Exam 10: Testing for Quality and Security

What is a technique that feeds random input data into applications just to see what happens to the results?

What is the Holodeck tool used for?

What tool scans (parse) through static code and analyze the code base for security vulnerabilities

Penetrations testing is a very rare practice in the security field.

Testing should generate error-free software.

Coding for resiliency means accepting the fact that something bad will happen and that when it does, you will be ready.

What are step-by-step instructions that depict a specific scenario or situation that the use case will encounter as well as the expected result?

Code review needs to include the developer who coded the software and one other person on the development team.

What type of errors does integration testing find?

What type of errors does compilers find?

Internal threats don't pose any real problems and do not need to be considered.

Fuzz testing and reliability testing are conducted during system testing.

Reliability of an application is when the application produces correct results despite being under attack or under extreme use.

A system test involves only a portion of the application.

Unit testing catches errors that compilers won't find.

There are two types of resourcres needed to execute the test case: -Internal -External

What are people-intensive verification techniques that are conducted either formally or informally that allow peers to read code statements and look for common security vulnerabilities, such as hard-coded IDs or passwords,and general quality features?

What type of errors do code scanners catch?

The testing phase of any applications is only a minor phase of the lifecycle.

Code reviews, if conducted right can have a very positive effect on the team.