Non Functional Testing. Contents Introduction – Security Testing Why Security Test ? Security Testing Basic Concepts Security requirements - Top 5 Non-Functional.

Slides:

Advertisements

Similar presentations

Design Validation CSCI 5801: Software Engineering.

Advertisements

Slide 1 Shall Lists. Slide 2 Shall List Statement Categories  Functional Requirements  Non-Functional Requirements.

Chapter 23 Database Security and Authorization Copyright © 2004 Pearson Education, Inc.

System Integration Verification and Validation

IS 466 ADVANCED TOPICS IN INFORMATION SYSTEMS LECTURER : NOUF ALMUJALLY 12 – 11 – 2011 College Of Computer Science and Information, Information Systems.

ISO 9001 : 2000.

-Ajay Babu.D y5cs022.. Contents Who is hacker? History of hacking Types of hacking Do You Know? What do hackers do? - Some Examples on Web application.

Database Management System

Introduction The concept of “SQL Injection”

1 Software Testing and Quality Assurance Lecture 33 – Software Quality Assurance.

Requirements Specification

Software Testing and Quality Assurance Testing Web Applications.

Major Exam II Reschedule 5:30 – 7:30 pm in Tue Dec 5 th.

OHT 3.1 Galin, SQA from theory to implementation © Pearson Education Limited 2004 The need for comprehensive software quality requirements Classification.

SE 555 – Software Requirements & Specifications Introduction

Presented by C.SARITHA ( 07R91A0568) INTRUSION DETECTION SYSYTEM.

SIMULATING ERRORS IN WEB SERVICES International Journal of Simulation: Systems, Sciences and Technology 2004 Nik Looker, Malcolm Munro and Jie Xu.

Non-functional requirements

Presented by INTRUSION DETECTION SYSYTEM. CONTENT Basically this presentation contains, What is TripWire? How does TripWire work? Where is TripWire used?

Software Quality SEII-Lecture 15

1 Kyung Hee University Prof. Choong Seon HONG Network Control.

Requirements Engineering

1 Requirements Analysis and Design Engineering Southern Methodist University CSE 7313.

Software Project Management Fifth Edition

Software Engineering for Secure Systems Individual Research Project Hiram Garcia.

Commercial Database Applications Testing. Test Plan Testing Strategy Testing Planning Testing Design (covered in other modules) Unit Testing (covered.

Managing Software Quality

Product Quality, Testing, Reviews and Standards

 The software systems must do what they are supposed to do. “do the right things”  They must perform these specific tasks correctly or satisfactorily.

Systems Development Life Cycle Dirt Sport Custom.

The purpose of this Software Requirements Specification document is to clearly define the system under development, that is, the International Etruscan.

Categories of Testing.

Tutorial 10 Adding Spry Elements and Database Functionality Dreamweaver CS3 Tutorial 101.

Security Baseline. Definition A preliminary assessment of a newly implemented system Serves as a starting point to measure changes in configurations and.

Topics Covered: Software requirement specification(SRS) Software requirement specification(SRS) Authors of SRS Authors of SRS Need of SRS Need of SRS.

Based on D. Galin, and R. Patton.  According to D. Galin  Software quality assurance is:  A systematic, planned set of actions necessary to provide.

1 Welcome: To the second learning sequence “ Data Base (DB) and Data Base Management System (DBMS) “ Recap : In the previous learning sequence, we discussed.

University of Palestine Faculty of Applied Engineering and Urban Planning Software Engineering Department Prepared By Ahmed Obaid Wassim Salem Supervised.

Software Engineering Quality What is Quality? Quality software is software that satisfies a user’s requirements, whether that is explicit or implicit.

SOFTWARE SYSTEMS DEVELOPMENT 4: System Design. Simplified view on software product development process 2 Product Planning System Design Project Planning.

Other Quality Attributes Other Important Quality attributes Variability: a special form of modifiability. The ability of a system and its supporting artifacts.

University of Palestine software engineering department Testing of Software Systems Testing throughout the software life cycle instructor: Tasneem.

ACM 511 Introduction to Computer Networks. Computer Networks.

Code Complete Steve McConnell. 20. The Software-Quality Landscape.

User Management. Basics SDMS shall maintain a database of all users. SDMS shall maintain a database of all users. SDMS shall not limit the number of registered.

Building Secure Web Applications With ASP.Net MVC.

ITGS Databases.

Software quality factors

CS551 - Lecture 5 1 CS551 Lecture 5: Quality Attributes Yugi Lee FH #555 (816)

CONTENTS OF THE SRS REPORT. Software Requirements Specification (SRS) template The SRS document describes recommended approaches for the specification.

