Information Assurance

Question 1

Software Verification, Validation and Evaluation (VV&E) testing techniques

In conventional software engineering, VV&E (verification, validation, and evaluation) testing is known to be the integral component of design and development procedures. However, in this field of the software systems, there exist little consensus regarding what sort of VV7E testing is essential and how to execute it. Moreover, majority of the processes which have been designed and developed are very poorly documented. This makes it is very challenging, if not unachievable, for these processes to be redesigned and redeveloped by any individual besides originator. The VV&E components for the software system are meant to:

a) Verify to display and prove that the software is built accurately

b) Validate to display and prove that the right software was created (Redmill, 2005).

c) Evaluate to display and prove the usefulness and effectiveness of the software

There are a number of techniques used for software VV&E testing. Some of these include,

White Box VV&E Testing

This testing is an extremely effective technique in detecting and then resolving the problems, if any. Hence, the technique verifies, validate and evaluate the software by solving the fault or bug that is the demonstration of any error in the software. The technique is useful as the bugs can be found, often prior to when they result in trouble. We can simply consider this technique as a testing technique that incorporates and implement the information of internal structure and the coding inside the software or software programs. This testing technique is also referred to as clear box VV&E analysis, clear box VV&E testing or white box VV&E analysis. This is a useful strategy for the software debugging which includes the tester possessing excellent knowledge about how the software program components must interact for the software to be regarded as right and accurate (Lee, Lam & Zhang, 2004); where software debugging includes locating, evaluating and fixing accordingly the bugs in the software program code or engineering of the hardware device.

It must be noted that the technique can proved to be useful for the various applications of Web services, and is not often used for the execution of debugging procedures in large networks and systems. Besides, the white box VV&E testing can also be regarded as a security testing method which can be defined as the procedure used for determining whether, an information system is protecting the data and maintaining the functionality as it is meant to (Vilkomir, Kapoor & Bowen, 2003). Hence, white box VV&E testing is very commonly utilized to validate if the code implementation is following the intended design and pattern; to validate if the implemented security processes and functionality is proper; and also to uncover the exploitable vulnerabilities and attacks.

Black box VV&E testing

This is software VV&E testing is based up on the output requirements and does not require any information of the program coding and the internal structure. In other words, the black box can be regarded as a VV&E testing technique that includes a device that is used ...