The ISTQB Advanced Syllabus

The ISTQB Advanced Syllabus
Guiding the Way to Better Software Testing

ISTQB Ad
Advancedd SSyllabus
ll b
Goals of this presentation
p
Familiarize you with the ISTQB program and certifications
in general
Explain the Advanced level certification and its benefits
Ill t t the
Illustrate th ki
kinds
d off abilities
biliti candidates
did t mustt ddemonstrate
t t
to gain the certificate
Topics to cover
An overview of the ISTQB program and results so far
The structure and origin of the Advanced Syllabus
The Advanced Test Manager
The Advanced Test Analysty
The Advanced Technical Test Analyst
Each of the last three topics includes a training course
excerpt, an example of the kind of problem a certificate-
h ld can solve,
holder l and
d a samplel exam questioni
www.rbcs-us.com
ISTQB Advanced Syllabus Copyright (c) RBCS 2008 Page 2
ISTQB Overview
O i
Program and Results

K
Key Q ti T
Questions To Add
Address
What is tester certification?
What are the ASTQB and ISTQB?
What are the levels of certification?
What is the impact
p of certification
On the tester?
On the
O t eoorganization?
ga at o ?
On the testing profession?
www.rbcs-us.com
SSoftware
ft T t C
Tester tifi ti
Certification
Tester certification confirms,
confirms through objective,
objective
carefully-designed exams, the professional
capabilities of software testers
ISTQB’s approach
Practical, real-world focused
Supports a career path with levels of certification
Promotes the software testing profession
Represents the distilled wisdom of many experts including
practitioners consultants
practitioners, consultants, trainers
trainers, and academics
Training is not required to take exams
Last two points in particular distinguish ISTQB’s
approach from other testing certifications
www.rbcs-us.com
ASTQB
Composed
p of recognized
g experts
p
Mix of practitioners, consultants, trainers, and academics
Patricia McQuaid, President (academic)
Joe Gance, Vice President (practitioner)
Randy Rice, Treasurer (trainer)
Debra Friedenberg, Technical Advisory Group Chair
(practitioner)
Rex Black, ISTQB Representative (consultant)
Taz Daughtrey (academic/practitioner), Jerry Everett (trainer),
Andrew Pollner (trainer), and Wayne Middleton (trainer),
Directors
Lois Kostroski,
Kostroski Managing Director
Develops and administers exams
Accredits trainers
Participates in ISTQB activities
www.rbcs-us.com
ISTQB
Composed of 41 National
B d more than
Boards, th doubled
d bl d iin
scope in the last four years
Based in Brussels, Belgium, EU
Rex Black, President
E ik van Veenendaal,
Erik V d l Vice
Vi
President
Horst Pohlmann, Treasurer
Chris Carter, Secretary
A collegial,
ll i l sharing
h i organization
i ti
Working parties (composed of
National Board delegates) define
syllabi (bodies of knowledge),
glossary, processes, etc.
These working parties distill the
collective experience and
wisdom represented across
boards (>2,000 person-years)
www.rbcs-us.com
F d ti C
Foundation tifi ti
Certification
Entry level certification: 00+ years of experience
Entry-level
Goals
Ensure a broad understanding of the fundamental best
practices and key concepts in software testing
Provide a foundation for professional growth
Syllabus/body of knowledge covers
Fundamentals
F d t l off testing,
t ti testing
t ti iin th
the software
ft lif
lifecycle,
l
static techniques, white-box and black-box test design, test
management, and testing tools
Syllabus-based training courses are typically 3-5 days
Status: Version 2007, an incremental improvement on
version 2005, released, with exams and training
courses widely available
www.rbcs-us.com
Ad
Advancedd C tifi ti
Certification
Mid-level certification: 5+ y
years experience
p
Goals
Ensure an understanding of advanced best practices and key
p in software testing
concepts g by
y committed test p
professionals
Support on-going professional growth
Syllabus/body of knowledge covers
Advanced
d a ced behavioral
be a o a (black-box)
(b ac box) test
testing
g for
o teste
tester aanalysts,
a ysts, test
automation and advanced non-functional testing for technical
test analysts, and sophisticated test management concepts
Syllabus-based training courses are typically 5 days for each
module
d l (three
(th modules
d l total)
t t l)
Status: Version 2007, a merge and expansion of the older
Practitioner and Advanced syllabi, is released. Exams and
accredited training are running against this version now.
now
www.rbcs-us.com
E p tC
Expert tifi ti
Certification
Guru level certification: 8+ years experience
Guru-level
Goals
Ensure consistent understanding and execution of proven
cutting-edge techniques by seasoned test professionals
Lead the software testing profession
Syllabi/bodies of knowledge may cover
Test process improvement, test automation, test
management, and more
Syllabus based training courses will be offered
Syllabus-based
Status: A working party is developing new expert
syllabi. We expect the Expert Test Manager syllabi an
Improving Test Processes syllabi this year.
www.rbcs-us.com
Vi li i th
Visualizing the Levels
L l off Certification
C tifi ti
Expert Expert … Expert Expert
[TBD] [TBD] [TBD] [TBD]
Advanced Advanced Advanced

