MANUAL TESTING
Introduction
Software testing is a critical element of software quality assurance and represents the ultimate process to ensure the correctness of the product. The quality product always enhances the customer confidence in using the product thereby increases the business economics. In other words, a good quality product means zero defects, which is derived from a better quality process in testing. Software is an integrated set of Program codes, designed logically to implement a particular function or to automate a particular process. To develop a software product or project, user needs and constraints must be determined and explicitly stated. The development process is broadly classified into two. 1. Product development 2. Project development Product development is done assuming a wide range of customers and their needs. This type of development involves customers from all domains and collecting requirements from many different environments. Project Development is done by focusing a particular customer's need, gathering data from his environment and bringing out a valid set of information that will help as a pillar to development process. Testing is a necessary stage in the software life cycle: it gives the programmer and user some sense of correctness, though never "proof of correctness. With effective testing techniques, software is more easily debugged, less likely to "break," more "correct", and, in summary, better. Most development processes in the IT industry always seem to follow a tight schedule. Often, these schedules adversely affect the testing process, resulting in step motherly treatment meted out to the testing process. As a result, defects accumulate in the application and are overlooked so as to meet deadlines. The developers convince themselves that the overlooked errors can be rectified in subsequent releases. The definition of testing is not well understood. People use a totally incorrect definition of the word testing, and that this is the primary cause for poor program testing.
Testing the product means adding value to it by raising the quality or reliability of the product. Raising the reliability of the product means finding and removing errors. Hence one should not test a product to show that it works; rather, one should start with the assumption that the program contains errors and then test the program to find as many of the errors as possible.
"Testing is the process of executing a program with the intent of finding errors"
Or
“Testing is the process of evaluating a system by manual or automatic means and verify that it satisfies specified requirements”
Or
"... the process of exercising or evaluating a system or system component by manual or automated means to verify that it satisfies specified requirements or to identify differences / between expected and actual results..."
Why software Testing?
Software testing helps to deliver quality software products that satisfy user’s requirements, needs and expectations. If done poorly,
Disney’s Lion King, 1994-1995
In the fall of 1994, Disney company Released its first multimedia CD-ROM game for children, The Lion King Animated storybook. This was Disney’s first venture into the market and it was highly promoted and advertised. Sales were huge. It was “the game to buy” for children that holiday season. What happened, however, was a huge debacle. On December 26, the day after Christmas, Disney’s customer support phones began to ring, and ring, and ring. Soon the phones support technicians were swamped with calls from angry parents with crying children who couldn’t get the software to work. Numerous stories appeared in newspapers and on TV news. This problem later was found out, due to non performance of software testing for all conditions.
Software Bug: A Formal Definition
Calling any and all software problems bugs may sound simple enough, but doing so hasn’t really addressed the issue. To keep from running in circular definitions, there needs to be a definitive description of what a bug is.
A software bug occurs when one or more of the following five rules is true:
1) The software doesn’t do something that the product specification says it should do.
2) The software does something that the product specification says it shouldn’t do.
3) The software does something that the product specification doesn’t mention.
4) The software doesn’t do something that the product specification doesn’t mention but should.
5) The software is difficult to understand, hard to use, slow, or –in the software tester’s eyes- will be viewed by the end user as just plain not right.
What exactly does Software Tester Do? (Or Role of Tester)
From the above Examples you have seen how nasty bugs can be and you know what is the definition of a bug is, and you can think how costly they can be. So main goal of tester is
“The goal of Software Tester is to find bugs”
As a software tester you shouldn’t be content at just finding bugs, you should think about how to find them sooner in the development process, thus making them cheaper to fix.
“The goal of a Software Tester is to find bugs, and find them as early as possible”.
But, finding bugs early isn’t enough.
“The goal of a Software Tester is to find bugs, and find them as early as possible and make sure they get fixed”
Principle of Testing
The main objective of testing is to find defects in requirements, design, documentation, and code as early as possible. The test process should be such that the software product that will be delivered to the customer is defect less. All Tests should be traceable to customer requirements.
Test cases must be written for invalid and unexpected, as well as for valid and expected input conditions. A necessary part of a test case is a definition of the expected output or result. A good test case is one that has high probability of detecting an as-yet undiscovered error.
Eight Basic Principles of Testing
Best Testing Practices to be followed during testing ·
Let us look at the Traditional Software Development life cycle vs Presently or Mostly commonly used life cycle.
Requirements Requirements
Design Design
Development Development Testing
Testing Implementation
Implementation Maintenance
Maintenance
Fig A (Traditional) Fig B (Most commonly used)
In the above Fig A, the Testing Phase comes after the Development or coding is complete and before the product is launched and goes into Maintenance phase. We have some disadvantages using this model - cost of fixing errors will be high because we are not able to find errors until coding is completed. If there is error at Requirements phase then all phases should be changed. So, total cost becomes very high.
The Fig B shows the recommended Test Process involves testing in every phase of the life cycle. During the Requirements phase, the emphasis is upon validation to determine that the defined requirements meet the needs of the organization. During Design and Development phases, the emphasis is on verification to ensure that the design and program accomplish the defined requirements. During the Test and Installation phases, the emphasis is on inspection to determine that the implemented system meets the system specification. During the maintenance phases, the system will be re-tested to determine that the changes work and that the unchanged portion continues to work.
Requirements and Analysis Specification
The main objective of the requirement analysis is to prepare a document, which includes all the client requirements. That is, the Software Requirement Specification (SRS) document is the primary output of this phase. Proper requirements and specifications are critical for having a successful project. Removing errors at this phase can reduce the cost as much as errors found in the Design phase. And also you should verify the following activities:
Design phase
In this phase we are going to design entire project into two
High – level Design gives the overall System Design in terms of Functional Architecture and Database design. This is very useful for the developers to understand the flow of the system. In this phase design team, review team (testers) and customers plays a major role. For this the entry criteria are the requirement document that is SRS. And the exit criteria will be HLD, projects standards, the functional design documents, and the database design document.
Low – Level Design (LLD)
During the detailed phase, the view of the application developed during the high level design is broken down into modules and programs. Logic design is done for every program and then documented as program specifications. For every program, a unit test plan is created.
The entry criteria for this will be the HLD document. And the exit criteria will the program specification and unit test plan (LLD).
Development Phase
This is the phase where actually coding starts. After the preparation of HLD and LLD, the developers know what is their role and according to the specifications they develop the project. This stage produces the source code, executables, and database. The output of this phase is the subject to subsequent testing and validation.
And we should also verify these activities:
The inputs for this phase are the physical database design document, project standards, program specification, unit test plan, program skeletons, and utilities tools. The output will be test data, source data, executables, and code reviews.
Testing phase
This phase is intended to find defects that can be exposed only by testing the entire system. This can be done by Static Testing or Dynamic Testing. Static testing means testing the product, which is not executing, we do it by examining and conducting the reviews. Dynamic testing is what you would normally think of testing. We test the executing part of the project.
A series of different tests are done to verify that all system elements have been properly integrated and the system performs all its functions.
Note that the system test planning can occur before coding is completed. Indeed, it is often done in parallel with coding. The input for this is requirements specification document, and the output are the system test plan and test result.
Implementation phase or the Acceptance phase
This phase includes two basic tasks :
Acceptance test plan prepared earlier and analysis of the test results to determine whether the system satisfies its acceptance criteria. When the result of the analysis satisfies the acceptance criteria, the user accepts the software.
Maintenance phase
This phase is for all modifications, which is not meeting the customer requirements or any thing to append to the present system. All types of corrections for the project or product take place in this phase. The cost of risk will be very high in this phase. This is the last phase of software development life cycle. The input to this will be project to be corrected and the output will be modified version of the project.
Software Development Lifecycle Models
The process used to create a software product from its initial conception to its public release is known as the software development lifecycle model.
There are many different methods that can be used for developing software, and no model is necessarily the best for a particular project. There are four frequently used models:
Big – Bang Model
The Big- Bang Model is the one in which we put huge amount of matter (people or money) is put together, a lot of energy is expended – often violently – and out comes the perfect software product or it doesn’t.
The beauty of this model is that it’s simple. There is little planning, scheduling, or
Formal development process. All the effort is spent developing the software and writing the code. It’s and ideal process if the product requirements aren’t well understood and the final release date is flexible. It’s also important to have flexible customers, too, because they won’t know what they’re getting until the very end.
Waterfall Model A project using waterfall model moves down a series of steps starting from an initial idea to a final product. At the end of each step, the project team holds a review to determine if they’re ready to move to the next step. If the project isn’t ready to progress, it stays at that level until it’s ready. Each phase requires well-defined information, utilizes well-defined process, and results in well-defined outputs. Resources are required to complete the process in each phase and each phase is accomplished through the application of explicit methods, tools and techniques.
The Waterfall model is also called the Phased model because of the sequential move from one phase to another, the implication being that systems cascade from one level to the next in smooth progression. It has the following seven phases of development:
The figure represents the Waterfall Model.
Requirement phase
Analysis phase
Design phase
Development phase
Testing phase
Implementation phase
Maintenance phase
Notice three important points about this model.
Prototype model
The Prototyping model, also known as the Evolutionary model, came into SDLC because of certain failures in the first version of application software. A failure in the first version of an application inevitably leads to need for redoing it. To avoid failure of SDLC, the concept of Prototyping is used. The basic idea of Prototyping is that instead of fixing requirements before the design and coding can begin, a prototype is to understand the requirements. The prototype is built using known requirements. By viewing or using the prototype, the user can actually feel how the system will work.
The prototyping model has been defined as:
“A model whose stages consist of expanding increments of an operational software with the direction of evolution being determined by operational experience.”
Prototyping Process
The following activities are carried out in the prototyping process:
Prototyping is used in the following situations:
Spiral model
The traditional software process models don't deal with the risks that may be faced during project development. One of the major causes of project failure in the past has been negligence of project risks. Due to this, nobody was prepared when something unforeseen happened. Barry Boehm recognized this and tried to incorporate the factor, project risk, into a life cycle model. The result is the Spiral model, which was first presented in 1986. The new model aims at incorporating the strengths and avoiding the different of the other models by shifting the management emphasis to risk evaluation and resolution.
Each phase in the spiral model is split into four sectors of major activities.
These activities are as follows:
Objective setting:
This activity involves specifying the project and process objectives in terms of their functionality and performance.
Risk analysis:
It involves identifying and analyzing alternative solutions. It also involves identifying the risks that may be faced during project development.
Engineering:
This activity involves the actual construction of the system.
Customer evaluation:
During this phase, the customer evaluates the product for any errors and modifications.
Software Testing Terms and Definitions
1. Verification and validation
Verification and validation are often used interchangeably but have different definitions. These differences are important to software testing.
Verification is the process confirming that software meets its specifications.
Validation is the process confirming that it meets the user’s requirements.
Verification can be conducted through Reviews. Quality reviews provides visibility into the development process throughout the software development life cycle, and help teams determine whether to continue development activity at various checkpoints or milestones in the process. They are conducted to identify defects in a product early in the life cycle.
Types of Reviews
usually limited to a segment of a project, with the goal of identifying defects as work progresses, rather than at the
close of a phase or even later, when they are more costly to correct.
of each phase.
Post-implementation reviews are also know as “ Postmortems”, and are held to assess the success of the overall
process after release and identify any opportunities for process improvements.
Classes of Reviews
request for input regarding a particular artifact or problem. There is no agenda, and results are not formally reported.
These reviews occur as need-based through each phase of a project.
two formats: the presentation is made without interruptions and comments are made at the end, or comments are made
throughout. Possible solutions for uncovered defects are not discussed during the review.
recorder to take notes. The subject of the inspection is typically a document such as a requirements spec or a test plan,
and the purpose is to find problems and see what's missing, not to fix anything. Attendees should prepare for this type
of meeting by reading thru the document; most problems will be found during this preparation. The result of the
inspection meeting should be a written report. Thorough preparation for inspections is difficult, painstaking work, but
is one of the most cost effective methods of ensuring quality.
Three rules should be followed for all reviews:
Project management is Organizing, Planning and Scheduling software projects. It is concerned with activities involved in ensuring that software is delivered on schedule and in accordance with the requirements of the organization developing and procuring the software. Project management is needed because software development is always subject to budget and schedule constraints that are set by the organization developing the software.
Project management activities includes
This is the most time-consuming project management activity. It is a continuous activity from initial concept through to system delivery. Project Plan must be regularly updated as new information becomes available. With out proper plan, the development of the project will cause errors or it may lead to increase the cost, which is higher than the schedule cost. Review.
Project scheduling
This activity involves splitting project into tasks and estimate time and resources required to complete each task. Organize tasks concurrently to make optional use of workforce. Minimize task dependencies to avoid delays caused by one task waiting for another to complete. Project Manager has to take into consideration various aspects like scheduling, estimating manpower resources, so that the cost of developing a solution is within the limits. Project Manager also has to allow for contingency in planning.