Prepared by: Hussein Alhashimi.  This course introduces fundamental concepts related to Quality Assurance and Measurements and Metrics in the software.

Evaluating Architectures. Quality Control Rarely fun, but always necessary 1.

Database Security Lesson Introduction ●Understand the importance of securing data stored in databases ●Learn how the structured nature of data in databases.

TESTING (S,S,AND A,B) By KARTHIKEYAN KANDASAMY. TESTING Scenario testing – 1.System & 2. Usecase Defect bash System o Functional and non functional testing.

Software Requirements Specification Document (SRS)

Requirements Management with Use Cases Module 2: Introduction to RMUC Requirements Management with Use Cases Module 2: Introduction to RMUC.

Policies and Security for Internet Access

Requirement Elicitation Review – Class 8 Functional Requirements Nonfunctional Requirements Software Requirements document Requirements Validation and.

Introduction to Core Database Concepts Getting started with Databases and Structure Query Language (SQL)

SAP R/3 User Administration1. 2 User administration in a productive environment is an ongoing process of creating, deleting, changing, and monitoring.

SOFTWARE TESTING Date: 29-Dec-2016 By: Ram Karthick.

Software Testing.

Software Quality Assurance Software Quality Factor

CHAPTER 2 Testing Throughout the Software Life Cycle

Lecture 2 - SQL Injection

In-service Usage, Performance Monitoring & Management Service

ISO/IEC Systems and software Quality Requirements and Evaluation

INTRODUCTION A Database system is basically a computer based record keeping system. The collection of data, usually referred to as the database, contains.

Presentation transcript:

Non Functional Testing

Contents Introduction – Security Testing Why Security Test ? Security Testing Basic Concepts Security requirements - Top 5 Non-Functional Testing types Takeaway SQL Injection - Examples Take Away Functional vs Non-functional Testing

©2014 SAP SE or an SAP Affiliate Company. All rights reserved. What are Non-functional requirements? Sell software worldwide Reach 10% of the world population Up- and cross-selling of products Provide Consumer grade services Superior performance and security Prevent license infringements Non-functional tests check the software qualities that need to be fulfilled by all products to enable a standard Business model. Functional Testing Demonstrates WHAT the product does. Non Functional Testing Demonstrates How WELL the product performed

©2014 SAP SE or an SAP Affiliate Company. All rights reserved. Functional and Non-functional Requirements Delete Order Rollback inventory Cancel Shipment Adjust Planning Send Notification Cancel Invoicing Notify Suppliers Functional Requirements (Specific behavior or functions) Non-functional Requirements (Properties that the product must have for successful functionality – Implicit and Explicit) Response time < 1 sec Ease-to-use data input Shall run on all databases Is Secure Is Accessible to the visually challenged Local language, date and currency format Performance Usability Software Lifecycle Security Globalization Accessibility

©2014 SAP SE or an SAP Affiliate Company. All rights reserved. Why do we need Non Functional Tests?  There is more to the success of an application than being just functionally good  It is the end user experience which we intend to improve  People’s desire to use a product may increase by non functional qualities  For better quality, legal compliance, user experience, scalable code etc.

©2014 SAP SE or an SAP Affiliate Company. All rights reserved. Non functional requirements FunctionalityReliabilityUsability Efficiency- Performance Maintainability Portability- Installability How easy it is to transfer the software to another environment ? Are the required functions available in the software? How reliable is the software? Is the software easy to use? How efficient is the software? How easy to modify the software? Attributes

©2014 SAP SE or an SAP Affiliate Company. All rights reserved. Types of Non-Functional tests  Reliability testing  Stress testing  Usability testing  Recovery testing  Efficiency testing  Compatibility testing  Baseline testing  Documentation testing  Endurance testing  Load testing  Performance testing  Internationalization and Localization testing  Maintainability testing  Scalability testing  Volume testing  Security testing  Portability testing  Compliance testing