Technical Functional Manager
Foundation
Relative size of figures indicates expected relative numbers of potential certificate

holders (not to scale). There will be more than four expert certifications.
www.rbcs-us.com
ISTQB bby th
the Numbers
N b
www.rbcs-us.com
ISTQB C
Certification
tifi ti Growth
G th
www.rbcs-us.com
V l off C
Value tifi ti
Certification
To the tester
Demonstrate mastery of the best practices and key
concepts in the field
Advance career and opportunities
pp in competitive
p
market
To the organization
Ensure better testing
g for better software and lower
costs of poor quality
Achieve consistency and re-usability of testing
To the profession
Build on our best work and stop going in circles
Define the profession and what professional testers
know
www.rbcs-us.com
A
An E pl off C
Example tifi ti ROI
Certification
One RBCS client ran a Foundation course as a
pilot in one of its many offices in the US
The week after the course, a tester applied a
technique he’d learned to reduce the regression
test set from 800 test cases to 300
That is a 60% reduction in regression test effort,
effort
which accounts for most of their testing
This client now requires
q all new testers to hold
the Foundation certificate, and is gradually
training its entire staff of testers
www.rbcs-us.com
ISTQB Advanced
Ad d Syllabus
S ll b
Structure and Origin

ISTQB Ad
Advancedd SSyllabus
ll b 2007
Developed by a team of 15 authors spanning 10
countries
Sixty-nine primary reviewers spanning nine
countries
Final review and approval by 33 National Boards
Distills over 22,000
000 person-years
person years of experience
The ISTQB and the authors are the source of the
syllabus
y which is used byyppermission as the basis for
all accredited training courses (including RBCS’
courses)
www.rbcs-us.com
Ad
Advancedd SSyllabus
ll b A th
Authors
Graham Bath
Bath*+
+ Klaus Olsen
Rex Black*+ Randy Rice*+
Sigrid
g Eldh+ JJürgen
g Richter
Bernard Homès (chair)+ Eric Riou Du Cosquer
Jayapradeep Jiothis Mike Smith+
Paul Jorgensen*+ Geoff Thompson (vice
Vipul Kocher chair)*+
J d McKay*+
Judy M K * Erik Van Veenendaal*+
* Indicates an author who has also written or edited one or more books on testing.
+ Indicates an author who has 20 or more years of software or systems experience.
www.rbcs-us.com
F d ti SSyllabus:
Foundation ll b The
Th Six
Si Chapters
Ch pt
11. Fundamentals of testing
2. Testing throughout the software
lif
lifecycle
l
3. Static techniques
4. Test design techniques
5. Test management
6. Tool support for testing
www.rbcs-us.com
Ad
Advanced
d SSyllabus:
ll b TheTh Ten
T ChChapters
pt
11. Basic aspects of software testing
2. Testing processes
3. g
Test management
4. Test techniques
5. Testing of software characteristics
6. Reviews
7. Incident (defect) management
8
8. St d d and
Standards d test
t t process improvement
i t
9. Test tools and automation
10
10. People skills (team composition)
www.rbcs-us.com
Ad
Advancedd SSyllabus
ll b bby th
the N b
Numbers
Number of pages: 114
Number of learning objectives
Test Manager:
• 64 total
t t l
• 43 K2, 12 K3, 9 K4
Test Analyst:
• 29 total
t t l
• 18 K2, 7 K3, 4 K4
Technical Test Analyst:
• 44 total
t t l
• 25 K2, 11 K3, 8 K4
Referenced books: 21
Referenced standards: 7
www.rbcs-us.com
L i Obj
Learning ti
Objectives
The Foundation and Advanced exams are based on
l
learning
i objectives,
bj i which
hi h state what
h you should
h ld b be able
bl
to do
The learning objectives are at four levels of increasing
sophistication
p
K1: remember basic facts, techniques, and standards
K2: understand the facts, techniques, and standards and how
they inter-relate
K3: apply
pp y facts,, techniques,