Iterative Code/Test/Release Phases
After the planning and design phases, the client and development team has to agree on the feature set and the timeframe in which the product will be delivered. This includes iterative releases of the product as to let the client see fully implemented functionality early and to allow the developers to discover performance and architectural issues early in the development. Each iterative release is treated as if the product were going to production. Full testing and user acceptance is performed for each iterative release. Experience shows that one should space iterations at least 2 – 3 months a part. If iterations are closer than that, more time will be spent on convergence and the project timeframe expands. During this phase, code reviews must be done weekly to ensure that the developers are delivering to specification and all source code is put under source control. Also, full installation routines are to be used for each iterative release, as it would be done in production and Deliverable
Production Phase
Once all iterations are complete, the final product is presented to the client for a final signoff. Since the client has been involved in all iterations, this phase should go very smoothly.
Deliverables
The post mortem phase allows to step back and review the things that went well and the things that need improvement. Post mortem reviews cover processes that need adjustment, highlight the most effective processes and provide action items that will improve future projects.
To conduct a post mortem review, announce the meeting at least a week in advance so that everyone has time to reflect on the project issues they faced. Everyone has to be asked to come to the meeting with the following:
3. Quality Management
The project quality management knowledge area is comprised of the set of processes that ensure the result of a project meets the needs for which the project was executed. Processes such as quality planning, assurance, and control are included in this area. Each process has a set of input and a set of output. Each process also has a set of tools and techniques that are used to turn input into output.
Definition of Quality:
Quality Management Processes
Quality Planning:
The process of identifying which quality standards is relevant to the project and determining how to satisfy them.
Quality Assurance:
The process of evaluating overall projects performance on a regular basis to provide confidence that the project will satisfy the relevant quality standards.
Quality Control
The process of monitoring specific project results to determine if they comply with relevant quality standards and identifying ways to eliminate causes of unsatisfactory performance.
Quality Policy
The overall quality intentions and direction of an organization as regards quality, as formally expressed by top management
Total Quality Management (TQM)
A common approach to implementing a quality improvement program within an organization
Quality Concepts
Tools of Quality Management
Problem Identification Tools :
Problem Analysis Tools
4. Risk Management
Risk management must be an integral part of any project. Everything does not always happen as planned. Project risk management contains the processes for identifying, analyzing, and responding to project risk. Each process has a set of input and a set of output. Each process also has a set of tools and techniques that are used to turn the input into output
Risk Management Processes
Risk Management Planning
Used to decide how to approach and plan the risk management activities for a project.
Risk Identification
Determining which risks might affect the project and documenting their characteristics
Risk Analysis
A qualitative analysis of risks and conditions is done to prioritize their affects on project objectives.
Risk Monitoring and Control
Used to monitor risks, identify new risks, execute risk reduction plans, and evaluate their effectiveness throughout the project life cycle.
Risk Management Concepts
Expected Monetary Value(EMV)
Decision Trees
A diagram that depicts key interactions among decisions and associated chance events as understood by the decision maker. Can be used in conjunction with EMV since risk events can occur individually or in groups and in parallel or in sequence.
5. Configuration Management
Configuration management (CM) is the processes of controlling, coordinate, and tracking the Standards and procedures for managing changes in an evolving software product. Configuration Testing is the process of checking the operation of the software being tested on various types of hardware.
Configuration management involves the development and application of procedures and standards to manage an evolving software product. This can be seen as part of a more general quality management process. When released to CM, software systems are sometimes called baselines, as they are a starting point for further development. The best bet in this situation is for the testers to go through the process of reporting whatever bugs or blocking-type problems initially show up, with the focus being on critical bugs. Since this type of problem can severely affect schedules, and indicates deeper problems in the software development process (such as insufficient unit testing or insufficient integration testing, poor design, improper build or release procedures, etc.) managers should be notified, and provided with some documentation as evidence of the problem.
Configuration management can be managed through
Version Control and Release management
Version is an instance of system, which is functionally distinct in some way from other system instances. It is nothing but the updated or added features of the previous versions of software. It has to be planned as to when the new system version is to be produced and it has to be ensured that version management procedures and tools are properly applied.
Release is the means of distributing the software outside the development team. Releases must incorporate changes forced on the system by errors discovered by users and by hardware changes. They must also incorporate new system functionality.
Changes made in the project
This is one of most useful way of configuring the system. All changes will have to be maintained that were made to the previous versions of the software. This is more important when the system fails or not meeting the requirements. By making note of it one can get the original functionality. This can include documents, data, or simulation.
Configuration Management Planning
This starts at the early phases of the project and must define the documents or document classes, which are to be managed. Documents, which might be required for future system maintenance, should be identified and included as managed documents. It defines
This contains three important documents they are
Change management
Software systems are subject to continual change requests from users, from developers, from market forces. Change management is concerned with keeping, managing of changes and ensuring that they are implemented in the most cost-effective way.
Change request form
Definition of change request form is part of CM planning process. It records changes required, reason "why change -was suggested and urgency of change ( from requestor of the change). It also records change evaluation, impact analysis, change cost and recommendations (System maintenance staff), A major problem in change management is tracking change status. Change tracking tools keep track the status of each change request and automatically ensure that change requests aresent to the right people at the right time. Integrated with Email systems allowing electronic change request distribution.
Change control board
A group, who decide, whether or not they are cost-effective from a strategic, organizational and technical viewpoint, should review the changes. This group is sometimes called a change control board and includes members from project team.
Types of Software Testing
Software Testing has two types
Static testing refers to testing something that’s not running. It is examining and reviewing it. The specification is a document and not an executing program, so it’s considered as static. It’s also something that was created using written or graphical documents or a combination of both.
High-level Reviews of specification
Dynamic Testing
Techniques used are determined by type of testing that must be conducted.
Structural tests verify the structure of the software itself and require complete access to the source code. This is known as ‘white box’ testing because you see into the internal workings of the code.
White-box tests make sure that the software structure itself contributes to proper and efficient program execution. Complicated loop structures, common data areas, 100,000 lines of spaghetti code and nests of ifs are evil. Well-designed control structures, sub-routines and reusable modular programs are good.
White-box testing strength is also its weakness. The code needs to be examined by highly skilled technicians. That means that tools and skills are highly specialized to the particular language and environment. Also, large or distributed system execution goes beyond one program, so a correct procedure might call another program that provides bad data. In large systems, it is the execution path as defined by the program calls, their input and output and the structure of common files that is important. This gets into a hybrid kind of testing that is often employed in intermediate or integration stages of testing.
Functional or Black Box Testing
Functional tests examine the behavior of software as evidenced by its outputs without reference to internal functions. Hence it is also called ‘black box’ testing. If the program consistently provides the desired features with acceptable performance, then specific source code features are irrelevant. It's a pragmatic and down-to-earth assessment of software.
Functional or Black box tests better address the modern programming paradigm. As object-oriented programming, automatic code generation and code re-use becomes more prevalent, analysis of source code itself becomes less important and functional tests become more important. Black box tests also better attack the quality target. Since only the people paying for an application can determine if it meets their needs, it is an advantage to create the quality criteria from this point of view from the beginning.
Black box tests have a basis in the scientific method. Like the process of science, Black box tests must have a hypothesis (specifications), a defined method or procedure (test plan), reproducible components (test data), and a standard notation to record the results. One can re-run black box tests after a change to make sure the change only produced intended results with no inadvertent effects.
Testing levels
There are several types of testing in a comprehensive software test process, many of which occur simultaneously.
Unit Testing
Testing each module individually is called Unit Testing. This follows a White-Box testing. In some organizations, a peer review panel performs the design and/or code inspections. Unit or component tests usually involve some combination of structural and functional tests by programmers in their own systems. Component tests often require building some kind of supporting framework that allows components to execute.
Integration testing
The individual components are combined with other components to make sure that necessary communications, links and data sharing occur properly. It is not truly system testing because the components are not implemented in the operating environment. The integration phase requires more planning and some reasonable sub-set of production-type data. Larger systems often require several integration steps.
There are three basic integration test methods:
The all-at-once method provides a useful solution for simple integration problems, involving a small program possibly using a few previously tested modules.
Bottom-up testing involves individual testing of each module using a driver routine that calls the module and provides it with needed resources. Bottom-up testing often works well in less structured shops because there is less dependency on availability of other resources to accomplish the test. It is a more intuitive approach to testing that also usually finds errors in critical routines earlier than the top-down method. However, in a new system many modules must be integrated to produce system-level behavior, thus interface errors surface late in the process.
Top-down testing fits a prototyping environment that establishes an initial skeleton that fills individual modules that is completed. The method lends itself to more structured organizations that plan out the entire test process. Although interface errors are found earlier, errors in critical low-level modules can be found later than you would like.
System Testing
The system test phase begins once modules are integrated enough to perform tests in a whole system environment. System testing can occur in parallel with integration test, especially with the top-down method.
Performance / Stress Testing
An important phase of the system testing, often-called load or volume or performance test, stress tests tries to determine the failure point of a system under extreme pressure. Stress tests are most useful when systems are being scaled up to larger environments or being implemented for the first time. Web sites, like any other large-scale system that requires multiple accesses and processing, contain vulnerable nodes that should be tested before deployment. Unfortunately, most stress testing can only simulate loads on various points of the system and cannot truly stress the entire network, as the users would experience it. Fortunately, once stress and load factors have been successfully overcome, it is only necessary to stress test again if major changes take place.
A drawback of performance testing is it confirms the system can handle heavy loads, but cannot so easily determine if the system is producing the correct information.
Regression Testing
Regression tests confirm that implementation of changes have not adversely affected other functions. Regression testing is a type of test as opposed to a phase in testing. Regression tests apply at all phases whenever a change is made.
Quality Assurance Testing
Some organizations maintain a Quality Group that provides a different point of view, uses a different set of tests, and applies the tests in a different, more complete test environment. The group might look to see that organization standards have been followed in the specification, coding and documentation of the software. They might check to see that the original requirement is documented, verify that the software properly implements the required functions, and see that everything is ready for the users to take a crack at it.
User Acceptance Test and Installation Testing
Traditionally, this is where the users ‘get their first crack’ at the software. Unfortunately, by this time, it's usually too late. If the users have not seen prototypes, been involved with the design, and understood the evolution of the system, they are inevitably going to be unhappy with the result. If one can perform every test as user acceptance tests, there is much better chance of a successful project.
Types of Testing Techniques
White Box Testing Technique
White box testing examines the basic program structure and it derives the test data from the program logic, ensuring that all statements and conditions have been executed at least once.
White box tests verify that the software design is valid and also whether it was built according to the specified design.
Different methods used are:
Statement coverage – executes all statements at least once. (each and every line)
Decision coverage – executes each decision direction at least once.
Condition coverage – executes each and every condition in the program with all possible outcomes at least once.
Black Box Testing Technique
Black-box test technique treats the system as a "black-box", so it doesn't explicitly use knowledge of the internal structure. Black-box test design is usually described as focusing on testing functional requirements. Synonyms for black box include: Behavioral, Functional, Opaque-box, and Closed-box.
Black box testing is conducted on integrated, functional components whose design integrity has been verified through completion of traceable white box tests. Black box testing traces the requirements focusing on system externals. It validates that the software meets the requirements irrespective of the paths of execution taken to meet each requirements.
Three successful techniques for managing the amount of input data required includes :
Equivalence Partitioning:
Equivalence partitioning is the process of methodically reducing the huge(infinite)set of possible test cases into a much smaller, but still equally effective set. An Equivalence class is a subset of data that is representative of a larger class. Equivalence partitioning is a technique for testing equivalence classes rather than undertaking exhaustive testing of each value of the larger class, when looking for equivalence partitions, think about ways to group similar inputs, similar outputs, and similar operations of the software. These groups are the equivalence partitions.
For example
A program that edits credit limits within a given range ($20,000-$50,000) would have three equivalence classes:
Less than $20,000(invalid)
Between $20,000 and $50,000 (valid)
Greater than $50,000(invalid)
Boundary value analysis:
If one can safely and confidently walk along the edge of a cliff without falling off, he can almost certainly walk in the middle of a field. If software can operate on the edge of its capabilities, it will almost certainly operate well under normal conditions.
This technique consist of developing test cases and data that focus on the input and output boundaries of a given function. In same credit limit example, boundary analysis would test:
Low boundary plus or minus one ($19,999 and $20,001)
On the boundary ($20,000 and $50,000)
Upper boundary plus or minus one ($49,999 and $50,001)
Error Guessing
This is based on the theory that test cases can be developed based upon the intuition and experience of the Test-Engineer.
Example: In the example of date, where one of the inputs is the date, a test may try February 29, 2000 or 9.9.99
Incremental testing
Incremental testing is a disciplined method of testing the interfaces between unit-tested programs as well as between system components. It involves adding unit-tested programs to a given module or component one by one, and testing each result and combination.
There are two types of incremental testing:
Top-down: - This begins testing from top of the module hierarchy and work down to the bottom using interim stubs to simulate lower interfacing modules or programs. Modules are added in descending hierarchical order.
Bottom-up: - This begins testing from the bottom of the hierarchy and works up to the top. Modules are added in ascending hierarchical order. Bottom-up testing requires the development of driver modules, which provide the test input, call the module or program being tested, and display test output.
