BCSE301L -Software Engineering

Digital Assignment - I

Reg. No: 21BCE0846

Name: Abhishek Kumar

Question Mapping : 4. 21BCE0846 : 3 , 5 , 12 , 14 , 15

White-box testing:
White-box testing, also known as clear box testing, glass box testing, or
structural testing, involves examining the internal structure of the software
being tested. Here are some scenarios where white-box testing would be
appropriate:

3. API Testing for Functional and Structural Verification:

Scenario: A company is developing an API that will be used by multiple internal and external
applications.

White-box Testing Scenario:

A company is developing an API used by various applications. The focus is on the "Update
User Profile" endpoint.

Explanation:​
White-box testing here involves examining the API's internal logic. By reviewing the code
structure, every decision point (such as input validation and error handling) is thoroughly
tested to ensure the endpoint functions correctly.

Practical Example:

Pseudocode Example:

function updateUserProfile(userId, requestBody):

user = fetchUserFromDatabase(userId)

if user is null:
 return errorResponse(404, "User not found")

if requestBody.firstName exists:

user.firstName = requestBody.firstName

if requestBody.lastName exists:

user.lastName = requestBody.lastName

if requestBody.email exists:

if not isValidEmail(requestBody.email):

return errorResponse(400, "Invalid email format")

user.email = requestBody.email

if requestBody.age exists:

if requestBody.age < 0 or requestBody.age > 150:

return errorResponse(400, "Invalid age")

user.age = requestBody.age

if requestBody.isActive exists:

user.isActive = requestBody.isActive

saveUserToDatabase(user)

return successResponse(200, user)

Test Cases :

●​ Full Update: All fields provided should update successfully.​

●​ Partial Update: Only some fields provided should update, leaving others unchanged.​

●​ User Not Found: Non-existent userId should return a 404 error.​

●​ Invalid Email/Age: Incorrect email or out-of-bound age should trigger 400 error
responses.
5. Code Review and Static Analysis

Scenario: A software company is about to release a new version of its flagship product.

1. Objective

●​ Identify Code Defects Early: Detect syntax errors, logical flaws, and security
vulnerabilities before runtime.​

●​ Improve Maintainability: Ensure that the code follows best practices and is easy to
modify in the future.​

●​ Enhance Performance & Security: Identify inefficient code segments and security
weaknesses such as memory leaks or SQL injection risks.​

2. Testing Approach

White-box testing in this scenario consists of:

A. Code Review

A manual inspection of the source code to find potential issues before execution. This can be
done using:

●​ Peer Reviews: Developers review each other's code to ensure correctness.​

●​ Formal Inspections: A structured process where a team systematically analyzes the

code.​

●​ Checklist-Based Reviews: Ensuring adherence to coding standards (e.g., naming

conventions, proper commenting, modularization).​

B. Static Analysis

A tool-based approach that examines source code without executing it. It helps detect:

●​ Syntax and Logical Errors: Unused variables, unreachable code, improper conditions.​
 ●​ Security Vulnerabilities: SQL injection risks, buffer overflows, weak cryptographic
implementations.​

●​ Performance Bottlenecks: Redundant computations, excessive memory allocation.​

3. Execution Environment

●​ Code Review Tools: GitHub Code Review, Gerrit, Crucible.​

●​ Static Analysis Tools: SonarQube, Coverity, Checkstyle, PMD (for Java), Flake8 (for
Python).​

●​ Security Analysis Tools: OWASP Dependency-Check, Bandit (for Python security

checks).​

4. Defect Identification and Reporting

●​ Code Review Feedback: Developers note potential issues and suggest

improvements.​

●​ Static Analysis Reports: Automated tools generate reports highlighting detected

vulnerabilities, maintainability concerns, and inefficient code.​

●​ Actionable Fixes: Identified issues are prioritized and resolved before release.​

5. Conclusion

White-box testing techniques like code review and static analysis help software companies
ensure the reliability, security, and efficiency of their products before release. By analyzing the
internal structure and logic of the code, these methods prevent defects from reaching
production, ultimately improving software quality.

Blackbox Testing

Black-box testing involves testing the functionality of a software application without examining
its internal code structure. Testers focus on the external behavior of the software and do not
have access to its
Blackbox Testing

Black-box testing involves testing the functionality of a software application

without examining its internal code structure. Testers focus on the external
behavior of the software and do not have access to its internal workings. Here
are some scenarios where black-box testing would be appropriate:

12. Regression Testing after Software Updates

A software vendor releases a new version of its accounting software.

1. Objective

●​ Ensure Stability: Confirm that the new release has not inadvertently affected core
functionalities from previous versions.​

●​ User-centric Testing: Validate that the software behaves as expected from an

end-user perspective, without any internal code analysis.​

2. Test Case Selection

●​ Critical Functions: Identify key business processes, such as transaction processing,

balance calculations, invoicing, and report generation.​

●​ Existing Test Suite: Utilize and update the existing suite of functional test cases that
cover these critical areas.​

●​ New Features Impact: Include test cases that not only re-test the existing
functionalities but also validate the interactions with any newly introduced features.​

3. Testing Approach

●​ Input-Output Analysis:​

○​ Inputs: Use predefined data sets that represent common, boundary, and error
conditions (e.g., valid and invalid transaction entries).​
 ○​ Expected Outputs: Define clear expected outcomes for each input scenario
based on previous system behavior.​

●​ Techniques Applied:​

○​ Equivalence Partitioning: Group input data into equivalent classes where test
cases are expected to produce similar results.​

○​ Boundary Value Analysis: Focus on the edges of input ranges to uncover

potential issues that occur at the extreme ends.​

4. Execution Environment

●​ Simulated Production: Run the test cases in an environment that closely replicates
the production setting to capture realistic system behavior.​

