Traceability
NIST (http://ts.nist.gov/Traceability/Policy/nist_traceability_policy-external.cfm) adopts the definition of traceability from the International Vocabulary of Basic and General Terms in Metrology 12 as a “property of the result of a measurement or the value of a standard whereby it can be related to stated references, usually national or international standards, through an unbroken chain of comparisons all having stated uncertainties.” This general definition can be extended to software systems.
A Web commerce software application is tested at runtime to determine whether it is traceable to and conforms to its functional requirements. Requirements that state how the application will respond when a specific event occurs are referred to as positive requirements. Typically, for software, a positive requirement is mapped to a specific software artifact meant to implement that requirement. This provides traceability from requirements to implementation and informs the tester of which code artifact to test to validate the expected functionality. An example of a positive requirement is “the application should lock the user account after three failed login attempts.” A tester can validate the expected functionality (the lockout) by attempting to log in to the application three times with the same username and incorrect passwords. This type of test can be easily automated with a functional testing tool suite, such as the open source Canoo WebTest, available at http://webtest.canoo.com ...
Get Web Commerce Security Design and Development now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.