There are procedures and constraints associated with each of these methods, although bottom-up testing is often thought to be easier to use. Drivers are often easier to create than stubs, and can serve multiple purposes. Output is also often easier to examine in bottom-up testing, as the output always comes from the module directly above the module under test.
Thread testing
This test technique, which is often used during early integration testing, demonstrates key functional capabilities by testing a string of units that accomplish a specific function in the application. Thread testing and incremental testing are usually utilized together. For example, units can undergo incremental until enough units are integrated and a single business function can be performed, threading through the integrated components.
Testing Life Cycle
Testing Life Cycle follows the following process such as;
Test Plan Preparation
The software test plan is the primary means by which software testers communicate to the product development team what they intend to do. The purpose of the software test plan is to prescribe the scope, approach, resource, and schedule of the testing activities. To identify the items being tested, the features to be tested, the testing tasks to be preformed, the personnel responsible for each task, and the risks associated with the plan.
The test plan is simply a by-product of the detailed planning process that’s undertaken to create it. It’s the planning that matters, not the resulting documents. The ultimate goal of the test planning process is communicating the software test team’s intent, its expectations, and its understanding of the testing that’s to be performed.
The following are the important topics, which helps in preparation of Test plan.
High-Level Expectations:
The first topics to address in the planning process are the ones that define the test team’s high-level expectations. They are fundamental topics that must be agreed to, by everyone on the project team, but they are often overlooked. They might be considered “too obvious” and assumed to be understood by everyone, but a good tester knows never to assume anything.
People, Places and Things
Test plan needs to identify the people working on the project, what they do, and how to contact them. The test team will likely work with all of them and knowing who they are and how to contact them is very important.
Similarly, where documents are stored, where the software can be downloaded from, where the test tools are located, and so on need to be identified.
Inter-Group Responsibilities
Inter-Group responsibilities identify tasks and deliverables that potentially affect the test effort. The test team’s work is driven by many other functional groups – programmers, project manages, technical writers, and so on. If the responsibilities aren’t planned out, the project, specifically the testing, can become a worst or resulting in important tasks been forgotten.
Test phases
To plan the test phases, the test team will look at the proposed development model and decide whether unique phases, or stages, of testing should be performed over the course of the project. The test planning process should identify each proposed test phase and make each phase known to the project team. This process often helps the entire team from and understands the overall development model.
Test strategy
The test strategy describes the approach that the test team will use to test the software both overall and in each phase. Deciding on the strategy is a complex task- one that needs to be made by very experienced testers because it can determine the successes or failure of the test effort.
Bug Reporting
Exactly what process will be used to manage the bugs needs to be planned so that each and every bug is tracked, from when it’s found to when it’s fixed – and never, ever forgotten.
Metrics and Statistics
Metrics and statistics are the means by which the progress and the success of the project, and the testing, are tracked. The test planning process should identify exactly what information will be gathered, what decisions will be made with them, and who will be responsible for collecting them.
Risks and Issues
A common and very useful part of test planning is to identify potential problem or risky areas of the project – ones that could have an impact on the test effort.
Test Case Design
The test case design specification refines the test approach and identifies the features to be covered by the design and its associated tests. It also identifies the test cases and test procedures, if any, required to accomplish the testing and specifics the feature pass or fail criteria. The purpose of the test design specification is to organize and describe the testing needs to be performed on a specific feature.
The following topics address this purpose and should be part of the test design specification that is created:
Test case ID or identification
A unique identifier that can be used to reference and locate the test design specification the specification should also reference the overall test plan and contain pointers to any other plans or specifications that it references.
Test Case Description
It is a description of the software feature covered by the test design specification for example, “ the addition function of calculator,” “font size selection and display in word pad,” and “video card configuration testing of quick time.”
Test case procedure
It is a description of the general approach that will be used to test the features. It should expand on the approach, if any, listed in the test plan, describe the technique to be used, and explain how the results will be verified.
Test case Input or Test Data
It is the input the data to be tested using the test case. The input may be in any form. Different inputs can be tried for the same test case and test the data entered is correct or not.
Expected result
It describes exactly what constitutes a pass and a fail of the tested feature. Which is expected to get from the given input.
Test Execution and Test Log Preparation
After test case design, each and every test case is checked and actual result obtained. After getting actual result, with the expected column in the design stage is compared, if both the actual and expected are same, then the test is passed otherwise it will be treated as failed.
Now the test log is prepared, which consists of entire data that were recorded, whether the test failed or passed. It records each and every test case so that it will be useful at the time of revision.
Example
Test case ID Test case Description Test status/ result
Sys_xyz_01 Checking the login window Fail
Sys_xyz_02 Checking the main window True
Defect Tracking
A defect can be defined in one or two ways. From the producer's viewpoint, a defect is a deviation from specifications, whether missing, wrong, etc. From the Customer's viewpoint, a defect is any that causes customer dissatisfaction, whether in the requirements or not, this is known as "fit for use". It is critical that defects identified at each stage of the project life cycle be tracked to resolution.
Defects are recorded for following major purposes:
Most project teams utilize some type of tool to support the defect tracking process. This tool could be as simple as a white board or a table created and maintained in a word processor or one of the more robust tools available today, on the market, such as Mercury's Test Director etc. Tools marketed for this purpose usually come with some number of customizable fields for tracking project specific data in addition to the basics. They also provide advanced features such as standard and ad-hoc reporting, e-mail notification to developers and/or testers when a problem is assigned to them, and graphing capabilities.
At a minimum, the tool selected should support the recording and communication significant information about a defect. For example, a defect log could include:
Severity versus Priority
The severity of a defect should be assigned objectively by the test team based on predefined severity descriptions. For example a "severity one" defects maybe defined as one that causes data corruption, a system crash, security violations, etc. In large project, it
may also be necessary to assign a priority to the defect, which determines the order in
which defects should be fixed. The priority assigned to a defect is usually more subjective based upon input from users regarding which defects are most important to them, and therefore should be fixed first.
It is recommended that severity levels be defined at the start of the project so that they intently assigned and understood by the team. This foresight can help test teams avoid the common disagreements with development teams about the criticality of a defect.
Some general principles
The Defect Management Process
The key elements of a defect management process are as follows.
Test Reports
A final test report should be prepared at the conclusion of each test activity. This might include
It is designed to accomplish three objectives:
The test report may be a combination of electronic data and hard copy. For example, if the function test matrix is maintained electronically, there is no reason to print that, as the paper report will summarize that data, draws the appropriate conclusions, and present recommendations.
The test report has one immediate and three long-term purposes. The immediate purpose is to provide information to the customers of the software system so that they can determine whether the system is ready for production: and if so, to assess the potential consequences and initiate appropriate actions to minimize those consequences.
The first of the three long-term uses is for the project to trace problems in the event the application malfunctions in production. Knowing which functions have been correctly tested and which ones still contain defects can assist in taking corrective action.
The second long-term purpose is to use the data to analyze the rework process for making changes to prevent defects from occurring in the future. Accumulating the results of many test reports to identify which components of the rework process are detect-prone does this. These defect-prone components identify tasks/steps that, if improved, could eliminate or minimize the occurrence of high-frequency defects.
The third long-term purpose is to show what was accomplished.
Individual Project Test Report
These reports focus on individual projects (e.g., software system). When different testers test individual projects, they should prepare a report on their results.
Integration Test Report
Integration testing tests the interfaces between individual projects. A good test plan will identify the interfaces and institute test conditions that will validate interfaces. Given this, the interface report follows the same format as the individual Project Test report, except that the conditions tested are the interfaces.
System Test Report
A system test plan standard that identified the objectives of testing, what was to be tested, how it was to be tested and when tests should occur. The System Test report should present the results of executing that test plan. If this is maintained electronically, it need only be referenced, not included in the report.
Acceptance Test Report
There are two primary objectives for testing. The first is to ensure that the system as implemented meets the real operating needs of the user or customer. If the defined requirements are those true needs, the testing should have accomplished this objective. The second objective is to ensure that the software system can operate in the real-world user environment, which includes people skills and attitudes, time pressures, changing business conditions, and so forth.
Eight Interim Reports:
1. Functional Testing Status
2. Functions Working Timeline
3. Expected verses Actual Defects Detected Timeline
4. Defects Detected verses Corrected Gap Timeline
5. Average Age of Detected Defects by Type
6. Defect Distribution
7. Relative Defect Distribution
8. Testing Action
1. Functional Testing Status Report
This report will show percentages of the functions, which have been:
2. Functions Working Timeline report
This report will show the actual plan to have all functions working verses the current status of functions working. An ideal format could be a line graph.
3. Expected verses Actual Defects Detected report
This report will provide an analysis between the number of defects being generated against the expected number of defects expected from the planning stage
4. Defects Detected verses Corrected Gap report
This report, ideally in a line graph format, will show the number of defects uncovered verses the number of defects being corrected and accepted by the testing group. If the gap grows too large, the project may not be ready when originally planned.
5. Average Age Detected Defects by Type report
This report will show the average outstanding defects by type (severity 1, severity 2, etc.). In the planning stage, it is benefic determine the acceptable open days by defect type.
6. Defect Distribution report
This report will show the defect distribution by function or module. It can also include items such as numbers of tests completed.
7. Relative Defect Distribution report
This report will take the previous report (Defect Distribution) and normalize the level of defects. An example would be one application might be more in depth than another, and would probably have a higher level of defects. However, when normalized over the number of functions or lines of code, would show a more accurate level of defects.
8. Testing action report
This report can show many different things, including possible shortfalls in testing. Examples of data to show might be number of severity defects, tests that are behind schedule, and other information that would present an accurate testing picture
Software Metric
Effective management of any process requires quantification, measurement, and modeling. Software metrics provide a quantitative basis for the development and validation of models of the software development process. Metrics can be used to improve software productivity and quality. This module introduces the most commonly used software and reviews their use in constructing models of the software development process.
Definition of Software Metrics
A metric is a mathematical number that shows a relationship between two variables. It is a quantitative measure of the degree to which a system, component or process possesses a given attribute. Software Metrics are measures that are used to quantify the software, software development resource and software development process.
Metric generally classified into 2 types.
Process Metric a metric used to measure the characteristic of the methods, techniques and tools employed in developing, implementing and maintaining the software system.
Product Metric a metric used to measure the characteristic of the documentation and code
The metrics for the test process would include status of test activities against the plan, test coverage achieved so far, among others. An important metric is the number of defects found in internal testing compared to the defects found in customer tests, which indicate the effectiveness of the test process itself.
Test Metrics
The following are the Metrics collected in testing process
User participation = User Participation Test Time Vs Total Test Time
Path Tested = Number of Path Tested Total Number of Paths
Acceptance Criteria Tested = Acceptance Criteria Verified Vs Total Acceptance Criteria
Test Cost
Cost to Locate Defect =
No of Defects located in the Testing
This metric shows the cost to locate a defect Detected
No of Defects detected in production
Production Defect=
Application System size
Cost of Manual Test Effort
Test Automation =
Total Test Cost
Other Testing Terms
Usability Testing
Determines how well the user will be able to understand and interact with the system. It identifies areas of poor human factors design that may make the system difficult to use. Ideally this test is conducted on a system prototype before development actually beings. If a navigational or operational prototype is not available, screen prints of all of the applications screens or windows can be used to walk the user through various business scenarios.
Conversion Testing
Specifically designed to validate the effectiveness of the conversion process. This test may be conducted jointly by developers and testers during integration testing, or at the start of system testing, since system testing must be conducted with the converted data. Field -to -Field mapping and data translation is validated and, if a foil copy of production data will be used in the test.
Vendor Validation Testing
Verifies that the functionality of contracted or third party software meets the organization's requirements, prior to accepting it and installing it into a production environment. This test can be conducted jointly by the software vendor and the test team, and focuses on ensuring that all requested functionality has been delivered.
Stress / Load Testing
Conducted to validate the application, database, and network, they may handle projected volumes of users and data effectively. The test is conducted jointly by developers, testers, DBA's and network associates after the system testing. During the test, the complete system is subjected to environmental conditions that defer expectations to answer question such as:
Performance Testing
Usually conducted in parallel with stress and load testing in order to measure performance against specified service-level objectives under various conditions. For instance, one may need to ensure that batch processing will complete within the allocated amount of time, or that on-line response times meet performance requirements.
Recovery Testing
Evaluates the contingency features built into the application for handling inter and for returning to specific points in the application processing. Any restoration, and restart capabilities are also tested here. The test team may conduct this test during system test or by another team specifically gathered for this purpose.
Configuration Testing
In the IT Industry, a large percentage of new applications are either client/server or web-based, validating that they will run on the various combinations of hardware and software. For instance, configuration testing for an web-based application would
incorporate versions and releases of operating systems, internet browsers, modem speeds, and various off the shelf applications that might be integrated (e.g. e-mail application)
Benefits Realization Test
With the increased focus on the value of business returns obtained from investments information technology this type of test or analysis is becoming more critical. The benefits Realization Test is a test or analysis conducted after an application is moved into production in order to determine whether the application is likely to deliver the original projected benefits. The analysis is usually conducted by- the business user or client group who requested the project, and results are reported back to executive management.
