Official (ISC)² CSSLP - Domain 5: Secure Software Testing 100% Pass

Official (ISC)² CSSLP - Domain 5: Secure Software Testing 100% Pass Attack surface validation Determining if the software has exploitable weakness (attack surface). Black box test Usually described as focusing on testing functional requirements. Functional testing Software testing is performed primarily to attest to the functionality of the software as expected by the business or customer. Fuzz testing A software testing technique, often automated or semi- automated, that involves providing invalid, unexpected, or random data to the inputs of a computer program. Load testing Usually defined as the process of exercising the system under test by feeding it the largest tasks it can operate with. Penetration test (pen test) A validation and verification measure that is an evaluation of a software or network's current state of security Psuedo Random Number Generator (PRNG) A deterministic algorithm to generate a sequence of numbers with little or no discernible pattern in the numbers, except for broad statistical properties. Regression Test Performed on existing operational software to verify that existing functionality didn't break when other aspects of the environment are changed; it is advisable to have a library of tests that you would run in each regression test. Test case Answers the question, "What am I going to test?" Normally consists of a unique identifier, requirement references from a design specification, preconditions, events, a series of steps (also known as actions) to follow, input, output, expected result, and actual result. Test harness The software, tools, samples of data input and output, and configurations. Test plan A document detailing a systematic approach to testing a system such as a machine or software. Test script A procedure or programing code that replicates user actions. Initially, the term was derived from the product of work created by automated regression test tools. Test strategy An outline that describes the testing approach of the software development cycle. Test suite A collection of test cases. White box test A design that allows one to peek inside the "box," and focuses specifically on using internal knowledge of the software to guide the selection of test data.