These
problems may ormay not be caught in the testing phase. Unfortunately, those problems
that are not caught in testing are destined to manifest themselves after the software is
already in operation. Many developerswant to see their code operational as soon as possible
and put off doing proper error checking until after the fact. While they usually
intend to return and implement proper error checks once they can get some piece of
code working properly, all too often they forget to return and fill in the missing error
checks. The typical end-user has influence over the software only in its operational
phase. A security conscious end-user should always assume that there are problems that
have avoided detection all the way through the testing phase. Without access to source
code and without resorting to reverse engineering program binaries, end-users are left
with little choice but to develop interesting test cases and to determine whether programs
are capable of securely handling these test cases. A tremendous number of software
bugs are found simply because a user provided unexpected input to a program.
One method of testing software involves exposing the software to large numbers of
unusual input cases.
Pages:
582
583
584
585
586
587
588
589
590
591
592
593
594
595
596
597
598
599
600
601
602
603
604
605
606