Test Standards
External Standards- Familiarity with and adoption of industry test standards from Organizations.
Internal Standards-Development and enforcement of the test standards that testers must meet
IEEE
IEEE STANDARDS: That a Tester should be aware of
1. 610.12-1990 IEEE Standard Glossary of Software Engineering Terminology
2. 730-1998 IEEE Standard for Software Quality Assurance Plans
3. 828-1998 IEEE Standard for Software Configuration Management Plan
4. 829-1998 IEEE Standard for Software Test Documentation.
5. 830-1998 IEEE Recommended Practice for Software Requirement Specification
6. 1008-1987 (R1993) IEEE Standard for Software Unit Testing (ANSI)
7. 1012-1998 IEEE Standard for Software Verification and Validation.
8. 1012a-1998 IEEE Standard for Software Verification and Validation Supplement to 1012-1998 Content Map
to IEEE 122207.1
9. 1016-1998 IEEE Recommended Practice for Software Descriptions
10. 1028-1997 IEEE Standard for Software Reviews
11. 1044-1993 IEEE Standard classification for Software Anomalies
12. 1045-1992 IEEE Standard for Software Productivity Metrics(ANSI)
13. 1058-1998 IEEE Standard for Software Project Management Plans
14. 1058.1-1987 IEEE Standard for Software Management
15. 1061-1998.1 IEEE Standard for Software Quality Metrics Methodology.
Other Standards:
Internal Standards
The use of Standards...
Web Testing
Introduction
The Web Testing is mainly concerned on 6 parts they are
Usability
One of the reasons the web browser is being used as the front end to applications is the ease of use. Users who have been on the web before will probably know how to navigate a well-built web site. While 7012 are concentrating on tin's portion of testing it is important to verify that the application is easy to use. Many will believe that this is the least important area to test, the site should be better and easy to use. Even if the web site is simple, there will always be some one who needs some clarification. Additionally, the documentation needs also to be verified, so that the instructions are correct.
The following are the some of the things to be checked for easy navigation through website:
Functionality
The functionality of the web site is why the company hired a developer and not just an artist. This is the part that interfaces with the server and actually "does stuff".
Server side Interface
Many times, a web site is not an island. The site will call external servers for additional data, verification of data or fulfillment of orders.
Client side Compatibility
It has to be verified that the application can work on the machines your customers will be using. If the product is going to the web for the world to use, every operating system, browser, video setting and modem speed has to be tried with various combinations.
Performance Testing
It need to be verified that the system can handle a large number of users at the same time, a large amount of data from each user, and a long period of continuous use.
Accessibility is extremely important to users. If they get a "busy signal", they hang up and call the competition. Not only must the system be checked so the customers can gain access, but many times hackers will attempt to gain access to a system by overloading it, For the sake of security, the system needs to know what to do when it's overloaded; not simply blow up.
Security
Even if credit card payments are not accepted, security is very important. The web site will be the only exposure for some customers to know about a company. And, if that exposure is a hacked page, the customers won't feel safe doing business with the company using internet.
Conclusion
Whether an Internet or intranet or extranet application is being tested, testing for the web can be more challenging than non-web applications. Users have high expectations for web page quality. In many cases, the page is up for public relations, just as much as functionality, so the impression must be perfect.
Software testing is a critical element of software quality assurance and represents the ultimate process to ensure the correctness of the product. The quality product always enhances the customer confidence in using the product thereby increases the business economics. In other words, a good quality product means zero defects, which is derived from a better quality process in testing. Software is an integrated set of Program codes, designed logically to implement a particular function or to automate a particular process. To develop a software product or project, user needs and constraints must be determined and explicitly stated. The development process is broadly classified into two. 1. Product development 2. Project development Product development is done assuming a wide range of customers and their needs. This type of development involves customers from all domains and collecting requirements from many different environments. Project Development is done by focusing a particular customer's need, gathering data from his environment and bringing out a valid set of information that will help as a pillar to development process. Testing is a necessary stage in the software life cycle: it gives the programmer and user some sense of correctness, though never "proof of correctness. With effective testing techniques, software is more easily debugged, less likely to "break," more "correct", and, in summary, better. Most development processes in the IT industry always seem to follow a tight schedule. Often, these schedules adversely affect the testing process, resulting in step motherly treatment meted out to the testing process. As a result, defects accumulate in the application and are overlooked so as to meet deadlines. The developers convince themselves that the overlooked errors can be rectified in subsequent releases. The definition of testing is not well understood. People use a totally incorrect definition of the word testing, and that this is the primary cause for poor program testing.
Testing the product means adding value to it by raising the quality or reliability of the product. Raising the reliability of the product means finding and removing errors. Hence one should not test a product to show that it works; rather, one should start with the assumption that the program contains errors and then test the program to find as many of the errors as possible.
"Testing is the process of executing a program with the intent of finding errors"
Or
“Testing is the process of evaluating a system by manual or automatic means and verify that it satisfies specified requirements”
Or
"... the process of exercising or evaluating a system or system component by manual or automated means to verify that it satisfies specified requirements or to identify differences / between expected and actual results..."
Why software Testing?
Software testing helps to deliver quality software products that satisfy user’s requirements, needs and expectations. If done poorly,
- defects are found during operation,
- it results in high maintenance cost and user dissatisfaction
- It may cause mission failure
- Impact on operational performance and reliability
Disney’s Lion King, 1994-1995
In the fall of 1994, Disney company Released its first multimedia CD-ROM game for children, The Lion King Animated storybook. This was Disney’s first venture into the market and it was highly promoted and advertised. Sales were huge. It was “the game to buy” for children that holiday season. What happened, however, was a huge debacle. On December 26, the day after Christmas, Disney’s customer support phones began to ring, and ring, and ring. Soon the phones support technicians were swamped with calls from angry parents with crying children who couldn’t get the software to work. Numerous stories appeared in newspapers and on TV news. This problem later was found out, due to non performance of software testing for all conditions.
Software Bug: A Formal Definition
Calling any and all software problems bugs may sound simple enough, but doing so hasn’t really addressed the issue. To keep from running in circular definitions, there needs to be a definitive description of what a bug is.
A software bug occurs when one or more of the following five rules is true:
1) The software doesn’t do something that the product specification says it should do.
2) The software does something that the product specification says it shouldn’t do.
3) The software does something that the product specification doesn’t mention.
4) The software doesn’t do something that the product specification doesn’t mention but should.
5) The software is difficult to understand, hard to use, slow, or –in the software tester’s eyes- will be viewed by the end user as just plain not right.
What exactly does Software Tester Do? (Or Role of Tester)
From the above Examples you have seen how nasty bugs can be and you know what is the definition of a bug is, and you can think how costly they can be. So main goal of tester is
“The goal of Software Tester is to find bugs”
As a software tester you shouldn’t be content at just finding bugs, you should think about how to find them sooner in the development process, thus making them cheaper to fix.
“The goal of a Software Tester is to find bugs, and find them as early as possible”.
But, finding bugs early isn’t enough.
“The goal of a Software Tester is to find bugs, and find them as early as possible and make sure they get fixed”
Principle of Testing
The main objective of testing is to find defects in requirements, design, documentation, and code as early as possible. The test process should be such that the software product that will be delivered to the customer is defect less. All Tests should be traceable to customer requirements.
Test cases must be written for invalid and unexpected, as well as for valid and expected input conditions. A necessary part of a test case is a definition of the expected output or result. A good test case is one that has high probability of detecting an as-yet undiscovered error.
Eight Basic Principles of Testing
- Define the expected output or result.
- Don't test your own programs.
- Inspect the results of each test completely.
- Include test cases for invalid or unexpected conditions.
- Test the program to see if it does what it is not supposed to do as well as what it is supposed to do.
- Avoid disposable test cases unless the program itself is disposable.
- Do not plan tests assuming that no errors will be found.
- The probability of locating more errors in any one module is directly proportional to the number of errors already found in that module.
Best Testing Practices to be followed during testing ·
- Testing and evaluation responsibility is given to every member, so as to generate team responsibility among all.
- Develop Master Test Plan so that resource and responsibilities are understood and assigned as early in the project as possible.
- Systematic evaluation and preliminary test design are established as a part of all system engineering and specification work.
- Testing is used to verify that all project deliverable and components are complete, and to demonstrate and track true project progress.
- A-risk prioritized list of test requirements and objectives (such as requirements-based, design-based, etc) are developed and maintained.
- Conduct Reviews as early and as often as possible to provide developer feedback and get problems found and fixed as they occur.
Let us look at the Traditional Software Development life cycle vs Presently or Mostly commonly used life cycle.
Requirements Requirements
Design Design
Development Development Testing
Testing Implementation
Implementation Maintenance
Maintenance
Fig A (Traditional) Fig B (Most commonly used)
In the above Fig A, the Testing Phase comes after the Development or coding is complete and before the product is launched and goes into Maintenance phase. We have some disadvantages using this model - cost of fixing errors will be high because we are not able to find errors until coding is completed. If there is error at Requirements phase then all phases should be changed. So, total cost becomes very high.
The Fig B shows the recommended Test Process involves testing in every phase of the life cycle. During the Requirements phase, the emphasis is upon validation to determine that the defined requirements meet the needs of the organization. During Design and Development phases, the emphasis is on verification to ensure that the design and program accomplish the defined requirements. During the Test and Installation phases, the emphasis is on inspection to determine that the implemented system meets the system specification. During the maintenance phases, the system will be re-tested to determine that the changes work and that the unchanged portion continues to work.
Requirements and Analysis Specification
The main objective of the requirement analysis is to prepare a document, which includes all the client requirements. That is, the Software Requirement Specification (SRS) document is the primary output of this phase. Proper requirements and specifications are critical for having a successful project. Removing errors at this phase can reduce the cost as much as errors found in the Design phase. And also you should verify the following activities:
- Determine Verification Approach.
- Determine Adequacy of Requirements.
- Generate functional test data.
- Determine consistency of design with requirements.
Design phase
In this phase we are going to design entire project into two
- High –Level Design or System Design.
- Low –Level Design or Detailed Design.
High – level Design gives the overall System Design in terms of Functional Architecture and Database design. This is very useful for the developers to understand the flow of the system. In this phase design team, review team (testers) and customers plays a major role. For this the entry criteria are the requirement document that is SRS. And the exit criteria will be HLD, projects standards, the functional design documents, and the database design document.
Low – Level Design (LLD)
During the detailed phase, the view of the application developed during the high level design is broken down into modules and programs. Logic design is done for every program and then documented as program specifications. For every program, a unit test plan is created.
The entry criteria for this will be the HLD document. And the exit criteria will the program specification and unit test plan (LLD).
Development Phase
This is the phase where actually coding starts. After the preparation of HLD and LLD, the developers know what is their role and according to the specifications they develop the project. This stage produces the source code, executables, and database. The output of this phase is the subject to subsequent testing and validation.
And we should also verify these activities:
- Determine adequacy of implementation.
- Generate structural and functional test data for programs.
The inputs for this phase are the physical database design document, project standards, program specification, unit test plan, program skeletons, and utilities tools. The output will be test data, source data, executables, and code reviews.
Testing phase
This phase is intended to find defects that can be exposed only by testing the entire system. This can be done by Static Testing or Dynamic Testing. Static testing means testing the product, which is not executing, we do it by examining and conducting the reviews. Dynamic testing is what you would normally think of testing. We test the executing part of the project.
A series of different tests are done to verify that all system elements have been properly integrated and the system performs all its functions.
Note that the system test planning can occur before coding is completed. Indeed, it is often done in parallel with coding. The input for this is requirements specification document, and the output are the system test plan and test result.
Implementation phase or the Acceptance phase
This phase includes two basic tasks :
- Getting the software accepted
- Installing the software at the customer site.
Acceptance test plan prepared earlier and analysis of the test results to determine whether the system satisfies its acceptance criteria. When the result of the analysis satisfies the acceptance criteria, the user accepts the software.
Maintenance phase
This phase is for all modifications, which is not meeting the customer requirements or any thing to append to the present system. All types of corrections for the project or product take place in this phase. The cost of risk will be very high in this phase. This is the last phase of software development life cycle. The input to this will be project to be corrected and the output will be modified version of the project.
Software Development Lifecycle Models
The process used to create a software product from its initial conception to its public release is known as the software development lifecycle model.
There are many different methods that can be used for developing software, and no model is necessarily the best for a particular project. There are four frequently used models:
- Big –Bang Model
- Waterfall Model
- Prototype Model
- Spiral Model
Big – Bang Model
The Big- Bang Model is the one in which we put huge amount of matter (people or money) is put together, a lot of energy is expended – often violently – and out comes the perfect software product or it doesn’t.
The beauty of this model is that it’s simple. There is little planning, scheduling, or
Formal development process. All the effort is spent developing the software and writing the code. It’s and ideal process if the product requirements aren’t well understood and the final release date is flexible. It’s also important to have flexible customers, too, because they won’t know what they’re getting until the very end.
