Skip to main content
SpringerLink
Log in

A Systematic Method for Risk-Driven Test Case Design Using Annotated Sequence Diagrams

  • Conference paper
  • First Online:
Risk Assessment and Risk-Driven Testing (RISK 2013)

Part of the book series: Lecture Notes in Computer Science ((LNPSE,volume 8418))

Included in the following conference series:

Abstract

Risk-driven testing is a testing approach that aims at focusing the testing process on the aspects or features of the system under test that are most exposed to risk. Current risk-driven testing approaches succeed in identifying the aspects or features that are most exposed to risks, and thereby support testers in planning the testing process accordingly. However, they fail in supporting testers to employ risk analysis to systematically design test cases. Because of this, there exists a gap between risks, which are often described and understood at a high level of abstraction, and test cases, which are often defined at a low level of abstraction. In this paper, we bridge this gap. We give an example-driven presentation of a novel method, intended to assist testers, for systematically designing test cases by making use of risk analysis.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 34.99
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 44.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

References

  1. Casado, R., Tuya, J., Younas, M.: Testing long-lived web services transactions using a risk-based approach. In: Proceedings of 10th International Conference on Quality Software (QSIC’10), pp. 337–340. IEEE Computer Society (2010)

    Google Scholar 

  2. Chen, Y., Probert, R.L., Sims, D.P.: Specification-based regression test selection with risk analysis. In: Proceedings of 2002 Conference of the Centre for Advanced Studies on Collaborative Research (CASCON’02), pp. 1–14. IBM Press (2002)

    Google Scholar 

  3. Damn Vulnerable Web Application (DVWA). http://www.dvwa.co.uk/. Accessed 11 Aug 2013

  4. Erdogan, G., Li, Y., Runde, R.K., Seehusen, F., Stølen, K.: Conceptual framework for the DIAMONDS project. Technical report A22798, SINTEF Information and Communication Technology (2012)

    Google Scholar 

  5. Garousi, V., Zhi, J.: A survey of software testing practices in Canada. J. Syst. Softw. 86(5), 1354–1376 (2013)

    Article  Google Scholar 

  6. Gleirscher, M.: Hazard-based selection of test cases. In: Proceedings of 6th International Workshop on Automation of Software Test (AST’11), pp. 64–70. ACM (2011)

    Google Scholar 

  7. International Organization for Standardization. ISO 31000:2009(E), Risk management - Principles and guidelines (2009)

    Google Scholar 

  8. International Organization for Standardization. ISO/IEC/IEEE 29119–1:2013(E), Software and system engineering - Software testing - Part 1: Concepts and definitions (2013)

    Google Scholar 

  9. International Organization for Standardization. ISO/IEC/IEEE 29119–2:2013(E), Software and system engineering - Software testing - Part 2: Test process (2013)

    Google Scholar 

  10. Kloos, J., Hussain, T., Eschbach, R.: Risk-based testing of safety-critical embedded systems driven by fault tree analysis. In: Proceedings of 4th International Conference on Software Testing, Verification and Validation Workshops (ICSTW’11), pp. 26–33. IEEE Computer Society (2011)

    Google Scholar 

  11. Lund, M.S., Solhaug, B., Stølen, K.: Model-Driven Risk Analysis: The CORAS Approach. Springer, Heidelberg (2011)

    Book  Google Scholar 

  12. Murthy, K.K., Thakkar, K.R., Laxminarayan, S.: Leveraging risk based testing in enterprise systems security validation. In: Proceedings of 1st International Conference on Emerging Network Intelligence (EMERGING’09), pp. 111–116. IEEE Computer Society (2009)

    Google Scholar 

  13. Dias-Neto, A.C., Subramanyan, R., Vieira, M., Travassos, G.H.: A survey on model-based testing approaches: a systematic review. In: Proceedings of 1st ACM International Workshop on Empirical Assessment of Software Engineering Languages and Technologies (WEASELTech’07), pp. 31–36. ACM (2007)

