Software Testing

Security testing can be performed in many ways. It can performed specified areas

1. Black-Box Level
2. White-Box Level and finally at
3. Database Level.

For each of these there includes different types of methods and based on these we can follow them. But all these methods can be used manually to test your application in above specified areas. We also require certain tools for few of the methods

Here are the list of security testing methods and techniques used in 3 areas

Functionality Testing
a. Session Hijacking
b. Session Prediction
c. E-mail Spoofing
d. Content Spoofing
e. Phishing
f. Password Cracking
g. Active Program Scripting Exploits

White-Box Testing
a. Malicious Code Injection
b. Penetration testing
c. Input Validation
d. Variable Manipulation

Database Testing (Stored procedures can be testing by SQL Injection and variable manipulation techniques you can fine more info on net)
a. SQL injection
b. Blind SQL Injection (Part of SQL Injection)
c. Input Validation

At last at website/web application level
a. Cross-site scripting
b. SSI Injection
c. IP Spoofing

Hope this gives idea on what is security testing and in which all areas we carry out testing with what all methods and techniques

Client server Technology:
1. Number of clients is predicted or known
2. Client and server are the entities to be tested
3. Both server and client locations are fixed and known to the user
4. Server to server interaction is prohibited
5. Low multimedia type of data transaction
6. Designed and implemented on intranet environment

Web based Technology:
1. Number of clients is difficult to predict (millions of clients)
2. Client, Server and network are the entities to be tested
3. Server location is certain, client locations are not certain
4. Server to server interaction is normal
5. Rich multimedia type of data transaction
6. Designed and implemented on internet environment

Client Server Testing:-

In client server testing test engineer are conduct the following testings:-

1.Behaviour testing(GUI TESTING)
2.Input domain testing
3.Error Handling testing
4.Backend testing

Web Based Testing:-

In Web testing test engineer are condut the following testings:-

1.Behaviour Testing
2.Static web testing
3.Input domain testing
4.Backend testing
5.Error handling testing
6. Frame Level testing

What is meant by Testing Framework

Framework is nothing but a standard approach, which the entire Team follows in the course of a Project. This includes Folder structures, Naming conventions, File paths, Common Functions, etc

Testing Framework is something like a framework designed according to our requirement.

Example: You want to test one application for UI, FUNCTIONAL and LOCALIZATION. For this requirement you can have your own framework...

1) UI testing: Identify what to test assume that font, size, and color...
2) Functional: Whether the button is working properly example login.
3) Localization: Test for diff languages at a time.

Frame Work:
1) Write all functional libraries for UI at one place.
2) Write down all functional library methods in own file.
3) Have complete list of strings what are necessary for localization at one place assume that a excel sheet.
4) Using the resources are XML now you can import them and write your script by record and play back or using descriptive programming।
5) Finally test your application।

WEB TESTING
While testing a web application you need to consider following Cases:

• Functionality Testing
• Performance Testing
• Usability Testing
• Server Side Interface
• Client Side Compatibility
• Security

Functionality:
In testing the functionality of the web sites the following should be tested:
• Links
i. Internal Links
ii. External Links
iii. Mail Links
iv. Broken Links

• Forms
i. Field validation
ii. Error message for wrong input
iii. Optional and Mandatory fields

• Database
* Testing will be done on the database integrity.

• Cookies
* Testing will be done on the client system side, on the temporary Internet files.

Performance :
Performance testing can be applied to understand the web site’s scalability, or to benchmark the performance in the environment of third party products such as servers and middleware for potential purchase.

• Connection Speed:
Tested over various networks like Dial Up, ISDN etc
• Load:
i. What is the no. of users per time?
ii. Check for peak loads and how system behaves
iii. Large amount of data accessed by user
• Stress:
i. Continuous Load
ii. Performance of memory, CPU, file handling etc..

Usability:
Usability testing is the process by which the human-computer interaction characteristics of a system are measured, and weaknesses are identified for correction.
• Ease of learning
• Navigation
• Subjective user satisfaction
• General appearance

Server Side Interface:
In web testing the server side interface should be tested. This is done by verify that communication is done properly. Compatibility of server with software, hardware, network and database should be tested.

Client Side Compatibility:
The client side compatibility is also tested in various platforms, using various browsers etc.

Desktop application runs on personal computers and workstations, so when you test the desktop application you are focusing on a specific environment. You will test complete application broadly in categories like GUI, functionality, Load, and backend i.e DB.

