Software Testing and Quality Assurance

By conducting Software testing, it is possible to measure the quality of software in terms of defects found, for both functional testing and non-functional software requirements and characteristics (e.g. reliability, usability,efficiency and maintainability).

Testing can give confidence in the quality of the software if it finds few or no defects. A properly designed test that passes reduces the overall level of risk in a system. When testing does find defects,the quality of the software system increases when those defects are fixed.To conduct various types of testing Lessons should be learned from previous projects.

By understanding the root causes of defects found in other projects, processes can be improved, which in turn should prevent those defects reoccurring and, as a consequence, improve the quality of future systems.Testing should be integrated as one of the quality assurance activities like alongside development standards, training and defect analysis.

Learn more about: What is Software Testing? Ultimate Guide for Beginners

Software Testing Process

The most visible part of testing is executing tests. But to be effective and efficient, test plans should also include time to be spent on planning the tests, designing test cases, preparing for execution and evaluating status.

The fundamental test process consists of the following main activities:

 - planning and control
 - analysis and design
 - implementation and execution
 - evaluating exit criteria and reporting
 - test closure activities

Although logically sequential, the activities in the process may overlap or take place concurrently.
Software Test plan and control

Test planning has the following major tasks:

 - Determining the scope and risks, and identifying the objectives of testing.
 - Determining the test approach (techniques, test items, coverage, identifying and interfacing the teams involved in testing, testware).
 - Determining the required test resources (e.g. people, test environment, PCs).
 - Implementing the test policy and/or the test strategy.
 - Scheduling test analysis and design tasks.
 - Scheduling test implementation, execution and evaluation.
 - Determining the exit criteria.

Test control has the following major tasks:

 - measuring and analyzing results;
 - monitoring and documenting progress, test coverage and exit criteria;
 - initiation of corrective actions;
 - making decisions.

Conclusion :

Hope you enjoyed with this article to know the importance of Software testing and QA Services. So i am expecting more reviews from you people through comment sections.

Thanks and Regards,

Zeppelin

Indium Software - Software testing Services Company |Top Software testing companies 

Guidelines For the Testing ETL

ETL is normally used to the Extract, Transform and Load Data in Data Integration and Data Warehousing projects. While there clearly defined the methodologies and it’s an best practices for the designing and development of ETL process, there is a very little literature in the Software Testing.

Transaction Processing and ETL Testing it’s different because of ETL Testing is a data centrist which contains comparing the large volumes of data over the heterogeneous data sources.We describe the brief out of the ETL Testing strategies:

Data Accuracy : Ensure the data it’s to be loaded accurately and then transformations are working in the expected form.

Data Completeness : Verify the all expected data it’s loaded

Data Integrity : Ensure the data relations a has been maintained as an expected

Data Accuracy Testing

Data Accuracy Testing it’s ensures the data is exactly transformed and it’s loaded as right a way. Some of the issues that could be identified with this testings :

• Truncation of a characters due to the column size of data type mismatch
• Columns are Wrong mapped of in the ETL Testing. Which may be result in the wrong data or nulls getting the populated in target 
• Errors during the transformation logic implementation may the result will be bad data in target table

Data Completeness Testing

The purpose of the Data Completeness testing are to verify the that all expected data is clearly loaded in the target source. Some of tests it will be runs are :

• A simple Data Completeness check form it’s verify that an counts of the rows in a driving table form of source is matched with the counting into the target table
• A better testing is to be compared to the counting of non-null data in the each column of source and target tables
• For important columns, that comparing list of duplicate values and in the counting of rows for the each distinct value it’s might be useful
• ETLPerforming the completeness checks transformed columns is an tricky, but could be done most of the timing but understand the transformation rules, then comparing counts of expected results

Data Integrity Testing

• Check for the counts of ‘unmatched’ or ‘unspecified’ rows in fact to be an dimension foreign keys and it’s comparing the % of foreign key matching expects by the running queries in the source data and target data
• For the sample data, verify the facts recordings it’s mapped to correct dimension recording using logical key and surrogate key from the source.

