Abstract
Risk-driven testing is a testing approach that aims at focusing the testing process on the aspects or features of the system under test that are most exposed to risk. Current risk-driven testing approaches succeed in identifying the aspects or features that are most exposed to risks, and thereby support testers in planning the testing process accordingly. However, they fail in supporting testers to employ risk analysis to systematically design test cases. Because of this, there exists a gap between risks, which are often described and understood at a high level of abstraction, and test cases, which are often defined at a low level of abstraction. In this paper, we bridge this gap. We give an example-driven presentation of a novel method, intended to assist testers, for systematically designing test cases by making use of risk analysis.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Similar content being viewed by others
References
Casado, R., Tuya, J., Younas, M.: Testing long-lived web services transactions using a risk-based approach. In: Proceedings of 10th International Conference on Quality Software (QSIC’10), pp. 337–340. IEEE Computer Society (2010)
Chen, Y., Probert, R.L., Sims, D.P.: Specification-based regression test selection with risk analysis. In: Proceedings of 2002 Conference of the Centre for Advanced Studies on Collaborative Research (CASCON’02), pp. 1–14. IBM Press (2002)
Damn Vulnerable Web Application (DVWA). http://www.dvwa.co.uk/. Accessed 11 Aug 2013
Erdogan, G., Li, Y., Runde, R.K., Seehusen, F., Stølen, K.: Conceptual framework for the DIAMONDS project. Technical report A22798, SINTEF Information and Communication Technology (2012)
Garousi, V., Zhi, J.: A survey of software testing practices in Canada. J. Syst. Softw. 86(5), 1354–1376 (2013)
Gleirscher, M.: Hazard-based selection of test cases. In: Proceedings of 6th International Workshop on Automation of Software Test (AST’11), pp. 64–70. ACM (2011)
International Organization for Standardization. ISO 31000:2009(E), Risk management - Principles and guidelines (2009)
International Organization for Standardization. ISO/IEC/IEEE 29119–1:2013(E), Software and system engineering - Software testing - Part 1: Concepts and definitions (2013)
International Organization for Standardization. ISO/IEC/IEEE 29119–2:2013(E), Software and system engineering - Software testing - Part 2: Test process (2013)
Kloos, J., Hussain, T., Eschbach, R.: Risk-based testing of safety-critical embedded systems driven by fault tree analysis. In: Proceedings of 4th International Conference on Software Testing, Verification and Validation Workshops (ICSTW’11), pp. 26–33. IEEE Computer Society (2011)
Lund, M.S., Solhaug, B., Stølen, K.: Model-Driven Risk Analysis: The CORAS Approach. Springer, Heidelberg (2011)
Murthy, K.K., Thakkar, K.R., Laxminarayan, S.: Leveraging risk based testing in enterprise systems security validation. In: Proceedings of 1st International Conference on Emerging Network Intelligence (EMERGING’09), pp. 111–116. IEEE Computer Society (2009)
Dias-Neto, A.C., Subramanyan, R., Vieira, M., Travassos, G.H.: A survey on model-based testing approaches: a systematic review. In: Proceedings of 1st ACM International Workshop on Empirical Assessment of Software Engineering Languages and Technologies (WEASELTech’07), pp. 31–36. ACM (2007)
Object Management Group. Unified Modeling Language (UML), superstructure, version 2.4.1, 2011. OMG Document Number: formal/2011-08-06
Object Management Group. UML Testing Profile (UTP), version 1.2, 2013. OMG Document Number: formal/2013-04-03
Oppliger, R., Hauser, R., Basin, D.: SSL/TLS session-aware user authentication - Or how to effectively thwart the man-in-the-middle. Comput. Commun. 29(12), 2238–2246 (2006)
Open Web Application Security Project (OWASP). https://www.owasp.org/index.php/Cross-site_Scripting_(XSS). Accessed 5 Sept 2013
OWASP Top 10 Application Security Risks - 2013. https://www.owasp.org/index.php/Category:OWASP_Top_Ten_Project. Accessed 6 Sept 2013
PHP manual. http://php.net/manual/en/pdo.prepared-statements.php. Accessed 6 Sept 2013
Stallbaum, H., Metzger, A., Pohl, K.: An automated technique for risk-based test case generation and prioritization. In: Proceedings of 3rd International Workshop on Automation of Software Test (AST’08), pp. 67–70. ACM (2008)
Stoneburner, G., Goguen, A., Feringa, A.: Risk Management Guide for Information Technology Systems. NIST Special Publication 800–30, National Institute of Standards and Technology (2002)
XAMPP. http://www.apachefriends.org/en/xampp.html. Accessed 11 Aug 2013
Zech, P., Felderer, M., Breu, R.: Towards a model based security testing approach of cloud computing environments. In: Proceedings of 6th International Conference on Software Security and Reliability Companion (SERE-C’12), pp. 47–56. IEEE Computer Society (2012)
Acknowledgments
This work has been conducted as a part of the DIAMONDS project (201579/S10) funded by the Research Council of Norway, the NESSoS network of excellence (256980) and the RASEN project (316853) funded by the European Commission within the 7th Framework Programme, as well as the CONCERTO project funded by the ARTEMIS Joint Undertaking (333053) and the Research Council of Norway (232059).
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2014 Springer International Publishing Switzerland
About this paper
Cite this paper
Erdogan, G., Refsdal, A., Stølen, K. (2014). A Systematic Method for Risk-Driven Test Case Design Using Annotated Sequence Diagrams. In: Bauer, T., Großmann, J., Seehusen, F., Stølen, K., Wendland, MF. (eds) Risk Assessment and Risk-Driven Testing. RISK 2013. Lecture Notes in Computer Science(), vol 8418. Springer, Cham. https://doi.org/10.1007/978-3-319-07076-6_7
Download citation
DOI: https://doi.org/10.1007/978-3-319-07076-6_7
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-319-07075-9
Online ISBN: 978-3-319-07076-6
eBook Packages: Computer ScienceComputer Science (R0)