Automated Software Testing Flashcards
What are some common methods for testing software?
Unit tests, integration tests, black-box tests, positive/negative tests
What is fuzzing in the context of software testing?
A technique for generating random inputs to trigger errors or crashes in a program
What are some limitations of fuzzing?
Difficulty in passing specific checks, requiring expert knowledge, only detecting memory management errors
What is domain-specific automated testing?
A method of automated testing that leverages domain knowledge to create more efficient and effective test cases
What is a test oracle in software testing?
A function that determines whether a test passes or fails
What are the properties of soundness and completeness for test oracles?
Soundness means that if the oracle says a test passes, then the test really passes. Completeness means that if the test really passes, then the oracle says the test passes
What is version detection in software testing?
The task of identifying the software version of a system or a component
What is semantic versioning?
A systematic way of assigning version numbers to software components
What is fingerprinting in the context of version detection?
The process of generating a unique identifier for a version based on some methods such as strings, hashes, optional features, undefined behavior, bugs, and side channels
What is Transport Layer Security (TLS)?
The most commonly used security protocol for providing confidential, integral, and authenticated communication over the internet
What are the differences between TLS 1.2 and TLS 1.3?
TLS 1.3 has several improvements over TLS 1.2, such as a simplified handshake protocol, better security, and faster connection times
What is an X.509 certificate?
A digital certificate that binds a public key to an identity
What are the basic steps for validating an X.509 certificate?
Verifying the signature, checking the validity time, matching the hostname, and checking the extensions
What is domain-specific fuzzing?
A method of fuzzing that uses domain knowledge to create more efficient and effective fuzz operators
What is combinatorial testing?
A method of generating inputs by covering value combinations of different input parameters
What is differential testing?
A method of testing that compares the outputs of different implementations of the same functionality
What is specification-guided testing?
A method of testing that derives partial oracles automatically from the specification
What is the role of reduction function in differential testing?
A reduction function reduces the output of a test to a simpler form that can be compared across different implementations
What are the use cases and challenges of version detection?
Use cases include penetration testing, threat intelligence, usability research, and compliance. Challenges include API usage, capabilities, configuration, documentation, and interaction
What are the desired properties of a fingerprint in version detection?
Precise, small, efficient, and robust
What is the role of a human oracle in software testing?
A human oracle is the ground truth for testing, which means if the human oracle says a test passes, then the test really passes
What is the difference between soundness and completeness in the context of test oracles?
Soundness means that if the oracle says a test passes, then the test really passes. Completeness means that if the test really passes, then the oracle says the test passes
What is the crash oracle in software testing?
The crash oracle is a simple oracle that fails a test if the program crashes
What is model-based testing in software testing?
Model-based testing is a method of testing that uses models to construct sound and complete partial oracles
