Code Review, Test Data, and Code Comparison Chapter 17.
-
Upload
regina-stevens -
Category
Documents
-
view
213 -
download
1
Transcript of Code Review, Test Data, and Code Comparison Chapter 17.
Code Review, Test Data, and Code Comparison
Chapter 17
Integrated use of code review, test data, and code comparison for evidence collection purposes
Program codereview
Flaw hypothesisgeneration
Design of test data
Test of programInvestigation ofdiscrepancies
Code comparision ofBlueprint with
Production program
Creation ofProgram blueprint
Correction ofProgram flaws
Program source-code review
Objectives of code review- Identify erroneous code- identify unauthorized code- identify ineffective code- identify inefficient code- identify nonstandard code
Source-code review methodology
1. Select the source code to be examined.2. Review the organization’s programming
standards.3. Obtain an understanding of the program
specifications.4. Obtain the source-code listing.5. Review the programming language used
to implement the code.6. Review the source code.7. Formulate flaw hypotheses.
Benefits and costs of code review
Benefit Provides a level of detailed knowledge about a program.
DisadvantagesTime consuming and often difficult and costly to undertake.
Test Data
Reliable if it reveals a defect in a program when the program contains a defect.
Auditors should use a systematic approach to the design of test data.
Types of systematic approaches to the design of test data exist :
Black-box (specification-based testing methods)1. Equivalence partitioning2. boundary value analysis
White-box (program-based testing methods)1. Basis path testing2. Loop testing
Benefits & Costs of Test Data
Benefit it allows auditor to examine the quality of program code directly.
Disadvantages It is often time consuming and costly.
Types of code comparison :
1. Source-code comparison2. Object-code comparison
Source-code and object-code comparison are often most effective when they are used in conjunction with one another.
Benefits & Costs of Code Comparison
Benefit It is easy to undertake. Limitation It does not provide
evidence directly on the quality of the code being compared.