Structural System Testing Techniques
Explain following Structural System Testing Techniques.
a. Recovery Testing.
b. Security Testing.
Â
Structural System Testing Techniques -Â
a. Recovery Testing:
Usage |
* Recovery is ability to restart the operation after integrity of application is lost. * It includes reverting to a point where integrity of system is known , then reprocessing up until the point of failure. * The time taken to recover depends upon : the number of restart points volume of application training and skill of people conducting recovery activities tools available for recovery. |
Objectives |
* To ensure operations can be continued after a disaster . * Recovery testing verifies recovery process and effectiveness of recovery process. * Adequate back up data is preserved and kept in secure location. * Recovery procedures are documented. * Recovery personnel have been assigned and trained. * Recovery tools have been developed and are available. |
How to Use |
* Procedures , methods , tools and techniques are assessed to evaluate the adequacy. * After system is developed a failure can be introduced in the system and check whether the system can recover. * A simulated disaster is usually performed on one aspect of application system. * When there are no. Of failures then instead of taking care of all recovery testing should be carried out for one segment and then another i.e. structured fashion. |
Who uses it |
* System Analysts * Testing professionals * management personnel. |
When to use |
* When user says that the continuity of the system is needed inorder for system to perform or function properly. * User then should estimate the losses, time span to carry out recovery testing. |
Examples |
* Loss of communication , loss of database integrity. * Evaluate adequacy of back up data. |
Â
b. Security Testing:
Â
Usage |
* Security is a protection system that is needed for both securing the confidential information and for competitive purposes to assure third parties that their data will be protected. * Amount of security provided depends upon risks associated with compromise or loss of information. * Protecting the confidentiality of the information is designed to protect the resources of the organization. * Used to check the adequacy of protective procedures and countermeasures. |
Objectives |
* To identify the defects which are very difficult to identify. * The failures in security system operation may not be detected , resulting in a loss or compromise of information without the knowledge of that loss. * To determine that adequate attention is paid to identify security risks. * Determine realistic definition and enforcement of access to the system has been implemented. * To determine that sufficient expertise exists to perform adequate security testing. * Conducting reasonable tests to ensure that the implemented security measures function properly. |
How to Use |
* Involves a wide spectrum of conditions. * Testing divided into physical and logical security. * Physical security – deals with penetration by people in order to physically gather information. * Logical Security – deals with use of computer operations / communications capabilities to improperly access information. |
When to use |
* Security testing should be used when the information and/or assets protected by the application system are of significant value to the organization. * Should be conducted before system goes to operational status. * Extent of testing should depend upon the security risk. |
Examples |
* Access denied * Procedures in place. |