©2014 SAP SE or an SAP Affiliate Company. All rights reserved. A few definitions of Non-functional requirements Reliability Ability of a system or component to perform its required functions without failure under stated conditions for a specified period of time. Maintainability The ease which a software systems or component can be modified to correct faults, improve performance, or other attributes, or adapt to a changed environment fault removal is typically only a small part of the overall maintenance burden. Recovery The restoration of system, program, database, or other system resource to prior state following a failure or externally caused disaster Usability The capability of the software product to be understood, learned, used and attractive to the user, when used under specified conditions Performance A requirement that imposes conditions on a functional requirement; for example a requirements that specifies the speed, accuracy, or memory usage with which a given function must be performed Reliability Ability of a system or component to perform its required functions without failure under stated conditions for a specified period of time. Maintainability The ease which a software systems or component can be modified to correct faults, improve performance, or other attributes, or adapt to a changed environment fault removal is typically only a small part of the overall maintenance burden. Recovery The restoration of system, program, database, or other system resource to prior state following a failure or externally caused disaster Usability The capability of the software product to be understood, learned, used and attractive to the user, when used under specified conditions Performance A requirement that imposes conditions on a functional requirement; for example a requirements that specifies the speed, accuracy, or memory usage with which a given function must be performed

©2014 SAP SE or an SAP Affiliate Company. All rights reserved. Introduction – Security Testing  Security testing is a process to determine that an information system protects data and maintains functionality as intended.  To check whether there is any information leakage.  To test the application whether it has unauthorized access and having the encoded security code.

©2014 SAP SE or an SAP Affiliate Company. All rights reserved. Security Testing Basic Concepts Ensuring information is accessible only to authorized person A measure intended to allow the receiver to determine that the information which it is providing is correct. The process of establishing the identity of the user. The process of determining that a requester is allowed to receive a service or perform an operation. Assuring information & communication services will be ready for use when expected. To prevent the later denial that an action happened, or a communication that took place etc.

©2014 SAP SE or an SAP Affiliate Company. All rights reserved. Why Security Testing? Nobody is perfect, Security flaws always exist in products and security testing is important to identify those flaws. Failure to do so is likely to cause financial loss.

©2014 SAP SE or an SAP Affiliate Company. All rights reserved. Security requirements - Top 5 is often used to attack the security of a website by inputting SQL statements in a web form to perform operations on the database

©2014 SAP SE or an SAP Affiliate Company. All rights reserved. SQL Injection Attack A simple logon page can be subjected to SQL injection attacks !

©2014 SAP SE or an SAP Affiliate Company. All rights reserved. Focusing on a single point of the attack surface does not help if this point can easily be bypassed !

©2014 SAP SE or an SAP Affiliate Company. All rights reserved. Example – SQL Injection Attack – Scenario 1 When a valid user enters valid credentials ! SELECT * FROM TRANSACTION_TABLE WHERE USER = 'john' AND PASSWORD = 'login789'; SQL Query John, who is a valid user, has successfully logged in. The table shows the list of John’s transaction details. Result

©2014 SAP SE or an SAP Affiliate Company. All rights reserved. Example – SQL Injection Attack – Scenario 1 Bypassing Logon for an unknown User: SELECT * FROM TRANSACTION_TABLE WHERE USER = ' ' OR 1 = 1 --' AND PASSWORD = 'hack'; SQL Query The attacker used a tautology (1=1) to bypass all security checks. The Trick SELECT * FROM TRANSACTION_TABLE WHERE USER ' ' OR 1 = 1; Effective Query: Information Disclosure - The Hacker has *all* transaction details of *all* users. Result

©2014 SAP SE or an SAP Affiliate Company. All rights reserved. Example – SQL Injection Attack – Scenario 2 Injecting a new User: SELECT * FROM TRANSACTION_TABLE WHERE USER = ' ' ; INSERT INTO USER_TABLE VALUES ('Hacker','Attack'); Effective Query: Tampering with Data - The Hacker has created a new user without authorization. Result SELECT * FROM TRANSACTION_TABLE WHERE USER = ' ' ;INSERT INTO USER_TABLE VALUES ('Hacker','Attack')-- 'AND PASSWORD = 'something'; SQL Query

©2014 SAP SE or an SAP Affiliate Company. All rights reserved. Example – SQL Injection Attack – Scenario 2 Further attack using the newly injected User: SELECT * FROM TRANSACTION_TABLE WHERE USER = 'Hacker' AND PASSWORD = 'Attack'; SQL Query The user injected in the previous attack is used to logon to the system. The Trick Tampering with Data. Information disclosure. Various unauthorized operations. Result

©2014 SAP SE or an SAP Affiliate Company. All rights reserved. Demo System demo

©2014 SAP SE or an SAP Affiliate Company. All rights reserved. Take Away  Conformance to Non-Functional requirements is one of the key success factors for the product in the market.  Non-functional tests are an integral of product quality and should be taken care of throughout the lifecycle of the product.  Security Testing Basic  Importance of Security testing  Top 5 Security requirements  SQL injection attack Now we understand :

Thank You!