|
Runtime Error Detection
Runtime error detection is a software verification method that analyzes a software application as it executes and reports defects that are detected during that execution. It can be applied during unit testing, component testing, integration testing, system testing (automated/scripted or manual), or penetration testing. Runtime error detection can identify defects that manifest themselves only at runtime (for example, file overwrites) and zeroing in on the root causes of the application crashing, running slowly, or behaving unpredictably. Defects commonly detected by runtime error detection include: * Race conditions * Exceptions * Resource leaks * Memory leaks * Security attack vulnerabilities (e.g., SQL injection) * Null pointers * Uninitialized memory * Buffer overflows Runtime error detection tools can only detect errors in the executed control flow of the application. [...More Info...] [...Related Items...] OR: [Wikipedia] [Google] [Baidu] |
Software Verification
Software verification is a discipline of software engineering, programming languages, and theory of computation whose goal is to assure that software satisfies the expected requirements. Broad scope and classification A broad definition of verification makes it related to software testing. In that case, there are two fundamental approaches to verification: * ''Dynamic verification'', also known as experimentation, dynamic testing or, simply testing. - This is good for finding faults (software bugs). * ''Static verification'', also known as static code analysis, analysis or, static code analysis, static testing - This is useful for proving the Correctness (computer science), correctness of a program. Although it may result in false positives when there are one or more conflicts between the process a software really does and what the static verification assumes it does. Under the ACM Computing Classification System, software verification topics appear under "Software and its engin ... [...More Info...] [...Related Items...] OR: [Wikipedia] [Google] [Baidu] |
SQL Injection
In computing, SQL injection is a code injection technique used to attack data-driven applications, in which malicious SQL statements are inserted into an entry field for execution (e.g. to dump the database contents to the attacker). SQL injection must exploit a security vulnerability in an application's software, for example, when user input is either incorrectly filtered for string literal escape characters embedded in SQL statements or user input is not strongly typed and unexpectedly executed. SQL injection is mostly known as an attack vector for websites but can be used to attack any type of SQL database. SQL injection attacks allow attackers to spoof identity, tamper with existing data, cause repudiation issues such as voiding transactions or changing balances, allow the complete disclosure of all data on the system, destroy the data or make it otherwise unavailable, and become administrators of the database server. Document-oriented NoSQL databases can also be affect ... [...More Info...] [...Related Items...] OR: [Wikipedia] [Google] [Baidu] |
BoundsChecker
BoundsChecker is a memory checking and API call validation tool used for C++ software development with Microsoft Visual C++. It was created by NuMega in the early 1990s. When NuMega was purchased by Compuware in 1997, BoundsChecker became part of a larger tool suite, DevPartner Studio. Micro Focus purchased the product line from Compuware in 2009. Comparable tools include Purify, Insure++ and Valgrind. BoundsChecker may be run in two distinct modes: ActiveCheck, which will work against any application as is, or FinalCheck, which makes use of instrumentation added to the application when it is built. ActiveCheck performs a less intrusive analysis and monitors all calls by the application to the C Runtime Library, Windows API and calls to COM objects. By monitoring memory allocations and releases, it can detect memory leaks and overruns. Monitoring API and COM calls enables ActiveCheck to check parameters, returns and exceptions and report exceptions when they occur. Thre ... [...More Info...] [...Related Items...] OR: [Wikipedia] [Google] [Baidu] |
Memory Debugger
A memory debugger is a debugger for finding software memory problems such as memory leaks and buffer overflows. These are due to bugs related to the allocation and deallocation of dynamic memory. Programs written in languages that have garbage collection, such as managed code, might also need memory debuggers, e.g. for memory leaks due to "living" references in collections. Overview Memory debuggers work by monitoring memory access, allocations, and deallocation of memory. Many memory debuggers require applications to be recompiled with special dynamic memory allocation libraries, whose APIs are mostly compatible with conventional dynamic memory allocation libraries, or else use dynamic linking. Electric Fence is such a debugger which debugs memory allocation with malloc. Some memory debuggers (e.g. Valgrind) work by running the executable in a virtual machine-like environment, monitoring memory access, allocation and deallocation so that no recompilation with special memory ... [...More Info...] [...Related Items...] OR: [Wikipedia] [Google] [Baidu] |
Software Testing
Software testing is the act of checking whether software satisfies expectations. Software testing can provide objective, independent information about the Quality (business), quality of software and the risk of its failure to a User (computing), user or sponsor. Software testing can determine the Correctness (computer science), correctness of software for specific Scenario (computing), scenarios but cannot determine correctness for all scenarios. It cannot find all software bug, bugs. Based on the criteria for measuring correctness from an test oracle, oracle, software testing employs principles and mechanisms that might recognize a problem. Examples of oracles include specifications, Design by Contract, contracts, comparable products, past versions of the same product, inferences about intended or expected purpose, user or customer expectations, relevant standards, and applicable laws. Software testing is often dynamic in nature; running the software to verify actual output ... [...More Info...] [...Related Items...] OR: [Wikipedia] [Google] [Baidu] |
