• Investment World
• eWorld
• Catalyst
• Mentor
• Life
• Canvas
• Praxis
• Urban Pulse
• Brand Quest

D. Murali

They uncover error in the code, not in the person ... You'll have to read on for the rest.

COMPUTER books tend to be fat and daunting, especially if they're about software. Therefore, it comes as a welcome change to see Rajnikant Puranik's illustrated guide to software testing, titled The Art of Creative Destruction, from Shroff Publishers & Distributors (www.shroffpublishers.com) .

In the foreword, one is struck by the frankness of L.N. Rajaram, director of Advanced Information Services and The Watts Humphrey Software Quality Institute, who writes: "Every other industry would consider it an extremely unethical practice to pass on to the customer products of the levels of quality found in software products."

For the Indian software industry to leapfrog into top slot as software producer, the driver has to be software quality, emphasises Rajaram, making the book eminently relevant for the purpose.

Puranik's work should be useful to bankers because of the many examples he cites in the book, based on his experience in heading the development of core banking and treasury products.

"Testing is an area not just for testers," writes the author, inviting you, as a user, to taste the wisdom in the pages, beginning with a Russian proverb: "Trust. But, verify." What seems simple may actually be quite complex, reminds Puranik.

The book presents information in bullet points and flowcharts, tables and diagrams, so it should be easy to grab the inputs on the go.

For instance, the chapter on automated functional testing has graphic depictions of broad automation components, domain testware, test data, test automation `artifacts', test repository, regression testing, and so on.

Puranik presents `a few guidelines for selecting test-data for a banking application.' These include suggestions on using EP (equivalence partitioning), and BVA (boundary value analysis), plus advice not to ignore illegal values and extreme ones. Don't forget the maxim: "There is 99.9999 per cent chance that what is not tested would also not work."

Effective testers have seven habits, lists the book. These include: "They uncover error in the code, not in the person. They know that part testing is no testing. They test with both valid and invalid inputs. They check if the system is doing what it should, and also if it is doing what it should not. They automate as much as possible, as early as possible."

However, what's common is to find ineffective responses from developers when you report bugs.

They may say, "I had fixed that! Somebody must have changed something in that."

Or, one or more of the following: "Must be a hardware problem. That's a feature. You logged in as what? It is as per the specifications. That's what I was told it should do. That's strange. I think your PC is infected. It worked yesterday. That's not possible. There's something illegal in your data. You must be using the wrong version. That's some weird coincidence. I can't test everything! It's working fine, only it's yet to be tested. Why do you want to do it that way?"

A book not to be missed!

On Coroner's Toolkit and Grave-robber

NIIT's new book on computer security is "Understanding Forensics in IT," from Prentice-Hall of India (www.phindia.com) .

The introduction sets the agenda, quite positively: "No crime is invincible. Today, cyber crime or e-crime has become a major challenge that has to be combated with advanced technology and by proper law enforcement."

But what is forensics?

It is an old art that makes use of science - such as blood typing, DNA mapping, and fingerprinting - to reach the source of an event, such as theft, crime, and so on.

The book credits Judd Robbins for his definition of system forensics (or computer forensics) as "the application of computer investigation and analysis technique in the interest of determining potential legal evidence."

The system forensics process involves identification of data, and, thereafter, collection, analysis and presentation of data. The sources of information in a computer are log files (where you can find activities with time and date stamps), system registry (indicating logins and application used), hard disk, memory and so on.

An example on analysis reads thus: "One of the event logs in the Windows 2000 system logs displays the following: `The connection to Connection to 24880000 made by user 24121433 using device COM4 was disconnected.'" The trail may lead you to know that COM4 is a dial-up modem.

Using `evidence-chain model,' it is possible to recreate the complete chain of activities that happened during the crime. This technique may help in intranet incidents, because it works on evidence. "Minor changes in any of the linked systems may lead to failure of the investigation." There's a chapter on Linux system forensics, where the book discusses the many free tools to assess disk images.

Thus, LiSt Open Files (LSOF) helps display information about files opened by the processes, while dd utility can be used for copying from a specific input device. "FIND is a complex and powerful tool in the hands of a skilled investigator... And FILE command looks simple but is an indispensable tool to the forensic investigator." There are many Windows versions of Linux tools to help investigators of Windows systems.

In the chapter on `system forensic tools,' be ready to handle The Coroner's Toolkit (TCT) developed by Dan Farmer and Wietse Venema; a core component of TCT is Grave-robber! Your lawyer may benefit by reading the chapter on `legal policies'.

After the rookie stuff, the book moves you on to `advanced forensics' where you'd study `kernel-module forensics', `rootkits', `malware detection' and such. Last comes `network forensics' discussing topics such as `OS fingerprinting', `header' dissection, `encrypting and tunneling', `evidence from network traffic' and so on.

Begin your investigation... to find the book!

Tailpiece

"Don't you think the electronic voting machine should have provided for one more option?"

"You mean, a `none of the above' button?"

"No, an option for President's Rule!"

Books2Byte@TheHindu.co.in

Article E-Mail :: Comment :: Syndication :: Printer Friendly Page

Stories in this Section
Straddling two worlds

Copyright © 2005, The Hindu Business Line. Republication or redissemination of the contents of this screen are expressly prohibited without the written consent of The Hindu Business Line