q , and standards to y
your p
projects
j
K4: analyze facts, techniques, and standards, and adapt or select
them for your project
For the Advanced exams, the entire Advanced syllabus is
implicitly
p y covered at the K1 level
Each module (test manager, test analyst, technical test
analyst) has its own set of K2, K3, and K4 learning
objectives defined against each chapter
www.rbcs-us.com
Ad
Advancedd E
Exam Q ti
Questions
The lower levels, K1 and K2, are covered implicitly
within higher level questions
Unlike the Foundation exam, the Advanced exams
are heavily focused on K3 and K4 questions
Many exam questions consider a scenario
Scenario described
Sequence of questions about scenario asked
Simulates real-world use of various advanced testing
concepts
The
h Foundation
d syllabus
ll b is also
l examinablebl
Cross-section questions, including joining
Foundation and Advanced sections,, are allowed
www.rbcs-us.com
Ad
Advancedd T i i C
Training Courses
Must cover all learning objectives defined
for the module (test manager, test analyst,
or technical test analyst)
M
Must be
b at least
l five
fi days
d llong (for
(f lilive,
instructor-led courses)
Must include real-world examples for all
K2, K3, and K4 learning objectives
Must include realistic exercise for all K3
and K4 learning objectives (which must be
done in class for live, instructor-led
courses)
www.rbcs-us.com
T i i C
Training Course B
Breakdown
kd
Test Manager
g Test Analyst
y Tech Test Analyst
y
Chapter Hours Percent Hours Percent Hours Percent
Intro 1.0 3% 1.0 3% 1.0 3%
1 2.5 7% 0.5 1% 0.5 1%
2 2.0 6% 3.0 9% 3.0 9%
3 18.7 53% 2.0 6% 2.0 6%
4 0.0 0% 18.0 51% 15.5 44%
5 0.0 0% 3.5 10% 4.0 11%
6 2.0 6% 3.0 9% 3.0 9%
7 1.3 4% 2.0 6% 2.0 6%
8 2.0 6% 0.0 0% 0.0 0%
9 1.5 4% 1.5 4% 3.5 10%
10 4.0 11% 0.5 1% 0.5 1%
Total 35.0 100.0% 35.0 100% 35.0 100%
www.rbcs-us.com
R i t ffor Ad
Requirements Advancedd C tifi t
Certificates
To earn a certificate,
certificate one must:
Hold a Foundation Level certificate issued by
an ISTQB-recognized Exam Board or Member
Board
Have appropriate experience in software
testing or development,
development between 2-5 years,
years
depending on degree held and certificate(s)
sought
Subscribe to the
h Code
d of Ethics
h in theh syllabus
ll
Accredited training is recommended but
not required
www.rbcs-us.com
ISTQB T t Ethi
Tester Ethics
PUBLIC- Certified software testers shall act consistently with the public interest.
CLIENT AND EMPLOYER - Certified software testers shall act in a manner that
is in the best interests of their client and employer, consistent with the public
interest.
PRODUCT - Certified software testers shall ensure that the deliverables they
provided (on
( theh products
d and
d systems theyh test)) meet the h highest
h h professional
f l
standards possible.
JUDGMENT- Certified software testers shall maintain integrity and
independence in their professional judgment.
MANAGEMENT
A AG - Certified
C f d software
f test managers and d leaders
l d shall
h ll subscribe
b b
to and promote an ethical approach to the management of software testing.
PROFESSION - Certified software testers shall advance the integrity and
reputation of the profession consistent with the public interest.
COLLEAGUES - Certified
C ifi d software
f testers shall
h ll b
be ffair
i to andd supportive
i off
their colleagues, and promote cooperation with software developers.
SELF - Certified software testers shall participate in lifelong learning regarding
the practice of their profession and shall promote an ethical approach to the
practice of the profession.
profession
www.rbcs-us.com
Ad
Advanced
dTTestt M
Manager
Goals, Excerpt
