# THESIS PROGRESS REPORT # Table Of Contents 1. [Outcomes](#Outcomes) 2. [Difficulties](#Difficulties) 3. [Plan For Next Week](#PlanForNextWeek) # Outcomes ## Web Vulnerabilities - **In Week 6, I studied and practiced labs of following web vulnerabilities topics:** - File Upload Vulnerability - DOM-Based Vulnerability - OS Command Injection - Prototype Pollution - Race Conditions - Cross-origin resource sharing (CORS) Vulnerability - **Platforms used for practicing:** - Port Swigger - RootMe (*Web-Client* + *Web-Server*):  - **Documentation:** - Overall Progress: 90% - Unfinished topics: - Business Logic Errors - Broken Access Control (BAC) - DOM-Based Vulnerability ## Software Testing - **In Week 7-8, I started to read and study the basic concepts of Software Testing, including:** - ***Definition:*** The process of checking the quality, functionality, and performance of a software product before launching - ***Purpose:*** - Make a judgment about quality or acceptability - Discover problems (bugs) - ***Terminologies***: - **Error** Mistakes made during coding, caused faults - **Fault:** Result/Representation of errors, also called defect/bug - **Failure:** Occur when code has fault is executed. - **Incident:** the symptom associated with a failure that alerts the user to the occurrence of a failure. - **Test:** An act of executing software with test cases - **Test case:** Consist of input and expected output, has an identity corresponding with a program behavior - ***Methods to identify test cases:*** - **Specification-based Testing**: Mainly depends on the specification of the software, also called *Black box testing* - **Code-based Testing**: Depends on the implementation of the software (know what is inside the black box), also called *White box testing* - ***Testing Life Cycle:***  - ***Maths For Software Testing:*** - **Discrete Maths** - **Graph Theory:** Program Graph, Finite State Machine, Petri Net, Event-Driven Petri Net, Statechart - ***Unit Testing Methods:*** - **Specification-Based Testing**: Boundary Value Testing, Equivalence Class Testing, Decision Table-Based Testing - **Code-Based Testing:** Test Coverage Metrics, Basis Path Testing - **References:** Paul C. Jorgensen. 2022. *Software Testing: A Craftsman's Approach (5th. ed.*). CRC Press, Inc., USA. # Difficulties - Documentation: Large topics (e.g. BAC) are extremely hard to be fully covered in the document (especially *Techniques/Specific Cases* section) # Plan For Next Week - Understand other testing methods: Life Cycle-Based Testing, System Testing, Model-Based Testing - Document what I learn - Practice with the assignment of HCMUT's "Software Testing Course"