SlideShare una empresa de Scribd logo

Software Testing Attacks for Mobile and Embedded Devices

Descargar como PPTX, PDF
XBOSoft
XBOSoft

Jon Hagar author of "Software Test Attacks to Break Mobile and Embedded Devices" presents Software testing concepts for mobile and imbedded devices in this webinar- hosted by XBOSoft.

TecnologíaEmpresariales
1 de 31
Software Testing for Mobile and Embedded Devices Jon Hagar hosted by XBOSoft
XBOSoft info • Founded in 2006 • Dedicated to software quality • Software QA consulting • Software testing services • Offices in San Francisco, Beijing, Oslo and Amsterdam
On the XBO side: Amy Jan
Housekeeping • Everyone except the speakers is muted • Questions via the gotowebinar control on the right side of your screen • Questions can be asked throughout the webinar, we’ll try to fit them in when appropriate • General Q & A at the end of the webinar • You will receive info on recording after the webinar
About Jon Hagar Jon…. • has over 30 years in software testing/verification and validation • is the owner of Grand Software Testing, a company specializing in software test consulting and training for mobile and embedded systems. • author of “Software Test Attacks to Break Mobile and Emedded Devices”
Jon Hagar Copy right 2013 Software Test Attacks to Break Mobile and Embedded Devices 6 SOFTWARE TESTING CONCEPTS FOR MOBILE AND EMBEDDED DEVICES Jon Hagar embedded@ecentral.com jon.d.hagar@gmail.com breakingembeddedsoftware.wordpress.com
Jon Hagar Copy right 2013 Software Test Attacks to Break Mobile and Embedded Devices 7How to Attack Embedded Software 7 AGENDA FOR TODAY • Introductions • Definitions • Risk based concepts • Exploratory approaches • Attacking the scenario(s) • Mobile and embedded tester skills • Wrap up and references
Jon Hagar Copy right 2013 Software Test Attacks to Break Mobile and Embedded Devices 8How to Attack Embedded Software 8 MOBILE, SMART, AND HANDHELD • As the names imply, these are devices—small, held in the hand, often connected to communication networks, including • Cell and smart phones – apps • Tablets • Medical devices • Typically have: • Many of the problems of classic “embedded” systems • The power of PCs/IT • More user interface (UI) than classic embedded systems • Fast updates • Are getting more power, memory, and features (software e.g., apps) • The “hot” area of computers/software • Testing rules are “evolving”
Jon Hagar Copy right 2013 Software Test Attacks to Break Mobile and Embedded Devices 9How to Attack Embedded Software 9 CLOSE COUSINS: Embedded Software Systems . . . • Interacts with unique hardware/systems to solve specialized problems in the “real world” • IT software runs with largely “generic” hardware • Users are barely aware the device uses or has software • Usually have significant hardware interface issues and concerns • Initialization, noise, power up/down, timers, sensors, etc. • Often are resource constrained • RAM, ROM, stack, power, speed, time, etc. • Typically has a restricted or no Human User/Computer Interface (HCI) but is evolving rapidly • Often no way (or only a risky way) to update and/or change the software • Involves risks, hazards, safety, and/or some specialized domain knowledge and logic/algorithms usually controlling hardware
Jon Hagar Copy right 2013 Software Test Attacks to Break Mobile and Embedded Devices 10How to Attack Embedded Software 10 WHAT DO THESE LOOK LIKE? Examples – Avionics systems: planes, cars, rockets, military,….. – Telecom: switch, routers, phones, cell devices,…. – Transportation: traffic control, railroad, trucking, …. – Industrial control: lighting, machines, HVAC, nuclear/power,… – Medical: pacemaker, dispensers, ……. – Home and office systems: control, entertainment (TV box), … – And the list goes on • Now starting to include PDA’s and other items that “blur” the lines
Jon Hagar Copy right 2013 Software Test Attacks to Break Mobile and Embedded Devices 11How to Attack Embedded Software 11 TYPES OF MOBILE- EMBEDDED APPS • Native Applications • Local to device • Hybrid Applications • Local to device but interacts w/internet • Web Applications • Not local to device All interactions on internet And JeanAnn Haarrison
Jon Hagar Copy right 2013 Software Test Attacks to Break Mobile and Embedded Devices 12How to Attack Embedded Software 12 THE “WORLD” OF MOBILE- SMART/EMBEDDED SOFTWARE • Inputs and outputs involve hardware, software, and humans • Time dependent • NOTE: most software has “time” (performance) issues but here things are often “hard real time” • In Mobile/Embedded real-time may be a requirement Software Stimulus-Inputs Response-Outputs Expected Unexpected Wanted UnwantedHardware
Jon Hagar Copy right 2013 Software Test Attacks to Break Mobile and Embedded Devices 13How to Attack Embedded Software 13 MOBILE AND EMBEDDED SOFTWARE TESTING: THE SAME BUT DIFFERENT • Same patterns in programming errors => same test patterns to be applied • But there are Differences • The development lifecycle • Mobile and embedded error patterns • “Embedded” unique sensor (input and output) • Mobility • Network connections • Resources
Jon Hagar Copy right 2013 Software Test Attacks to Break Mobile and Embedded Devices 14How to Attack Embedded Software 14 Hardware Change Hardware New Product EXAMPLE HIGH LEVEL MOBILE-EMBEDDED LIFECYCLE DIFFERENCE System Creation Hardware Build Software Build Software Build Software Build Software Build Hw Issue Feature Results: Software is “late” Software Build Months, Days, Hours
Jon Hagar Copy right 2013 Software Test Attacks to Break Mobile and Embedded Devices 15How to Attack Embedded Software 15 THE ERROR (BUG) PATTERN: SIMILAR AND DIFFERENT • Handheld/Embedded software has similar defects to other software • Requirements & Design • Logic & Math • Control Flow • Data • Initialization & Mode changes • Interfaces • Security • Gaming • etc. . . Mobile/Embedded additions • Software and hardware development cycles done in parallel, where aspects of the hardware may be unknown to the software development effort • Limited resources • Control/use of unique hardware (sensors) • Hardware problems which are often fixed with software late in the project • (a big one) Very tight real-time (often in milli- or micro-second ranges) or load performance issues
Jon Hagar Copy right 2013 Software Test Attacks to Break Mobile and Embedded Devices 16How to Attack Embedded Software 16 MORE SAMPLE MOBILE-EMBEDDED PRODUCT ERRORS TESTERS SHOULD CONSIDER • Mobility - • Environment and device susceptible to outside influence: noise, weather, heat, cold, • Network connect: wifi, data, changing signal, etc • Battery factors: Heat, charge level, charge duration, device conflicts • Output —outputs to devices and electronics that are susceptible to noise influences, calibrations, changes to hardware, and time • Inputs – Sensors, speed, timing, and interrupts all can impact devices/software • Complexity—the size of the system or some aspect of the system makes missed bugs likely • Device Resources - • Screen size • Memory • CPU speed
Jon Hagar Copy right 2013 Software Test Attacks to Break Mobile and Embedded Devices 17How to Attack Embedded Software 17 THUS TESTERS SHOULD THINK: RISKS • You cannot test everything • Risk-based testing helps bound the test scope problem • Testing is about providing information and understanding • Test exploration gets you started with whatever you have (or don’t have)
Jon Hagar Copy right 2013 Software Test Attacks to Break Mobile and Embedded Devices 18How to Attack Embedded Software 18 IN MOBILE AND EMBEDDED: EXPLORATORY TESTING • Rapid feedback • Learning • Upfront rapid learning • Attacking • Address risk • Independent assessment • Target a defect • Prototyping • Need information • Test beyond the requirements Yes, we must test requirements (necessary, but not sufficient) So include exploratory risk-based testing:
Jon Hagar Copy right 2013 Software Test Attacks to Break Mobile and Embedded Devices 19How to Attack Embedded Software 19 MUCH INFORMATION EXISTS ON EXPLORATORY RISK-BASED TESTING • Exploratory Testing: Based in the scientific method, where we plan-design, execute, learn, and change the test effort with limited “scripting” • Check out works by: • Kaner • Bach • Whittaker • ISO 29119 • I like to recommend and do exploratory attack-based testing
Jon Hagar Copy right 2013 Software Test Attacks to Break Mobile and Embedded Devices 20How to Attack Embedded Software 20 WHY ATTACK? • Attacking your software is in part, the process of attempting to demonstrate a system (hardware, firmware, software and operations) does not meet requirements, functional and non-functional objectives. • Mobile/embedded software testing must include "the system" (hardware, software, operations, users) • Attack common modes of failure, especially where the application is engaged and visible by the user. Attack testing with approaches to include: Tools Levels Patterns Techniques
Jon Hagar Copy right 2013 Software Test Attacks to Break Mobile and Embedded Devices 21How to Attack Embedded Software 21 SO, WHAT IS AN ATTACK? • Based on a common mode of failure seen over and over • Maybe seen as a negative, when it is really a positive • Goes after the “bugs” that may be in the software • Uses one or more classic test techniques and concepts • A Pattern (more than a process) which must be modified for the context at hand to do the testing • Many testers learn these for a domain after years and form a mental “pattern” model (most good testers attack)
Jon Hagar Copy right 2013 Software Test Attacks to Break Mobile and Embedded Devices 22How to Attack Embedded Software 22 KINDS OF ATTACKS • Whittaker offers a good starting point for software attacks in general that can be applied to embedded: • User Interface Attacks • Data and Computation • File System Interface • Software/OS Interface • Whittaker’s “How to Break Software” lists 23 attacks • “Software Test Attacks to Break Mobile and Embedded Devices” lists 33 attacks and 8 sub attacks
Jon Hagar Copy right 2013 Software Test Attacks to Break Mobile and Embedded Devices 23How to Attack Embedded Software 23 MOBILE AND EMBEDDED ATTACK CLASSIFICATION • Developer Attacks (unit/code testing) • Control System Attacks • Hardware-Software Attacks • Mobile and Embedded Software Domain Attacks • Time Attacks (Performance) • Human User Interface Attacks • Smart and/or Mobile Phone Functional App Attacks • Mobile/Embedded Security Attacks • Generic Attacks • Functional, mind mapping, and combinatorial tests
Jon Hagar Copy right 2013 Software Test Attacks to Break Mobile and Embedded Devices 24 A DETAILED LIST OF ATTACKS • Attack 1: Static Code Analysis • Attack 2: Finding White–Box Data Computation Bugs • Attack 3: White–Box Structural Logic Flow Coverage • Attack 4: Finding Hardware–System Unhandled Uses in Software • Attack 5: Hw-Sw and Sw-Hw signal Interface Bugs • Attack 6: Long Duration Control Attack Runs • Attack 7: Breaking Software Logic and/or Control Laws • Attack 8: Forcing the Unusual Bug Cases • Attack 9 Breaking Software with Hardware and System Operations • 9.1 Sub–Attack: Breaking Battery Power • Attack 10: Finding Bugs in Hardware–Software Communications • Attack 11: Breaking Software Error Recovery • Attack 12: Interface and Integration Testing • 12.1 Sub–Attack: Configuration Integration Evaluation • Attack 13: Finding Problems in Software–System Fault Tolerance • Attack 14: Breaking Digital Software Communications • Attack 15: Finding Bugs in the Data • Attack 16: Bugs in System–Software Computation • Attack 17: Using Simulation and Stimulation to Drive Software Attacks • Attack 18: Bugs in Timing Interrupts and Priority Inversion • Attack 19: Finding Time Related Bugs • Attack 20: Time Related Scenarios, Stories and Tours • Attack 21: Performance Testing Introduction • Attack 22: Finding Supporting (User) Documentation Problems • Sub–Attack 22.1: Confirming Install–ability • Attack 23: Finding Missing or Wrong Alarms • Attack 24: Finding Bugs in Help Files • Attack 25: Finding Bugs in Apps • Attack 26: Testing Mobile and Embedded Games • Attack 27: Attacking App–Cloud Dependencies • Attack 28 Penetration Attack Test • Attack 28.1 Penetration Sub–Attacks: Authentication — Password Attack • Attack 28.2 Sub–Attack Fuzz Test • Attack 29: Information Theft—Stealing Device Data • Attack 29.1 Sub Attack –Identity Social Engineering • Attack 30: Spoofing Attacks • Attack 30.1 Location and/or User Profile Spoof Sub–Attack • Attack 30.2 GPS Spoof Sub–Attack • Attack 31: Attacking Viruses on the Run in Factories or PLCs • Attack 32: Using Combinatorial Tests • Attack 33: Attacking Functional Bugs
Jon Hagar Copy right 2013 Software Test Attacks to Break Mobile and Embedded Devices 25How to Attack Embedded Software 25 AN EXAMPLE DETAILED TAXONOMY: A2D AND D2A BUG POSSIBILITIES Type Situation Impact Notes A2D A2D representation information is lost because measurement is not precise Software computation is based on incorrect data Number of bits used to store the analog converted data is not large enough or sampling rate to get bits is not correct. A2D A2D information is contaminated with noise Software computation use noise when it should not The noise term may not be known, accounted for, or misrepresented. A2D A2D information is calculated correctly Computation has unknown error Sources of error can come from: calibrations used on variables, variables lacking initialization, or calculations are not done with enough accuracy (single versus double floating point D2A D2A conversion losses “least significant bits” (LSB) in conversions, but bits are, in fact, important because computer word sizes are too small Output to analog device is wrong Number of bits stored from the digital world to the analog world do not have enough precision, so analog data is incorrect. D2A D2A information does not account for noise of the real world Software computation does not include a factor for noise The analog values are not correct given the noise of the real world (output data may be lost in the noise). D2A D2A information is calculated correctly because of internal factors Computation has unknown error Sources of error can come from: calibrations used on variables, variables lacking initialization, or calculations are not done with enough accuracy (single versus double floating point
Jon Hagar Copy right 2013 Software Test Attacks to Break Mobile and Embedded Devices 26How to Attack Embedded Software 26 FINALLY, IN ADDITION TO TESTER SKILLS: SKILL FOR THE MOBILE/EMBEDDED TESTER • Tester skills: planning, design, execution, reporting, exploration, techniques, tools……………………. • Exposure or knowledge about products from the domain in which you are testing: aerospace, medical, automobile manufacturing, smart apps, airplanes, factory systems, robotics, regulated environments, etc. • Knowledge of hard sciences: math, physics, electronics, hardware, engineering, etc. for logical thought processes • Knowledge of Soft sciences: psychology, philosophy, sociology, human factors (human machine interface), gaming, arts… for creative & conceptual thought processes • Passion – follow your bliss
Jon Hagar Copy right 2013 Software Test Attacks to Break Mobile and Embedded Devices 27How to Attack Embedded Software 27 FOR THE SOFTWARE YOU TEST ASK YOURSELF • Do you know how it fails? • Do you test for success or failure? • Both? • Where can you improve?
Jon Hagar Copy right 2013 Software Test Attacks to Break Mobile and Embedded Devices 28How to Attack Embedded Software 28 SUMMARY: THANK YOU (IDEAS USED FROM) • James Whittaker (attacks) • Elisabeth Hendrickson (simulations) • Lee Copeland (techniques) • Brian Merrick (testing) • James Bach (exploratory & tours) • Cem Kaner (test thinking) • JeanAnn Harrison • Many teachers • Generations past and future • Books, references, etc.
Jon Hagar Copy right 2013 Software Test Attacks to Break Mobile and Embedded Devices 29How to Attack Embedded Software 29 BOOK LIST (MY FAVORITES) • “Software Test Attacks to Break Mobile and Embedded Devices” – Jon Hagar, • “How to Break Software” James Whittaker, 2003 • And his other “How To Break…” books • “Testing Embedded Software” Broeckman and Notenboom, 2003 • “A Practitioner’s Guide to Software Test Design” Copeland, 2004 • “A Practitioner’s Handbook for Real-Time Analysis” Klein et. al., 1993 • “Computer Related Risks”, Neumann, 1995 • “Safeware: System Safety and Computers”, Leveson, 1995 • Honorable mentions: • “Embedded System and Software Validation” Roychoudhury, 2009 • “Systems Testing with an Attitude” Petschenik 2005 • “Software System Testing and Quality Assurance” Beizer, 1987 • “Testing Computer Software” Kaner et. al., 1988 • “Systematic Software Testing” Craig & Jaskiel, 2001 • “Managing the Testing Process” Black, 2002
Questions & Answers Follow us: @XBOSoft Questions at: services@xbosoft.com
Thanks for joining us and hope to hear from you soon!

