Presentation is loading. Please wait.

Presentation is loading. Please wait.

Non Functional Testing. Contents Introduction – Security Testing Why Security Test ? Security Testing Basic Concepts Security requirements - Top 5 Non-Functional.

Published byAngelina Allison Modified over 7 years ago

Similar presentations

Presentation on theme: "Non Functional Testing. Contents Introduction – Security Testing Why Security Test ? Security Testing Basic Concepts Security requirements - Top 5 Non-Functional."— Presentation transcript:

1 Non Functional Testing

2 Contents Introduction – Security Testing Why Security Test ? Security Testing Basic Concepts Security requirements - Top 5 Non-Functional Testing types Takeaway SQL Injection - Examples Take Away Functional vs Non-functional Testing

3 ©2014 SAP SE or an SAP Affiliate Company. All rights reserved. What are Non-functional requirements? Sell software worldwide Reach 10% of the world population Up- and cross-selling of products Provide Consumer grade services Superior performance and security Prevent license infringements Non-functional tests check the software qualities that need to be fulfilled by all products to enable a standard Business model. Functional Testing Demonstrates WHAT the product does. Non Functional Testing Demonstrates How WELL the product performed

4 ©2014 SAP SE or an SAP Affiliate Company. All rights reserved. Functional and Non-functional Requirements Delete Order Rollback inventory Cancel Shipment Adjust Planning Send Notification Cancel Invoicing Notify Suppliers Functional Requirements (Specific behavior or functions) Non-functional Requirements (Properties that the product must have for successful functionality – Implicit and Explicit) Response time < 1 sec Ease-to-use data input Shall run on all databases Is Secure Is Accessible to the visually challenged Local language, date and currency format Performance Usability Software Lifecycle Security Globalization Accessibility

5 ©2014 SAP SE or an SAP Affiliate Company. All rights reserved. Why do we need Non Functional Tests?  There is more to the success of an application than being just functionally good  It is the end user experience which we intend to improve  People’s desire to use a product may increase by non functional qualities  For better quality, legal compliance, user experience, scalable code etc.

6 ©2014 SAP SE or an SAP Affiliate Company. All rights reserved. Non functional requirements FunctionalityReliabilityUsability Efficiency- Performance Maintainability Portability- Installability How easy it is to transfer the software to another environment ? Are the required functions available in the software? How reliable is the software? Is the software easy to use? How efficient is the software? How easy to modify the software? Attributes

7 ©2014 SAP SE or an SAP Affiliate Company. All rights reserved. Types of Non-Functional tests  Reliability testing  Stress testing  Usability testing  Recovery testing  Efficiency testing  Compatibility testing  Baseline testing  Documentation testing  Endurance testing  Load testing  Performance testing  Internationalization and Localization testing  Maintainability testing  Scalability testing  Volume testing  Security testing  Portability testing  Compliance testing

8 ©2014 SAP SE or an SAP Affiliate Company. All rights reserved. A few definitions of Non-functional requirements Reliability Ability of a system or component to perform its required functions without failure under stated conditions for a specified period of time. Maintainability The ease which a software systems or component can be modified to correct faults, improve performance, or other attributes, or adapt to a changed environment fault removal is typically only a small part of the overall maintenance burden. Recovery The restoration of system, program, database, or other system resource to prior state following a failure or externally caused disaster Usability The capability of the software product to be understood, learned, used and attractive to the user, when used under specified conditions Performance A requirement that imposes conditions on a functional requirement; for example a requirements that specifies the speed, accuracy, or memory usage with which a given function must be performed Reliability Ability of a system or component to perform its required functions without failure under stated conditions for a specified period of time. Maintainability The ease which a software systems or component can be modified to correct faults, improve performance, or other attributes, or adapt to a changed environment fault removal is typically only a small part of the overall maintenance burden. Recovery The restoration of system, program, database, or other system resource to prior state following a failure or externally caused disaster Usability The capability of the software product to be understood, learned, used and attractive to the user, when used under specified conditions Performance A requirement that imposes conditions on a functional requirement; for example a requirements that specifies the speed, accuracy, or memory usage with which a given function must be performed

9 ©2014 SAP SE or an SAP Affiliate Company. All rights reserved. Introduction – Security Testing  Security testing is a process to determine that an information system protects data and maintains functionality as intended.  To check whether there is any information leakage.  To test the application whether it has unauthorized access and having the encoded security code.