Read more about : Understanding Jmeter and its Usage 

Learn how to test the ETL Testing from beginner stage to latest techniques. Which is handled by the well experienced working experts. Our ETL Testing Training in Chennaiyou will learn the concepts in experts level with the practical manner.

We provides placement focused real-time ETL Testing . Our courses contains basic to present technologies and course syllabus is framed to get the job in MNC industries in chennai as once you completed the your course quickly ETL Certification. Our ETL testing expert trainers are data warehousing ETL certification certified experts and 11+ years of experience in CMM level Companies

Static Software Testing: Making the Code Clean As Early As Possible

During the stages of development of software, there is need for conducting static software testing companies on the software before it is released either to the customer for use in production or to the market for sale. Static software testing is one form of software testing where we do not have to use the software for testing. 

This is contrary to other testing methods where the program code has to run e.g. in dynamic testing it is essential that you run the software for testing. This article analyses the importance of static testing in the software testing services process and look at some considerations which need to be borne in mind when it is being carried out.

Static testing is also called as dry run testing. This is a form of software testing where the actual program or application is not used and analysis of a program is carried out without executing the program. In this testing method the programmers manually read their own code to find any errors in the software. This is not a detailed test and it checks only for the sanity of the code, document and algorithm.

This type of testing warrants checking of the code by physically going through the syntax of the code line by line to find errors; hence the best person to check is the software programmer who has written the code. By running through the requirements specifications of the software the Static software testing can be done as part of black box testing; however, in practice, it is done as white box testing.

Static code analysis is the analysis of computer software that is performed without actually executing programs built from that software. The analysis is performed either on the source code or on the object code. 

The term is usually applied to the analysis performed by an automated tool. The degree of sophistication of the analysis performed by tools varies from those that only consider the behavior of individual statements and declarations, to those that include the complete source code of a program in their analysis. 

The analysis highlights possible coding errors to formal methods that mathematically prove properties about a given program. Some of the static analysis tools are lint-like tools and metric tools and these are used for static testing of software. 

These tools are effective in checking the static within the system. The main advantage in finding bugs while doing a static software test is that they are inexpensive to fix than if they were discovered later in the development

Software testing service providers can also be categorized based on how it is executed. Execution could be in the form of verification or static analysis or it could be validation or dynamic analysis. Verification is the human examination or review of the work product. 

There are many forms of verification which ranges from informal verification to formal verification. Verification can be used for various phases in Software development life cycle and can be in the form of formal inspection, walkthrough or buddy-checking. 

Static software testing is part of the verification process. The verification process indicates to the software testers and developers that the system and software met the requirements and qualifications for quality. 

This is a signal for moving on to the next phase of software testing.

Static software qa services analysis techniques are useful in debugging at the code level and helps in a clean software development. Such testing at the code level as it is being written ensures that problems are kept to a minimum for the future. If the static software testing is kept as a normal part of the development process, you will reduce the number of errors to a minimum.

Web Security Testing

Protecting your website and computers in an online environment is a priority.

Computers are vulnerable to viruses that can pose a serious threat to networks, which makes it essential for a web security testing procedures with the potential to eliminate threats. In addition, online e-commerce websites need to provide their customers a secure environment.

Web security testing is a complex process that takes developers of these systems many hours to perfect. However, with the help of these platforms it is easy to analyze and test threats that are malicious enough to damage computers. Website security scanners require pre-defined conditions to ensure that all threats to a system are analyzed. Developers are required to ensure that the program knows when and what threats to act upon and where they are to be tested. It is essential to develop scanners that have the strength to identify most threats.

Users need to be satisfied that the web security scanner is up to date and has the capacity to deal with threats immediately. It must have the potential to determine the strength of the attack, what the potential damage could be, and deal with it on a priority basis. This will enable users to check the seriousness of the threats within minutes of the scan.

It is essential for website owners to have knowledge about every aspect of their websites. If a website is compromised then visitors will deem the site as untrustworthy, leading to a decline in traffic and consequently loss of business as well. Therefore, website security testing  is of prime importance for every website owner, potentially saving thousands of dollars in lost business.