Recomendados

Testing in agile
Testing in agileTesting in agile
Testing in agilesachxn1
 
Agile Metrics to Boost Software Quality improvement
Agile Metrics to Boost Software Quality improvementAgile Metrics to Boost Software Quality improvement
Agile Metrics to Boost Software Quality improvementXBOSoft
 
Agile Test Management Using Jira and Zephyr
Agile Test Management Using Jira and ZephyrAgile Test Management Using Jira and Zephyr
Agile Test Management Using Jira and ZephyrXBOSoft
 
Agile User Acceptance Testing - Incorporating UAT into Agile
Agile User Acceptance Testing - Incorporating UAT into AgileAgile User Acceptance Testing - Incorporating UAT into Agile
Agile User Acceptance Testing - Incorporating UAT into AgileXBOSoft
 
Defect Patterns Analysis for Agile and Waterfall - XBOSoft Webinar with Micha...
Defect Patterns Analysis for Agile and Waterfall - XBOSoft Webinar with Micha...Defect Patterns Analysis for Agile and Waterfall - XBOSoft Webinar with Micha...
Defect Patterns Analysis for Agile and Waterfall - XBOSoft Webinar with Micha...XBOSoft
 
Proactive SQA™ Shifting Left w/Proactive Software Quality Practices
Proactive SQA™ Shifting Left w/Proactive Software Quality PracticesProactive SQA™ Shifting Left w/Proactive Software Quality Practices
Proactive SQA™ Shifting Left w/Proactive Software Quality PracticesXBOSoft
 
AI Based Test Automation Without AI
AI Based Test Automation Without AIAI Based Test Automation Without AI
AI Based Test Automation Without AIXBOSoft
 
Agile Adoption Story in LGE (Aps2010)
Agile Adoption Story in LGE (Aps2010)Agile Adoption Story in LGE (Aps2010)
Agile Adoption Story in LGE (Aps2010)Woogon Shim
 

Recomendados

Testing in agile
Testing in agileTesting in agile
Testing in agilesachxn1
 
Agile Metrics to Boost Software Quality improvement
Agile Metrics to Boost Software Quality improvementAgile Metrics to Boost Software Quality improvement
Agile Metrics to Boost Software Quality improvementXBOSoft
 
Agile Test Management Using Jira and Zephyr
Agile Test Management Using Jira and ZephyrAgile Test Management Using Jira and Zephyr
Agile Test Management Using Jira and ZephyrXBOSoft
 
Agile User Acceptance Testing - Incorporating UAT into Agile
Agile User Acceptance Testing - Incorporating UAT into AgileAgile User Acceptance Testing - Incorporating UAT into Agile
Agile User Acceptance Testing - Incorporating UAT into AgileXBOSoft
 
Defect Patterns Analysis for Agile and Waterfall - XBOSoft Webinar with Micha...
Defect Patterns Analysis for Agile and Waterfall - XBOSoft Webinar with Micha...Defect Patterns Analysis for Agile and Waterfall - XBOSoft Webinar with Micha...
Defect Patterns Analysis for Agile and Waterfall - XBOSoft Webinar with Micha...XBOSoft
 
Proactive SQA™ Shifting Left w/Proactive Software Quality Practices
Proactive SQA™ Shifting Left w/Proactive Software Quality PracticesProactive SQA™ Shifting Left w/Proactive Software Quality Practices
Proactive SQA™ Shifting Left w/Proactive Software Quality PracticesXBOSoft
 