10 ©2014 SAP SE or an SAP Affiliate Company. All rights reserved. Security Testing Basic Concepts Ensuring information is accessible only to authorized person A measure intended to allow the receiver to determine that the information which it is providing is correct. The process of establishing the identity of the user. The process of determining that a requester is allowed to receive a service or perform an operation. Assuring information & communication services will be ready for use when expected. To prevent the later denial that an action happened, or a communication that took place etc.

11 ©2014 SAP SE or an SAP Affiliate Company. All rights reserved. Why Security Testing? Nobody is perfect, Security flaws always exist in products and security testing is important to identify those flaws. Failure to do so is likely to cause financial loss.

12 ©2014 SAP SE or an SAP Affiliate Company. All rights reserved. Security requirements - Top 5 is often used to attack the security of a website by inputting SQL statements in a web form to perform operations on the database

13 ©2014 SAP SE or an SAP Affiliate Company. All rights reserved. SQL Injection Attack A simple logon page can be subjected to SQL injection attacks !

14 ©2014 SAP SE or an SAP Affiliate Company. All rights reserved. Focusing on a single point of the attack surface does not help if this point can easily be bypassed !

15 ©2014 SAP SE or an SAP Affiliate Company. All rights reserved. Example – SQL Injection Attack – Scenario 1 When a valid user enters valid credentials ! SELECT * FROM TRANSACTION_TABLE WHERE USER = 'john' AND PASSWORD = 'login789'; SQL Query John, who is a valid user, has successfully logged in. The table shows the list of John’s transaction details. Result

16 ©2014 SAP SE or an SAP Affiliate Company. All rights reserved. Example – SQL Injection Attack – Scenario 1 Bypassing Logon for an unknown User: SELECT * FROM TRANSACTION_TABLE WHERE USER = ' ' OR 1 = 1 --' AND PASSWORD = 'hack'; SQL Query The attacker used a tautology (1=1) to bypass all security checks. The Trick SELECT * FROM TRANSACTION_TABLE WHERE USER ' ' OR 1 = 1; Effective Query: Information Disclosure - The Hacker has *all* transaction details of *all* users. Result

17 ©2014 SAP SE or an SAP Affiliate Company. All rights reserved. Example – SQL Injection Attack – Scenario 2 Injecting a new User: SELECT * FROM TRANSACTION_TABLE WHERE USER = ' ' ; INSERT INTO USER_TABLE VALUES ('Hacker','Attack'); Effective Query: Tampering with Data - The Hacker has created a new user without authorization. Result SELECT * FROM TRANSACTION_TABLE WHERE USER = ' ' ;INSERT INTO USER_TABLE VALUES ('Hacker','Attack')-- 'AND PASSWORD = 'something'; SQL Query

18 ©2014 SAP SE or an SAP Affiliate Company. All rights reserved. Example – SQL Injection Attack – Scenario 2 Further attack using the newly injected User: SELECT * FROM TRANSACTION_TABLE WHERE USER = 'Hacker' AND PASSWORD = 'Attack'; SQL Query The user injected in the previous attack is used to logon to the system. The Trick Tampering with Data. Information disclosure. Various unauthorized operations. Result

19 ©2014 SAP SE or an SAP Affiliate Company. All rights reserved. Demo System demo

20 ©2014 SAP SE or an SAP Affiliate Company. All rights reserved. Take Away  Conformance to Non-Functional requirements is one of the key success factors for the product in the market.  Non-functional tests are an integral of product quality and should be taken care of throughout the lifecycle of the product.  Security Testing Basic  Importance of Security testing  Top 5 Security requirements  SQL injection attack Now we understand :

21 Thank You!

Download ppt "Non Functional Testing. Contents Introduction – Security Testing Why Security Test ? Security Testing Basic Concepts Security requirements - Top 5 Non-Functional."