Goals Excerpt, and Sample Exam
Question
B i an Ad
Being Advancedd T
Testt M
Manager
You should be able to:
Define the overall testing goals and strategy for the systems
being tested
Plan, schedule and track the tasks
D
Describe
ib andd organize
i the
th necessary activities
ti iti
Select, acquire and assign the adequate resources to the tasks
Select, organize and lead testing teams
Organize the communication between the members of the
testing teams, and between the testing teams and all the
other stakeholders
Justify the decisions and provide adequate reporting
information where
here applicable
Advanced Test Manager exams (and courses) focus on these
main concepts
Let’ss look at sample course content and an exam question…
Let question
www.rbcs-us.com
Ri kB dT
Risk-Based ti
Testing
Risk: the possibility of an undesired outcome
Product or quality risks
Project or planning risks
The level of risk varies
varies, often depending on:
Likelihood
Impact
In risk-based
risk based testing
testing, testing responds to risk:
Allocation of effort, test sequencing, prioritization of defect repair
Providing mitigation and contingency responses
Reporting test results and project status
These responses to risk occur throughout the lifecycle:
Reduce risk by running tests and finding defects
R
Re-evaluate
l risk
i k and
d risk
i k llevels
l bbased
d on new iinformation
f i
www.rbcs-us.com
A l ti l Ri
Analytical kB dT
Risk-Based Testt St t
Strategy
The higher the risk,
risk the more test effort
The higher the risk, the earlier the test
coverage
g
Total level of quality risk reduced as testing
continues
Results reported in terms of residual risk
Test triage (e.g., due to schedule
compression) done in risk order
More robust than requirements-based
Best when blended with reactive strategies to
detect missed riskswww.rbcs-us.com
H
How Ri kB dT
Risk-Based ti SSolves
Testing l P bl
Problems
Insufficient time: All testing is time
time-boxed;
boxed;
have to prioritize and triage
Coverage g q questions: All test coverage,
g
measured as a percentage of what could be
tested, is 0%; choose smart subset
P
Poor specifications:
ifi ti St
Stakeholder
k h ld iinvolvement
l t
fills gaps in documents
End-game
End game compression: Provides means to
drop tests intelligently
Release decisions: Can address residual risk
rather than bug and test counts
www.rbcs-us.com
Hi t off A
History l ti l Ri
Analytical kB dT
Risk-Based ti
Testing
Early 1980s: Separately,
Separately Boehm and Beizer develop
risk-driven spiral lifecycle and risk-driven
integration, precursors of iterative and agile lifecycles
Mid 1980s: Separately, Beizer and Hetzel declare risk
as driver of testing but leave out mechanisms
1990s: Separately
Separately, Black
Black, Craig
Craig, Gerrard
Gerrard, and Redmill
develop similar approaches for quality risks analysis
and risk-based testing
2000s: Risk-based testing (in various forms) in wide
usage
www.rbcs-us.com
Ri kM
Risk Managementt
Risk management includes three primary activities:
Risk identification
Risk assessment or analysis
Risk mitigation or risk control
These activities start in sequence, but are overlapping
and iterative due to continuous risk management
Ri k management id
Risk ideally
ll includes
i l d all ll project
j
stakeholders, though some stakeholders may act as
surrogates for other stakeholders
Test analysts bring particular expertise to risk
management due to their defect-focused outlook
Let’ss look at these activities more closely…
Let
www.rbcs-us.com
Ri k Id
Risk tifi ti
Identification
Whether for p
product or p
project
j risks,, we can identify
y risks via:
Expert interviews
Independent assessments