AI Based Test Automation Without AI
AI Based Test Automation Without AIAI Based Test Automation Without AI
AI Based Test Automation Without AIXBOSoft
 
Agile Adoption Story in LGE (Aps2010)
Agile Adoption Story in LGE (Aps2010)Agile Adoption Story in LGE (Aps2010)
Agile Adoption Story in LGE (Aps2010)Woogon Shim
 
Thinking Beyond HPQC ALM
Thinking Beyond HPQC ALMThinking Beyond HPQC ALM
Thinking Beyond HPQC ALMQASymphony
 
Evolve or Die: Healthcare IT Testing | QASymphony Webinar
Evolve or Die: Healthcare IT Testing | QASymphony WebinarEvolve or Die: Healthcare IT Testing | QASymphony Webinar
Evolve or Die: Healthcare IT Testing | QASymphony WebinarQASymphony
 
Integrating Hardware (Waterfall) and Software (Agile) Development
Integrating Hardware (Waterfall) and Software (Agile) DevelopmentIntegrating Hardware (Waterfall) and Software (Agile) Development
Integrating Hardware (Waterfall) and Software (Agile) DevelopmentIntland Software GmbH
 
Closing the Requirements and Testing Loop Webinar
Closing the Requirements and Testing Loop WebinarClosing the Requirements and Testing Loop Webinar
Closing the Requirements and Testing Loop WebinarQASymphony
 
Deliver Projects On Time, Every Time
Deliver Projects On Time, Every TimeDeliver Projects On Time, Every Time
Deliver Projects On Time, Every TimeTechWell
 
Exploratory Testing with JIRA | QASymphony Webinar
Exploratory Testing with JIRA | QASymphony WebinarExploratory Testing with JIRA | QASymphony Webinar
Exploratory Testing with JIRA | QASymphony WebinarQASymphony
 
Testing in a DevOps team
Testing in a DevOps teamTesting in a DevOps team
Testing in a DevOps teamLaurent PY
 
Continuous Integration Is for Everyone—Especially DevOps
Continuous Integration Is for Everyone—Especially DevOpsContinuous Integration Is for Everyone—Especially DevOps
Continuous Integration Is for Everyone—Especially DevOpsTechWell
 
Continuous Delivery for Agile Teams
Continuous Delivery for Agile TeamsContinuous Delivery for Agile Teams
Continuous Delivery for Agile TeamsMike Bowler
 
Introduction to Scrum - 1 day workshop
Introduction to Scrum - 1 day workshopIntroduction to Scrum - 1 day workshop
Introduction to Scrum - 1 day workshopEvan Leybourn
 
Puppet Labs EMC DevOps Day NYC Aug-2015
Puppet Labs EMC DevOps Day NYC Aug-2015Puppet Labs EMC DevOps Day NYC Aug-2015
Puppet Labs EMC DevOps Day NYC Aug-2015Bob Sokol
 
Soft Skills You Need Are Not Always Taught in Class
Soft Skills You Need Are Not Always Taught in ClassSoft Skills You Need Are Not Always Taught in Class
Soft Skills You Need Are Not Always Taught in ClassTechWell
 
Going the Next Step? Agile Values and Hardware Development by Urs Boehm
Going the Next Step? Agile Values and Hardware Development by Urs BoehmGoing the Next Step? Agile Values and Hardware Development by Urs Boehm
Going the Next Step? Agile Values and Hardware Development by Urs BoehmPeter Stevens
 
Critical Capabilities to Shifting Left the Right Way
Critical Capabilities to Shifting Left the Right WayCritical Capabilities to Shifting Left the Right Way
Critical Capabilities to Shifting Left the Right WaySmartBear
 
QA team transition to agile testing at Alcatel Lucent
QA team transition to agile testing at Alcatel LucentQA team transition to agile testing at Alcatel Lucent
QA team transition to agile testing at Alcatel LucentAgileSparks
 
Agile Embedded Software
Agile Embedded SoftwareAgile Embedded Software
Agile Embedded SoftwareJames Grenning
 
Project Management With Scrum
Project Management With ScrumProject Management With Scrum
Project Management With ScrumTommy Norman
 
Damn... we missed the date again
Damn... we missed the date againDamn... we missed the date again
Damn... we missed the date againSudipta Lahiri
 
1×10 rola QA w tworzeniu Atlassian JIRA
1×10 rola QA w tworzeniu Atlassian JIRA 1×10 rola QA w tworzeniu Atlassian JIRA
1×10 rola QA w tworzeniu Atlassian JIRA3camp
 
The Eclipse Way
The Eclipse WayThe Eclipse Way
The Eclipse WayNaresh Jain
 
How to Break Software: Embedded Edition
How to Break Software: Embedded EditionHow to Break Software: Embedded Edition
How to Break Software: Embedded EditionTechWell
 
Use Combinatorial Testing for Mobile Device Fragmentation
Use Combinatorial Testing for Mobile Device FragmentationUse Combinatorial Testing for Mobile Device Fragmentation
Use Combinatorial Testing for Mobile Device FragmentationJosiah Renaudin
 

Más contenido relacionado

La actualidad más candente

Thinking Beyond HPQC ALM
Thinking Beyond HPQC ALMThinking Beyond HPQC ALM
Thinking Beyond HPQC ALMQASymphony
 
Evolve or Die: Healthcare IT Testing | QASymphony Webinar
Evolve or Die: Healthcare IT Testing | QASymphony WebinarEvolve or Die: Healthcare IT Testing | QASymphony Webinar
Evolve or Die: Healthcare IT Testing | QASymphony WebinarQASymphony
 
Integrating Hardware (Waterfall) and Software (Agile) Development
Integrating Hardware (Waterfall) and Software (Agile) DevelopmentIntegrating Hardware (Waterfall) and Software (Agile) Development
Integrating Hardware (Waterfall) and Software (Agile) DevelopmentIntland Software GmbH
 
Closing the Requirements and Testing Loop Webinar
Closing the Requirements and Testing Loop WebinarClosing the Requirements and Testing Loop Webinar
Closing the Requirements and Testing Loop WebinarQASymphony
 
Deliver Projects On Time, Every Time
Deliver Projects On Time, Every TimeDeliver Projects On Time, Every Time
Deliver Projects On Time, Every TimeTechWell
 
Exploratory Testing with JIRA | QASymphony Webinar
Exploratory Testing with JIRA | QASymphony WebinarExploratory Testing with JIRA | QASymphony Webinar
Exploratory Testing with JIRA | QASymphony WebinarQASymphony
 
Testing in a DevOps team
Testing in a DevOps teamTesting in a DevOps team
Testing in a DevOps teamLaurent PY
 
Continuous Integration Is for Everyone—Especially DevOps
Continuous Integration Is for Everyone—Especially DevOpsContinuous Integration Is for Everyone—Especially DevOps
Continuous Integration Is for Everyone—Especially DevOpsTechWell
 
Continuous Delivery for Agile Teams
Continuous Delivery for Agile TeamsContinuous Delivery for Agile Teams
Continuous Delivery for Agile TeamsMike Bowler
 
Introduction to Scrum - 1 day workshop
Introduction to Scrum - 1 day workshopIntroduction to Scrum - 1 day workshop
Introduction to Scrum - 1 day workshopEvan Leybourn
 
Puppet Labs EMC DevOps Day NYC Aug-2015
Puppet Labs EMC DevOps Day NYC Aug-2015Puppet Labs EMC DevOps Day NYC Aug-2015
Puppet Labs EMC DevOps Day NYC Aug-2015Bob Sokol
 
Soft Skills You Need Are Not Always Taught in Class
Soft Skills You Need Are Not Always Taught in ClassSoft Skills You Need Are Not Always Taught in Class
Soft Skills You Need Are Not Always Taught in ClassTechWell
 
Going the Next Step? Agile Values and Hardware Development by Urs Boehm
Going the Next Step? Agile Values and Hardware Development by Urs BoehmGoing the Next Step? Agile Values and Hardware Development by Urs Boehm
Going the Next Step? Agile Values and Hardware Development by Urs BoehmPeter Stevens
 
Critical Capabilities to Shifting Left the Right Way
Critical Capabilities to Shifting Left the Right WayCritical Capabilities to Shifting Left the Right Way
Critical Capabilities to Shifting Left the Right WaySmartBear
 
QA team transition to agile testing at Alcatel Lucent
QA team transition to agile testing at Alcatel LucentQA team transition to agile testing at Alcatel Lucent
QA team transition to agile testing at Alcatel LucentAgileSparks
 
Agile Embedded Software
Agile Embedded SoftwareAgile Embedded Software
Agile Embedded SoftwareJames Grenning
 
Project Management With Scrum
Project Management With ScrumProject Management With Scrum
Project Management With ScrumTommy Norman
 
Damn... we missed the date again
Damn... we missed the date againDamn... we missed the date again
Damn... we missed the date againSudipta Lahiri
 
1×10 rola QA w tworzeniu Atlassian JIRA
1×10 rola QA w tworzeniu Atlassian JIRA 1×10 rola QA w tworzeniu Atlassian JIRA
1×10 rola QA w tworzeniu Atlassian JIRA3camp
 

La actualidad más candente (20)

Thinking Beyond HPQC ALM
Thinking Beyond HPQC ALMThinking Beyond HPQC ALM
Thinking Beyond HPQC ALM
 
Evolve or Die: Healthcare IT Testing | QASymphony Webinar
Evolve or Die: Healthcare IT Testing | QASymphony WebinarEvolve or Die: Healthcare IT Testing | QASymphony Webinar
Evolve or Die: Healthcare IT Testing | QASymphony Webinar
 
Integrating Hardware (Waterfall) and Software (Agile) Development
Integrating Hardware (Waterfall) and Software (Agile) DevelopmentIntegrating Hardware (Waterfall) and Software (Agile) Development
Integrating Hardware (Waterfall) and Software (Agile) Development
 
