In addition to my first post and to clear things up a bit:

I am a little step further at the moment, in general you can say negative testing is going beyond the borders of normal (load, stress, fail-over, UAT, etc.) testing. Some aspects of negative testing in my (just reached and incomplete) sense would now be:

- intercepting & faking post/get/http headers
- inserting SQL-statements into the applications forms to corrupt databases / tables / etc
- creating queries exceeding max execution time or max number of results can be handled
- manually creating / inserting datasets which make the application collapse when being read again (by one of the above ways?)
- reverse engineering of java clients, writing your own client and using the original client's server connection to do bad things similar to the above mentioned (this case would maybe definetly go beyond the point we would call 'hacking')
- and also manipulating any kind of software (the JVM?) to reach one or more of the following effects


this all leads / should lead the application to stop / shut down / break in not a planned way, e.g. without being able to write logs or showing readable error messages to the user, stopping the server or doing other unattractive things like killing all sessions or throwing all users out.

I mainly concentrate on webapps, but also have to take a look at java-clients.
I do not cover destroying hardware (disks ...) or things like that.


Does anyone have more 'phantasies' on that?

Thanks for your attention again,

Henning



---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]



Reply via email to