FUNCTIONAL AND SECURITY TESTING TECHNIQUES

FUNCTIONAL AND SECURITY TESTING TECHNIQUES

_
iten
Code
101808
ACADEMIC YEAR
2020/2021
CREDITS
6 credits during the 1st year of 10852 COMPUTER SCIENCE (LM-18) GENOVA
SCIENTIFIC DISCIPLINARY SECTOR
INF/01
LANGUAGE
English
TEACHING LOCATION
GENOVA (COMPUTER SCIENCE )
semester
2° Semester
Teaching materials

OVERVIEW

This course aims at providing the foundations behind functional and security testing. Testing is the key activity for ensuring software quality during software development. To be effective both functional and security aspects should be considered.  Security testing is very different from functional testing since the goal is not detecting software defects (i.e., unexpected behaviors) but revealing flaws in the security mechanisms of the application under test.

 

AIMS AND CONTENT

LEARNING OUTCOMES

Learning the fundamentals in functional and security testing of software systems, with special emphasis on challenges posed by Web and Mobile applications, and getting acquainted with automated tools used to practice testing techniques.

AIMS AND LEARNING OUTCOMES

Students will learn the fundamentals in functional and security testing of software systems, with special emphasis on challenges posed by Web and Mobile applications and using automated testing tools. Students will see the many facets of the problem and will learn methodologies, approaches and techniques to check the quality of complex software systems.

 

After the completion of the course, the participants would be able to:

  • Understand and apply the differences between functionality and security testing
  • Understand fundamental concepts of software testing (e.g, manual vs automated testing)
  • Use established techniques/approaches for designing tests
  • Learn how attackers succeed in breaking applications
  • Understand the attack target possibilities of web apps
  • Understand the ‘Top Ten’ vulnerabilities proposed by OWASP
  • Get hands on Web and Mobile application testing techniques (both functional and security), using Selenium and other automated testing tools
  • Define and execute tests in automated environments from given test specifications
  • Incorporate testing as a continuous process

PREREQUISITES

Object Oriented and procedural programming fundamentals (in particular, basic knowledge of Java, Javascript, PHP and SQL languages), basic knowledge of Web and Mobile applications.

SYLLABUS/CONTENT

This course aims at providing the foundations behind functional and security testing. Current testing practices are quite effort intensive since they rely heavily on manual activities. Test automation aims at reducing the cost of testing by automating several of the involved activities. The laboratory, that constitutes an integral part of the course, will give the students a hands-on opportunity to see the analysis and testing techniques (both functional and security) applied to real case studies.

Functional Testing:

  • Course introduction: fundamentals of functional and security testing [2 hours]
  • Manual vs automated testing [4 hours]
    • Software testing essential techniques
    • Drawbacks of Manual Testing
    • Introduction to continuous testing (DevOps)
    • Data driven testing
    • Automation Tools for Unit testing (e.g., xUnit and TestNG)
  • Web app and Mobile testing [8 hours]
    • E2E testing approach
    • Difference between Web app and Mobile testing
    • Approaches for generating E2E test cases
    • Test automation best practices
    • Testing tools
      • Capture/Replay vs. Programmable
      • DOM-based vs. Visual
  • Laboratory [6 hours]
    • Test suite development for selected Web apps
    • Selenium IDE, Selenium WebDriver, Katalon (or other similar tools)

Security Testing:

  • Background on security vulnerabilities [4 hours]
    • Web vulnerabilities: SQL-injection and Cross-site scripting (XSS)
  • Flow analysis & taint analysis [6 hours]
    • Control Flow Graph (CFG), Meet operator, Transfer function
    • Interprocedural flow analysis
    • Taint analysis
  • Black-box & White-box testing [4 hours]
    • Web vulnerability scanners (e.g., Ardilla, Secubat and OWASP ZAP)
  • Laboratory [6 hours]
    • Security testing using WebGoat
    • OWASP ZAP (or other similar tools)

RECOMMENDED READING/BIBLIOGRAPHY

  • Web Application Security: Exploitation and Countermeasures for Modern Web Applications
    by Andrew Hoffman
  • Test Automation using Selenium WebDriver with Java: Step by Step Guide by Mr Navneesh Garg

TEACHERS AND EXAM BOARD

Ricevimento: Appointment by email

Exam Board

FILIPPO RICCA (President)

MAURIZIO LEOTTA

EXAMS

Exam description

  • Software project divided in individual laboratory assignments
  • Oral examination mainly devoted to the project discussion

Assessment methods

An oral examination will allow to verify that the student understood the issues concerning functional and security testing, and the foundational ideas of the proposed methods and techniques. The practical laboratory assignments and their discussion will allow to assess the student’s capability of applying in the best way the presented techniques and methods.

Exam schedule

Date Time Location Type Notes
09/07/2021 00:09 GENOVA Esame su appuntamento
17/09/2021 00:09 GENOVA Esame su appuntamento