Closing the Requirements and Testing Loop Webinar
Closing the Requirements and Testing Loop WebinarClosing the Requirements and Testing Loop Webinar
Closing the Requirements and Testing Loop Webinar
 
Deliver Projects On Time, Every Time
Deliver Projects On Time, Every TimeDeliver Projects On Time, Every Time
Deliver Projects On Time, Every Time
 
Exploratory Testing with JIRA | QASymphony Webinar
Exploratory Testing with JIRA | QASymphony WebinarExploratory Testing with JIRA | QASymphony Webinar
Exploratory Testing with JIRA | QASymphony Webinar
 
Testing in a DevOps team
Testing in a DevOps teamTesting in a DevOps team
Testing in a DevOps team
 
Continuous Integration Is for Everyone—Especially DevOps
Continuous Integration Is for Everyone—Especially DevOpsContinuous Integration Is for Everyone—Especially DevOps
Continuous Integration Is for Everyone—Especially DevOps
 
Continuous Delivery for Agile Teams
Continuous Delivery for Agile TeamsContinuous Delivery for Agile Teams
Continuous Delivery for Agile Teams
 
Introduction to Scrum - 1 day workshop
Introduction to Scrum - 1 day workshopIntroduction to Scrum - 1 day workshop
Introduction to Scrum - 1 day workshop
 
Puppet Labs EMC DevOps Day NYC Aug-2015
Puppet Labs EMC DevOps Day NYC Aug-2015Puppet Labs EMC DevOps Day NYC Aug-2015
Puppet Labs EMC DevOps Day NYC Aug-2015
 
Soft Skills You Need Are Not Always Taught in Class
Soft Skills You Need Are Not Always Taught in ClassSoft Skills You Need Are Not Always Taught in Class
Soft Skills You Need Are Not Always Taught in Class
 
Going the Next Step? Agile Values and Hardware Development by Urs Boehm
Going the Next Step? Agile Values and Hardware Development by Urs BoehmGoing the Next Step? Agile Values and Hardware Development by Urs Boehm
Going the Next Step? Agile Values and Hardware Development by Urs Boehm
 
Critical Capabilities to Shifting Left the Right Way
Critical Capabilities to Shifting Left the Right WayCritical Capabilities to Shifting Left the Right Way
Critical Capabilities to Shifting Left the Right Way
 
QA team transition to agile testing at Alcatel Lucent
QA team transition to agile testing at Alcatel LucentQA team transition to agile testing at Alcatel Lucent
QA team transition to agile testing at Alcatel Lucent
 
Agile Embedded Software
Agile Embedded SoftwareAgile Embedded Software
Agile Embedded Software
 
Project Management With Scrum
Project Management With ScrumProject Management With Scrum
Project Management With Scrum
 
Damn... we missed the date again
Damn... we missed the date againDamn... we missed the date again
Damn... we missed the date again
 
1×10 rola QA w tworzeniu Atlassian JIRA
1×10 rola QA w tworzeniu Atlassian JIRA 1×10 rola QA w tworzeniu Atlassian JIRA
1×10 rola QA w tworzeniu Atlassian JIRA
 
The Eclipse Way
The Eclipse WayThe Eclipse Way
The Eclipse Way
 

Similar a Software Testing Attacks for Mobile and Embedded Devices

How to Break Software: Embedded Edition
How to Break Software: Embedded EditionHow to Break Software: Embedded Edition
How to Break Software: Embedded EditionTechWell
 
Use Combinatorial Testing for Mobile Device Fragmentation
Use Combinatorial Testing for Mobile Device FragmentationUse Combinatorial Testing for Mobile Device Fragmentation
Use Combinatorial Testing for Mobile Device FragmentationJosiah Renaudin
 
Implement Combinatorial Test Patterns for Better Mobile and IoT Testing
Implement Combinatorial Test Patterns for Better Mobile and IoT TestingImplement Combinatorial Test Patterns for Better Mobile and IoT Testing
Implement Combinatorial Test Patterns for Better Mobile and IoT TestingJosiah Renaudin
 
How to Break Software: Embedded Edition
How to Break Software: Embedded EditionHow to Break Software: Embedded Edition
How to Break Software: Embedded EditionTechWell
 
IoT Software Testing Challenges: The IoT World Is Really Different
IoT Software Testing Challenges: The IoT World Is Really DifferentIoT Software Testing Challenges: The IoT World Is Really Different
IoT Software Testing Challenges: The IoT World Is Really DifferentTechWell
 
XBOSoft Mobile Security Webinar with Jon D. Hagar
XBOSoft Mobile Security Webinar with Jon D. HagarXBOSoft Mobile Security Webinar with Jon D. Hagar
XBOSoft Mobile Security Webinar with Jon D. HagarXBOSoft
 
Exploratory Mobile Testing Webinar_XBOSoft_jean_annharrison
Exploratory Mobile Testing Webinar_XBOSoft_jean_annharrisonExploratory Mobile Testing Webinar_XBOSoft_jean_annharrison
Exploratory Mobile Testing Webinar_XBOSoft_jean_annharrisonXBOSoft
 
IoT Software Testing Challenges: The IoT World Is Really Different
IoT Software Testing Challenges: The IoT World Is Really DifferentIoT Software Testing Challenges: The IoT World Is Really Different
IoT Software Testing Challenges: The IoT World Is Really DifferentTechWell
 
Are You Missing Critical Mobile Tests?
Are You Missing Critical Mobile Tests? Are You Missing Critical Mobile Tests?
Are You Missing Critical Mobile Tests? XBOSoft
 
Exploratory testing and the mobile tester : A presentation by Jon Hagar
Exploratory testing and the mobile tester : A presentation by Jon HagarExploratory testing and the mobile tester : A presentation by Jon Hagar
Exploratory testing and the mobile tester : A presentation by Jon HagarGallop Solutions
 
Top IOT Testing Challenges Webinar with Jon Hagar
Top IOT Testing Challenges Webinar with Jon HagarTop IOT Testing Challenges Webinar with Jon Hagar
Top IOT Testing Challenges Webinar with Jon HagarXBOSoft
 
Cyber security - It starts with the embedded system
Cyber security - It starts with the embedded systemCyber security - It starts with the embedded system
Cyber security - It starts with the embedded systemRogue Wave Software
 
Yow connected developing secure i os applications
Yow connected developing secure i os applicationsYow connected developing secure i os applications
Yow connected developing secure i os applicationsmgianarakis
 
Softwere Testing Aplication Specific Techniques
Softwere Testing Aplication Specific TechniquesSoftwere Testing Aplication Specific Techniques
Softwere Testing Aplication Specific Techniquesmaharajdey
 
Mobile App Test Attacks to Efficiently Explore Software
Mobile App Test Attacks to Efficiently Explore SoftwareMobile App Test Attacks to Efficiently Explore Software
Mobile App Test Attacks to Efficiently Explore SoftwareTEST Huddle
 
Mobile App Testing: The Good, the Bad, and the Ugly
Mobile App Testing: The Good, the Bad, and the UglyMobile App Testing: The Good, the Bad, and the Ugly
Mobile App Testing: The Good, the Bad, and the UglyTechWell
 
Enhancing Mobile Apps Quality-Manual Testing Revisited
Enhancing Mobile Apps Quality-Manual Testing RevisitedEnhancing Mobile Apps Quality-Manual Testing Revisited
Enhancing Mobile Apps Quality-Manual Testing RevisitedMindfire Solutions
 
How to Test Security and Vulnerability of Your Android and iOS Apps
How to Test Security and Vulnerability of Your Android and iOS AppsHow to Test Security and Vulnerability of Your Android and iOS Apps
How to Test Security and Vulnerability of Your Android and iOS AppsBitbar
 
Lec 1 Introduction to Software Engg.pptx
Lec 1 Introduction to Software Engg.pptxLec 1 Introduction to Software Engg.pptx
Lec 1 Introduction to Software Engg.pptxAbdullah Khan
 
Think tank event mobile app testing v1.3
Think tank event mobile app testing v1.3Think tank event mobile app testing v1.3
Think tank event mobile app testing v1.3Samer Desouky
 

Similar a Software Testing Attacks for Mobile and Embedded Devices (20)

How to Break Software: Embedded Edition
How to Break Software: Embedded EditionHow to Break Software: Embedded Edition
How to Break Software: Embedded Edition
 
Use Combinatorial Testing for Mobile Device Fragmentation
Use Combinatorial Testing for Mobile Device FragmentationUse Combinatorial Testing for Mobile Device Fragmentation
Use Combinatorial Testing for Mobile Device Fragmentation
 
Implement Combinatorial Test Patterns for Better Mobile and IoT Testing
Implement Combinatorial Test Patterns for Better Mobile and IoT TestingImplement Combinatorial Test Patterns for Better Mobile and IoT Testing
Implement Combinatorial Test Patterns for Better Mobile and IoT Testing
 
How to Break Software: Embedded Edition
How to Break Software: Embedded EditionHow to Break Software: Embedded Edition
How to Break Software: Embedded Edition
 
IoT Software Testing Challenges: The IoT World Is Really Different
IoT Software Testing Challenges: The IoT World Is Really DifferentIoT Software Testing Challenges: The IoT World Is Really Different
IoT Software Testing Challenges: The IoT World Is Really Different
 
XBOSoft Mobile Security Webinar with Jon D. Hagar
XBOSoft Mobile Security Webinar with Jon D. HagarXBOSoft Mobile Security Webinar with Jon D. Hagar
XBOSoft Mobile Security Webinar with Jon D. Hagar
 
Exploratory Mobile Testing Webinar_XBOSoft_jean_annharrison
Exploratory Mobile Testing Webinar_XBOSoft_jean_annharrisonExploratory Mobile Testing Webinar_XBOSoft_jean_annharrison
Exploratory Mobile Testing Webinar_XBOSoft_jean_annharrison
 
IoT Software Testing Challenges: The IoT World Is Really Different
IoT Software Testing Challenges: The IoT World Is Really DifferentIoT Software Testing Challenges: The IoT World Is Really Different
IoT Software Testing Challenges: The IoT World Is Really Different
 
Are You Missing Critical Mobile Tests?
Are You Missing Critical Mobile Tests? Are You Missing Critical Mobile Tests?
Are You Missing Critical Mobile Tests?
 