In client server application you have two different components to test. Application is loaded on server machine while the application exe on every client machine. You will test broadly in categories like, GUI on both sides, functionality, Load, client-server interaction, backend. This environment is mostly used in Intranet networks. You are aware of number of clients and servers and their locations in the test scenario.

Web application is a bit different and complex to test as tester don’t have that much control over the application. Application is loaded on the server whose location may or may not be known and no exe is installed on the client machine, you have to test it on different web browsers. Web applications are supposed to be tested on different browsers and OS platforms so broadly Web application is tested mainly for browser compatibility and operating system compatibility, error handling, static pages, backend testing and load testing.

Are you going to start on a new project for testing? Don’t forget to check this Testing Checklist in each and every step of your Project life cycle. List is mostly equivalent to Test plan, it will cover all quality assurance and testing standards.

What is White Box Testing?

White box testing (WBT) is also called Structural or Glass box testing.

White box testing involves looking at the structure of the code. When you know the internal structure of a product, tests can be conducted to ensure that the internal operations performed according to the specification. And all internal components have been adequately exercised.

White Box Testing is coverage of the specification in the code.

Code coverage:

Segment coverage:
Ensure that each code statement is executed once.

Branch Coverage or Node Testing:
Coverage of each code branch in from all possible was.

Compound Condition Coverage:
For multiple condition test each condition with multiple paths and combination of different path to reach that condition.

Basis Path Testing:
Each independent path in the code is taken for testing.

Data Flow Testing (DFT):
In this approach you track the specific variables through each possible calculation, thus defining the set of intermediate paths through the code.DFT tends to reflect dependencies but it is mainly through sequences of data manipulation. In short each data variable is tracked and its use is verified.
This approach tends to uncover bugs like variables used but not initialize, or declared but not used, and so on.

Path Testing:
Path testing is where all possible paths through the code are defined and covered. Its a time consuming task.

Loop Testing:
These strategies relate to testing single loops, concatenated loops, and nested loops. Independent and dependent code loops and values are tested by this approach.

Why we do White Box Testing?
To ensure:

• That all independent paths within a module have been exercised at least once.
• All logical decisions verified on their true and false values.
• All loops executed at their boundaries and within their operational bounds internal data structures validity.

Need of White Box Testing?
To discover the following types of bugs:

• Logical error tend to creep into our work when we design and implement functions, conditions or controls that are out of the program
• The design errors due to difference between logical flow of the program and the actual implementation
• Typographical errors and syntax checking

Usability testing - User-friendliness check. Application flow is tested, Can new user understand the application easily, Proper help documented whenever user stuck at any point. Basically system navigation is checked in this testing.

Compatibility testing - Testing how well software performs in a particular hardware/software/operating system/network environment and different combination s of above.

• CMM describes about the software engineering alone where as CMM Integrated describes both software and system engineering. CMMI also incorporates the Integrated Procees and Product Development and the supplier sourcing.

CMM:

The first CMM (CMM v1.0) was developed for software and released in August 1990.Based on this success and the demand from other interests CMMs were developed for otherdisciplines and functions:a. Systems Engineeringb. Peoplec. Integrated Product Developmentd. Software Acquisitione. Software Quality Assurancef. Measurement.

CMMI:

The CMM Integration Project was formed to:

1. Establish a framework to integrate current and future models

2. Build an initial set of integrated models.

The source models that served as the basis for the CMMI include:

1. CMM for Software v2.0 Draft C

2. EIA ? 731 Systems Engineering

3. IPD CMM (IPD) v0.98a

Note - CMM = 'Capability Maturity Model', now called the CMMI ('Capability Maturity Model Integration'), developed by the SEI

CMM Capability Maturity model it is a type of quality standard.

CMM(Capability Maturity Model) is an industry-standerd model for defining and measuring the "maturity" of a software company's development process and for providing direction on what they can do to improve their software quality.it was developed by the software development community along with the software engineering institute(SEI).


CMM level means here, the CMM levels are 5

Level 1) Initial : Here concentrate on the team, team should be very strong. Software project success depends on having high quality people.

Level 2) Repeatable [Managed]: Here concentrate on the repeatability and used well defined guide lines. Software development successes are repeatable. The processes may not repeat for all the projects in the organization. The organization may use some basic project management to track cost and schedule

Level 3) Defined : The software process for both management and engineering activities is documented, standardized, and integrated into a standard software process for the organization.

Level 4) Quantitatively Managed: Detailed measures of the software process and product quality are collected. Both the software process and products are quantitatively understood and controlled.

Level 5) Optimisation : Continuous process improvement is enabled by quantitative feedback from the process and from piloting innovative ideas and technologies.