    Google Scholar 

  14. Object Management Group. Unified Modeling Language (UML), superstructure, version 2.4.1, 2011. OMG Document Number: formal/2011-08-06

    Google Scholar 

  15. Object Management Group. UML Testing Profile (UTP), version 1.2, 2013. OMG Document Number: formal/2013-04-03

    Google Scholar 

  16. Oppliger, R., Hauser, R., Basin, D.: SSL/TLS session-aware user authentication - Or how to effectively thwart the man-in-the-middle. Comput. Commun. 29(12), 2238–2246 (2006)

    Article  Google Scholar 

  17. Open Web Application Security Project (OWASP). https://www.owasp.org/index.php/Cross-site_Scripting_(XSS). Accessed 5 Sept 2013

  18. OWASP Top 10 Application Security Risks - 2013. https://www.owasp.org/index.php/Category:OWASP_Top_Ten_Project. Accessed 6 Sept 2013

  19. PHP manual. http://php.net/manual/en/pdo.prepared-statements.php. Accessed 6 Sept 2013

  20. Stallbaum, H., Metzger, A., Pohl, K.: An automated technique for risk-based test case generation and prioritization. In: Proceedings of 3rd International Workshop on Automation of Software Test (AST’08), pp. 67–70. ACM (2008)

    Google Scholar 

  21. Stoneburner, G., Goguen, A., Feringa, A.: Risk Management Guide for Information Technology Systems. NIST Special Publication 800–30, National Institute of Standards and Technology (2002)

    Google Scholar 

  22. XAMPP. http://www.apachefriends.org/en/xampp.html. Accessed 11 Aug 2013

  23. Zech, P., Felderer, M., Breu, R.: Towards a model based security testing approach of cloud computing environments. In: Proceedings of 6th International Conference on Software Security and Reliability Companion (SERE-C’12), pp. 47–56. IEEE Computer Society (2012)

    Google Scholar 

Download references

Acknowledgments

This work has been conducted as a part of the DIAMONDS project (201579/S10) funded by the Research Council of Norway, the NESSoS network of excellence (256980) and the RASEN project (316853) funded by the European Commission within the 7th Framework Programme, as well as the CONCERTO project funded by the ARTEMIS Joint Undertaking (333053) and the Research Council of Norway (232059).

Author information

Authors and Affiliations

  1. Department for Networked Systems and Services, SINTEF ICT, P.O. Box 124 Blindern, 0314, Oslo, Norway

    Gencer Erdogan, Atle Refsdal & Ketil Stølen

  2. Department of Informatics, University of Oslo, P.O. Box 1080 Blindern, 0316, Oslo, Norway

    Gencer Erdogan & Ketil Stølen

Authors
  1. Gencer Erdogan
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Atle Refsdal
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Ketil Stølen
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Gencer Erdogan .

Editor information

Editors and Affiliations

  1. Fraunhofer IESE, Kaiserslautern, Germany

    Thomas Bauer

  2. Fraunhofer Institut FOKUS, Berlin, Germany

    Jürgen Großmann

  3. SINTEF ICT, Oslo, Norway

    Fredrik Seehusen

  4. SINTEF ICT, Oslo, Norway

    Ketil Stølen

  5. Fraunhofer Institut FOKUS, Berlin, Germany

    Marc-Florian Wendland

Rights and permissions

Reprints and permissions

Copyright information

© 2014 Springer International Publishing Switzerland

About this paper

Cite this paper

Erdogan, G., Refsdal, A., Stølen, K. (2014). A Systematic Method for Risk-Driven Test Case Design Using Annotated Sequence Diagrams. In: Bauer, T., Großmann, J., Seehusen, F., Stølen, K., Wendland, MF. (eds) Risk Assessment and Risk-Driven Testing. RISK 2013. Lecture Notes in Computer Science(), vol 8418. Springer, Cham. https://doi.org/10.1007/978-3-319-07076-6_7

Download citation

  • DOI: https://doi.org/10.1007/978-3-319-07076-6_7

  • Published:

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-319-07075-9

  • Online ISBN: 978-3-319-07076-6

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation