing Fundamentals, USA: Wiley Publishing
Inc.
http://www.ciol.com/Testing/Feature/Know-more-about-documentation-
testing/30608107510/0/
http://www.articlesbase.com/business-opportunities-articles/importance-of-
documentation-in-software-testing-3801952.html
http://msdn.microsoft.com/en-us/library/aa302419.aspx
http://www.osronline.com/ddkx/kmarch/other_9bqf.htm
http://msdn.microsoft.com/en-us/library/ff565508.aspx
http://www.computerforensics1.com/
http://www.agilemodeling.com/artifacts/securityThreatModel.htm
106 LOVELY PROFESSIONAL UNIVERSITY