CMMI : Capability Maturity Model for Integration, if the companies are producing IT and Non-IT products then it is CMMI CMMP : Capability Maturity Model for People these companies give more benefits to people so people will work more satisfaction.

Recovery testing - testing how well a system recovers from crashes, hardware failures, or other catastrophic problems.

Realization testing is possible in each and every phase mentioned below:(Either it may be verification or validation)

• programming or coding the software
• customizing and configuring the package or the programs
• writing the documentations
• performing the internal tests

VERIFICATION: THE VERIFY THE PROCESS LIKE SET OF DOCUMENTS,PLANS,SPECIFICATIONS AND REQUIREMENTS.

VALIDATION: THE ACTUAL TESTING OF AN ACTUAL PRODUCT.

Verification all the documents produced during development, and on plans.
i/p for verification:
1 Checklists
2. Issue lists
3.Walk throughs
4. Inspections
5. Reviews and Meetings

Validation is actual testing
i/p for validation:
1. Test Cases based on user requirements.
2. Test Data etc.

Testing is Quality Control
Quality Control-Measure the Quality Of Products
Detection action
Quality Assurance-Measure the Quality of Process.
Prevention action


Quality Control (Testing) : A process of executing the system intending to find defects.

Quality Assurance:A set of activities that are adequate to ensure that system meets its objectives

Performance Testing:

• In performance testing we test the Responce time, efficiency and processing speed.
• To test the complaince of the system.
  

• Increasing the number of users at a specific interval of time. Load testing is a combination of capacity testing and longetivity testing.
• Load testing Innitially we will start test with single user and based on the transaction
  time we will increase the user one by one.
  

Example - IF 5 users are using the login page of yahoo mail at the same time the performance
is constant. If 10 users are add by the user at the same time . the performance is constant.
At last In If the users add 20 user at the same time the performance should decreased.

Stress Testing:

• Testing is done with max no of users in low disk space, low memory and low configuration.
• The execution of our application build under customer expected configuration and various
  load levels from high level to low level and low level to high level to estimate load
  balancing is called stress testing.

Example: An users are added to with in the specification of the limit, and cannot be added
beyond that.

Volume Testing:

• To estimate the data base in terms of records.
• We are executing the test with diffrent volume of data (eg. Number of records).
  

Example: If 1 user is accessing how many records are retriving. if 2 users are accessiong how many records are retriving, etc....

Alpha Testing:

Alpha testing is done by client side people in development environment..

Beta Testing:
Beta Testing is done by client side people in real time environment....

Beta Testing is last stage of testing where a product is sent outside the company or offer the product for free trial download.

Unit test case will be based on program design or logical flow of Login that will be written by Developer only. It is related to internal structure.Integration test case will include the TC for linking of 2 module.

E.G.:-
On login screen user will user name & pwd. Click on Submit or confirming object so that i/p will get validate into database. So, First integrate chk will be DB connectivity is correct or not. & it recognizing the user name & pwd for comaparision. & Overall o/p will be Login should be successful & Main Screen should be open up.In system-functional testing, Tester will write the test case based on validation of fields & all combination of positive & -ve data. (Valid & Invalid testing)At acceptance level....User will check only for valid & Invalid entry.Test case format changes as per company.

Unit Testing
The main objective of Unit testing is to test each and every function.Generally unit test is done by developer.It is conducted before integration testing.

The application is divided into different modules as units and testing is performed on each single module.

Integration Testing
Testing of combined parts of an application to determine,if they function together correctly.

Integration testing is the testing of combined parts of an application to determine if they function together correctly.

System Testing
Testing that attempts to discover defects that are properties of entire system.

System testing is Black-box type of testing that is based on overall requirements specifications. It covers all combined parts of the system.

Black Box Testing:- Testing of functionality of software .It does not need knowledge of coding.It is also called as Behavioral testing/opaque box testing.

White Box testing:-Testing of internal structure of software.It require knowlege of coding.It is also called as structral /glass box testing.

Smoke Testing is initial level testing to check whether complete functionality is available or not.It is done at build level.
Sanity Testing is initial level testing to check whether application behaviour is proper or not. It is done at system level.

Conceptually both r same.Perceptionally they r different.
In both the testings we check for the availability for the entire application.

Smoke Testing - we just whether the entire application is present or not.
Sanity Testing - We check for whether the entire application available is proper or not.


Smoke test: Smoke test is done on Builds (.exe file) to check whether Overall Functionalities is working or not....
Sanity test: Sanity test is done to check whether the application is build on client requirements or not ...

Note:If 60 % of Functionality are not working we have to stop testing.