software verification validation and testing

Addis Ababa Science and Technology University

Collage of electrical and mechanical Engineering
Department of software engineering
By: Melsew Dagnaw
melx4547@gmail.com

ADBT M.D. Oct 19, 2023

 Presentation content
 Introduction
 Statement of problem
 Objective of the article
 Summery of the article
 Methodology
 Finding
 Conclusion
 Future work

Oct 19, 2023 2

 Introduction
 HTTP cookies store user information and record browsing
activity, often containing private user information.
 Popular web servers like Google, YouTube, and Amazon

leak sensitive data, and some applications use cookies as

authentication tokens.
 A cookie flag is a security mechanism that protects data in

cookies.
 Two types are Http Only and Secure flags.
 Http Only restricts cookie access, while Secure flags protect

cookies over encrypted connections.

Oct 19, 2023 3

 Continue----
 A rotten cookie attack can invalidate cookie flags, even if
encrypted by TLS, by exploiting insecure HTTP
mechanisms and AES-GCM implementation.
 Cookie theft attack exploits HTTP integrity verification,

requires rigorous nonce duplication checks, and presents

mitigation for transport layer reuse.

Oct 19, 2023 4

 Problem of the article
 TLS protocol is widely used for HTTP messages and
private cookie protection, but cannot guarantee cookie
security, Additional mechanisms like HTTP Strict
Transport Security and cookie flags are needed.
 HTTPS lacks a specific method for checking message

integrity due to its flexibility and scalability.

 TLS security is threatened by weak cryptographic

primitives, faulty implementation, Zero-day

vulnerabilities, and side-channels pose practical threats.
 security weakness of web browsers that can be potentially

exploited by our cookie theft attack that invalidates cookie

flags.
Oct 19, 2023 5
 Test Plan
 The Test Plan has been created to communicate the test
approach to team members. It includes the objectives, scope,
schedule, risks and approach.
Objective
 The objective of this project is to develop online clearance

management system in Productivity improvement and center

of excellence
Scope
 The scope of this project is concerns with only online staff academic
clearance system in Productivity improvement and center of
excellence. The initial phase will include all ‘must have’
requirements.
Oct 19, 2023 6
 Continue….
Test Approach
 The project is using an agile approach, with weekly

iterations. At the end of each week the requirements

identified for that iteration will be delivered to the team and
will be tested.
Test Automation
 Automated unit tests are part of the development process, but

no automated functional tests are planned at this time. Use

manual test.
 Test Environment
A new server is required for the web server, the application
and the database.
Oct 19, 2023 7
 Continue….
Milestones / Deliverables:-A milestone is a specific point within a
project's life cycle used to measure the progress toward the ultimate goal

Task Name Start Finish Effort

Test Planning 5/9/2023 5/12/2023 3 day
deploy to QA test environment 5/13/2023 5/17/2023 4 day
System testing 5/18/2023 5/22/2023 4 day
Regression testing 5/23/2023 5/27/2023 4 day
Performance testing 5/28/2023 5/30/2023 3 day

Deliverables in project management, a deliverable refers to any item that is

produced as a result of a project
Deliverable For Date Milestone
Test Plan Project Manager; QA Director; Test Team 4 day
Traceability Matrix Project Manager; QA Director 4 day
Test Results Project Manager 4 day
Test Status report QA Manager, QA Director 3 day
Metrics All team members 3 day

Oct 19, 2023 8

Continue…..

Oct 19, 2023 9

 Test Case
A Test Case is a set of actions executed to verify a particular feature or functionality
of your software application. A Test Case contains test steps, test data, precondition,
post condition developed for specific test scenario to verify any requirement.

Oct 19, 2023 10

 Test Suite
 Test suites are the logical grouping or collection of test cases
to run a single job with different test scenarios.
 Sample for manage employee information apply clearance

Oct 19, 2023 11

 test detector
 Test Link is a web-based test management system
that facilitates software quality assurance.

Oct 19, 2023 12

 testing report
 TestReports are an essential part of Software Testing in any
project

Oct 19, 2023 13

 traceability matrix
 Requirement Traceability Matrix (RTM) is a document that
maps and traces user requirement with test cases .

Oct 19, 2023 14

 The end

Thank

our

presentation
Oct 19, 2023 15