how to break software

如何进行软件测试的经典之作. Abstract— This paper describes a number of methods (called “attacks”) to expose design and development flaws in software. The attacks are manual, exploratory tests designed and executed on-the-fly with little or no overhead. The attacks were conceived after studying hundreds of real software bugs and generalizing their cause and symptoms. Two semesters of refinement at the hands of software testing students at the Florida Institute of Technology have identified dozens of approaches for attacking software with the intent of finding bugs. The attacks have been very successful, resulting in hundreds of additional bugs— all found as a direct result of the attack strategies— in a very short period of time with little or no familiarity with the products involved. This paper describes a subset of the attacks and demonstrates their use to find real bugs in released products.