Use of risk templates
Project retrospectives
Risk workshops and brainstorming
Checklists
C lli on pastt experience
Calling i
The broadest range of stakeholders yields the most complete,
accurate, precise risk identification
Risk identification can
Stop at risk items
Look downstream to identify potential effects of the risk item
((FMEA))
Look upstream at the source of the risk (Hazard Analysis)
www.rbcs-us.com
Ri kA
Risk l i or A
Analysis Assessmentt
Risk analysis or assessment studies the identified
risks
Risks are categorized, using ISO 9126 or other quality
categories
Risks are assigned a level of risk, often based on
likelihood and impact
Likelihood arises from technical risk
Impact arises from business risk
The level of risk is determined either quantitatively
q y
or qualitatively
Typically the level of risk is determined qualitatively
Either way,y, unless statistical data is used,, the level of risk
reflects stakeholder opinions and consensus
www.rbcs-us.com
Ri kC
Risk t l
Control
Four options for risk control
Mitigation: reduce likelihood and/or impact
beforehand
Contingency: prepare to reduce
d impact after
f theh
fact
Transference: transfer impact
p of risk to another
part
Ignore/accept: hope for the best
Each
E h option
ti has
h benefits,
b fit opportunities,
t iti costs,
t
and potentially additional risks to consider
Poorly done,
done risk control can make matters
worse! www.rbcs-us.com
E i F
Exercise: ti l Q
Functional lit Risks
Quality Ri k Analysis
A l i
Read the HELLOCARMS System
Requirements Document
Perform an informal quality risks analysis in
groups of 3-5, identifying risks for functional
quality
q y characteristics only,
y usingg the
template shown earlier
Spend 30 minutes identifying quality risks
Spend 15 minutes assessing the level of each risk
Discuss
www.rbcs-us.com
S pl Exam
Sample E Question
Q ti
An organization
g follows a requirements-based
q test
strategy for most of its projects. Which of the
following is the best example of modifying the test
approach
pp for a p
project
j based on an understanding g of
risks?
A. Past performance issues lead to an increased
effort on p
performance testing.g
B. Test estimation is based on the number of pages
in the requirements specification.
C. Test execution is outsourced to a testing company
based on a low-cost bid.
D. Unit test effort is limited to ensure early
commencement of system test execution.
execution
www.rbcs-us.com
Ad
Advanced
dTTestt A
Analyst
l t
Goals, Excerpt
Question
B i an Ad
Being Advancedd T
Testt A l t
Analyst
Implement the test strategy with a focus on business domain
requirements
Analyze the system based on user quality expectations and
apply that analysis to the testing to be done
Evaluate the system requirements to determine whether the
business objectives can be met by that system
Prepare and execute adequate testing activities, and report on
the progress of these activities
Provide the necessary evidence and data to support evaluations
and findings
Implement the necessary y tools and techniques to achieve the
d fi d goals
defined l
Advanced Test Analyst exams (and courses) focus on
these main concepts
Let’s look at sample course content and an exam question
www.rbcs-us.com
D ii T
Decision bl
Tables
Concept: test the rules that govern handling
of transactional situations
Model: table ((or Boolean ggraph)
p ) connecting
g
conditions with actions
Test derivation: fulfill conditions, check
actions
ti
Coverage criteria: at least one test per
combination of conditions (DT column)
Bug hypothesis: improper action or missing
action
www.rbcs-us.com
E
Example:
pl Decision
D i i Table
T bl (F
(Full)
ll)
