SCG News

Threats to Validity in TDD Research

Timm Gross. Threats to Validity in TDD Research. Bachelor’s thesis, University of Bern, May 2020. Details.

Abstract

Context: Test driven development (TDD) is an iterative software development technique where unit tests are defined before production code. Recent quantitative empirical investigations into the effects of TDD have been contrasting and inconclusive. Additionally studies have shown that TDD is not as widely used as expected. At the same time the body of research contains anecdotal evidence about the usefulness of TDD in practice. This makes it difficult for decision makers in development teams to use the research as the basis for the decision of whether or not to apply TDD. Objective: We present a study designed to uncover the threats to validity in previous studies that prevent them being usable in decision making processes. In order to do that we first studied what values practitioners associate with software testing. Method: We first conducted 15 hours of ethnographically informed qualitative interviews with a small development team to capture the perceived benefits of testing. Then we analysed the threats to validity mentioned in the body of research in a literature review. Results: The interviewed developers put equal emphasis on quality related aspects (i.e. productivity, internal and external code quality) and non quality related aspects (i.e. collaboration, confidence, knowledge transfer, etc.) of testing. In contrast the analyzed research papers focus almost exclusively on quality related aspects of TDD. In addition we identified the common threats to validity in the following areas: participants selection, task selection, context of the study, threats to validity regarding quality, length of observation, amount of iteration, comparisons to other techniques, measuring the adherence to TDD and a lack of qualitative research. Conclusion: Contrasting the views of practitioners on testing and the common threats to validity in TDD research allows us to highlight opportunities for further research. Especially for researchers aiming to provide scientific support for decision making processes of how and when to apply TDD in practice, this study summarizes important aspects to consider.

Posted by scg at 27 May 2020, 9:15 am comment link

An Investigation into Vulnerability Databases

Brian Schweigler. An Investigation into Vulnerability Databases. Bachelor’s thesis, University of Bern, May 2020. Details.

Abstract

The vulnerability databases’ affiliations and contributions are non-trivial and have not yet been studied in depth. This raises a major concern regarding the correctness of the data used in numerous existing studies. To investigate this problem, we first collected publicly available data from the websites of five major database providers, and then we normalized and correlated the individual entries to track them within different vulnerability databases. 370,298 security reports were extracted, 89% of which were accessible at more than one provider. Surprisingly, many reports were inconsistent with respect to scores and detail descriptions. In the scoring system CVSS version 3.0, for example, we found on average a difference of 0.8 on NVD and Snyk, whereas CVSS version 2.0 remains largely consistent with a difference of only 0.1 between NVD and RAPID7. Furthermore, we discovered that the security-related popularity differs for widely used software, and we show that shared code bases but not library usages can be predicted by aggregating security reports over periods of time. Finally in visualizations, software release cycles become visible.

Posted by scg at 25 May 2020, 1:47 pm comment link

Investigating Phishing on Demand

Pascal Gerig. Investigating Phishing on Demand. Bachelor’s thesis, University of Bern, May 2020. Details.

Abstract

Gathering protected information by disguising an attacker as a trustworthy contact in electronic communication, also known as “phishing, is the primary technique attackers use to steal sensitive data. Phishing websites are mainly static and barely synchronize with the original website. We investigate “Phishing on Demand, a technique to dynamically replicate any website for phishing purposes. The replicas are available with a few clicks and are always in sync with the original web pages. Our studies with a proof of concept show that this phishing technique is highly effective. For instance, we could successfully run phishing campaigns against major Swiss e-banking websites with two-factor authentication. With this thesis, we show that there is a demand for more robust visual similarity algo- rithms for websites that are able to track changes applied to original sites such as insertions of banners, rewritings of text, or alterations to graphics.

Posted by scg at 22 May 2020, 9:15 am comment link

Debugging Spark Applications — A Study on Debugging Techniques of Spark Developers

Melike Geçer. Debugging Spark Applications — A Study on Debugging Techniques of Spark Developers. Masters thesis, University of Bern, May 2020. Details.

Abstract

Debugging is the main activity to investigate software failures, identify their root causes, and eventually fix them. Debugging distributed systems in particular is burdensome, due to the challenges of managing numerous devices and concurrent operations, detecting the problematic node, lengthy log files, and real-world data being inconsistent. Apache Spark is a distributed framework which is used to run analyses on large-scale data. Debugging Apache Spark applications is difficult as no tool, apart from log files, is available on the market. However, an application may produce a lengthy log file, which is challenging to examine. In this thesis, we aim to investigate various techniques used by developers on a distributed system. In order to achieve that, we interviewed Spark application developers, presented them with buggy applications, and observed their debugging behaviors. We found that most of the time, they formulate hypotheses to allay their suspicions and check the log files as the first thing to do after obtaining an exception message. Afterwards, we use these findings to compose a debugging flow that can help us to understand the way developers debug a project.

Posted by scg at 20 May 2020, 10:15 am comment link

Assessing and Improving the Software Quality of an iOS App Framework

Alain Stulz. Assessing and Improving the Software Quality of an iOS App Framework. Bachelor’s thesis, University of Bern, February 2020. Details.

Abstract

Creating and maintaining high-quality software is an essential topic in Software Engineering. While mobile application development is a relatively young discipline, it has evolved particularly rapidly. The quick pace requires complex mobile projects to be highly flexible and easily maintainable to stay relevant over time. In this thesis, we examine a framework designed to build iOS applications, which was created in the early 2010s and seems to have fallen behind in some areas. We answer "How can we assess the quality of our system?" by defining our understanding of software quality and subsequently collecting and analyzing data from several sources. In a second step, we address "How to improve the existing system’s quality?" through setting conventions for developers, performing maintenance, and refactoring specific areas in the code. In this context, we also explore different techniques to increase unit test coverage. Furthermore, we analyze the question "What would constitute a better software design?" by selectively rewriting parts of the system’s functionality. Finally, we take a look at the project’s future and recommend that the company should consider a rewrite over refactoring to better cope with changed software requirements and technology.

Posted by scg at 10 February 2020, 6:15 pm comment link
<< 1 2 3 4 5 6 7 8 9 10 >>
Last changed by admin on 21 April 2009