Software Test Attacks to Break Mobile and Embedded Devices

Software Test Attacks to Break Mobile and Embedded Devices

 

 

 

 

 

 

ebook ^£27^.99

 

^{paperback £}33^.99

 

Features

• Provides over 30 specific software test attacks needed to find bugs/errors in today’s mobile and smart devices
• Explains how to create test labs, facilities, and tools to aid in conducting the attacks
• Addresses white and black box test approaches as well as risk-based testing, model-driven tests, agile testing, and mathematical approaches
• Details the error taxonomy upon which the attacks are based
• Presents checklists for user interface and game evaluations
• Includes practice exercises in each chapter

 

Summary

Address Errors before Users Find Them
Using a mix-and-match approach, Software Test Attacks to Break Mobile and Embedded Devices presents an attack basis for testing mobile and embedded systems. Designed for testers working in the ever-expanding world of "smart" devices driven by software, the book focuses on attack-based testing that can be used by individuals and teams. The numerous test attacks show you when a software product does not work (i.e., has bugs) and provide you with information about the software product under test.

 

The book guides you step by step starting with the basics. It explains patterns and techniques ranging from simple mind mapping to sophisticated test labs. For traditional testers moving into the mobile and embedded area, the book bridges the gap between IT and mobile/embedded system testing. It illustrates how to apply both traditional and new approaches. For those working with mobile/embedded systems without an extensive background in testing, the book brings together testing ideas, techniques, and solutions that are immediately applicable to testing smart and mobile devices.

 

Table of Contents

Setting the Mobile and Embedded Framework
Objectives of Testing Mobile and Embedded Software Systems
What Is Embedded Software?
What Are "Smart" Handheld and Mobile Systems?
Why Mobile and Embedded Attacks?
Framework for Attacks
Beginning Your Test Strategy
Attacks on Mobile and Embedded Software
If You Are New to Testing
An Enlightened Tester Makes a Better Tester

 

Developer Attacks: Taking the Code Head On
Attack 1: Static Code Analysis
Attack 2: Finding White-Box Data Computation Bugs
Attack 3: White-Box Structural Logic Flow Coverage
Test Coverage Concepts for White-Box Structural Testing
Not e of Concern in Mobile and Embedded Environments

 

Control System Attacks
Attack 4: Finding Hardware System Unhandled Uses in Software
Attack 5: Hardware-to-Software and Software-to-Hardware Signal Interface Bugs
Attack 6: Long-Duration Control Attack Runs
Attack 7: Breaking Software Logic and/or Control Laws
Attack 8: Forcing the Unusual Bug Cases

 

Hardware Software Attacks
Attack 9: Breaking Software with Hardware and System Operations
Attack 10: Finding Bugs in Hardware-Software Communications
Attack 11: Breaking Software Error Recovery
Attack 12: Interface and Integration Testing
Attack 13: Finding Problems in Software-System Fault Tolerance

 

Mobile and Embedded Software Attacks
Attack 14: Breaking Digital Software Communications
Attack 15: Finding Bugs in the Data
Attack 16: Bugs in System-Software Computation
Attack 17: Using Simulation and Stimulation to Drive Software Attacks

 

Time Attacks: "It’s about Time"
Attack 18: Bugs in Timing Interrupts and Priority Inversions
State Modeling Example
Attack 19: Finding Time-Related Bugs
Attack 20: Time-Related Scenarios, Stories, and Tours
Attack 21: Performance Testing Introduction
Supporting Concepts
Completing and Reporting the Performance Attack
Wrapping Up

 

Human User Interface Attacks: "The Limited (and Unlimited) User Interface"
How to Get Started—the UI
Attack 22: Finding Supporting (User) Documentation Problems
Attack 23: Finding Missing or Wrong Alarms
Attack 24: Finding Bugs in Help Files

 

Smart and/or Mobile Phone Attacks
General Notes and Attack Concepts Applicable to Most Mobile-Embedded Devices
Attack 25: Finding Bugs in Apps
Attack 26: Testing Mobile and Embedded Games
Attack 27: Attacking App–Cloud Dependencies

 

Mobile/Embedded Security
The Current Situation
Reusing Security Attacks
Attack 28: Penetration Attack Test
Attack 29: Information Theft—Stealing Device Data
Attack 30: Spoofing Attacks
Attack 31: Attacking Viruses on the Run in Factories or PLCs

 

Generic Attacks
Attack 32: Using Combinatorial Tests
Attack 33: Attacking Functional Bugs

 

Mobile and Embedded System Labs
Introduction to Labs
To Start
Test Facilities
Why Should a Tester Care?
What Problem Does a Test Lab Solve?
Staged Evolution of a Test Lab
Simulation Environments
Prototype and Early Development Labs
Development Support Test Labs
Integration Labs
Pre-Product and Product Release (Full Test Lab)
Field Labs
Other Places Labs Can Be Realized
Developing Labs: A Project inside of a Project
Planning Labs
Requirement Considerations for Labs
Functional Elements for a Developer Support Lab
Functional Elements for a Software Test Lab
Test Lab Design Factors
Lab Implementation
Lab Certification
Operations and Maintenance in the Lab
Lab Lessons Learned
Automation Concepts for Test Labs
Tooling to Support Lab Work
Test Data Set-Up
Test Execution: For Developer Testing
Test Execution: General
Product and Security Analysis Tools
Tools for the Lab Test Results Recording
Performance Attack Tooling
Basic and Generic Test Support Tools
Automation: Test Oracles for the Lab Using Modeling Tools
Simulation, Stimulation, and Modeling in the Lab Test Bed
Continuous Real-Time, Closed-Loop Simulations to Support Lab Test Environments
Keyword-Driven Test Models and Environments
Data Collection, Analysis, and Reporting
Post-Test Data Analysis
Post-Test Data Reporting
Wrap Up: N-Version Testing Problems in Labs and Modeling
Final Thoughts: Independence, Blind Spots, and Test Lab Staffing

 

Some Parting Advice
Are We There Yet?
Will You Get Started Today?
Advice for the "Never Ever" Tester
Bug Database, Taxonomies, and Learning from Your History
Lessons Learned and Retrospectives
Implementing Software Attack Planning
Regression and Retest
Where Do You Go from Here?

 

Appendix A: Mobile and Embedded Error Taxonomy: A Software Error Taxonomy (for Testers)
Appendix B: Mobile and Embedded Coding Rules
Appendix C: Quality First: "Defending the Source Code So That Attacks Are Not So Easy"
Appendix D: Basic Timing Concepts
Appendix E: Detailed Mapping of Attacks
Appendix F: UI /GUI and Game Evaluation Checklist
Appendix G: Risk Analysis, FMEA, and Brainstorming

 

References

Glossary

Index

 

출처 : https://www.crcpress.com/Software-Test-Attacks-to-Break-Mobile-and-Embedded-Devices/Hagar/9781466575301