Conditions 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16
Real account? Y Y Y Y Y Y Y Y N N N N N N N N
Active account? Y Y Y Y N N N N Y Y Y Y N N N N
Within limit? Y Y N N Y Y N N Y Y N N Y Y N N
L ti okay?
Location k ? Y N Y N Y N Y N Y N Y N Y N Y N
Actions
A
Approve?
? Y N N N N N N N N N N N N N N N
Call cardholder? N Y Y Y N Y Y Y N N N N N N N N
Call vendor? N N N N Y Y Y Y Y Y Y Y Y Y Y Y
www.rbcs-us.com
E pl D
Example: ii T
Deriving t
Tests
In the example just shown, each column of the table
is a test case
We will create the conditions (which are the test’s inputs)
We will verify the actions (which are the test
test’ss expected
results)
In some cases, we might generate more than one test
case per column (more later)
In this case, some of the test cases don’t make much
sense; e.g.:
Account not reall but
A b account active?
i ?
Account not real but account within limit?
Maybe we don’t need all the columns in our decision
table?
www.rbcs-us.com
C ll p i a D
Collapsing ii T
Decision bl
Table
If the value of one or more particular conditions can
can’tt
affect the actions for two or more combinations of
conditions, we can collapse the decision table
This involves combining two or more columns
Combinable columns often but not always next to each
other
Look for two or more columns that result in the same
combination of actions (for all the actions in the table)
Replace the conditions that are different in those columns
with “-” ((for don’t care/doesn’t
/ matter/can’t
/ happen)
pp )
Repeat this process until no further columns share
the same combination of actions or where collapse
would erase an important distinction
Be careful with tables that have non-exclusive rules
www.rbcs-us.com
E
Example:
pl Decision
D i i Table
T bl (C
(Collapsed)
ll p d)
Conditions 1 2 3 5 6 7 9 Column numbers retained for
ease of reference to full table
Real account? Y Y Y Y Y Y N
Study carefully to understand
Active account? Y Y Y N N N - why
h rulel 4 could
ld collapse
ll into
i
rule 3, but not rule 3 into rule 2
Within limit? Y Y N Y Y N -
The same logic
g also applies
pp to
L ti okay?
Location k ? Y N - Y N - -
rule 8 collapsing into rule 7, but
Actions not rule 7 into rule 6
Formula for number of columns
A
Approve?
? Y N N N N N N
(2conditions) no longer applies
Call cardholder? N Y Y N Y Y N Regular pattern of conditions no
Call vendor? N N N Y Y Y Y l
longer applies
li
www.rbcs-us.com
E i H
Exercise: Home E it L
Equity Loan IInsurance
A new HELLOCARMS feature will allow selling a
life insurance policy for the amount of a home equity
loan to the borrower (no applicants for lines of credit
or reverse mortgages)
t )
The premium is calculated annually, at the beginning
of each ppolicy
ypperiod,, based on the loan balance at
that time
The base premium is $1 per $10,000 loan
Premium increases by 50% based for each “yes” answer to
the health questions on the next page
Premium increases based on age and body mass index (BMI)
table shown on following page
www.rbcs-us.com
S pl Exam
Sample E Question
Q ti
An on-line shoe-sellingg e-commerce Web site stocks the following g
options for
f men’s ’ loafers:
l f
• Tassel: Tassel (T) or non-tassel (~T)
• Color: Black (B), cordovan (C), or white (W)
• Size: all full and half sizes from 8 to 14 (S=n)
The store is overstocked with tasseled loafers of all sizes and colors,
along with white loafers in all sizes, and cordovan loafers in sizes 13,
13 ½, and 14. As a result, they are offering a 10% discount (10%) and
free shipping (FS) on these items.
items
Design a full decision table that shows all combinations of conditions,
then collapse that table by using don’t care (“-“) notation where one or