Exploratory testing and the mobile tester : A presentation by Jon Hagar
Exploratory testing and the mobile tester : A presentation by Jon HagarExploratory testing and the mobile tester : A presentation by Jon Hagar
Exploratory testing and the mobile tester : A presentation by Jon Hagar
 
Top IOT Testing Challenges Webinar with Jon Hagar
Top IOT Testing Challenges Webinar with Jon HagarTop IOT Testing Challenges Webinar with Jon Hagar
Top IOT Testing Challenges Webinar with Jon Hagar
 
Cyber security - It starts with the embedded system
Cyber security - It starts with the embedded systemCyber security - It starts with the embedded system
Cyber security - It starts with the embedded system
 
Yow connected developing secure i os applications
Yow connected developing secure i os applicationsYow connected developing secure i os applications
Yow connected developing secure i os applications
 
Softwere Testing Aplication Specific Techniques
Softwere Testing Aplication Specific TechniquesSoftwere Testing Aplication Specific Techniques
Softwere Testing Aplication Specific Techniques
 
Mobile App Test Attacks to Efficiently Explore Software
Mobile App Test Attacks to Efficiently Explore SoftwareMobile App Test Attacks to Efficiently Explore Software
Mobile App Test Attacks to Efficiently Explore Software
 
Mobile App Testing: The Good, the Bad, and the Ugly
Mobile App Testing: The Good, the Bad, and the UglyMobile App Testing: The Good, the Bad, and the Ugly
Mobile App Testing: The Good, the Bad, and the Ugly
 
Enhancing Mobile Apps Quality-Manual Testing Revisited
Enhancing Mobile Apps Quality-Manual Testing RevisitedEnhancing Mobile Apps Quality-Manual Testing Revisited
Enhancing Mobile Apps Quality-Manual Testing Revisited
 
How to Test Security and Vulnerability of Your Android and iOS Apps
How to Test Security and Vulnerability of Your Android and iOS AppsHow to Test Security and Vulnerability of Your Android and iOS Apps
How to Test Security and Vulnerability of Your Android and iOS Apps
 
Lec 1 Introduction to Software Engg.pptx
Lec 1 Introduction to Software Engg.pptxLec 1 Introduction to Software Engg.pptx
Lec 1 Introduction to Software Engg.pptx
 
Think tank event mobile app testing v1.3
Think tank event mobile app testing v1.3Think tank event mobile app testing v1.3
Think tank event mobile app testing v1.3
 

Más de XBOSoft

What Aircrews Can Teach Software Testing Teams - XBOSoft Webinar w/Peter Varhol
What Aircrews Can Teach Software Testing Teams - XBOSoft Webinar w/Peter VarholWhat Aircrews Can Teach Software Testing Teams - XBOSoft Webinar w/Peter Varhol
What Aircrews Can Teach Software Testing Teams - XBOSoft Webinar w/Peter VarholXBOSoft
 
Challenges in Using Big Data for Software QA
Challenges in Using Big Data for Software QAChallenges in Using Big Data for Software QA
Challenges in Using Big Data for Software QAXBOSoft
 
Mobile Testing Challenges and Solutions XBOSoft Webinar
Mobile Testing Challenges and Solutions XBOSoft WebinarMobile Testing Challenges and Solutions XBOSoft Webinar
Mobile Testing Challenges and Solutions XBOSoft WebinarXBOSoft
 
Heidi Araya - XBOSoft Webinar Guest Speaker - Working with Remote Agile Teams
Heidi Araya - XBOSoft Webinar Guest Speaker - Working with Remote Agile TeamsHeidi Araya - XBOSoft Webinar Guest Speaker - Working with Remote Agile Teams
Heidi Araya - XBOSoft Webinar Guest Speaker - Working with Remote Agile TeamsXBOSoft
 
XBOSoft webinar - How Did I Miss That Bug - Cognitive Biases in Software Testing
XBOSoft webinar - How Did I Miss That Bug - Cognitive Biases in Software TestingXBOSoft webinar - How Did I Miss That Bug - Cognitive Biases in Software Testing
XBOSoft webinar - How Did I Miss That Bug - Cognitive Biases in Software TestingXBOSoft
 
PSQT Keynote: Quality Challenges in the Internet of Things Era
PSQT Keynote: Quality Challenges in the Internet of Things EraPSQT Keynote: Quality Challenges in the Internet of Things Era
PSQT Keynote: Quality Challenges in the Internet of Things EraXBOSoft
 
7 Habits of Highly Effective Agile Testing - Test Istanbul
7 Habits of Highly Effective Agile Testing - Test Istanbul7 Habits of Highly Effective Agile Testing - Test Istanbul
7 Habits of Highly Effective Agile Testing - Test IstanbulXBOSoft
 
Managing Agile Software Projects With Risk and Uncertainty
Managing Agile Software Projects With Risk and UncertaintyManaging Agile Software Projects With Risk and Uncertainty
Managing Agile Software Projects With Risk and UncertaintyXBOSoft
 
Testing in Agile with Coaching Agile Journeys and XBOSoft
Testing in Agile with Coaching Agile Journeys and XBOSoftTesting in Agile with Coaching Agile Journeys and XBOSoft
Testing in Agile with Coaching Agile Journeys and XBOSoftXBOSoft
 
Using JMeter and Google Analytics for Software Performance Testing
Using JMeter and Google Analytics for Software Performance TestingUsing JMeter and Google Analytics for Software Performance Testing
Using JMeter and Google Analytics for Software Performance TestingXBOSoft
 
Storytelling: Discover the Big Picture for Agile Efforts Webinar - Tom Cagley...
Storytelling: Discover the Big Picture for Agile Efforts Webinar - Tom Cagley...Storytelling: Discover the Big Picture for Agile Efforts Webinar - Tom Cagley...
Storytelling: Discover the Big Picture for Agile Efforts Webinar - Tom Cagley...XBOSoft
 
ASTQB w/ XBOSoft CEO Phil Lew: Agile and Waterfall - What Do Testers Do Diffe...
ASTQB w/ XBOSoft CEO Phil Lew: Agile and Waterfall - What Do Testers Do Diffe...ASTQB w/ XBOSoft CEO Phil Lew: Agile and Waterfall - What Do Testers Do Diffe...
ASTQB w/ XBOSoft CEO Phil Lew: Agile and Waterfall - What Do Testers Do Diffe...XBOSoft
 
When Agile is a Quality Game Changer Webinar - Michael Mah, Philip Lew
When Agile is a Quality Game Changer Webinar - Michael Mah, Philip LewWhen Agile is a Quality Game Changer Webinar - Michael Mah, Philip Lew
When Agile is a Quality Game Changer Webinar - Michael Mah, Philip LewXBOSoft
 
Not Your Grandfather's Requirements-Based Testing Webinar – Robin Goldsmith, ...
Not Your Grandfather's Requirements-Based Testing Webinar – Robin Goldsmith, ...Not Your Grandfather's Requirements-Based Testing Webinar – Robin Goldsmith, ...
Not Your Grandfather's Requirements-Based Testing Webinar – Robin Goldsmith, ...XBOSoft
 
QAI QUEST 2016 Webinar Series: Pairwise Testing w/ Philip Lew
QAI QUEST 2016 Webinar Series: Pairwise Testing w/ Philip LewQAI QUEST 2016 Webinar Series: Pairwise Testing w/ Philip Lew
QAI QUEST 2016 Webinar Series: Pairwise Testing w/ Philip LewXBOSoft
 
FluentConf 2016: Avoiding Critical UX Mistakes with Philip Lew
FluentConf 2016: Avoiding Critical UX Mistakes with Philip LewFluentConf 2016: Avoiding Critical UX Mistakes with Philip Lew
FluentConf 2016: Avoiding Critical UX Mistakes with Philip LewXBOSoft
 
Are You Making These 7 'Testing Metric' Mistakes? Webinar - Mark Bentsen, Phi...
Are You Making These 7 'Testing Metric' Mistakes? Webinar - Mark Bentsen, Phi...Are You Making These 7 'Testing Metric' Mistakes? Webinar - Mark Bentsen, Phi...
Are You Making These 7 'Testing Metric' Mistakes? Webinar - Mark Bentsen, Phi...XBOSoft
 
Challenges & Successes of Agile Implementation Webinar with BlackLine - XBOSoft
Challenges & Successes of Agile Implementation Webinar with BlackLine - XBOSoftChallenges & Successes of Agile Implementation Webinar with BlackLine - XBOSoft
Challenges & Successes of Agile Implementation Webinar with BlackLine - XBOSoftXBOSoft
 
Agile Product and User-Centered Design Methodologies Webinar - XBOSoft
Agile Product and User-Centered Design Methodologies Webinar - XBOSoftAgile Product and User-Centered Design Methodologies Webinar - XBOSoft
Agile Product and User-Centered Design Methodologies Webinar - XBOSoftXBOSoft
 
Defect Prevention & Predictive Analytics - XBOSoft Webinar
Defect Prevention & Predictive Analytics - XBOSoft WebinarDefect Prevention & Predictive Analytics - XBOSoft Webinar
Defect Prevention & Predictive Analytics - XBOSoft WebinarXBOSoft
 

Más de XBOSoft (20)

What Aircrews Can Teach Software Testing Teams - XBOSoft Webinar w/Peter Varhol
What Aircrews Can Teach Software Testing Teams - XBOSoft Webinar w/Peter VarholWhat Aircrews Can Teach Software Testing Teams - XBOSoft Webinar w/Peter Varhol
What Aircrews Can Teach Software Testing Teams - XBOSoft Webinar w/Peter Varhol
 
Challenges in Using Big Data for Software QA
Challenges in Using Big Data for Software QAChallenges in Using Big Data for Software QA
Challenges in Using Big Data for Software QA
 
