Thursday, December 3, 2009

Explain IEEE 829 standard and other software testing standards.

IEEE 829 Standard is used for Software Test Documentation, where it specifies format for the set of documents to be used in the different stages software testing.
The documents are,
Test Plan – Test Plan is a planning document which has information about the scope, resources, duration, test coverage and other details.
Test Design – Test Design document has information of test pass criteria with test conditions and expected results.
Test Case – Test case document has information about the test data to be used.
Test Procedure – Test Procedure has information about the test steps to be followed and how to execute it.
Test Log – Test log has details about the run test cases, test plans & fail status, order, and the resource information who tested it.
Test Incident Report – Test Incident Report has information about the failed test comparing the actual result with expected result.
Test Summary Report – Test Summary Report has information about the testing done and quality of the software, it also analyses whether the software has met the requirements given by customer.

The other standards related to software testing are,
IEEE 1008 is for Unit Testing
IEEE 1012 is for Software verification and validation
IEEE 1028 is for Software Inspections
IEEE 1061 is for Software metrics and methodology
IEEE 1233 is for guiding the SRS development
IEEE 12207 is for SLC process

Read more...

Explain the methods and techniques used for Security Testing

Security testing can be performed in many ways like,
• Black Box Level
• White Box Level
• Database Level

Black Box Level
Session Hijacking
Session Hijacking commonly called as “IP Spoofing” where a user session will be attacked on a protected network.
• Session Prediction
Session Prediction is a method of obtaining data or a session ID of an authorized user and gets access to the application. In a web application the session ID can be retrieved from cookies or URL.
The Session Prediction happening can be predicted when a website is not responding normally or stops responding for an unknown reason.
• Email Spoofing
Email Spoofing is duplicating the email header (“From” address) to look like originated from actual source and if the email is replied it will land in the spammers inbox. By inserting commands in the header the message information can be altered. It is possible to send a spoofed email with information you didn’t write.
• Content Spoofing
Content spoofing is a technique to develop a fake website and make the user believe that the information and website is genuine. When the user enters his Credit Card Number, Password, SSN and other important details the hacker can get the data and use if for fraud purposes.
• Phishing
Phishing is similar to Email Spoofing where the hacker sends a genuine look like mail attempting to get the personal and financial information of the user. The emails will appear to have come from well known websites.
• Password Cracking
Password Cracking is used to identify an unknown password or to identify a forgotten password
Password cracking can be done through two ways,
1. Brute Force – The hacker tries with a combination of characters within a length and tries until it is getting accepted.
2. Password Dictionary – The hacker uses the Password dictionary where it is available on various topics.

White Box Level
• Malicious Code Injection
SQL Injection is most popular in Code Injection Attack, the hacker attach the malicious code into the good code by inserting the field in the application. The motive behind the injection is to steal the secured information which was intended to be used by a set of users.
Apart from SQL Injection, the other types of Malicious code injection are XPath Injection, LDAP Injection, and Command Execution Injection. Similar to SQL Injection the XPath Injection deals with XML document.
• Penetration Testing
Penetration Testing is used to check the security of a computer or a network. The test process explores all the security aspects of the system and tries to penetrate the system.
• Input Validation
Input validation is used to defend the applications from hackers. If the input is not validated mostly in web applications it could lead to system crashes, database manipulation and corruption.
• Variable Manipulation
Variable manipulation is used as a method for specifying or editing the variables in a program. It is mostly used to alter the data sent to web server.

Database Level
SQL Injection
SQL Injection is used to hack the websites by changing the backend SQL statements, using this technique the hacker can steal the data from database and also delete and modify it.

Read more...

Explain Alpha, Beta, Gamma Testing

Alpha Testing
Alpha Testing is mostly like performing usability testing which is done by the in-house developers who developed the software or testers. Sometimes this Alpha Testing is done by the client or an outsider with the presence of developer and tester. The version release after alpha testing is called Alpha Release.

Beta Testing
Beta Testing is done by limited number of end users before delivery, the change request would be fixed if the user gives feedback or reports defect. The version release after beta testing is called beta Release.

Gamma Testing
Gamma Testing is done when the software is ready for release with specified requirements, this testing is done directly by skipping all the in-house testing activities.

Read more...


The terms Priority and Severity are used in Bug Tracking to share the importance of a bug among the team and to fix it.

Severity

1. The Severity status is used to explain how badly the deviation is affecting the build.

2. The severity type is defined by the tester based on the written test cases and functionality.
Ex : If an application or a web page crashes when a remote link is clicked, in this case clicking the remote link by an user is rare but the impact of application crashing is severe, so the severity is high and priority is low.