Similar presentations

Design Validation CSCI 5801: Software Engineering.

Design Validation CSCI 5801: Software Engineering.
Slide 1 Shall Lists. Slide 2 Shall List Statement Categories  Functional Requirements  Non-Functional Requirements.

Slide 1 Shall Lists. Slide 2 Shall List Statement Categories  Functional Requirements  Non-Functional Requirements.
Chapter 23 Database Security and Authorization Copyright © 2004 Pearson Education, Inc.

Chapter 23 Database Security and Authorization Copyright © 2004 Pearson Education, Inc.
System Integration Verification and Validation

System Integration Verification and Validation
IS 466 ADVANCED TOPICS IN INFORMATION SYSTEMS LECTURER : NOUF ALMUJALLY 12 – 11 – 2011 College Of Computer Science and Information, Information Systems.

IS 466 ADVANCED TOPICS IN INFORMATION SYSTEMS LECTURER : NOUF ALMUJALLY 12 – 11 – 2011 College Of Computer Science and Information, Information Systems.
ISO 9001 : 2000.

ISO 9001 : 2000.
-Ajay Babu.D y5cs022.. Contents Who is hacker? History of hacking Types of hacking Do You Know? What do hackers do? - Some Examples on Web application.

-Ajay Babu.D y5cs022.. Contents Who is hacker? History of hacking Types of hacking Do You Know? What do hackers do? - Some Examples on Web application.
Database Management System

Database Management System
Introduction The concept of “SQL Injection”

Introduction The concept of “SQL Injection”
1 Software Testing and Quality Assurance Lecture 33 – Software Quality Assurance.

1 Software Testing and Quality Assurance Lecture 33 – Software Quality Assurance.
Requirements Specification

Requirements Specification
Software Testing and Quality Assurance Testing Web Applications.

Software Testing and Quality Assurance Testing Web Applications.
Major Exam II Reschedule 5:30 – 7:30 pm in Tue Dec 5 th.

Major Exam II Reschedule 5:30 – 7:30 pm in Tue Dec 5 th.
OHT 3.1 Galin, SQA from theory to implementation © Pearson Education Limited 2004 The need for comprehensive software quality requirements Classification.

OHT 3.1 Galin, SQA from theory to implementation © Pearson Education Limited 2004 The need for comprehensive software quality requirements Classification.
SE 555 – Software Requirements & Specifications Introduction

SE 555 – Software Requirements & Specifications Introduction
Presented by C.SARITHA ( 07R91A0568) INTRUSION DETECTION SYSYTEM.

Presented by C.SARITHA ( 07R91A0568) INTRUSION DETECTION SYSYTEM.
SIMULATING ERRORS IN WEB SERVICES International Journal of Simulation: Systems, Sciences and Technology 2004 Nik Looker, Malcolm Munro and Jie Xu.

SIMULATING ERRORS IN WEB SERVICES International Journal of Simulation: Systems, Sciences and Technology 2004 Nik Looker, Malcolm Munro and Jie Xu.
Non-functional requirements

Non-functional requirements
Presented by INTRUSION DETECTION SYSYTEM. CONTENT Basically this presentation contains, What is TripWire? How does TripWire work? Where is TripWire used?

Presented by INTRUSION DETECTION SYSYTEM. CONTENT Basically this presentation contains, What is TripWire? How does TripWire work? Where is TripWire used?
Software Quality SEII-Lecture 15

Software Quality SEII-Lecture 15

Similar presentations

Ads by Google