Mobile Testing Challenges and Solutions XBOSoft Webinar
Mobile Testing Challenges and Solutions XBOSoft WebinarMobile Testing Challenges and Solutions XBOSoft Webinar
Mobile Testing Challenges and Solutions XBOSoft Webinar
 
Heidi Araya - XBOSoft Webinar Guest Speaker - Working with Remote Agile Teams
Heidi Araya - XBOSoft Webinar Guest Speaker - Working with Remote Agile TeamsHeidi Araya - XBOSoft Webinar Guest Speaker - Working with Remote Agile Teams
Heidi Araya - XBOSoft Webinar Guest Speaker - Working with Remote Agile Teams
 
XBOSoft webinar - How Did I Miss That Bug - Cognitive Biases in Software Testing
XBOSoft webinar - How Did I Miss That Bug - Cognitive Biases in Software TestingXBOSoft webinar - How Did I Miss That Bug - Cognitive Biases in Software Testing
XBOSoft webinar - How Did I Miss That Bug - Cognitive Biases in Software Testing
 
PSQT Keynote: Quality Challenges in the Internet of Things Era
PSQT Keynote: Quality Challenges in the Internet of Things EraPSQT Keynote: Quality Challenges in the Internet of Things Era
PSQT Keynote: Quality Challenges in the Internet of Things Era
 
7 Habits of Highly Effective Agile Testing - Test Istanbul
7 Habits of Highly Effective Agile Testing - Test Istanbul7 Habits of Highly Effective Agile Testing - Test Istanbul
7 Habits of Highly Effective Agile Testing - Test Istanbul
 
Managing Agile Software Projects With Risk and Uncertainty
Managing Agile Software Projects With Risk and UncertaintyManaging Agile Software Projects With Risk and Uncertainty
Managing Agile Software Projects With Risk and Uncertainty
 
Testing in Agile with Coaching Agile Journeys and XBOSoft
Testing in Agile with Coaching Agile Journeys and XBOSoftTesting in Agile with Coaching Agile Journeys and XBOSoft
Testing in Agile with Coaching Agile Journeys and XBOSoft
 
Using JMeter and Google Analytics for Software Performance Testing
Using JMeter and Google Analytics for Software Performance TestingUsing JMeter and Google Analytics for Software Performance Testing
Using JMeter and Google Analytics for Software Performance Testing
 
Storytelling: Discover the Big Picture for Agile Efforts Webinar - Tom Cagley...
Storytelling: Discover the Big Picture for Agile Efforts Webinar - Tom Cagley...Storytelling: Discover the Big Picture for Agile Efforts Webinar - Tom Cagley...
Storytelling: Discover the Big Picture for Agile Efforts Webinar - Tom Cagley...
 
ASTQB w/ XBOSoft CEO Phil Lew: Agile and Waterfall - What Do Testers Do Diffe...
ASTQB w/ XBOSoft CEO Phil Lew: Agile and Waterfall - What Do Testers Do Diffe...ASTQB w/ XBOSoft CEO Phil Lew: Agile and Waterfall - What Do Testers Do Diffe...
ASTQB w/ XBOSoft CEO Phil Lew: Agile and Waterfall - What Do Testers Do Diffe...
 
When Agile is a Quality Game Changer Webinar - Michael Mah, Philip Lew
When Agile is a Quality Game Changer Webinar - Michael Mah, Philip LewWhen Agile is a Quality Game Changer Webinar - Michael Mah, Philip Lew
When Agile is a Quality Game Changer Webinar - Michael Mah, Philip Lew
 
Not Your Grandfather's Requirements-Based Testing Webinar – Robin Goldsmith, ...
Not Your Grandfather's Requirements-Based Testing Webinar – Robin Goldsmith, ...Not Your Grandfather's Requirements-Based Testing Webinar – Robin Goldsmith, ...
Not Your Grandfather's Requirements-Based Testing Webinar – Robin Goldsmith, ...
 
QAI QUEST 2016 Webinar Series: Pairwise Testing w/ Philip Lew
QAI QUEST 2016 Webinar Series: Pairwise Testing w/ Philip LewQAI QUEST 2016 Webinar Series: Pairwise Testing w/ Philip Lew
QAI QUEST 2016 Webinar Series: Pairwise Testing w/ Philip Lew
 
FluentConf 2016: Avoiding Critical UX Mistakes with Philip Lew
FluentConf 2016: Avoiding Critical UX Mistakes with Philip LewFluentConf 2016: Avoiding Critical UX Mistakes with Philip Lew
FluentConf 2016: Avoiding Critical UX Mistakes with Philip Lew
 
Are You Making These 7 'Testing Metric' Mistakes? Webinar - Mark Bentsen, Phi...
Are You Making These 7 'Testing Metric' Mistakes? Webinar - Mark Bentsen, Phi...Are You Making These 7 'Testing Metric' Mistakes? Webinar - Mark Bentsen, Phi...
Are You Making These 7 'Testing Metric' Mistakes? Webinar - Mark Bentsen, Phi...
 
Challenges & Successes of Agile Implementation Webinar with BlackLine - XBOSoft
Challenges & Successes of Agile Implementation Webinar with BlackLine - XBOSoftChallenges & Successes of Agile Implementation Webinar with BlackLine - XBOSoft
Challenges & Successes of Agile Implementation Webinar with BlackLine - XBOSoft
 
Agile Product and User-Centered Design Methodologies Webinar - XBOSoft
Agile Product and User-Centered Design Methodologies Webinar - XBOSoftAgile Product and User-Centered Design Methodologies Webinar - XBOSoft
Agile Product and User-Centered Design Methodologies Webinar - XBOSoft
 
Defect Prevention & Predictive Analytics - XBOSoft Webinar
Defect Prevention & Predictive Analytics - XBOSoft WebinarDefect Prevention & Predictive Analytics - XBOSoft Webinar
Defect Prevention & Predictive Analytics - XBOSoft Webinar
 

Último

The Ultimate Guide to Choosing WordPress Pros and Cons
The Ultimate Guide to Choosing WordPress Pros and ConsThe Ultimate Guide to Choosing WordPress Pros and Cons
The Ultimate Guide to Choosing WordPress Pros and ConsPixlogix Infotech
 
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024BookNet Canada
 
Digital Identity is Under Attack: FIDO Paris Seminar.pptx
Digital Identity is Under Attack: FIDO Paris Seminar.pptxDigital Identity is Under Attack: FIDO Paris Seminar.pptx
Digital Identity is Under Attack: FIDO Paris Seminar.pptxLoriGlavin3
 
How AI, OpenAI, and ChatGPT impact business and software.
How AI, OpenAI, and ChatGPT impact business and software.How AI, OpenAI, and ChatGPT impact business and software.
How AI, OpenAI, and ChatGPT impact business and software.Curtis Poe
 
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)Mark Simos
 
DSPy a system for AI to Write Prompts and Do Fine Tuning
DSPy a system for AI to Write Prompts and Do Fine TuningDSPy a system for AI to Write Prompts and Do Fine Tuning
DSPy a system for AI to Write Prompts and Do Fine TuningLars Bell
 
DevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platformsDevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platformsSergiu Bodiu
 
Passkey Providers and Enabling Portability: FIDO Paris Seminar.pptx
Passkey Providers and Enabling Portability: FIDO Paris Seminar.pptxPasskey Providers and Enabling Portability: FIDO Paris Seminar.pptx
Passkey Providers and Enabling Portability: FIDO Paris Seminar.pptxLoriGlavin3
 
Generative AI for Technical Writer or Information Developers
Generative AI for Technical Writer or Information DevelopersGenerative AI for Technical Writer or Information Developers
Generative AI for Technical Writer or Information DevelopersRaghuram Pandurangan
 
The Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptx
The Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptxThe Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptx
The Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptxLoriGlavin3
 
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek SchlawackFwdays
 
The Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptx
The Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptxThe Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptx
The Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptxLoriGlavin3
 
Connect Wave/ connectwave Pitch Deck Presentation
Connect Wave/ connectwave Pitch Deck PresentationConnect Wave/ connectwave Pitch Deck Presentation
Connect Wave/ connectwave Pitch Deck PresentationSlibray Presentation
 
DevoxxFR 2024 Reproducible Builds with Apache Maven
DevoxxFR 2024 Reproducible Builds with Apache MavenDevoxxFR 2024 Reproducible Builds with Apache Maven
DevoxxFR 2024 Reproducible Builds with Apache MavenHervé Boutemy
 
Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?Mattias Andersson
 
TrustArc Webinar - How to Build Consumer Trust Through Data Privacy
TrustArc Webinar - How to Build Consumer Trust Through Data PrivacyTrustArc Webinar - How to Build Consumer Trust Through Data Privacy
TrustArc Webinar - How to Build Consumer Trust Through Data PrivacyTrustArc
 
WordPress Websites for Engineers: Elevate Your Brand
WordPress Websites for Engineers: Elevate Your BrandWordPress Websites for Engineers: Elevate Your Brand
WordPress Websites for Engineers: Elevate Your Brandgvaughan
 
"Debugging python applications inside k8s environment", Andrii Soldatenko
"Debugging python applications inside k8s environment", Andrii Soldatenko"Debugging python applications inside k8s environment", Andrii Soldatenko
"Debugging python applications inside k8s environment", Andrii SoldatenkoFwdays
 
Hyperautomation and AI/ML: A Strategy for Digital Transformation Success.pdf
Hyperautomation and AI/ML: A Strategy for Digital Transformation Success.pdfHyperautomation and AI/ML: A Strategy for Digital Transformation Success.pdf
Hyperautomation and AI/ML: A Strategy for Digital Transformation Success.pdfPrecisely
 

Último (20)

The Ultimate Guide to Choosing WordPress Pros and Cons
The Ultimate Guide to Choosing WordPress Pros and ConsThe Ultimate Guide to Choosing WordPress Pros and Cons
The Ultimate Guide to Choosing WordPress Pros and Cons
 
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
 
Digital Identity is Under Attack: FIDO Paris Seminar.pptx
Digital Identity is Under Attack: FIDO Paris Seminar.pptxDigital Identity is Under Attack: FIDO Paris Seminar.pptx
Digital Identity is Under Attack: FIDO Paris Seminar.pptx
 
How AI, OpenAI, and ChatGPT impact business and software.
How AI, OpenAI, and ChatGPT impact business and software.How AI, OpenAI, and ChatGPT impact business and software.
How AI, OpenAI, and ChatGPT impact business and software.
 
