Professional Documents
Culture Documents
pre/post-test basis
Use an architecture re-construction technique
such as OAR1 to extract the as built
architecture from the implementation.
Compare to the as designed architecture to
determine if changes have occurred
tested
Context - Special testing conditions
Forces - What types of faults are we
looking for?
Solution - Test case selection strategy that
tests the interactions among the
components that implement the pattern
Example A sample implementation
Client
Client
Callback
Callback
Server
Server
Server
Server
Forces
Solution
Operational profiles
establish a relative
frequency of operations
for a particular type of
user or application.
Test cases are chosen
with the same relative
frequency to mimic
actual use or to mimic
attack scenarios.
This narrows the range
of values to cover in
test.
User
Operation
Relative
frequency
Op1
.2
User1 Op
2
.6
Op3
.2
Op1
.4
User2 Op
2
.3
Op3
.3
OATS tool - 1
Three variables,
JDBC1.0
JDBC2.0
ODBC1.0
browser
Netscape IE5.0
Firefox
# of web
servers
200
50
OATS tool - 2
to 9 test cases,
testing pair-wise
but remains
approximately 96%
as effective as all
combinations
coverage at finding
defects.
JDBC1.0
Netscape
200
JDBC1.0
IE5.0
50
JDBC1.0
FoxFire
JDBC2.0
Netscape
50
JDBC2.0
IE5.0
JDBC2.0
FoxFire
200
ODBC1.0
Netscape
ODBC1.0
IE5.0
200
ODBC1.0
FoxFire
50
frequency and
estimated size,
estimates can be
made of the number
of defects and the
test case selection
process be more
precisely directed.
Security
defect type
Relative
frequency
per KLOC
Static queue
sizes
60%
HTTP cookies
30%
10%
Argument
injection
Total
100%
Conclusion
No
single action or algorithm will produce secure
Requirements
Domain
Expert
User:
Frequency:
See Also:
Class Name
Responsibility
Super Class
Collaborator
Requirements
model inspection
Domain
Analysis
Client
Analysis
model inspection
Incremental
Integration
and
System Testing
Class Specification
Application
Analysis
Class
Design
Class
Derivation
Class
Reuse
Implementation
Architectural
Design
Co
ntr
olle
r
Refinement
Model
Testing
Class Delivery
Architecture
inspection
View
Class
Development
Cluster
design inspection
Conclusion - 2
Implementing any part of this strategy will