●​ Automated Regression Suite: Where possible, use automation tools to efficiently

execute a large number of regression tests and quickly identify any discrepancies.​

5. Defect Identification and Logging

●​ Outcome Comparison: Compare the actual outputs from the new release against the
expected results.​

●​ Issue Logging: Document any deviations or failures as potential regression issues,

ensuring that each defect is reproducible and clearly described.​

●​ Feedback Loop: Provide timely feedback to the development team to address any
identified problems before the release is fully deployed.​

6. Conclusion

Using black-box testing for regression testing in this scenario allows testers to effectively
verify that new software updates do not disrupt existing functionality. By focusing on user
behavior and output verification, this approach ensures that the accounting software remains
reliable and user-friendly after each update.
14. Penetration Testing for Security Assessment

An e-commerce platform wants to assess its vulnerability to cyber-attacks.

1. Objective

●​ Identify Security Weaknesses: Detects vulnerabilities such as SQL injection, cross-site

scripting (XSS), authentication flaws, and improper access controls.​

●​ Simulate Real-World Attacks: Assess how a potential hacker might exploit

weaknesses without needing access to the system's internal structure.​

2. Test Case Selection

●​ Authentication & Authorization: Verify login mechanisms, password strength policies,

and access control rules.​

●​ Input Validation: Check for vulnerabilities in user input fields (e.g., search boxes,
contact forms) to prevent injection attacks.​

●​ Session Management: Analyze session expiration, token security, and cookie

handling.​

●​ Payment Security: Test for weaknesses in payment gateway integrations and

encryption methods.

3. Testing Approach

●​ Black-box Penetration Testing Techniques:​

○​ Reconnaissance: Gather public information about the platform (e.g., WHOIS

lookup, public APIs, etc.).​

○​ Fuzz Testing: Inject unexpected, malformed, or random data to check how the
system responds.​
 ○​ Brute Force Attacks: Test password policies by attempting dictionary-based
attacks.​

○​ Injection Attacks: Try SQL injection and cross-site scripting (XSS) to determine
if user input is properly sanitized.​

○​ Broken Access Controls: Attempt accessing restricted resources without

proper authentication.​

4. Execution Environment

●​ Ethical Hacking Tools: Use tools like Burp Suite, OWASP ZAP, Metasploit, or Nikto to
conduct automated and manual security testing.​

●​ Testing on Staging Environment: Conduct penetration tests in a controlled,

non-production environment to prevent real-world disruptions.​

5. Defect Identification and Reporting

●​ Vulnerability Categorization: Document vulnerabilities based on risk levels (e.g.,

critical, high, medium, low).​

●​ Exploit Demonstration: Provide proof-of-concept (PoC) attacks to showcase how

vulnerabilities can be exploited.​

●​ Remediation Recommendations: Suggest security enhancements, such as enforcing

stricter input validation, implementing rate-limiting, and securing session management.​

6. Conclusion

Black-box penetration testing helps e-commerce platforms identify and fix security
vulnerabilities before attackers can exploit them. By mimicking real-world cyber-attacks, this
approach ensures robust security, protecting user data, transactions, and business reputation.
Mutation Testing
Mutation testing is a technique used to evaluate the effectiveness of existing
test cases by introducing small changes, or mutations, into the source code
and checking if the tests can detect these changes. Here are some scenarios
for mutation testing:

15. Arithmetic Operator Mutations

An application contains arithmetic operations such as addition, subtraction, multiplication, and

division.

1. Objective

●​ Evaluate Test Suite Strength: Ensure that existing unit test cases are robust enough
to catch errors in arithmetic operations.​

●​ Identify Weak Test Cases: Detect gaps in test coverage where incorrect calculations
might go unnoticed.​

2. Mutation Operators (Fault Injection)

Mutants are created by modifying arithmetic operations in the source code. Examples include:

Original Code Mutated Code Fault Type

result = a + b; result = a - b; Addition changed to

subtraction

area = length * area = length / Multiplication changed to

width; width; division

total = price / total = price * Division changed to

discount; discount; multiplication

x = (a + b) * c; x = (a + b) + c; Multiplication changed to
addition
3. Testing Approach

●​ Generate Mutants: Use mutation testing tools (such as PIT for Java, MutPy for Python)
to introduce small changes in the arithmetic operations.​

●​ Run Test Cases: Execute the existing test cases against the mutated versions of the
code.​

●​ Analyze Results:​

○​ Killed Mutants: If a test case fails due to the mutation, it means the test
successfully detected the issue.​

○​ Survived Mutants: If a test case passes despite the mutation, it indicates that
the test suite is weak and needs improvement.

4. Execution Environment

●​ Automation Tools: Use mutation testing frameworks (e.g., PIT for Java, MutPy for
Python, Stryker for JavaScript) to automate the process.​

●​ Code Coverage Analysis: Ensure that all arithmetic operations are tested by analyzing
code coverage reports.

5. Defect Identification and Reporting

●​ Mutation Score Calculation: Determine the effectiveness of test cases using the
formula:​
Mutation Score=(Killed MutantsTotal Mutants)×100\text{Mutation Score} =
\left(\frac{\text{Killed Mutants}}{\text{Total Mutants}}\right) \times 100
●​ Improve Test Cases: If the mutation score is low, add new test cases to improve
detection accuracy.

6. Conclusion

Mutation testing ensures that an application’s test suite is capable of identifying faults in
arithmetic operations. By systematically altering mathematical expressions, it helps
developers strengthen their test cases, ultimately leading to more reliable and bug-free
software.