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
 
DSPy a system for AI to Write Prompts and Do Fine Tuning
DSPy a system for AI to Write Prompts and Do Fine TuningDSPy a system for AI to Write Prompts and Do Fine Tuning
DSPy a system for AI to Write Prompts and Do Fine Tuning
 
DMCC Future of Trade Web3 - Special Edition
DMCC Future of Trade Web3 - Special EditionDMCC Future of Trade Web3 - Special Edition
DMCC Future of Trade Web3 - Special Edition
 
DevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platformsDevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platforms
 
Passkey Providers and Enabling Portability: FIDO Paris Seminar.pptx
Passkey Providers and Enabling Portability: FIDO Paris Seminar.pptxPasskey Providers and Enabling Portability: FIDO Paris Seminar.pptx
Passkey Providers and Enabling Portability: FIDO Paris Seminar.pptx
 
Generative AI for Technical Writer or Information Developers
Generative AI for Technical Writer or Information DevelopersGenerative AI for Technical Writer or Information Developers
Generative AI for Technical Writer or Information Developers
 
The Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptx
The Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptxThe Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptx
The Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptx
 
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
 
The Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptx
The Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptxThe Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptx
The Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptx
 
Connect Wave/ connectwave Pitch Deck Presentation
Connect Wave/ connectwave Pitch Deck PresentationConnect Wave/ connectwave Pitch Deck Presentation
Connect Wave/ connectwave Pitch Deck Presentation
 
DevoxxFR 2024 Reproducible Builds with Apache Maven
DevoxxFR 2024 Reproducible Builds with Apache MavenDevoxxFR 2024 Reproducible Builds with Apache Maven
DevoxxFR 2024 Reproducible Builds with Apache Maven
 
Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?
 
TrustArc Webinar - How to Build Consumer Trust Through Data Privacy
TrustArc Webinar - How to Build Consumer Trust Through Data PrivacyTrustArc Webinar - How to Build Consumer Trust Through Data Privacy
TrustArc Webinar - How to Build Consumer Trust Through Data Privacy
 
WordPress Websites for Engineers: Elevate Your Brand
WordPress Websites for Engineers: Elevate Your BrandWordPress Websites for Engineers: Elevate Your Brand
WordPress Websites for Engineers: Elevate Your Brand
 
"Debugging python applications inside k8s environment", Andrii Soldatenko
"Debugging python applications inside k8s environment", Andrii Soldatenko"Debugging python applications inside k8s environment", Andrii Soldatenko
"Debugging python applications inside k8s environment", Andrii Soldatenko
 
Hyperautomation and AI/ML: A Strategy for Digital Transformation Success.pdf
Hyperautomation and AI/ML: A Strategy for Digital Transformation Success.pdfHyperautomation and AI/ML: A Strategy for Digital Transformation Success.pdf
Hyperautomation and AI/ML: A Strategy for Digital Transformation Success.pdf
 

