Conventional Software Testing Vs. Cloud Testing 17.05.30 Conventional Software Testing Vs. Cloud Testing SQUARE 연구실 정동욱

1. Paper Info Mrs.A.Vanitha Katherine, Dr. K. Alagarsamy International Journal Of Scientific & Engineering Research, Volume 3, Issue 9, Spetember-2012

2. Abstract Conventional testing requires expensive dedicated infrastructure and resources that are only used sporadically Cloud computing has opened up new opportunities for software testing, which provides unlimited resources with scalability, flexibility and availability of distributed testing environment However, it also explores challenges such as data security and a lack of standards In this paper we present a comparative study on conventional software testing with cloud testing

3. CONVENTIONAL SOFTWARE TESTING (1/2) Web Application Testing (WAPT) Web Application Testing (WAPT) is a process of checking the web applications to find the potential bugs before the code is moved into the live/ production environment The following testing activities are generally carried out for WAPT Functional Testing Usability testing Interface testing Compatibility testing Performance testing

3. CONVENTIONAL SOFTWARE TESTING (2/2) Challenges Testing is a periodic activity and requires new environments to be set up for each project It is harder to build and maintain in-house testing facilities that mimic real-time environments Huge cost investment for establishing testing environment

3. Cloud Testing Cloud Testing is defined as Testing as a Service Testing as a service can be used to validation of various products owned by organizations or individuals Instead of installing a load testing product to test proprietary application, we can avail testing service on demand Functional Testing Availability Accessibility Data Security Privacy Non Functional Testing Performance Testing Stress Testing Capacity Testing

4. CLOUD TESTING Vs. CONVENTIONAL SOFTWARE TESTING different aspects of cloud testing Vs conventional testing

5. CHALLENGES There are some challenges associated with cloud testing Security Lack of standards Infrastructure Test Data

6. CONCLUSIONS In case of applications where rate of increase in number of users is unpredictable or there is variation in deployment environment depending on client requirements, cloud testing is more effective So cloud testing is becoming a hot research topic in cloud computing and software engineering community The major contributions of this paper is a comparative study on traditional testing with cloud testing and its challenges

7. Security testing (1/2) SW Security Testing 제품의 안전한 구현을 확인하여, SW 릴리즈 된 후에 소비자나 악의적 사용자에 의해 보안 결점들(security flaws)이 발견될 가능성을 미리 줄이는 것 Types of Security Testing Risk analysis Code Review Fuzz testing Penetration testing

응용 프로그램 인터페이스 (애플리케이션 퍼징) 7. Security testing (2/2) Fuzz testing SW의 취약점을 동적으로 분석하고 테스트하는 일련의 기법 SW에 랜덤(혹은 규칙적) 데이터를 입력함으로써 SW의 조직적인 실패를 유발시켜 발생되는 예외, 오류 등을 분석하고 보안 취약점을 찾아냄 구분 설명 네트워크 퍼징 (프로토콜 퍼징) 임의의 패킷을 각 네트워크 응용프로그램 으로 보내 모니터링. 대표적인 툴로 SPIKE, notSPIKE 등이 있음 파일 포맷 퍼징 (파일 퍼징) 프로그램들은 파일을 통해서 데이터를 입 력, 다량의 변조된 파일을 생성 → 실행 → 모니터링. FileFuzz, uFuzz 등의 툴이 있음 응용 프로그램 인터페이스 (애플리케이션 퍼징) 공통으로 사용하는 API의 취약점 발견, 윈 도우 플랫폼의 Component Object Model (COM)과 ActiveX에 적용 가능 Browser Crashing 변조된 CSS(Cascading Style Sheets) 이용, 브라우저 충돌 API 퍼징 프로그램 수행 시 참조하고 사용하는 API 함수의 argument에 퍼징을 시도하여 취약 점을 발견. Holodeck, sysFuzz 등의 툴이 대표적 Fuzz 방법의 분류

Q & A