Waterfall Model A project using waterfall model moves down a series of steps starting from an initial idea to a final product. At the end of each step, the project team holds a review to determine if they’re ready to move to the next step. If the project isn’t ready to progress, it stays at that level until it’s ready. Each phase requires well-defined information, utilizes well-defined process, and results in well-defined outputs. Resources are required to complete the process in each phase and each phase is accomplished through the application of explicit methods, tools and techniques.
The Waterfall model is also called the Phased model because of the sequential move from one phase to another, the implication being that systems cascade from one level to the next in smooth progression. It has the following seven phases of development:
The figure represents the Waterfall Model.
Requirement phase
Analysis phase
Design phase
Development phase
Testing phase
Implementation phase
Maintenance phase
Notice three important points about this model.
- There’s a large emphasis on specifying what the product will be.
- The steps are discrete; there’s no overlap.
- There’s no way to back up. As soon as you’re on a step, you need to complete the tasks for that step and then move on.
Prototype model
The Prototyping model, also known as the Evolutionary model, came into SDLC because of certain failures in the first version of application software. A failure in the first version of an application inevitably leads to need for redoing it. To avoid failure of SDLC, the concept of Prototyping is used. The basic idea of Prototyping is that instead of fixing requirements before the design and coding can begin, a prototype is to understand the requirements. The prototype is built using known requirements. By viewing or using the prototype, the user can actually feel how the system will work.
The prototyping model has been defined as:
“A model whose stages consist of expanding increments of an operational software with the direction of evolution being determined by operational experience.”
Prototyping Process
The following activities are carried out in the prototyping process:
- The developer and die user work together to define the specifications of the critical parts of the system.
- The developer constructs a working model of the system.
- The resulting prototype is a partial representation of the system.
- The prototype is demonstrated to the user.
- The user identifies problems and redefines the requirements.
- The designer uses the validated requirements as a basis for designing the actual or production software
Prototyping is used in the following situations:
- When an earlier version of the system does not exist.
- When the user's needs are not clearly definable/identifiable.
- When the user is unable to state his/her requirements.
- When user interfaces are an important part of the system being developed.
Spiral model
The traditional software process models don't deal with the risks that may be faced during project development. One of the major causes of project failure in the past has been negligence of project risks. Due to this, nobody was prepared when something unforeseen happened. Barry Boehm recognized this and tried to incorporate the factor, project risk, into a life cycle model. The result is the Spiral model, which was first presented in 1986. The new model aims at incorporating the strengths and avoiding the different of the other models by shifting the management emphasis to risk evaluation and resolution.
Each phase in the spiral model is split into four sectors of major activities.
These activities are as follows:
Objective setting:
This activity involves specifying the project and process objectives in terms of their functionality and performance.
Risk analysis:
It involves identifying and analyzing alternative solutions. It also involves identifying the risks that may be faced during project development.
Engineering:
This activity involves the actual construction of the system.
Customer evaluation:
During this phase, the customer evaluates the product for any errors and modifications.
Software Testing Terms and Definitions
- Verification and validation
- Project Management
- Quality Management
- Risk Management
- Configuration Management
- Cost Management
- Compatibility Management
1. Verification and validation
Verification and validation are often used interchangeably but have different definitions. These differences are important to software testing.
Verification is the process confirming that software meets its specifications.
Validation is the process confirming that it meets the user’s requirements.
Verification can be conducted through Reviews. Quality reviews provides visibility into the development process throughout the software development life cycle, and help teams determine whether to continue development activity at various checkpoints or milestones in the process. They are conducted to identify defects in a product early in the life cycle.
Types of Reviews
- In-process Reviews :-
usually limited to a segment of a project, with the goal of identifying defects as work progresses, rather than at the
close of a phase or even later, when they are more costly to correct.
- Decision-point or phase-end Reviews: -
of each phase.
- Post implementation Reviews: -
Post-implementation reviews are also know as “ Postmortems”, and are held to assess the success of the overall
process after release and identify any opportunities for process improvements.
Classes of Reviews
- Informal or Peer Review: -
request for input regarding a particular artifact or problem. There is no agenda, and results are not formally reported.
These reviews occur as need-based through each phase of a project.
- Semiformal or Walkthrough Review: -
two formats: the presentation is made without interruptions and comments are made at the end, or comments are made
throughout. Possible solutions for uncovered defects are not discussed during the review.
- Formal or Inspection Review: -
recorder to take notes. The subject of the inspection is typically a document such as a requirements spec or a test plan,
and the purpose is to find problems and see what's missing, not to fix anything. Attendees should prepare for this type
of meeting by reading thru the document; most problems will be found during this preparation. The result of the
inspection meeting should be a written report. Thorough preparation for inspections is difficult, painstaking work, but
is one of the most cost effective methods of ensuring quality.
Three rules should be followed for all reviews:
- The product is reviewed, not the producer.
- Defects and issues are identified, not corrected.
- All members of the reviewing team are responsible for the results of the review
Project management is Organizing, Planning and Scheduling software projects. It is concerned with activities involved in ensuring that software is delivered on schedule and in accordance with the requirements of the organization developing and procuring the software. Project management is needed because software development is always subject to budget and schedule constraints that are set by the organization developing the software.
Project management activities includes
- Project planning.
- Project scheduling.
- Iterative Code/Test/Release Phases
- Production Phase
- Post Mortem
This is the most time-consuming project management activity. It is a continuous activity from initial concept through to system delivery. Project Plan must be regularly updated as new information becomes available. With out proper plan, the development of the project will cause errors or it may lead to increase the cost, which is higher than the schedule cost. Review.
Project scheduling
This activity involves splitting project into tasks and estimate time and resources required to complete each task. Organize tasks concurrently to make optional use of workforce. Minimize task dependencies to avoid delays caused by one task waiting for another to complete. Project Manager has to take into consideration various aspects like scheduling, estimating manpower resources, so that the cost of developing a solution is within the limits. Project Manager also has to allow for contingency in planning.
Iterative Code/Test/Release Phases
After the planning and design phases, the client and development team has to agree on the feature set and the timeframe in which the product will be delivered. This includes iterative releases of the product as to let the client see fully implemented functionality early and to allow the developers to discover performance and architectural issues early in the development. Each iterative release is treated as if the product were going to production. Full testing and user acceptance is performed for each iterative release. Experience shows that one should space iterations at least 2 – 3 months a part. If iterations are closer than that, more time will be spent on convergence and the project timeframe expands. During this phase, code reviews must be done weekly to ensure that the developers are delivering to specification and all source code is put under source control. Also, full installation routines are to be used for each iterative release, as it would be done in production and Deliverable
- Triage
- Weekly Status with Project Plan and Budget Analysis
- Risk Assessment
- System Documentation
- User Documentation (if needed)
- Test Signoff for each iteration
- Customer Signoff for each iteration
Production Phase
Once all iterations are complete, the final product is presented to the client for a final signoff. Since the client has been involved in all iterations, this phase should go very smoothly.
Deliverables
- Final Test Signoff
- Final Customer Signoff
The post mortem phase allows to step back and review the things that went well and the things that need improvement. Post mortem reviews cover processes that need adjustment, highlight the most effective processes and provide action items that will improve future projects.
To conduct a post mortem review, announce the meeting at least a week in advance so that everyone has time to reflect on the project issues they faced. Everyone has to be asked to come to the meeting with the following:
- Items that were done well during the project
- Items that were done poorly during the project
- Suggestions for future improvements
3. Quality Management
The project quality management knowledge area is comprised of the set of processes that ensure the result of a project meets the needs for which the project was executed. Processes such as quality planning, assurance, and control are included in this area. Each process has a set of input and a set of output. Each process also has a set of tools and techniques that are used to turn input into output.
Definition of Quality:
- Quality is the totality of features and characteristics of a product or service that bare on its ability to satisfy stated or implied needs.
- Quality is defined as meeting the customer’s requirement for the first time and for every time. This is much more that absence of defects which allows us to meet the requirements.
- Fitness for use. (Is the product or service capable of being used?)
- Fitness for purpose. (Does the product or service meet its intended purpose?)
- Customer satisfaction. (Does the product or service meet the customer's expectations?)
Quality Management Processes
Quality Planning:
The process of identifying which quality standards is relevant to the project and determining how to satisfy them.
- Input includes: Quality policy, scope statement, product description, standards and regulations, and other process Output.
- Methods used: benefit / cost analysis, benchmarking, flowcharting, and design of experiments.
- Output includes: Quality Management Plan, operational definitions, checklists, and Input to other processes.
Quality Assurance:
The process of evaluating overall projects performance on a regular basis to provide confidence that the project will satisfy the relevant quality standards.
- Input includes: Quality Management Plan, results of quality control measurements, and operational definitions.
- Methods used: quality planning tools and techniques and quality audits.
- Output includes: quality improvement.
Quality Control
The process of monitoring specific project results to determine if they comply with relevant quality standards and identifying ways to eliminate causes of unsatisfactory performance.
- Input includes: work results, Quality Management Plan, operational definitions, and checklists.
- Methods used include: inspection, control charts, pareto charts, statistical sampling, flowcharting, and trend analysis.
- Output includes: quality improvements, acceptance decisions, rework, completed checklists, and process adjustments.
Quality Policy
The overall quality intentions and direction of an organization as regards quality, as formally expressed by top management
Total Quality Management (TQM)
A common approach to implementing a quality improvement program within an organization
Quality Concepts
- Zero Defects
- The Customer is the Next Person in the Process
- Do the Right Thing Right the First Time (DTRTRTFT)
- Continuous Improvement Process (CIP) (From Japanese word, Kaizen)
Tools of Quality Management
Problem Identification Tools :
- Pareto Chart
- Ranks defects in order of frequency of occurrence to depict 100% of the defects. (Displayed as a histogram)
- Defects with most frequent occurrence should be targeted for corrective action.
- 80-20 rule: 80% of problems are found in 20% of the work.
- Does not account for severity of the defects
- Cause and Effect Diagrams (fishbone diagrams or Ishikawa diagrams)
- Analyzes the Input to a process to identify the causes of errors.
- Generally consists of 8 major Input to a quality process to permit the characterization of each input.
- Histograms
- Shows frequency of occurrence of items within a range of activity.
- Can be used to organize data collected for measurements done on a product or process.
- Scatter diagrams
- Used to determine the relationship between two or more pieces of corresponding data.
- The data are plotted on an "X-Y" chart to determine correlation (highly positive, positive, no correlation, negative, and highly negative)
Problem Analysis Tools
- Graphs
- Check sheets (tic sheets) and check lists
- Flowcharts
4. Risk Management
Risk management must be an integral part of any project. Everything does not always happen as planned. Project risk management contains the processes for identifying, analyzing, and responding to project risk. Each process has a set of input and a set of output. Each process also has a set of tools and techniques that are used to turn the input into output
Risk Management Processes
Risk Management Planning
Used to decide how to approach and plan the risk management activities for a project.
- Input includes: The project charter, risk management policies, and WBS all serve as input to this process
- Methods used: Many planning meeting will be held in order to generate the risk management plan
- Output includes: The major output is the risk management plan, which does not include the response to specific risks. However, it does include methodology to be used, budgeting, timing, and other information
Risk Identification
Determining which risks might affect the project and documenting their characteristics
- Input includes: The risk management plan is used as input to this process
- Methods used: Documentation reviews should be performed in this process. Diagramming techniques can also be used
- Output includes: Risk and risk symptoms are identified as part of this process. There are generally two types of risks. They are business risks that are risks of gain or loss. Then there are pure risks that represent only a risk of loss. Pure risks are also known as insurable risks
Risk Analysis
A qualitative analysis of risks and conditions is done to prioritize their affects on project objectives.
- Input includes: There are many items used as input into this process. They include things such as the risk management plan. The risks should already be identified as well. Use of low precision data may lead to an analysis that is not useable. Risks are rated against how they impact the projects objectives for cost, schedule, scope, and quality
- Methods used: Several tools and techniques can be used for this process. Probability and Impact will have to be evaluated
- Output includes: An overall project risk ranking is produced as a result of this process. The risks are also prioritized. Trends should be observed. Risks calculated as high or moderate are prime candidates for further analysis
Risk Monitoring and Control
Used to monitor risks, identify new risks, execute risk reduction plans, and evaluate their effectiveness throughout the project life cycle.
- Input includes: Input to this process includes the risk management plan, risk identification and analysis, and scope changes
- Methods used: Audits should be used in this process to ensure that risks are still risks as well as discover other conditions that may arise.
- Output includes: Output includes work-around plans, corrective action, project change requests, as well as other items
Risk Management Concepts
Expected Monetary Value(EMV)
- A Risk Quantification Tool
- EMV is the product of the risk event probability and the risk event value
- Risk Event Probability: An estimate of the probability that a given risk event will occur
Decision Trees
A diagram that depicts key interactions among decisions and associated chance events as understood by the decision maker. Can be used in conjunction with EMV since risk events can occur individually or in groups and in parallel or in sequence.
5. Configuration Management
Configuration management (CM) is the processes of controlling, coordinate, and tracking the Standards and procedures for managing changes in an evolving software product. Configuration Testing is the process of checking the operation of the software being tested on various types of hardware.