Software Testing Attacks for Mobile and Embedded Devices

  • 1. Software Testing for Mobile and Embedded Devices Jon Hagar hosted by XBOSoft
  • 2. XBOSoft info • Founded in 2006 • Dedicated to software quality • Software QA consulting • Software testing services • Offices in San Francisco, Beijing, Oslo and Amsterdam
  • 3. On the XBO side: Amy Jan
  • 4. Housekeeping • Everyone except the speakers is muted • Questions via the gotowebinar control on the right side of your screen • Questions can be asked throughout the webinar, we’ll try to fit them in when appropriate • General Q & A at the end of the webinar • You will receive info on recording after the webinar
  • 5. About Jon Hagar Jon…. • has over 30 years in software testing/verification and validation • is the owner of Grand Software Testing, a company specializing in software test consulting and training for mobile and embedded systems. • author of “Software Test Attacks to Break Mobile and Emedded Devices”
  • 6. Jon Hagar Copy right 2013 Software Test Attacks to Break Mobile and Embedded Devices 6 SOFTWARE TESTING CONCEPTS FOR MOBILE AND EMBEDDED DEVICES Jon Hagar embedded@ecentral.com jon.d.hagar@gmail.com breakingembeddedsoftware.wordpress.com
  • 7. Jon Hagar Copy right 2013 Software Test Attacks to Break Mobile and Embedded Devices 7How to Attack Embedded Software 7 AGENDA FOR TODAY • Introductions • Definitions • Risk based concepts • Exploratory approaches • Attacking the scenario(s) • Mobile and embedded tester skills • Wrap up and references
  • 8. Jon Hagar Copy right 2013 Software Test Attacks to Break Mobile and Embedded Devices 8How to Attack Embedded Software 8 MOBILE, SMART, AND HANDHELD • As the names imply, these are devices—small, held in the hand, often connected to communication networks, including • Cell and smart phones – apps • Tablets • Medical devices • Typically have: • Many of the problems of classic “embedded” systems • The power of PCs/IT • More user interface (UI) than classic embedded systems • Fast updates • Are getting more power, memory, and features (software e.g., apps) • The “hot” area of computers/software • Testing rules are “evolving”
  • 9. Jon Hagar Copy right 2013 Software Test Attacks to Break Mobile and Embedded Devices 9How to Attack Embedded Software 9 CLOSE COUSINS: Embedded Software Systems . . . • Interacts with unique hardware/systems to solve specialized problems in the “real world” • IT software runs with largely “generic” hardware • Users are barely aware the device uses or has software • Usually have significant hardware interface issues and concerns • Initialization, noise, power up/down, timers, sensors, etc. • Often are resource constrained • RAM, ROM, stack, power, speed, time, etc. • Typically has a restricted or no Human User/Computer Interface (HCI) but is evolving rapidly • Often no way (or only a risky way) to update and/or change the software • Involves risks, hazards, safety, and/or some specialized domain knowledge and logic/algorithms usually controlling hardware
  • 10. Jon Hagar Copy right 2013 Software Test Attacks to Break Mobile and Embedded Devices 10How to Attack Embedded Software 10 WHAT DO THESE LOOK LIKE? Examples – Avionics systems: planes, cars, rockets, military,….. – Telecom: switch, routers, phones, cell devices,…. – Transportation: traffic control, railroad, trucking, …. – Industrial control: lighting, machines, HVAC, nuclear/power,… – Medical: pacemaker, dispensers, ……. – Home and office systems: control, entertainment (TV box), … – And the list goes on • Now starting to include PDA’s and other items that “blur” the lines
  • 11. Jon Hagar Copy right 2013 Software Test Attacks to Break Mobile and Embedded Devices 11How to Attack Embedded Software 11 TYPES OF MOBILE- EMBEDDED APPS • Native Applications • Local to device • Hybrid Applications • Local to device but interacts w/internet • Web Applications • Not local to device All interactions on internet And JeanAnn Haarrison
  • 12. Jon Hagar Copy right 2013 Software Test Attacks to Break Mobile and Embedded Devices 12How to Attack Embedded Software 12 THE “WORLD” OF MOBILE- SMART/EMBEDDED SOFTWARE • Inputs and outputs involve hardware, software, and humans • Time dependent • NOTE: most software has “time” (performance) issues but here things are often “hard real time” • In Mobile/Embedded real-time may be a requirement Software Stimulus-Inputs Response-Outputs Expected Unexpected Wanted UnwantedHardware
  • 13. Jon Hagar Copy right 2013 Software Test Attacks to Break Mobile and Embedded Devices 13How to Attack Embedded Software 13 MOBILE AND EMBEDDED SOFTWARE TESTING: THE SAME BUT DIFFERENT • Same patterns in programming errors => same test patterns to be applied • But there are Differences • The development lifecycle • Mobile and embedded error patterns • “Embedded” unique sensor (input and output) • Mobility • Network connections • Resources
  • 14. Jon Hagar Copy right 2013 Software Test Attacks to Break Mobile and Embedded Devices 14How to Attack Embedded Software 14 Hardware Change Hardware New Product EXAMPLE HIGH LEVEL MOBILE-EMBEDDED LIFECYCLE DIFFERENCE System Creation Hardware Build Software Build Software Build Software Build Software Build Hw Issue Feature Results: Software is “late” Software Build Months, Days, Hours
  • 15. Jon Hagar Copy right 2013 Software Test Attacks to Break Mobile and Embedded Devices 15How to Attack Embedded Software 15 THE ERROR (BUG) PATTERN: SIMILAR AND DIFFERENT • Handheld/Embedded software has similar defects to other software • Requirements & Design • Logic & Math • Control Flow • Data • Initialization & Mode changes • Interfaces • Security • Gaming • etc. . . Mobile/Embedded additions • Software and hardware development cycles done in parallel, where aspects of the hardware may be unknown to the software development effort • Limited resources • Control/use of unique hardware (sensors) • Hardware problems which are often fixed with software late in the project • (a big one) Very tight real-time (often in milli- or micro-second ranges) or load performance issues
  • 16. Jon Hagar Copy right 2013 Software Test Attacks to Break Mobile and Embedded Devices 16How to Attack Embedded Software 16 MORE SAMPLE MOBILE-EMBEDDED PRODUCT ERRORS TESTERS SHOULD CONSIDER • Mobility - • Environment and device susceptible to outside influence: noise, weather, heat, cold, • Network connect: wifi, data, changing signal, etc • Battery factors: Heat, charge level, charge duration, device conflicts • Output —outputs to devices and electronics that are susceptible to noise influences, calibrations, changes to hardware, and time • Inputs – Sensors, speed, timing, and interrupts all can impact devices/software • Complexity—the size of the system or some aspect of the system makes missed bugs likely • Device Resources - • Screen size • Memory • CPU speed
  • 17. Jon Hagar Copy right 2013 Software Test Attacks to Break Mobile and Embedded Devices 17How to Attack Embedded Software 17 THUS TESTERS SHOULD THINK: RISKS • You cannot test everything • Risk-based testing helps bound the test scope problem • Testing is about providing information and understanding • Test exploration gets you started with whatever you have (or don’t have)
  • 18. Jon Hagar Copy right 2013 Software Test Attacks to Break Mobile and Embedded Devices 18How to Attack Embedded Software 18 IN MOBILE AND EMBEDDED: EXPLORATORY TESTING • Rapid feedback • Learning • Upfront rapid learning • Attacking • Address risk • Independent assessment • Target a defect • Prototyping • Need information • Test beyond the requirements Yes, we must test requirements (necessary, but not sufficient) So include exploratory risk-based testing:
  • 19. Jon Hagar Copy right 2013 Software Test Attacks to Break Mobile and Embedded Devices 19How to Attack Embedded Software 19 MUCH INFORMATION EXISTS ON EXPLORATORY RISK-BASED TESTING • Exploratory Testing: Based in the scientific method, where we plan-design, execute, learn, and change the test effort with limited “scripting” • Check out works by: • Kaner • Bach • Whittaker • ISO 29119 • I like to recommend and do exploratory attack-based testing
  • 20. Jon Hagar Copy right 2013 Software Test Attacks to Break Mobile and Embedded Devices 20How to Attack Embedded Software 20 WHY ATTACK? • Attacking your software is in part, the process of attempting to demonstrate a system (hardware, firmware, software and operations) does not meet requirements, functional and non-functional objectives. • Mobile/embedded software testing must include "the system" (hardware, software, operations, users) • Attack common modes of failure, especially where the application is engaged and visible by the user. Attack testing with approaches to include: Tools Levels Patterns Techniques
  • 21. Jon Hagar Copy right 2013 Software Test Attacks to Break Mobile and Embedded Devices 21How to Attack Embedded Software 21 SO, WHAT IS AN ATTACK? • Based on a common mode of failure seen over and over • Maybe seen as a negative, when it is really a positive • Goes after the “bugs” that may be in the software • Uses one or more classic test techniques and concepts • A Pattern (more than a process) which must be modified for the context at hand to do the testing • Many testers learn these for a domain after years and form a mental “pattern” model (most good testers attack)
  • 22. Jon Hagar Copy right 2013 Software Test Attacks to Break Mobile and Embedded Devices 22How to Attack Embedded Software 22 KINDS OF ATTACKS • Whittaker offers a good starting point for software attacks in general that can be applied to embedded: • User Interface Attacks • Data and Computation • File System Interface • Software/OS Interface • Whittaker’s “How to Break Software” lists 23 attacks • “Software Test Attacks to Break Mobile and Embedded Devices” lists 33 attacks and 8 sub attacks
  • 23. Jon Hagar Copy right 2013 Software Test Attacks to Break Mobile and Embedded Devices 23How to Attack Embedded Software 23 MOBILE AND EMBEDDED ATTACK CLASSIFICATION • Developer Attacks (unit/code testing) • Control System Attacks • Hardware-Software Attacks • Mobile and Embedded Software Domain Attacks • Time Attacks (Performance) • Human User Interface Attacks • Smart and/or Mobile Phone Functional App Attacks • Mobile/Embedded Security Attacks • Generic Attacks • Functional, mind mapping, and combinatorial tests
  • 24. Jon Hagar Copy right 2013 Software Test Attacks to Break Mobile and Embedded Devices 24 A DETAILED LIST OF ATTACKS • Attack 1: Static Code Analysis • Attack 2: Finding White–Box Data Computation Bugs • Attack 3: White–Box Structural Logic Flow Coverage • Attack 4: Finding Hardware–System Unhandled Uses in Software • Attack 5: Hw-Sw and Sw-Hw signal Interface Bugs • Attack 6: Long Duration Control Attack Runs • Attack 7: Breaking Software Logic and/or Control Laws • Attack 8: Forcing the Unusual Bug Cases • Attack 9 Breaking Software with Hardware and System Operations • 9.1 Sub–Attack: Breaking Battery Power • Attack 10: Finding Bugs in Hardware–Software Communications • Attack 11: Breaking Software Error Recovery • Attack 12: Interface and Integration Testing • 12.1 Sub–Attack: Configuration Integration Evaluation • Attack 13: Finding Problems in Software–System Fault Tolerance • Attack 14: Breaking Digital Software Communications • Attack 15: Finding Bugs in the Data • Attack 16: Bugs in System–Software Computation • Attack 17: Using Simulation and Stimulation to Drive Software Attacks • Attack 18: Bugs in Timing Interrupts and Priority Inversion • Attack 19: Finding Time Related Bugs • Attack 20: Time Related Scenarios, Stories and Tours • Attack 21: Performance Testing Introduction • Attack 22: Finding Supporting (User) Documentation Problems • Sub–Attack 22.1: Confirming Install–ability • Attack 23: Finding Missing or Wrong Alarms • Attack 24: Finding Bugs in Help Files • Attack 25: Finding Bugs in Apps • Attack 26: Testing Mobile and Embedded Games • Attack 27: Attacking App–Cloud Dependencies • Attack 28 Penetration Attack Test • Attack 28.1 Penetration Sub–Attacks: Authentication — Password Attack • Attack 28.2 Sub–Attack Fuzz Test • Attack 29: Information Theft—Stealing Device Data • Attack 29.1 Sub Attack –Identity Social Engineering • Attack 30: Spoofing Attacks • Attack 30.1 Location and/or User Profile Spoof Sub–Attack • Attack 30.2 GPS Spoof Sub–Attack • Attack 31: Attacking Viruses on the Run in Factories or PLCs • Attack 32: Using Combinatorial Tests • Attack 33: Attacking Functional Bugs
  • 25. Jon Hagar Copy right 2013 Software Test Attacks to Break Mobile and Embedded Devices 25How to Attack Embedded Software 25 AN EXAMPLE DETAILED TAXONOMY: A2D AND D2A BUG POSSIBILITIES Type Situation Impact Notes A2D A2D representation information is lost because measurement is not precise Software computation is based on incorrect data Number of bits used to store the analog converted data is not large enough or sampling rate to get bits is not correct. A2D A2D information is contaminated with noise Software computation use noise when it should not The noise term may not be known, accounted for, or misrepresented. A2D A2D information is calculated correctly Computation has unknown error Sources of error can come from: calibrations used on variables, variables lacking initialization, or calculations are not done with enough accuracy (single versus double floating point D2A D2A conversion losses “least significant bits” (LSB) in conversions, but bits are, in fact, important because computer word sizes are too small Output to analog device is wrong Number of bits stored from the digital world to the analog world do not have enough precision, so analog data is incorrect. D2A D2A information does not account for noise of the real world Software computation does not include a factor for noise The analog values are not correct given the noise of the real world (output data may be lost in the noise). D2A D2A information is calculated correctly because of internal factors Computation has unknown error Sources of error can come from: calibrations used on variables, variables lacking initialization, or calculations are not done with enough accuracy (single versus double floating point
  • 26. Jon Hagar Copy right 2013 Software Test Attacks to Break Mobile and Embedded Devices 26How to Attack Embedded Software 26 FINALLY, IN ADDITION TO TESTER SKILLS: SKILL FOR THE MOBILE/EMBEDDED TESTER • Tester skills: planning, design, execution, reporting, exploration, techniques, tools……………………. • Exposure or knowledge about products from the domain in which you are testing: aerospace, medical, automobile manufacturing, smart apps, airplanes, factory systems, robotics, regulated environments, etc. • Knowledge of hard sciences: math, physics, electronics, hardware, engineering, etc. for logical thought processes • Knowledge of Soft sciences: psychology, philosophy, sociology, human factors (human machine interface), gaming, arts… for creative & conceptual thought processes • Passion – follow your bliss
  • 27. Jon Hagar Copy right 2013 Software Test Attacks to Break Mobile and Embedded Devices 27How to Attack Embedded Software 27 FOR THE SOFTWARE YOU TEST ASK YOURSELF • Do you know how it fails? • Do you test for success or failure? • Both? • Where can you improve?
  • 28. Jon Hagar Copy right 2013 Software Test Attacks to Break Mobile and Embedded Devices 28How to Attack Embedded Software 28 SUMMARY: THANK YOU (IDEAS USED FROM) • James Whittaker (attacks) • Elisabeth Hendrickson (simulations) • Lee Copeland (techniques) • Brian Merrick (testing) • James Bach (exploratory & tours) • Cem Kaner (test thinking) • JeanAnn Harrison • Many teachers • Generations past and future • Books, references, etc.
  • 29. Jon Hagar Copy right 2013 Software Test Attacks to Break Mobile and Embedded Devices 29How to Attack Embedded Software 29 BOOK LIST (MY FAVORITES) • “Software Test Attacks to Break Mobile and Embedded Devices” – Jon Hagar, • “How to Break Software” James Whittaker, 2003 • And his other “How To Break…” books • “Testing Embedded Software” Broeckman and Notenboom, 2003 • “A Practitioner’s Guide to Software Test Design” Copeland, 2004 • “A Practitioner’s Handbook for Real-Time Analysis” Klein et. al., 1993 • “Computer Related Risks”, Neumann, 1995 • “Safeware: System Safety and Computers”, Leveson, 1995 • Honorable mentions: • “Embedded System and Software Validation” Roychoudhury, 2009 • “Systems Testing with an Attitude” Petschenik 2005 • “Software System Testing and Quality Assurance” Beizer, 1987 • “Testing Computer Software” Kaner et. al., 1988 • “Systematic Software Testing” Craig & Jaskiel, 2001 • “Managing the Testing Process” Black, 2002
  • 30. Questions & Answers Follow us: @XBOSoft Questions at: services@xbosoft.com
  • 31. Thanks for joining us and hope to hear from you soon!

Notas del editor

  1. update