Priority

1. The Priority status is set by the tester to the developer mentioning the time frame to fix a defect. If High priority is mentioned then the developer has to fix it at the earliest.

2. The priority status is set based on the customer requirements.
Ex : If the company name is misspelled in the home page of a website, then the priority is high and the severity is low to fix it.

Read more...

What is the difference between Two Tier Architecture and Three Tier Architecture?

In Two Tier Architecture or Client/Server Architecture two layers like Client and Server is involved. The Client sends request to Server and the Server responds to the request by fetching the data from it. The problem with the Two Tier Architecture is the server cannot respond to multiple requests at the same time which causes data integrity issues.
The Client/Server Testing involves testing the Two Tier Architecture of user interface in the front end and database as backend with dependencies on Client, Hardware and Servers.
In Three Tier Architecture or Multi Tier Architecture three layers like Client, Server and Database are involved. In this the Client sends a request to Server, where the Server sends the request to Database for data, based on that request the Database sends back the data to Server and from Server the data is forwarded to Client.
The Web Application Testing involves testing the Three Tier Architecture including the User interface, Functionality, Performance, Compatibility, Security and Database testing.

Read more...

Explain Localization Testing with examples.

Localization is the process of changing or modifying an application to a particular culture or locale. This includes change in user interface, graphical designs or even the initial settings according to their culture and requirements.
In terms of Localization Testing it verifies how correctly the application is changed or modified into that target culture and language.
In case of translation required of the application on that local language, testing should be done on each field to check the correct translation. Other formats like date conversion, hardware and software usage like operating system should also be considered in localization testing.
Examples for Localization Testing are,· In Islamic Banking all the transactions and product features are based on Shariah Law, some important points to be noted in Islamic Banking are,1.In Islamic Banking, the bank shares the profit and loss with the customer.2.In Islamic Banking, the bank cannot charge interest on the customer; instead they charge a nominal fee which is termed as “Profit”.3.In Islamic Banking, the bank will not deal or invest in business like Gambling, Alcohol, Pork, etc.In this case, we need to test whether these Islamic banking conditions were modified and applied in the application or product.
· In Islamic Lending, they follow both the Gregorian Calendar and Hijiri Calendar for calculating the loan repayment schedule. The Hijiri Calendar is commonly called as Islamic Calendar followed in all the Muslim countries according to the lunar cycle. The Hijiri Calendar has 12 months and 354 days which is 11 days shorter than Gregorian Calendar. In this case, we need to test the repayment schedule by comparing both the Gregorian Calendar and Hijiri Calendar.

Read more...

What is the difference between High level and Low level test cases?

High level Test cases are those which covers major functionality in the application (i.e. retrieve, update display, cancel (functionality related test cases), database test cases).

Low level test cases are those related to User Interface (UI) in the application.

Read more...

Database Testing

Databases are an integral part of any software developed today. Whether you are a Software Tester or an owner of a web site, it is of an utmost importance to know about the underlying database.The simplest task in dealing with databases is to write queries in order to communicate with a database. Web masters owning web sites or database administrators for complex or large software need certain level of expertise to perform complex tasks such as database monitoring, database auditing, database optimization, database models (also known as database schema), to name a few. This level of expertise calls for undergoing a comprehensive course.For beginners, there is loads of online information about databases available on the Internet, like DatabaseGuides. It's a good idea for web masters to know about how their database works so that they can troubleshoot their own systems or know what is being done if a professional is hired.Database Testing is an important aspect that a versatile Software Tester should be aware of. We'll discuss a few aspects of database testing here.

Why do we test database?

We all know that it's important to test the database our software uses. Your database holds confidential and valuable information which you would not like to be compromised. Testing the database provides us with a solid feedback essential for identifying defects.
What to test in database testing?We need to consider the threats within the database (similar to White box Testing) as well as at the interface level (Similar to Black Box Testing).


Black Box testing might include, but not limited to:Input dataOutput Data (from queries, views, stored procedures)

White Box testing might include, but not limited to:Unit tests for Stored Procedures / functionsTriggers / Views codeReferential Integrity

How to test?
When you want to test your database, you would need test databases that are replica of the original database. These are sometimes called as 'sandboxes' in agile terms. In this test database, you can experiment with data, develop new functionality, validate the changes and then integrate it with the project if satisfactory.
You'll need create database tests based on either rebuilding the existing database or starting afresh with creation of database and related schema. Identifying Test Data is an important task here. Once the tests are ready, you would execute them and check the results.Database Testing is an elaborate topic that can't be fit in a single post. Would try and write more posts on the same.

Read more...