How could we test the efficiency of our generated test cases for SQL Injections based on mutation?
Thanks Mr Stefan Gruner
Efficiency here means the mutation score efficiency: whether the mutation is weak or not, whether the new generated test cases are effective and capable of revealing SQL Injection Vulnerabilities . So Efficiency here come from Mutation Analysis by testing the quality of generated tests. Am using More than 20 Mutants and generated almost thousands of test cases the mutation score is very high. i need to know which tool can be used to inject this new test cases in real web-applications for example to kill the mutatnts.
Best Regards
You must clearly distinguish between effectiveness (typically, how well you achieve your goals) and efficiency (typically, how much resources do you spend on achieving your goals). I get a feeling that you have not made this distinction and use effectiveness and efficiency in the same way.
There are three more process-oriented qualities (typically not applied in testing): ethicality, efficacy and elegance.
Thank's a lot Pro Jonas Mellin for the further explanation and elucidation. But unfortunately when we start talking about test cases mutation we focus on efficiency or effectiveness is the same context because the resulted test cases are built from original exploits and injections so what we need is to know how efficient are the test cases to find vulnerabilities. Please Do you have any idea about how to test out this test cases excluding SQLMAP and BurpSuite
Dear Benikhlef, my first longer answer here was lost. Concepts are important and I advise you to
The reason is to reduce misunderstandings. For example, software testing has long been riddled with a terminology concerning faults that is imprecise and ambiguous where faults has been called defects, bugs, errors. A more clear terminology is found in a dependability community which is now spreading into software testing (albeit slowly) is that a fault is the cause of an error, the error is the erroneous state of the system and the phenomena or response which is deviating from specified (or expected) is the failure. This is called the fault pathology, where a failure in a subcomponent can be a fault in another component. The advantage of this terminology is that testing (fault removal) then can be included as a methodology for achieving dependability (together with fault prevention, fault tolerance and fault prediction). Further, the distinction between testing (demonstrating the presence of a type of fault by looking for associated failures) and debugging (locating the fault) can be made.
There are more examples of imprecision, ambiguity and lack of comprehensiveness. (Cf. information and data in informatics and computer science). So, do not add to this, distinguish. If there are competing paradigms, choose one and stick to it.
Finally, I attached a good example of usage of test efficiency and test effectiveness + the reference to the dependability concepts. Unfortunately, I do not know the answer to your question irrespective of whether you mean efficiency or effectiveness or both.
http://torkar.se/resources/ese-exp-test.pdf
http://www.nasa.gov/pdf/636745main_day_3-algirdas_avizienis.pdf
@ Jonas Mellin
Technology has made it easier for students to learn from internet , but nothing can come close to the experience of being taught by an inspirational teacher like you. Thank you. Really appreciate
Thank you so much for the great advice you offered me yesterday. Facing a difficult problem, it’s wonderful to have a someone like you that I can count on to be guiding me to work through all this various solutions. As always, you offer a fresh perspective on the situation, and get me thinking about alternatives I had not previously considered.
- Badges
- Science topic
- Similar topics
- Mathematical Sciences
- Graphs