Chapter 8 Discover States and Transitions

Explore It! — by Elisabeth Hendrickson (50 / 99)

👈 Practice Sessions | TOC | Recognizing States and Events 👉

Have you ever encountered a failure that was extremely difficult to reproduce? Perhaps you’ve seen a catastrophic error that happens only sporadically, or maybe you stumbled on corrupted data and could not trace the root cause.

Such defects are often triggered when something happens during a brief window of vulnerability: a moment in time when all the conditions line up just right so something can go very wrong. A file happens to be locked just when the software attempts to write to it. Your session times out just at the moment you try to access secure content. A race condition exists where on rare occasions one part of the system attempts to update a record before another part finishes creating it.

These conditions are usually short-lived and hard to spot. You might not know how to cause them intentionally or even how to tell when they’re open so you can take advantage of them. If you can’t see the window of vulnerability, discovering or reproducing bugs related to it becomes a frustrating matter of trial and error.

Fortunately, there’s a systematic approach to discovering and exploiting these windows of vulnerability using state models. In this chapter, you’ll learn how to map a state model and use heuristics to surface surprises related to timing.

It’s important to note that you’ll get more out of this chapter if you focus on observable behavior rather than on implementation details. Modeling from an external perspective enables you to see states and responses that stem from the whole technology stack and not just from the layer of that stack with which you are most familiar. So even if you happen to have knowledge of the internals of the software, you’ll need to set that knowledge aside so that you can focus on what you see happening rather than on what you know is going on under the covers.

👈 Practice Sessions | TOC | Recognizing States and Events 👉

Related posts:

My first writing course taught me how to write an article and break into print. Back then, the internet was still fairly new. Magazines were one of the main avenues to accumulating clips and…

Cyber-criminals have your web applications in their crosshairs. They search for and exploit common security mistakes in your web application to steal user data. Learn how you can secure your Node.js applications, database and web server to avoid these security holes. Discover the primary attack vectors against web applications,

The command-line interface is making a comeback. That's because developers know that all the best features of your operating system are hidden behind a user interface designed to help average people use the computer. But you're not the average user, and the CLI is the most efficient way to get work done fast. Turn tedious chores