Testing Techniques to Find the Sin

The discipline of usability engineering revolves around testing. Unfortunately, its not the same kind of testing that development organizations are used to performing. With usability testing, you generally observe your users working in pairs (the two-person talk- aloud technique) as they go through the system, often for the first time. When youre looking for security results, you take the same approach, while making sure that the user flexes the security functionality youre interested in learning about.

Its usually par for the course to give users a set of tasks to accomplish, but to do nothing to interfere with what they do, unless they get completely stuck.

The basics of usability testing definitely apply to security, and theyre well worth picking up. We recommend the book Usability Engineering by Jacob Nielsen (Morgan Kaufmann, 1994). Also, the paper Usability of Security: A Case Study by Alma Whitten and J.D. Tygar offers some good insight on performing usability tests for security software. (See the Other Resources section for more information on these resources.)



19 Deadly Sins of Software Security. Programming Flaws and How to Fix Them
Writing Secure Code
ISBN: 71626751
EAN: 2147483647
Year: 2003
Pages: 239

flylib.com © 2008-2017.
If you may any questions please contact us: flylib@qtcs.net