two conditions cannot influence the action. Which of the following
statements is true about these two tables?
A. The full table has 8 rules; the collapsed table has 5.
B. The full table has 12 rules; the collapsed table has 7.
C. The full table has 12 rules; the collapsed
p table has 5.
D. Both tables have 12 rules, as no combinations can collapse.
www.rbcs-us.com
Ad
Advanced
dTTechnical
h i lT Testt A
Analyst
l t
Goals, Excerpt
Question
B i an Ad
Being Advancedd T h i lT
Technical Testt A l t
Analyst
Structure the tasks defined in the test strategy in terms of
technical requirements
Analyze the internal structure of the system in sufficient detail
t meett the
to th expected
t d quality
lit level
l l
Evaluate the system in terms of technical quality attributes such
as performance, security, etc.
Prepare and execute adequate testing and report on progress
Conduct technical testing activities
Provide the necessary evidence to support evaluations
Implement the necessary tools and techniques
Advanced Technical Test Analyst exams (and courses)
focus on these main concepts
Let’ss look at sample course content and an exam question
Let
www.rbcs-us.com
T h i l SSecurity
Technical it T ti
Testing
Security is a key risk for many applications
Security tests and failures are different from
functional tests and failures, often arising from
unintended side-effects
Vulnerabilities (and thus tests) include data access,
function malicious code insertion,
function, insertion denial of service,
service
sniffing, encryption, and virus/ worms
Vulnerabilities can arise from user interface, file
system, operating system, and external software
Increased quality in security can decrease quality in
usability perform,
usability, perform and functionality
www.rbcs-us.com
D i i T
Designing h i l SSecurity
Technical it T t
Tests
The following approaches can be used
to develop security tests
Information retrieval
Vulnerability scan
Attack
ttack p
plans
a s
Security attacks
The last is very similar to the functional
attacks described in Chapter 4
Let’ss take a closer look…
Let
www.rbcs-us.com
Att ki D
Attacking p d i andd th
Dependencies the UI
Dependencies
Block access to
libraries
Manipulate
l
registry (or similar
information)
Force use of corrupt
files User interface
Manipulate and Overflow inputs
replace files Switches and options
Force low-resource Characters,
operation commands
www.rbcs-us.com
Att ki D
Attacking i andd IImplementation
Design pl t ti
Design
Common
accounts and
passwordsd
Unprotected APIs
Implementation
Connect to all p
ports
Manipulate
M i l t time
ti
Create loops (e.g.,
using scripts) Duplicate high-
privilege
p g files
Use unusual
workflows Force error messages
Force resets Sniff temporary files
www.rbcs-us.com
E
Example:
pl Security
S it Setting
S tti Attack
Att k
www.rbcs-us.com
S pl Exam
Sample E Question
Q ti
Which of the following is an example of a
defect we would expect to find during
technical security testing?
A. Slow response time
B. Resource over-utilization
C. Invalid p
privilege
g elevation
D. Frequent system crashes
www.rbcs-us.com
Bibli ph
Bibliography
St d d
Standards
British Computer
p Society,
y, BS 7925-2 ((1998),
), “Software
Component Testing”
Institute of Electrical and Electronics Engineers, IEEE Std 829
(1998/2007), “IEEE Standard for Software Test Documentation”
(1997), “IEEE Standard for Software Reviews”
(1993) “IEEE
(1993), IEEE Standard Classification for Software Anomalies
Anomalies”
International Standards Organization, ISO/IEC 9126-1:2001,
“Software Engineering – Software Product Quality”
International Software Testing Qualifications Board
Board, ISTQB
