Senior programmer,pls give a guide for programmers (how u validate a program?)

[angelicsign]

As a senior programmer, what you will do when you have to validate and test a complete program/software/app?
What action you will take to validate a program?
The purpose for this thread is to refine our final project or application before submit or commercialize so that the product is well prepared or complete.

[xcallmejudasx]

You mean like software testing? There's a few things you need to test

1) The program does everything it says it does
2) The program doesn't do anything it doesn't say it does
3) It is user friendly

when testing software be as critical as you can. The company won't be very happy with you if you miss something that ends up costing them thousands of dollars to fix because you didn't thoroughly(spl?) test it. Always test for worst case scenarios. Assume the user is a complete idiot. If there are fields like name, telephone, etc try reversing the input information. Does it work if the user puts 555-5555 as their name?

I'll add the link to an EBook I received dealing with this topic once I can access my personal email.

[angelicsign]

thanks for the reply.
you are totally right.
i got your point.
how about security?
how you will test a software security?
i mean the basic risk we should concern about.

[xcallmejudasx]

The only way I know to test security software is to try to have someone hack it. You can hire professional hackers/coders to test how well the program works. Granted you need to write out contract stipulations, what their allowed/not allowed to do(ie social engineering, dumpster diving, or just straight up code cracking).

[CJSLMAN]

• Was unit testing performed?
• Was the test team involved from the design phase?
• Were the test cases developed from the use cases?
• Was a tool like Junit used during the development of the program?
• Performance testing ?
• Has there been a user acceptance test done/programmed ?
• Any usability testing ?
• Gorilla/pizza testing planned?

CJSL

[neilcoffey]

I'd also say, don't neglect the things that happen before testing: consider code walkthroughs with other programmers of key components, and running the program through something like FindBugs (confession: haven't used FindBugs much, but have heard good things about it from others who have).

[Nicholas Jordan]

The only way I know to test security software is to try to have someone hack it. You can hire professional hackers/coders to test how well the program works. Granted you need to write out contract stipulations, what their allowed/not allowed to do(ie social engineering, dumpster diving, or just straight up code cracking).

Basic work is as posted here by xcallmejudasx, and we have some other issues that resolve on the experienced workers approach of only use code in security situations that has been running some 100,000 hours and is known to be robust. Further, even with proven code there are constant pressures from within that make actual security testing more of a classroom exercise than a workable matter in deployed practice. For the most part, if there is money on the wire, we need to use electronic devices that have extensive tooling by EE's and cross-locks such that no one individual can defeat the controls. Further, the insurance must be paid up and lots of legal boilerplate and ultimately, designed so that an operator on one checkout lane at a grocery store can only do harm to the extent of that immediate cash drawer ( or a person using the operator as a shield )

I spent some bucks on Modern Cryptography, Theory and Practice by Wenbo Mao - in which book one does not get past the preface or introduction without a full-force rounhouse kick to the face of cryptography as taught currently. Further, people who break security are a broad selection set from honest curiosity seekers to a type of individual that cannot even be discussed in the clear. We have to examine in context the traditionally cited master intruder, person was stealing driver's license photos. Okay, I want you to pull your dl out and look at the picture. Who would steal that when it might even be available online? Then, beyond that, the places where they put people who do that are not intended for comfort. Their sole burden is to deprive you of your liberty - nothing more. For 25-35 dollars a day, some commercial businesses do human warehousing.

Okay, let us consider the intruder. If that intruder had any smarts at all, first thing is to find someone else to take the fall. Next thing is hide the tracks and defeat the interlocks. See my interview at rfid dot inc with Carl Brown. He sells devices where Men In Black actually come out and crack skulls when people screw up.

It is not funny, code as though a Gorrilla is trying to take away your Pizza.