Pages

Wednesday, November 29, 2017

Testing


white box testing
White box testing assesses the effectiveness of software program logic. Specifically, test data are used in determining procedural accuracy or conditions of a program's logic paths. Verifying the program can operate successfully with other parts of the system is sociability testing.

Black Box Testing
Testing the program's functionality without knowledge of internal structures is black box testing.

sand box testing
Controlled testing of programs in a semi-debugged environment, either heavily controlled step-by-step or via monitoring in virtual machines, is sand box testing

Double-blind testing
Double-blind testing is also known as zero-knowledge testing. This refers to a test where the penetration tester is not given any information and the target organization is not given any warning—both parties are "blind" to the test. This is the best scenario for testing response capability because the target will react as if the attack were real.

Blind testing
Blind testing is also known as black-box testing. This refers to a test where the penetration tester is not given any information and is forced to rely on publicly available information. This test simulates a real attack, except that the target organization is aware of the test being conducted.

targeted testing
Targeted testing is also known as white-box testing. This refers to a test where the penetration tester is provided with information and the target organization is also aware of the testing activities. In some cases, the tester is also provided with a limited-privilege account to be used as a starting point.

external testing
External testing refers to a test where the penetration tester launches attacks on the target's network perimeter from outside the target network (typically from the Internet).

Posted by at No comments:
Labels:

Shadow file processing

In shadow file processing, exact duplicates of the files are maintained at the same site or at a remote site. The two files are processed concurrently. This is used for critical data files, such as airline booking systems.
Posted by at No comments:
Labels:

commits and rollbacks



Database commits ensure the data are saved to disk, while the transaction processing is underway or complete. Rollback ensures that the already completed processing is reversed back, and the data already processed are not saved to the disk in the event of the failure of the completion of the transaction processing.



Commitment and rollback controls are directly relevant to integrity. These controls ensure that database operations that form a logical transaction unit will complete in its entirety or not at all; i.e., if, for some reason, a transaction cannot be fully completed, then incomplete inserts/updates/deletes are rolled back so that the database returns to its pre-transaction state.

Posted by at No comments:
Labels:

Tuesday, November 28, 2017

Traffic engineering



To ensure that quality of service requirements are achieved, the VoIP service over the WAN should be protected from packet losses, latency or jitter. To reach this objective, the network performance can be managed using statistical techniques such as traffic engineering.
Posted by at No comments:
Labels:

User spool and database limit controls


User spool limits restrict the space available for running user queries. This prevents poorly formed queries from consuming excessive system resources and impacting general query performance. 

Limiting the space available to users in their own databases prevents them from building excessively large tables. This helps to control space utilization which itself acts to help performance by maintaining a buffer between the actual data volume stored and the physical device capacity. Additionally, it prevents users from consuming excessive resources in ad hoc table builds (as opposed to scheduled production loads that often can run overnight and are optimized for performance purposes).
Posted by at No comments:
Labels:

Attack



Brute force attack


an attack on a password that repeatedly tries to re-create it through a random combination of characters.



Eavesdropping attack
Software attack using special monitoring software to gain access to private communications on the network wire or across a wireless network. (aka sniffing attack)


Masquerading 
Impersonating another user, usually with the intention of gaining unauthorized access to a system


Spoofing attack

is a situation in which one person or program successfully masquerades as another by falsifying data and thereby gaining an illegitimate advantage.



IP spoofing

IP spoofing takes advantage of the source-routing option in the IP protocol. With this option enabled, an attacker can insert a spoofed source IP address. The packet will travel the network according to the information within the source-routing field, bypassing the logic in each router, including dynamic and static routing passive attacksExamples of passive attacks include network analysis, eavesdropping and traffic analysis. Active attacks include brute force attacks, masquerading, packet replay, message modification, unauthorized access through the Internet or web-based services, denial-of-service attacks, dial-in penetration attacks, email bombing and spamming, and email spoofing.
Posted by at No comments:
Labels:

CRC



A Cyclic Redundancy Check is a calculation which is performed on a block of data by treating that block of data as a binary number, and transmitted along with that data.



The same calculation is performed by the computer at the receiving end and if the results agree, it is assumed that the data has been transmitted without error. A CRC is a more sophisticated error detection method than a checksum.
Posted by at No comments:
Labels:
Subscribe to: Posts (Atom)