A Course in Black Box Software Testing
Examples of Attacks
See lecture notes on risk-based testing.
Copyright (c) Cem Kaner, 2004
Some errors are so common that there are well-known attacks for them. An attack is a stereotyped class of tests, optimized around a specific type of error.
Examples of attacks are:
- Boundary testing for numeric input fields. The error is mis-specification (or mis-typing) of the upper or lower bound of the numeric input field.
- Test the input constrains by overflowing input buffers.
- Repeat the same input or series of inputs many times.
- Input characters that are not from the primary language of the program or characters that are not commonly used.
The following examples illustrate the use of attacks.
- Buffer Overflow Error in Download Accelerator Plus
- Entering Very Long String in Opera's Manage Contacts Causes the Application to Freeze
- Entering a Special Device Name in the Favorites of WinRAR Crashes the Application
- Buffer Overflow with ID3v2 Tags in WinAmp
- Testing for DoS Attacks in FireFox
Copyright (c) Cem Kaner 2004
This work is licensed under the Creative Commons Attribution-ShareAlike License. To view a copy of this license, visit http://creativecommons.org/licenses/by-sa/2.0/ or send a letter to Creative Commons, 559 Nathan Abbott Way, Stanford, California 94305, USA.
These notes are partially based on research that was supported by NSF Grant EIA-0113539 ITR/SY+PE: "Improving the Education of Software Testers." Any opinions, findings and conclusions or recommendations expressed in this material are those of the author(s) and do not necessarily reflect the views of the National Science Foundation.
