Softwear security project part ||

Group members:
1- AbdulAziz AbdulRahman Banaemah - 1948617
2- Omar Suhail Saad - 1948616
3- Ahmed Sami Mohammed– 1948660
4- Farooq Khalid Alshawish - 1948610
Static/dynamic analysis results

Static analysis and dynamic analysis are two different approaches to evaluating software or code.

Static analysis is a method of analyzing code without executing it. It involves examining the code's
structure and syntax, looking for potential issues such as syntax errors, security vulnerabilities, and
coding standards violations. This method can identify issues early in the development process, allowing
developers to make necessary changes before the code is executed.

Dynamic analysis, on the other hand, involves executing the code and observing its behavior while
running. This method is used to identify runtime errors, performance issues, and other problems that
may not be detected through static analysis. Dynamic analysis may include techniques such as unit
testing, integration testing, stress testing, and runtime analysis tools.

The result of a static analysis is usually a report that highlights any potential issues or areas of concern
that were identified in the code. The result of a dynamic analysis can be a report that includes
information about any errors that were encountered, performance metrics, and other data related to
the behavior of the code during execution.

Eclipse provides various built-in tools for dynamic analysis, and Static analysis including debugging for
dynamic and Findbugs for Static .
Dynamic analysis using de debugging:
1. Run your application in debug mode by selecting "Debug As".

creates a new Debug Launch Configuration and uses it to start the Java application.
The result:
Static analysis using Findbugs:
set Scariest rank and Scary rank bugs to be reported as Error (in the code).
Seting the preferences:
And after running the tool this the result:
List of testing techniques used and result:

1. Regression Testing: This technique involves testing whether changes made to the code
have caused any new defects or issues. In Java, you can use tools like JUnit or TestNG to run
automated regression tests, you can see the result down.

2. Unit Testing: This technique involves testing individual units of code, such as methods or
functions. In Java, you can use testing frameworks like JUnit or TestNG to write and run unit
tests, you can see the result down.

3. Fuzzing test: is a software testing technique that involves providing unexpected, invalid, or
random input to a program to detect unexpected behavior or vulnerabilities, you can see the
result down.
Black Box Fuzzing:
We tried to Feed the program random inputs and see if it crashes:
As we can see we tried multiple inputs and it didn’t cashes
White box Fuzzing:
Case 1:

Passengers <= 4 , comfort is poor

Test Case 2:

Passengers <= 4 , comfort is medium

Test case 3:

Passengers = 5 , comfort is good

Test case 4:

passengers > 5 < 8, comfort is medium.

Test case 5:

Passengers = 4, comfort is good

Test case 6:

Passengers > 8
Test case 7:

Passengers > 5 && < 8, comfort good

EclEmma Coverage Report

Process of Installing and running EclEmma

Class Car test result as shown.

Class Car
The result of project class for some reason it detected missed instruction and miss
branches although it's for unknown reasons mostly in our loops.
The values of our project as a hole *It detected misses upon our necessary loops
which made the user try again if it detected invalid value*
First Test :
with Normal Input

number of passenger : 5

number of rental days : 2

Amount of mileage : 15

Number of level : 1
Second Test:
with no Input
Third Test:
Input with error

Enter any Number of the list below: 4 , 1

number of passenger : 0 , 4

number of rental days : -3 , 10

Amount of mileage : 0 , 2

Number of level : 5, 1
Forth Test:
Other input

Enter any Number of the list below: @!# ,1

number of passenger : Rayan , 4

number of rental days : AAA , 0 , 3

Amount of mileage : -1 , 12

Number of level : Hi , 1
Junit test cases:
Since our code doesn’t involve methods that could be tested with Junit test
cases, we have decided to run Junit test cases on another code just to show
the different cases that could be done with this test and how it can make a
program more secure.
In here we made a small simple code that adds two numbers together to show
how Junit test cases can help detect coding errors and faults

And here we tested the method by using the assertEquals method and gave it
4 as the expected result and after running it we found out that it’s true and the
method works perfectly fine, this is an example of a code that works properly
as intended.
Now in this scenario we are going to try a test case where the result is false
and not equal to the expected result.
As seen in here when expected result of 2+2 is 3 it returns false, now we will
give scenarios where Junit tests can be really helpful to a programmer.

In here we see that our Junit test case returned 0 errors but when we go back
to check our addition method, we find that someone changed it to
multiplication instead of addition.

And 2*2 does equal to 4 which is why our Junit test returned 0 errors, in this
scenario using different test cases can help detect such faulty code.
As seen in here we got errors for the two new test cases that we added
meanwhile the first one kept returning true with 0 errors, in scenarios such as
this one having multiple test cases can help detect such errors and therefore
help improve the quality of the code and software.

As seen here these are the 2 errors that occurred with our code, showing that
the method in fact does not add the two given integers, and as a programmer
after seeing this you should immediately go and check the code and fix the
error.
You could also use different methods such as assertTrue, assertNotEquals and
other ones depending on your code to help find errors in the code.