testing

A/B Split and Multivariate Testing: Statistics/Evidence Based Optimization {4}

by Ruben S
For the past few weeks we have been talking about pay-per-clicks, conversion rates, and other topics on what we need our sites to do. How do we go about accomplishing our goals of increased conversion rate optimization, or having more people visiting out sites? Well, we could go about this in two ways, 1st we could just go willy nilly changing items on our site and hoping that this would accomplish out task. Although some people might get some lucky guesses, this is no way to systematically what our changes actually accomplish. The 2nd method we could use is statistical or evidence based changes. Companies no longer guess at what changes should be kept or scrapped, now companies rely on statistical evidence to make and keep changes on their sites. There are several methods that a company can use to test their changes, but the two I will cover today, which happen to be the most common, are A/B (Split) Testing and Multivariate Testing. With this type of testing, we can implement different changes to out site and let our customers use the site in their natural state. Customers actually using our site will give us feedback to what changes work and what changes do not work. Each one has its advantages and disadvantages, but both are far better than not doing any controlled testing at all. read more...

SQL White Box Testing {1}

by Andrew S
The article talks about how SQL software testing techniques do not address some of the important key features of SQL.  And then goes on to present a set of guidelines for designing white-box tests to exercise the way an SQL query processes its stored data.  White-box testing is a way of testing SQL software in order to check for test-set size and fault detecting ability.  The author claims that the process of writing and testing database queries must have some distinguishing particularities in order to create a thorough testing software.  As a result, there are specific guidelines that must be followed when developing a software testing technique.  These guidelines can help achieve more complete unit tests for queries and be used in the task of writing and testing SQL. read more...

Security Testing of Voting Systems {3}

by Edwin T
The peer reviewed article i choose for this week was about security testing voting systems. The authors discussed a few vulnerabilities for the DRE or direct-recording electronic voting machine and how they can affect election day. The authors found buffer overflows in the DRE system and by exploiting them it was very easy to completely take it over. Also, the DRE systems do not have the necessary means to detect any malicious software or a change in firmware. If malicious firmware is installed in the DRE system, it can activate on election day and modify a subset of ballots so they seem as if they were for the preffered candidate. There’s the “careful voter” scenario, where the voter will submit his ballot and a review screen will appear with the name of the preferred candidate and not the one the voter voted for. If the voter catches the mistake, the firmware will allow the voter to edit the submition. At this point, the firmware will consider itself found and will not change the ballots for a period of time or voters before it starts again. Another of the many scenarios in the article was the “After the Fact Vote”. For this scenario the voter places his vote normally, then the firmware will print a voided ballot and will re-print the ballot with a vote for the preferred candidate. read more...

Fear of Injections? {Comments Off on Fear of Injections?}

by Han C
No, I’m not talking about hypodermic needles. This article explains the mystery behind SQL injections and offers a few suggestions on how you can protect yourself from an injection attack. SQL injections are extremely common and very easy to exploit. Yes, I know. Your job as a database administrator just became that much sweeter, right? Fear not because the best countermeasures are simply to identify vulnerabilities yourself and test the safety of your system in a controlled environment first. SQL injections occur when malicious code is embedded into the content of a parameter. In other words, a attacker can attempt to trick the system into forwarding a query to the database in an effort to gain more information. The article explains that these types of attacks are quite simple to execute and even offers a sample or two. One reason that SQL injections are so prominent is because more tools are being developed everyday which can be used by attackers to scan for such vulnerabilities. The article explains that one of the easiest ways to prevent this from happening is to avoid accessing external interpreters whenever possible. Another important thing to remember is to ensure that web applications only run under the necessary privileges. Any user commands should be rigorously checked and rechecked against for unexpected outcomes. The bottom of the article offers a code reviewing guide and an SQL injection prevention cheat sheet. read more...