Configuration management involves the development and application of procedures and standards to manage an evolving software product. This can be seen as part of a more general quality management process. When released to CM, software systems are sometimes called baselines, as they are a starting point for further development. The best bet in this situation is for the testers to go through the process of reporting whatever bugs or blocking-type problems initially show up, with the focus being on critical bugs. Since this type of problem can severely affect schedules, and indicates deeper problems in the software development process (such as insufficient unit testing or insufficient integration testing, poor design, improper build or release procedures, etc.) managers should be notified, and provided with some documentation as evidence of the problem.
Configuration management can be managed through
- Version control.
- Changes made in the project.
Version Control and Release management
Version is an instance of system, which is functionally distinct in some way from other system instances. It is nothing but the updated or added features of the previous versions of software. It has to be planned as to when the new system version is to be produced and it has to be ensured that version management procedures and tools are properly applied.
Release is the means of distributing the software outside the development team. Releases must incorporate changes forced on the system by errors discovered by users and by hardware changes. They must also incorporate new system functionality.
Changes made in the project
This is one of most useful way of configuring the system. All changes will have to be maintained that were made to the previous versions of the software. This is more important when the system fails or not meeting the requirements. By making note of it one can get the original functionality. This can include documents, data, or simulation.
Configuration Management Planning
This starts at the early phases of the project and must define the documents or document classes, which are to be managed. Documents, which might be required for future system maintenance, should be identified and included as managed documents. It defines
- the types of documents to be managed
- document-naming scheme
- who takes responsibility for the CM procedures and creation of baselines
- polices for change control and version management.
This contains three important documents they are
- Change management items.
- Change request documents.
- Change control board. (CCB)
Change management
Software systems are subject to continual change requests from users, from developers, from market forces. Change management is concerned with keeping, managing of changes and ensuring that they are implemented in the most cost-effective way.
Change request form
Definition of change request form is part of CM planning process. It records changes required, reason "why change -was suggested and urgency of change ( from requestor of the change). It also records change evaluation, impact analysis, change cost and recommendations (System maintenance staff), A major problem in change management is tracking change status. Change tracking tools keep track the status of each change request and automatically ensure that change requests aresent to the right people at the right time. Integrated with Email systems allowing electronic change request distribution.
Change control board
A group, who decide, whether or not they are cost-effective from a strategic, organizational and technical viewpoint, should review the changes. This group is sometimes called a change control board and includes members from project team.
Types of Software Testing
Software Testing has two types
- Static
- Dynamic
- Structural Testing
- Functional Testing
Static testing refers to testing something that’s not running. It is examining and reviewing it. The specification is a document and not an executing program, so it’s considered as static. It’s also something that was created using written or graphical documents or a combination of both.
High-level Reviews of specification
- Pretend to be the customer.
- Research existing Standards and Guidelines.
- Review and Test similar software.
- Specification Attributes checklist.
- Specification terminology checklist.
Dynamic Testing
Techniques used are determined by type of testing that must be conducted.
- Structural (usually called "white box") testing.
- Functional ("black box") testing.
Structural tests verify the structure of the software itself and require complete access to the source code. This is known as ‘white box’ testing because you see into the internal workings of the code.
White-box tests make sure that the software structure itself contributes to proper and efficient program execution. Complicated loop structures, common data areas, 100,000 lines of spaghetti code and nests of ifs are evil. Well-designed control structures, sub-routines and reusable modular programs are good.
White-box testing strength is also its weakness. The code needs to be examined by highly skilled technicians. That means that tools and skills are highly specialized to the particular language and environment. Also, large or distributed system execution goes beyond one program, so a correct procedure might call another program that provides bad data. In large systems, it is the execution path as defined by the program calls, their input and output and the structure of common files that is important. This gets into a hybrid kind of testing that is often employed in intermediate or integration stages of testing.
Functional or Black Box Testing
Functional tests examine the behavior of software as evidenced by its outputs without reference to internal functions. Hence it is also called ‘black box’ testing. If the program consistently provides the desired features with acceptable performance, then specific source code features are irrelevant. It's a pragmatic and down-to-earth assessment of software.
Functional or Black box tests better address the modern programming paradigm. As object-oriented programming, automatic code generation and code re-use becomes more prevalent, analysis of source code itself becomes less important and functional tests become more important. Black box tests also better attack the quality target. Since only the people paying for an application can determine if it meets their needs, it is an advantage to create the quality criteria from this point of view from the beginning.
Black box tests have a basis in the scientific method. Like the process of science, Black box tests must have a hypothesis (specifications), a defined method or procedure (test plan), reproducible components (test data), and a standard notation to record the results. One can re-run black box tests after a change to make sure the change only produced intended results with no inadvertent effects.
Testing levels
There are several types of testing in a comprehensive software test process, many of which occur simultaneously.
- Unit Testing
- Integration Testing
- System Testing
- Performance / Stress Test
- Regression Test
- Quality Assurance Test
- User Acceptance Test and Installation Test
Unit Testing
Testing each module individually is called Unit Testing. This follows a White-Box testing. In some organizations, a peer review panel performs the design and/or code inspections. Unit or component tests usually involve some combination of structural and functional tests by programmers in their own systems. Component tests often require building some kind of supporting framework that allows components to execute.
Integration testing
The individual components are combined with other components to make sure that necessary communications, links and data sharing occur properly. It is not truly system testing because the components are not implemented in the operating environment. The integration phase requires more planning and some reasonable sub-set of production-type data. Larger systems often require several integration steps.
There are three basic integration test methods:
- all-at-once
- bottom-up
- top-down
The all-at-once method provides a useful solution for simple integration problems, involving a small program possibly using a few previously tested modules.
Bottom-up testing involves individual testing of each module using a driver routine that calls the module and provides it with needed resources. Bottom-up testing often works well in less structured shops because there is less dependency on availability of other resources to accomplish the test. It is a more intuitive approach to testing that also usually finds errors in critical routines earlier than the top-down method. However, in a new system many modules must be integrated to produce system-level behavior, thus interface errors surface late in the process.
Top-down testing fits a prototyping environment that establishes an initial skeleton that fills individual modules that is completed. The method lends itself to more structured organizations that plan out the entire test process. Although interface errors are found earlier, errors in critical low-level modules can be found later than you would like.
System Testing
The system test phase begins once modules are integrated enough to perform tests in a whole system environment. System testing can occur in parallel with integration test, especially with the top-down method.
Performance / Stress Testing
An important phase of the system testing, often-called load or volume or performance test, stress tests tries to determine the failure point of a system under extreme pressure. Stress tests are most useful when systems are being scaled up to larger environments or being implemented for the first time. Web sites, like any other large-scale system that requires multiple accesses and processing, contain vulnerable nodes that should be tested before deployment. Unfortunately, most stress testing can only simulate loads on various points of the system and cannot truly stress the entire network, as the users would experience it. Fortunately, once stress and load factors have been successfully overcome, it is only necessary to stress test again if major changes take place.
A drawback of performance testing is it confirms the system can handle heavy loads, but cannot so easily determine if the system is producing the correct information.
Regression Testing
Regression tests confirm that implementation of changes have not adversely affected other functions. Regression testing is a type of test as opposed to a phase in testing. Regression tests apply at all phases whenever a change is made.
Quality Assurance Testing
Some organizations maintain a Quality Group that provides a different point of view, uses a different set of tests, and applies the tests in a different, more complete test environment. The group might look to see that organization standards have been followed in the specification, coding and documentation of the software. They might check to see that the original requirement is documented, verify that the software properly implements the required functions, and see that everything is ready for the users to take a crack at it.
User Acceptance Test and Installation Testing
Traditionally, this is where the users ‘get their first crack’ at the software. Unfortunately, by this time, it's usually too late. If the users have not seen prototypes, been involved with the design, and understood the evolution of the system, they are inevitably going to be unhappy with the result. If one can perform every test as user acceptance tests, there is much better chance of a successful project.
Types of Testing Techniques
White Box Testing Technique
White box testing examines the basic program structure and it derives the test data from the program logic, ensuring that all statements and conditions have been executed at least once.
White box tests verify that the software design is valid and also whether it was built according to the specified design.
Different methods used are:
Statement coverage – executes all statements at least once. (each and every line)
Decision coverage – executes each decision direction at least once.
Condition coverage – executes each and every condition in the program with all possible outcomes at least once.
Black Box Testing Technique
Black-box test technique treats the system as a "black-box", so it doesn't explicitly use knowledge of the internal structure. Black-box test design is usually described as focusing on testing functional requirements. Synonyms for black box include: Behavioral, Functional, Opaque-box, and Closed-box.
Black box testing is conducted on integrated, functional components whose design integrity has been verified through completion of traceable white box tests. Black box testing traces the requirements focusing on system externals. It validates that the software meets the requirements irrespective of the paths of execution taken to meet each requirements.
Three successful techniques for managing the amount of input data required includes :
- Equivalence Partitioning
- Boundary Analysis
- Error Guessing
Equivalence Partitioning:
Equivalence partitioning is the process of methodically reducing the huge(infinite)set of possible test cases into a much smaller, but still equally effective set. An Equivalence class is a subset of data that is representative of a larger class. Equivalence partitioning is a technique for testing equivalence classes rather than undertaking exhaustive testing of each value of the larger class, when looking for equivalence partitions, think about ways to group similar inputs, similar outputs, and similar operations of the software. These groups are the equivalence partitions.
For example
A program that edits credit limits within a given range ($20,000-$50,000) would have three equivalence classes:
Less than $20,000(invalid)
Between $20,000 and $50,000 (valid)
Greater than $50,000(invalid)
Boundary value analysis:
If one can safely and confidently walk along the edge of a cliff without falling off, he can almost certainly walk in the middle of a field. If software can operate on the edge of its capabilities, it will almost certainly operate well under normal conditions.
This technique consist of developing test cases and data that focus on the input and output boundaries of a given function. In same credit limit example, boundary analysis would test:
Low boundary plus or minus one ($19,999 and $20,001)
On the boundary ($20,000 and $50,000)
Upper boundary plus or minus one ($49,999 and $50,001)
Error Guessing
This is based on the theory that test cases can be developed based upon the intuition and experience of the Test-Engineer.
Example: In the example of date, where one of the inputs is the date, a test may try February 29, 2000 or 9.9.99
Incremental testing
Incremental testing is a disciplined method of testing the interfaces between unit-tested programs as well as between system components. It involves adding unit-tested programs to a given module or component one by one, and testing each result and combination.
There are two types of incremental testing:
Top-down: - This begins testing from top of the module hierarchy and work down to the bottom using interim stubs to simulate lower interfacing modules or programs. Modules are added in descending hierarchical order.
Bottom-up: - This begins testing from the bottom of the hierarchy and works up to the top. Modules are added in ascending hierarchical order. Bottom-up testing requires the development of driver modules, which provide the test input, call the module or program being tested, and display test output.
There are procedures and constraints associated with each of these methods, although bottom-up testing is often thought to be easier to use. Drivers are often easier to create than stubs, and can serve multiple purposes. Output is also often easier to examine in bottom-up testing, as the output always comes from the module directly above the module under test.
Thread testing
This test technique, which is often used during early integration testing, demonstrates key functional capabilities by testing a string of units that accomplish a specific function in the application. Thread testing and incremental testing are usually utilized together. For example, units can undergo incremental until enough units are integrated and a single business function can be performed, threading through the integrated components.
Testing Life Cycle
Testing Life Cycle follows the following process such as;
- Test Plan Preparation
- Test case Design
- Test Execution & Test Log Preparation
- Defect Tracking
- Test Report Preparation
Test Plan Preparation
The software test plan is the primary means by which software testers communicate to the product development team what they intend to do. The purpose of the software test plan is to prescribe the scope, approach, resource, and schedule of the testing activities. To identify the items being tested, the features to be tested, the testing tasks to be preformed, the personnel responsible for each task, and the risks associated with the plan.
The test plan is simply a by-product of the detailed planning process that’s undertaken to create it. It’s the planning that matters, not the resulting documents. The ultimate goal of the test planning process is communicating the software test team’s intent, its expectations, and its understanding of the testing that’s to be performed.
The following are the important topics, which helps in preparation of Test plan.
High-Level Expectations:
The first topics to address in the planning process are the ones that define the test team’s high-level expectations. They are fundamental topics that must be agreed to, by everyone on the project team, but they are often overlooked. They might be considered “too obvious” and assumed to be understood by everyone, but a good tester knows never to assume anything.
People, Places and Things
Test plan needs to identify the people working on the project, what they do, and how to contact them. The test team will likely work with all of them and knowing who they are and how to contact them is very important.
Similarly, where documents are stored, where the software can be downloaded from, where the test tools are located, and so on need to be identified.
Inter-Group Responsibilities
Inter-Group responsibilities identify tasks and deliverables that potentially affect the test effort. The test team’s work is driven by many other functional groups – programmers, project manages, technical writers, and so on. If the responsibilities aren’t planned out, the project, specifically the testing, can become a worst or resulting in important tasks been forgotten.