Glossary (2007), “ISTQB Glossary of terms used in Software
Testing, Version 2.0”
US Federal Aviation Administration,, DO-178B/ED-12B,
/ ,
“Software Considerations in Airborne Systems and Equipment
Certification” www.rbcs-us.com
B k
Books
Boris
o s Beizer,
e e , Black-Box
lack ox Testing,
esting, Wiley,
W ey, 1995
995
Rex Black, Managing the Testing Process (2nd edition), Wiley, 2002
Rex Black, Critical Testing Processes, Addison-Wesley, 2003
Rex Black,
Black Pragmatic Software Testing,
Testing Wiley,
Wiley 2007
Ilene Burnstein, Practical Software Testing, Springer, 2003
Lee Copeland, A Practitioner’s Guide to Software Test Design,
A
Artechh House,
H 2003
Rick Craig and Stefan Jaskiel, Systematic Software Testing, Artech
House, 2002
Paul Gerrard and Neil Thompson, Risk-based e-Business Testing,
Artech House, 2002
Tom Gilb and Dorothy Graham, Software Inspection, Addison-
Wesley, 1993
www.rbcs-us.com
B k
Books
Dorothy Graham, Erik van Veenendaal, Isabel Evans, Rex Black,
Foundations of Software Testing, Thomson Learning, 2007
M. Grochmann, “Test case design using Classification Trees”,
Conference Proceedings g of STAR 1994
99
Paul Jorgensen, Software Testing: A Craftsman’s Approach (Second
Edition), CRC Press, 2002
Cem Kaner,
Kaner James Bach,
Bach Bret Pettichord
Pettichord, Lessons Learned in
Software Testing; Wiley, 2002
Tim Koomen, Martin Pol, Test Process Improvement, Addison-
Wesley 1999
Wesley,
Glenford Myers, The Art of Software Testing, Wiley, 1979
Martin Pol, Ruud Teunissen, Erik van Veenendaal, Software
Testing: A Guide to the T-map
T map Approach,
Approach Addison-Wesley,
Addison Wesley 2002
www.rbcs-us.com
B k
Books
Steve Sp
Steven Splaine
a e and
a d Ste
Stefan
a Jask
Jaskiel,
e , The
he Web
Web-Testing
esting Handbook,
andbook,
STQE Publishing, 2001
D. H. Stamatis, Failure Mode and Effect Analysis, ASQ Press, 1995
Erik van Veenendaal,
Veenendaal editor,
editor The Testing Practitioner,
Practitioner UTN
Publishing, 2002
James Whittaker, How to Break Software, Addison-Wesley, 2003
James Whittaker and Herbert Thompson,
Thompson How to Break Software
Security, Addison-Wesley, 2004
www.rbcs-us.com
F More
For M Information…
I f ti
…Contact
C t t RBCS
For over a dozen years, RBCS has delivered services in consulting, outsourcing and
training for software and hardware testing
testing. Employing the industry’s
industry s most
experienced and recognized consultants, RBCS conducts product testing, builds
and improves testing groups and hires testing staff for hundreds of clients
worldwide. Rangingg g from Fortune 20 companies
p to start-ups,
p RBCS clients save
time and money through improved product development, decreased tech support
calls, improved corporate reputation and more. To learn more about RBCS, visit
www.rbcs-us.com.
Add
Address: RBCS Inc.
RBCS, I
31520 Beck Road
Bulverde, TX 78163-3911
USA
Phone: +1 (830) 438-4830
Fax: +1 (830) 438-4831
E-mail: info@rbcs-us.com
W b
Web: www.rbcs-us.com
b
www.rbcs-us.com
Q
Questions,
, Comments,,
and Discussion?

The ISTQB Advanced Syllabus

Încărcat de

Informații document

Descriere originală:

Drepturi de autor

Formate disponibile

Partajați acest document

Partajați sau inserați document

Opțiuni de partajare

Vi se pare util acest document?

Este necorespunzător acest conținut?

Drepturi de autor:

Formate disponibile

The ISTQB Advanced Syllabus

Încărcat de

Drepturi de autor:

Formate disponibile

The ISTQB Advanced Syllabus

Guiding the Way to Better Software Testing

Program and Results

Advanced Advanced Advanced

Relative size of figures indicates expected relative numbers of potential certificate

Structure and Origin

S-ar putea să vă placă și