Test documentation standard

If you are looking for a good approach to software test documentation then IEEE 829 is a good place to start. For more information here is a summary of the IEEE 829 standard for software testing documentation.

This software testing standard covers 8 document types:

• Test Plan
• Test Design Specification
• Test Case Specification
• Test Procedure
• Test Item Transmittal Report
• Test Log
• Test Incident Report
• Test Summary Report

Remember that the standard is a starting point: you need to think about which documents you produce and what you include in them. Too often you see templated documents that are copied from one project to the next without due thought and are left cluttered with misleading and inappropriate content. There ends this weeks sermon.

Prediciton: out with traditional testing models

There is an interesting article on "The year head: The shift to scripting and agility" from Java World. As you'd expect from the title it is predicting a move from formal methods and requirements to agile scripting and frequent releases. But is also contains a prediction on agile software testing:

"Also out the window this year: traditional testing models, in which QA and security validation is performed after coding is complete. That said, companies will spend too much time and money on traditional testing and on patch-and-fix deployment of security updates because they won't spend enough on integrating strict vulnerability and functional testing into every phase of development. Traditional post-development acceptance testing will still be necessary, but by integrating testing throughout the design and coding process, you will shorten test-and-fix cycles considerably, freeing your team up to deliver more apps faster."

Let's hope that the author really is a genuine clairyovant.

Software testing FAQ - No. 22

Where can I find a multilingual, web-based, free-content encyclopediaa that contains information about sofware testing?

That question was sent in by S. D. Levitt

This is an easy question. Wikipedia is the answer. And here is the link for software testing. It contains a lot of information. And it contains a lot of links to other sources of information about testing software.

The art of software security testing

For the legions of fans of Glenford Myers this may sound like I am making a play on words with his seminal book The Art of Software Testing. But I am not. The authors of this book are. And now it's got your attention you will not be surprised to know the book is about security testing software.

The Art of Software Security Testing delivers in-depth, up-to-date, battle-tested techniques for anticipating and identifying software security problems before the “bad guys” do.

Drawing on decades of experience in application and penetration testing, this book’s authors can help you transform your approach from mere “verification” to proactive “attack.” The authors begin by systematically reviewing the design and coding vulnerabilities that can arise in software, and offering realistic guidance in avoiding them. Next, they show you ways to customize software debugging tools to test the unique aspects of any program and then analyze the results to identify exploitable vulnerabilities.

Coverage includes

• Tips on how to think the way software attackers think to strengthen your defense strategy
• Cost-effectively integrating security testing into your development lifecycle
• Using threat modeling to prioritize testing based on your top areas of risk
• Building testing labs for performing white-, grey-, and black-box software testing
• Choosing and using the right tools for each testing project
• Executing today’s leading attacks, from fault injection to buffer overflows
• Determining which flaws are most likely to be exploited by real-world attackers

And two recent articles on this book are:

• Book Review: The Art of Software Security Testing from Unix Review
• Finding software security flaws from Computer World