Test phases
To plan the test phases, the test team will look at the proposed development model and decide whether unique phases, or stages, of testing should be performed over the course of the project. The test planning process should identify each proposed test phase and make each phase known to the project team. This process often helps the entire team from and understands the overall development model.
Test strategy
The test strategy describes the approach that the test team will use to test the software both overall and in each phase. Deciding on the strategy is a complex task- one that needs to be made by very experienced testers because it can determine the successes or failure of the test effort.
Bug Reporting
Exactly what process will be used to manage the bugs needs to be planned so that each and every bug is tracked, from when it’s found to when it’s fixed – and never, ever forgotten.
Metrics and Statistics
Metrics and statistics are the means by which the progress and the success of the project, and the testing, are tracked. The test planning process should identify exactly what information will be gathered, what decisions will be made with them, and who will be responsible for collecting them.
Risks and Issues
A common and very useful part of test planning is to identify potential problem or risky areas of the project – ones that could have an impact on the test effort.
Test Case Design
The test case design specification refines the test approach and identifies the features to be covered by the design and its associated tests. It also identifies the test cases and test procedures, if any, required to accomplish the testing and specifics the feature pass or fail criteria. The purpose of the test design specification is to organize and describe the testing needs to be performed on a specific feature.
The following topics address this purpose and should be part of the test design specification that is created:
Test case ID or identification
A unique identifier that can be used to reference and locate the test design specification the specification should also reference the overall test plan and contain pointers to any other plans or specifications that it references.
Test Case Description
It is a description of the software feature covered by the test design specification for example, “ the addition function of calculator,” “font size selection and display in word pad,” and “video card configuration testing of quick time.”
Test case procedure
It is a description of the general approach that will be used to test the features. It should expand on the approach, if any, listed in the test plan, describe the technique to be used, and explain how the results will be verified.
Test case Input or Test Data
It is the input the data to be tested using the test case. The input may be in any form. Different inputs can be tried for the same test case and test the data entered is correct or not.
Expected result
It describes exactly what constitutes a pass and a fail of the tested feature. Which is expected to get from the given input.
Test Execution and Test Log Preparation
After test case design, each and every test case is checked and actual result obtained. After getting actual result, with the expected column in the design stage is compared, if both the actual and expected are same, then the test is passed otherwise it will be treated as failed.
Now the test log is prepared, which consists of entire data that were recorded, whether the test failed or passed. It records each and every test case so that it will be useful at the time of revision.
Example
Test case ID Test case Description Test status/ result
Sys_xyz_01 Checking the login window Fail
Sys_xyz_02 Checking the main window True
Defect Tracking
A defect can be defined in one or two ways. From the producer's viewpoint, a defect is a deviation from specifications, whether missing, wrong, etc. From the Customer's viewpoint, a defect is any that causes customer dissatisfaction, whether in the requirements or not, this is known as "fit for use". It is critical that defects identified at each stage of the project life cycle be tracked to resolution.
Defects are recorded for following major purposes:
- To correct the defect
- To report status of the application
- To gather statistics used to develop defect expectations in future applications
- To improve the software development process
Most project teams utilize some type of tool to support the defect tracking process. This tool could be as simple as a white board or a table created and maintained in a word processor or one of the more robust tools available today, on the market, such as Mercury's Test Director etc. Tools marketed for this purpose usually come with some number of customizable fields for tracking project specific data in addition to the basics. They also provide advanced features such as standard and ad-hoc reporting, e-mail notification to developers and/or testers when a problem is assigned to them, and graphing capabilities.
At a minimum, the tool selected should support the recording and communication significant information about a defect. For example, a defect log could include:
- Defect ID number
- Descriptive defect name and type
- Source of defect -test case or other source
- Defect severity
- Defect priority
- Defect status (e.g. open, fixed, closed, user error, design, and so on) -more robust tools provide a status history for the defect
- Date and time tracking for either the most recent status change, or for each change in the status history
- Detailed description, including the steps necessary to reproduce the defect
- Component or program where defect was found
- Screen prints, logs, etc. that will aid the developer in resolution process
- Stage of origination
- Person assigned to research and/or correct the defect
Severity versus Priority
The severity of a defect should be assigned objectively by the test team based on predefined severity descriptions. For example a "severity one" defects maybe defined as one that causes data corruption, a system crash, security violations, etc. In large project, it
may also be necessary to assign a priority to the defect, which determines the order in
which defects should be fixed. The priority assigned to a defect is usually more subjective based upon input from users regarding which defects are most important to them, and therefore should be fixed first.
It is recommended that severity levels be defined at the start of the project so that they intently assigned and understood by the team. This foresight can help test teams avoid the common disagreements with development teams about the criticality of a defect.
Some general principles
- The primary goal is to prevent defects. Wherever this is not possible or practical, the goals are to both find the defect as quickly as possible and minimize the impact of the defect.
- The defect management process, like the entire software development process, should be risk driven, i.e., strategies, priorities and resources should be based on an assessment of the risk and the degree to which the expected impact of risk can be reduced.
- Defect measurement should be integrated into the development process and be used by the project team to improve the development process. In other words, information on defects should be captured at the source as a natural by-product of doing the job. People unrelated to the project or system should not do it.
- As much as possible, the capture and analysis of the information should be automated. There should be a document, which includes a list of tools, which have defect management capabilities and can be used to automate some of the defect management processes.
- Defect information should be used to improve the process. This, in fact, is the primary reason for gathering defect information.
- Imperfect or flawed processes cause most defects. Thus, to prevent defects, the process must be altered.
The Defect Management Process
The key elements of a defect management process are as follows.
- Defect prevention
- Deliverable base-lining
- Defect discovery/defect naming
- Defect resolution
- Process improvement
- Management reporting
Test Reports
A final test report should be prepared at the conclusion of each test activity. This might include
- Individual Project Test Report (e.g., a single software system)
- Integration Test Report
- System Test Report
- Acceptance Test Report
It is designed to accomplish three objectives:
- Define the scope of testing - normally a brief recap of the test plan;
- Present the results of testing; and
- Draw conclusions and make recommendations based on those results
The test report may be a combination of electronic data and hard copy. For example, if the function test matrix is maintained electronically, there is no reason to print that, as the paper report will summarize that data, draws the appropriate conclusions, and present recommendations.
The test report has one immediate and three long-term purposes. The immediate purpose is to provide information to the customers of the software system so that they can determine whether the system is ready for production: and if so, to assess the potential consequences and initiate appropriate actions to minimize those consequences.
The first of the three long-term uses is for the project to trace problems in the event the application malfunctions in production. Knowing which functions have been correctly tested and which ones still contain defects can assist in taking corrective action.
The second long-term purpose is to use the data to analyze the rework process for making changes to prevent defects from occurring in the future. Accumulating the results of many test reports to identify which components of the rework process are detect-prone does this. These defect-prone components identify tasks/steps that, if improved, could eliminate or minimize the occurrence of high-frequency defects.
The third long-term purpose is to show what was accomplished.
Individual Project Test Report
These reports focus on individual projects (e.g., software system). When different testers test individual projects, they should prepare a report on their results.
Integration Test Report
Integration testing tests the interfaces between individual projects. A good test plan will identify the interfaces and institute test conditions that will validate interfaces. Given this, the interface report follows the same format as the individual Project Test report, except that the conditions tested are the interfaces.
System Test Report
A system test plan standard that identified the objectives of testing, what was to be tested, how it was to be tested and when tests should occur. The System Test report should present the results of executing that test plan. If this is maintained electronically, it need only be referenced, not included in the report.
Acceptance Test Report
There are two primary objectives for testing. The first is to ensure that the system as implemented meets the real operating needs of the user or customer. If the defined requirements are those true needs, the testing should have accomplished this objective. The second objective is to ensure that the software system can operate in the real-world user environment, which includes people skills and attitudes, time pressures, changing business conditions, and so forth.
Eight Interim Reports:
1. Functional Testing Status
2. Functions Working Timeline
3. Expected verses Actual Defects Detected Timeline
4. Defects Detected verses Corrected Gap Timeline
5. Average Age of Detected Defects by Type
6. Defect Distribution
7. Relative Defect Distribution
8. Testing Action
1. Functional Testing Status Report
This report will show percentages of the functions, which have been:
- Fully Tested
- Tested With Open Defects
- Not Tested
2. Functions Working Timeline report
This report will show the actual plan to have all functions working verses the current status of functions working. An ideal format could be a line graph.
3. Expected verses Actual Defects Detected report
This report will provide an analysis between the number of defects being generated against the expected number of defects expected from the planning stage
4. Defects Detected verses Corrected Gap report
This report, ideally in a line graph format, will show the number of defects uncovered verses the number of defects being corrected and accepted by the testing group. If the gap grows too large, the project may not be ready when originally planned.
5. Average Age Detected Defects by Type report
This report will show the average outstanding defects by type (severity 1, severity 2, etc.). In the planning stage, it is benefic determine the acceptable open days by defect type.
6. Defect Distribution report
This report will show the defect distribution by function or module. It can also include items such as numbers of tests completed.
7. Relative Defect Distribution report
This report will take the previous report (Defect Distribution) and normalize the level of defects. An example would be one application might be more in depth than another, and would probably have a higher level of defects. However, when normalized over the number of functions or lines of code, would show a more accurate level of defects.
8. Testing action report
This report can show many different things, including possible shortfalls in testing. Examples of data to show might be number of severity defects, tests that are behind schedule, and other information that would present an accurate testing picture
Software Metric
Effective management of any process requires quantification, measurement, and modeling. Software metrics provide a quantitative basis for the development and validation of models of the software development process. Metrics can be used to improve software productivity and quality. This module introduces the most commonly used software and reviews their use in constructing models of the software development process.
Definition of Software Metrics
A metric is a mathematical number that shows a relationship between two variables. It is a quantitative measure of the degree to which a system, component or process possesses a given attribute. Software Metrics are measures that are used to quantify the software, software development resource and software development process.
Metric generally classified into 2 types.
- Process Metric
- Product Metric
Process Metric a metric used to measure the characteristic of the methods, techniques and tools employed in developing, implementing and maintaining the software system.
Product Metric a metric used to measure the characteristic of the documentation and code
The metrics for the test process would include status of test activities against the plan, test coverage achieved so far, among others. An important metric is the number of defects found in internal testing compared to the defects found in customer tests, which indicate the effectiveness of the test process itself.
Test Metrics
The following are the Metrics collected in testing process
User participation = User Participation Test Time Vs Total Test Time
Path Tested = Number of Path Tested Total Number of Paths
Acceptance Criteria Tested = Acceptance Criteria Verified Vs Total Acceptance Criteria
Test Cost
Cost to Locate Defect =
No of Defects located in the Testing
This metric shows the cost to locate a defect Detected
No of Defects detected in production
Production Defect=
Application System size
Cost of Manual Test Effort
Test Automation =
Total Test Cost
Other Testing Terms
Usability Testing
Determines how well the user will be able to understand and interact with the system. It identifies areas of poor human factors design that may make the system difficult to use. Ideally this test is conducted on a system prototype before development actually beings. If a navigational or operational prototype is not available, screen prints of all of the applications screens or windows can be used to walk the user through various business scenarios.
Conversion Testing
Specifically designed to validate the effectiveness of the conversion process. This test may be conducted jointly by developers and testers during integration testing, or at the start of system testing, since system testing must be conducted with the converted data. Field -to -Field mapping and data translation is validated and, if a foil copy of production data will be used in the test.
Vendor Validation Testing
Verifies that the functionality of contracted or third party software meets the organization's requirements, prior to accepting it and installing it into a production environment. This test can be conducted jointly by the software vendor and the test team, and focuses on ensuring that all requested functionality has been delivered.
Stress / Load Testing
Conducted to validate the application, database, and network, they may handle projected volumes of users and data effectively. The test is conducted jointly by developers, testers, DBA's and network associates after the system testing. During the test, the complete system is subjected to environmental conditions that defer expectations to answer question such as:
- How large can the database grow before performance degrades?
- At what point will more storage space be required?
- How many users can use the system simultaneously before it slows down or fails?
Performance Testing
Usually conducted in parallel with stress and load testing in order to measure performance against specified service-level objectives under various conditions. For instance, one may need to ensure that batch processing will complete within the allocated amount of time, or that on-line response times meet performance requirements.
Recovery Testing
Evaluates the contingency features built into the application for handling inter and for returning to specific points in the application processing. Any restoration, and restart capabilities are also tested here. The test team may conduct this test during system test or by another team specifically gathered for this purpose.
Configuration Testing
In the IT Industry, a large percentage of new applications are either client/server or web-based, validating that they will run on the various combinations of hardware and software. For instance, configuration testing for an web-based application would
incorporate versions and releases of operating systems, internet browsers, modem speeds, and various off the shelf applications that might be integrated (e.g. e-mail application)
Benefits Realization Test
With the increased focus on the value of business returns obtained from investments information technology this type of test or analysis is becoming more critical. The benefits Realization Test is a test or analysis conducted after an application is moved into production in order to determine whether the application is likely to deliver the original projected benefits. The analysis is usually conducted by- the business user or client group who requested the project, and results are reported back to executive management.