Development Testing
Development testing is a software development process that involves synchronized application of a broad spectrum of defect prevention and detection strategies in order to reduce software development risks, time, and costs. Depending on the organization's expectations for software development, development testing might include static code analysis, data flow analysis, metrics analysis, peer code reviews, unit testing, code coverage analysis, traceability, and other software verification practices. Overview Development testing is performed by the software developer or engineer during the construction phase of the software development lifecycle. Rather than replace traditional QA focuses, it augments it. [...More Info...] [...Related Items...] OR: [Wikipedia] [Google] [Baidu] |
Parasoft
Parasoft (officially Parasoft Corporation) is an independent software vendor specializing in automated software testing and application security with headquarters in Monrovia, California. It was founded in 1987 by four graduates of the California Institute of Technology who planned to commercialize the parallel computing software tools they had been working on for the Caltech Cosmic Cube, which was the first working Hypercube_internetwork_topology, hypercube computer built. During the 90's, Parasoft leveraged technology in their parallel software toolkit to create software test automation tools for traditional software development as well as parallel. Starting with runtime error detection for C programming language, C and C++ with their Insure++ product, they also added capabilities for static code analysis, unit testing, and ultimately expanded to include application security, functional testing, and service virtualization. Technologies Parasoft develops automated defect preven ... [...More Info...] [...Related Items...] OR: [Wikipedia] [Google] [Baidu] |
Memory Corruption
Memory corruption occurs in a computer program when the contents of a memory location are modified due to programmatic behavior that exceeds the intention of the original programmer or program/language constructs; this is termed as violation of memory safety. The most likely causes of memory corruption are programming errors (software bugs). When the corrupted memory contents are used later in that program, it leads either to program crash or to strange and bizarre program behavior. Nearly 10% of application crashes on Windows systems are due to heap corruption.{{Cite web, last=Radich, first=Q., last2=Sherer, first2=T., last3=Sharkey, first3=K., last4=Batchelor, first4=D., last5=Kennedy, first5=J. T., last6=Mabee, first6=D., last7=Coulter, first7=D., last8=Michael, first8=S., date=28 April 2021, title=Application Verifier (Windows 7 and Windows Server 2008 R2 Application Quality Cookbook) - Win32 apps, publisher=Microsoft Developer Network, url=https://docs.microsoft.com/en-us/wi ... [...More Info...] [...Related Items...] OR: [Wikipedia] [Google] [Baidu] |
Null Pointer
In computing, a null pointer (sometimes shortened to nullptr or null) or null reference is a value saved for indicating that the Pointer (computer programming), pointer or reference (computer science), reference does not refer to a valid Object (computer science), object. Programs routinely use null pointers to represent conditions such as the end of a List (computing), list of unknown length or the failure to perform some action; this use of null pointers can be compared to nullable types and to the ''Nothing'' value in an option type. A null pointer should not be confused with an uninitialized variable, uninitialized pointer: a null pointer is guaranteed to compare unequal to any pointer that points to a valid object. However, in general, most languages do not offer such guarantee for uninitialized pointers. It might compare equal to other, valid pointers; or it might compare equal to null pointers. It might do both at different times; or the comparison might be undefined behavio ... [...More Info...] [...Related Items...] OR: [Wikipedia] [Google] [Baidu] |
Vulnerability (computing)
Vulnerabilities are flaws or weaknesses in a system's design, implementation, or management that can be exploited by a malicious actor to compromise its security. Despite a system administrator's best efforts to achieve complete correctness, virtually all hardware and software contain bugs where the system does not behave as expected. If the bug could enable an attacker to compromise the confidentiality, integrity, or availability of system resources, it can be considered a vulnerability. Insecure software development practices as well as design factors such as complexity can increase the burden of vulnerabilities. Vulnerability management is a process that includes identifying systems and prioritizing which are most important, scanning for vulnerabilities, and taking action to secure the system. Vulnerability management typically is a combination of remediation, mitigation, and acceptance. Vulnerabilities can be scored for severity according to the Common Vulnerability S ... [...More Info...] [...Related Items...] OR: [Wikipedia] [Google] [Baidu] |
Software Bug
A software bug is a design defect ( bug) in computer software. A computer program with many or serious bugs may be described as ''buggy''. The effects of a software bug range from minor (such as a misspelled word in the user interface) to severe (such as frequent crashing). In 2002, a study commissioned by the US Department of Commerce's National Institute of Standards and Technology concluded that "software bugs, or errors, are so prevalent and so detrimental that they cost the US economy an estimated $59 billion annually, or about 0.6 percent of the gross domestic product". Since the 1950s, some computer systems have been designed to detect or auto-correct various software errors during operations. History Terminology ''Mistake metamorphism'' (from Greek ''meta'' = "change", ''morph'' = "form") refers to the evolution of a defect in the final stage of software deployment. Transformation of a ''mistake'' committed by an analyst in the early stages of the softw ... [...More Info...] [...Related Items...] OR: [Wikipedia] [Google] [Baidu] |
