Rants About Software

by James A. WhittakerMost of the books about software testing that I've read (wow, I can't believe I've actually read multiple books about testing software) have taken a very textbook style approach to explaining the ins and outs of testing. They go into detail about developing a test plan, boundary conditions, white/black box testing, localization testing, regression testing, etc.

The How to Break Software series (How to Break Software, How to Break Software Security, and How to Break Web Software) takes a much more hands-on approach to software testing. The book is made up of a series of tests, referred to as attacks, that each target a specific fault in the software being tested.

These attacks include things such as exploring allowable character sets and data types, overflowing input buffers, forcing a function to call itself recursively, finding features that share data, and forcing the media to be busy or unavailable.

Each of these attacks are explained in great detail by telling the reader when to apply the attack, what software faults make the attack successful, how to determine if the attack exposes failures, and how exactly to conduct the attack. After I got this book, I immediately began performing many of these attacks on commercial software. You wouldn't believe how many bugs I found! This series is an absolute must-have for any software tester, developer, or project manager.