Test Standards
External Standards- Familiarity with and adoption of industry test standards from Organizations.
Internal Standards-Development and enforcement of the test standards that testers must meet
IEEE
- Institute of Electrical and Electronics Engineers
- Founded in 1884
- Have an entire set of standards devoted to Software
- Testers should be familiar with all the standards mentioned in IEEE.
IEEE STANDARDS: That a Tester should be aware of
1. 610.12-1990 IEEE Standard Glossary of Software Engineering Terminology
2. 730-1998 IEEE Standard for Software Quality Assurance Plans
3. 828-1998 IEEE Standard for Software Configuration Management Plan
4. 829-1998 IEEE Standard for Software Test Documentation.
5. 830-1998 IEEE Recommended Practice for Software Requirement Specification
6. 1008-1987 (R1993) IEEE Standard for Software Unit Testing (ANSI)
7. 1012-1998 IEEE Standard for Software Verification and Validation.
8. 1012a-1998 IEEE Standard for Software Verification and Validation Supplement to 1012-1998 Content Map
to IEEE 122207.1
9. 1016-1998 IEEE Recommended Practice for Software Descriptions
10. 1028-1997 IEEE Standard for Software Reviews
11. 1044-1993 IEEE Standard classification for Software Anomalies
12. 1045-1992 IEEE Standard for Software Productivity Metrics(ANSI)
13. 1058-1998 IEEE Standard for Software Project Management Plans
14. 1058.1-1987 IEEE Standard for Software Management
15. 1061-1998.1 IEEE Standard for Software Quality Metrics Methodology.
Other Standards:
- ISO-International Organization for Standards
- SPICE -Software Process Improvement and Capability Determination
- NIST -National Institute of Standards and Technology
- DoD-Department of Defense
Internal Standards
The use of Standards...
- Simplifies communication
- Promotes consistency and uniformity
- Eliminates the need to invent yet another solution to the same problem
- Provides continuity
- Presents a way of preserving proven practices
- Supplies benchmarks and framework
Web Testing
Introduction
The Web Testing is mainly concerned on 6 parts they are
- Usability
- Functionality
- Server side Interface
- Client side Compatibility
- Performance
- Security
Usability
One of the reasons the web browser is being used as the front end to applications is the ease of use. Users who have been on the web before will probably know how to navigate a well-built web site. While 7012 are concentrating on tin's portion of testing it is important to verify that the application is easy to use. Many will believe that this is the least important area to test, the site should be better and easy to use. Even if the web site is simple, there will always be some one who needs some clarification. Additionally, the documentation needs also to be verified, so that the instructions are correct.
The following are the some of the things to be checked for easy navigation through website:
- Site map or navigational bar: Does the site have a map? Sometimes power users know exactly where they want to go and don't want to go through lengthy introductions. Or new users get lost easily. Either way a site map and/or ever-present navigational map can guide the user. The site map needs to be verified for its correctness. Does each link on the map actually exist? Are there links on the site that are not represented on the map? Is the navigational bar present on every screen? Is it consistent? Does each link work on each page? Is it organized in an intuitive manner?
- Content: To a developer, functionality comes before wording. Anyone can slap together some fancy mission statement later, but while they are developing, they just need some filler to verify alignment and layout. Unfortunately, text produce like this may sneak through the cracks. It is important to check with the public relations department on the exact wording of the content. Otherwise, the company can get into a lot of trouble, legally. One has to make sure the site looks professional. Overuse of bold text, big fonts and blinking can turn away a customer quickly. It might be a good idea to consult a graphic designer to look over the site during User Acceptance Testing. Finally, one has to make sure that any time a web reference is given, that it is hyper linked. Plenty of sites ask them to email them at a specific address or to download a browser from an address. But if the user can't click on it, they are going to be annoyed.
- Colors/backgrounds:Ever since the web became popular, everyone thinks they are a graphic designer. Unfortunately, some developers are more interested in their new backgrounds, than ease of use. Sites will have yellow text on a purple picture of a fractal pattern. This may seem "pretty neat", but it's not easy to use. Usually, the best idea is to use little or no background. If there is a background, it might be a single color on the left side of the page, containing the navigational bar. But, patterns and pictures distract the user.
- Images: Whether it's a screen grab or a little icon that points the way, a picture is worth a thousand words. Sometimes, the best way to tell the user something is to simply show them. However, bandwidth is precious to the client and the server, so you need to conserve memory usage. Do all the images and value to each page, or do they simply waste bandwidth? Can a different file type (.GIF, JPG) be used for 30k less? In general, one doesn't want large pictures on the front page, since most users who abandon a load will do it on the front page. If the front page is available quickly, it will increase the chance they will stay.
- Tables: It has to be verified that tables are setup properly. Does the user constantly have to scroll right to see the price of the item? Would it be more efficient to put the price closer to the left and put miniscule details to the right? Are the columns wide enough or does every row have to wrap around? Are certain rows excessively high because of one entry? These are some of the points to be taken care of.
- Wrap-around:Finally, it has to be verified whether the wrap-around occurs properly. If the text refers to a picture on the right, make sure the picture is on the right. Make sure that widow and orphan sentences and paragraphs don't layout in an awkward manner because of pictures.
Functionality
The functionality of the web site is why the company hired a developer and not just an artist. This is the part that interfaces with the server and actually "does stuff".
- Links: A link is the vehicle that gets the user from page to page. Two things has to be verified for each link - that the link which brings to the page it said it would and that the pages it is trying to link, exist. It may sound a little silly but many of the web sites exist with internal broken links.
- Forms: When a user submits information through a form it needs to work properly. The submit button needs to work If the form is for an online registration, the user should be given login information (that works) after successful completion. If the form gathers shipping information, it should be handled properly and the customer should receive their package. In order to test this, you need to verify that the server stores the information properly and that systems down the line can interpret and use that information.
- Data verification:If the system verifies user input according to business rules, then that needs to work properly. For example, a State field may be checked against a list of valid values. If this is the case, you need to verify that the list is complete and that the program actually calls the list properly (add a bogus value to the list and make sure the system accepts it).
- Cookies: Most users only like the kind with sugar, but developers love web cookies. If the system uses them, you need to check them. If they store login information, make sure the cookies work and make sure it's encrypted in the cookie file. If the cookie is used for statistics, verify that totals are being counted properly. And you'll probably want to make sure those cookies are encrypted too, otherwise people can edit their cookies and skew your statistics.
- Application specific functional requirements:Most importantly, one may want to verify the application specific functional requirements, Try to perform all functions a user would: place an order, change an order, cancel an order, check the status of the order, change shipping information before an order is shipped, pay online, ad naseum. This is why users will show up on the developer’s doorstep, so one need to make sure that he can do what is advertised.
Server side Interface
Many times, a web site is not an island. The site will call external servers for additional data, verification of data or fulfillment of orders.
- Server interface: The first interface one should test is the interface between the browser and the server, transactions should be attempted, then the server logs viewed and verified that what is seen in the browser is actually happening on the server. It's also a good idea to run queries on the database to make sure the transaction data is being stored properly.
- External interfaces: Some web systems have external interfaces. For example, a merchant might verify credit card transactions real-time in order to reduce fraud. Several test transactions may have to be sent using the web interface. Try credit cards that are valid, invalid, and stolen. If the merchant only takes Visa and MasterCard, try using a Discover card. (A simple client-side script can check 3 for American Express, 4 for Visa, 5 for MasterCard, or 6 for Discover, before the transaction is sent.) Basically, it has to be ensured that the software can handle every possible message returned by the external server.
- Error handling: One of the areas left untested most often is interface error handling. Usually we try to make sure our system can handle all our errors, but we never plan for the other systems' errors or for the unexpected. Try leaving the site mid-transaction - what happens? Does the order complete anyway? Try losing the Internet connection from the user to the server. Try losing the connection from the server to the credit card verification server. Is there proper error handling for all these situations? Are charges still made to credit cards? Is the interruption is not user initiated, does the order get stored so customer service reps can call back if the user doesn't come back to the site?
Client side Compatibility
It has to be verified that the application can work on the machines your customers will be using. If the product is going to the web for the world to use, every operating system, browser, video setting and modem speed has to be tried with various combinations.
- Operating systems: Does the site work for both MAC and IBM Compatibles? Some fonts are not available on both systems, so make sure that secondary fonts are selected. Make sure that the site doesn't use plug-ins only available for one OS, if the users using both.
- Browsers: Does the site work with Netscape? Internet Explorer? Linux? Some HTML commands or scripts only work for certain browsers. Make sure there are alternate tags for images, in case someone is using a text browser. If SSL security is used, it has to be checked whether browsers 3.0 and higher, but it has to be verified that there is a message for those using older browsers.
- Video settings: Does the layout still look good on 640x400 or 600x800? Are fonts too small to read? Are they too big? Does all the text and graphic alignment still work?
- Modem/connection speeds: Does it take 10 minutes to load a page with a 28.8 modem, but whether it is tested after hooking up to high-speed connections? Users will expect long download times when they are grabbing documents or demos, but not on the front page. It has to be ensured that the images aren't too large. Make sure that marketing don't put 50k of font size -6 keywords for search engines.
- Printers: Users like to print. The concept behind the web should save paper and reduce printing, but most people would rather read on paper than on the screen. So, you need to verify that the pages print properly. Sometimes images and text align on the screen differently than on the printed page. It has to be verified that order confirmation screens can be printed properly.
- Combinations: A different combination has to be tried. Maybe 600x800 looks good on the MAC but not on the IBM. Maybe IBM with Netscape works, but not with Linux. If the web site will be used internally it might make testing a little easier. If the company has an official web browser choke, then it has to be verified that it works for that browser. If everyone has a high-speed connection, load times need not be checked. (But it has to be kept in mind, some people may dial in from home.) With internal applications, the development team can make disclaimers about system requirements and only support those systems setups. But, ideally, the site should work on all machines without limit growth and changes in the future.
Performance Testing
It need to be verified that the system can handle a large number of users at the same time, a large amount of data from each user, and a long period of continuous use.
Accessibility is extremely important to users. If they get a "busy signal", they hang up and call the competition. Not only must the system be checked so the customers can gain access, but many times hackers will attempt to gain access to a system by overloading it, For the sake of security, the system needs to know what to do when it's overloaded; not simply blow up.
- Concurrent users at the same time: If the site just put up the results of a national lottery, it will be better to handle millions of users right after the winning numbers are posted. A load test tool would be able simulate concurrent users accessing the site at the same time.
- Large amount of data from each user: Most customers may only order 1-5 books from your new online bookstore, but what if a university bookstore decides to order 5000 copies of Intro to Psychology? Or what if one user wants to send a gift to larger number of his/her friends for Christmas (separate mailing addresses for each, of course.) Can the system handle large amounts of from a single user?
- Long period of continuous use: If the site is intended to take orders for specific occasion, then it will be better to handle well before the occasion. If the site offers web-based email, it will be better to run months or even years, without downtimes. It may probably be required to use an automated test tool to implement these types of tests, since they are difficult to do manually. Imagine coordinating 100 people to hit the site at the same time. Now try 100,000 people. Generally, the tool will pay for itself the second time you use it. Once the tool is set up, running another test is just a click away.
Security
Even if credit card payments are not accepted, security is very important. The web site will be the only exposure for some customers to know about a company. And, if that exposure is a hacked page, the customers won't feel safe doing business with the company using internet.
- Directory setup: The most elementary step of web security is proper setup of directories. Each directory should have an index.html or main.html page so a directory listing doesn't appear.
- SSL (Secured Socket Layer): Many sites use SSL for secure transactions. While entering an SSL site, there will be a browser warning and the HTTP in the location field on the browser will change to HTTPS. If the development group uses SSL it is to be ensured that, there is an alternate page for browser with versions less than 3.0, since SSL is not compatible with those browsers. Sufficient warnings while entering and leaving the secured site are to be provided. Also it needs to be checked whether there is a time-out limit or what happens if the user tries a transaction after the timeout?
- Logins: In order to validate users, several sites require customers to login. This makes it easier for the customer since they don't have to re-enter personal information every time. You need to verify that the system does not allow invalid usernames/password and that does allow valid logins. Is there a maximum number of failed logins allowed before the server locks out the current user? Is the lockout based on IP? What happens after the maximum failed login attempts; what are the rules for password selection – these needs to be checked.
- Log files:Behind the scenes, it needs to be verified that server logs are working properly. Does the log track every transaction? Does it track unsuccessful login attempts? Does it only track stolen credit card usage? What does it store for each transaction? IP address? User name?
- Scripting languages: Scripting languages are a constant source of security holes. The details are different for each language. Some allow access to the root directory. Others only allow access to the mail server, but a resourceful hacker could mail the servers username and password files to themselves. Find out what scripting languages are being used and research the loopholes. It might also be a good idea to subscribe to a security newsgroup that discusses the language that is being tested.
Conclusion
Whether an Internet or intranet or extranet application is being tested, testing for the web can be more challenging than non-web applications. Users have high expectations for web page quality. In many cases, the page is up for public relations, just as much as functionality, so the impression must be perfect.