Read more about: Security testing with watij

One of the most important things to keep in mind for website security flaws is to start testing right from the beginning and on a regular basis. It is important to scan your website regularly to ensure that you are up-to-date with the latest attack vectors and site updates. Websites go through some changes on a regular basis; therefore, it is important to have in-house expertise or a third party perform web security testing tools scans on a regular basis. The cost structure differs between both options, since maintaining an in-house testing service and hiring a third party involve different costs.

There are many website owners that are of the misconception that they do not need any web app security testing as long as they have sufficient network security protection in place. However, this is not likely to effectively protect them from web app attacks. Only regular and constant testing can ensure a safer online environment.

Web Security Scanners

Anti-virus protection is sometimes not enough when it comes to web applications. Many websites have bugs and viruses that can compromise any software. It is important for users to prevent any threats that could lead to potential long term damage. Web security scanners are capable of providing users with access to data related to a website. With new strains of viruses emerging every day, pre-installed software may not be able to detect threats.

Web security scanners prevent a threat from manifesting rather than trying to cure an infected computer. The scanner determines whether a website is safe, which enables users to avoid websites that may contain viruses and bugs. Plenty of hours are put into the development of web security scanners since the software needs to work constantly to ensure that a computer is free from any attack. The time that a scanner takes varies, depending on the type and size of the website. It also depends on the type of hosting service and number of users.

Without proper web security testing, any online business can lost the trust of its clients and visitors, which maligns the market value of a business. It is essential for companies to maintain a data security base and ensure that any shared data is safe. Installing a firewall in the network system helps keep the system intact. Firewalls carry out routine security checks and will sound an alert in case of any threat. However, constant web security testing is essential in order to ensure a threat-free environment around the clock.

Companies have the option of hiring third party web security testing services to keep a detailed track of their security systems. An increasing number of companies face numerous threats related to online security with data being exposed to hackers, phishers, and identity theft as well, which makes people lose trust in sharing their personal information online leading to a loss of business. Web security scanners and testing services offer users peace of mind and allows them to access websites or ensure that visitors are in a safe environment when visiting their sites, thereby gaining traffic in the long term.

With technology frequently mis-configured or mismanaged, web security testing services are a great way to determine points of weakness in a system. Along with testing a vulnerability assessment will help to identity vulnerabilities and address future threats. These are two steps that are the frontline in securing an organization.

SECURITY TESTING WITH WATIJ

Watij is a tool designed for functional web security testing. It’s effectively a Java API which drives an instance of Internet Explorer. You can then use your favourite unit testing framework to structure tests and make assertions of the results. Like similar functional testing tools, watij can be used to script security defects in web applications. This is inline with good security testing service providers and development practice of writing abuse cases and specifically testing for failure conditions rather than only testing for success conditions.I wrote a paper (pdf) on using functional testing tools in this way, some time ago, and since then I’ve been having a look at the various tools to find one most suitable for security testing services. Today, I whipped up some simple tests of the owasp.org website using Watij. It was easy to install and be up and running in Eclipse in a few minutes. Before starting on the tests, I wanted to define common functions, such as login and logout:

public static void login(String username, String password) throws Exception {
ie.navigate("https://www.owasp.org/index.php?title=Special:Userlogin&returnto=Main_Page");
ie.textField(name,"wpName").set(username);
ie.textField(name,"wpPassword").set(password);
ie.button(name, "wpLoginattempt").click();
}

public static void logout() throws Exception {
ie.navigate("https://www.owasp.org/index.php?title=Special:Userlogout&returnto=Special:Userlogin");
}

As you can see the syntax and API is quite intuitive. Now that these are defined, time to write the startup code for the tests – using JUnit 4 this is run only once for the whole test case:

//Run only once to initialise the browser
@BeforeClass
public static void init() throws Exception {
ie = new IE();
ie.start("https://www.owasp.org/index.php/Main_Page");
if (ie.containsText("There is a problem with this website's security certificate")) {
ie.link(name,"overridelink").click();
}
if (!ie.url().equals("https://www.owasp.org/index.php/Main_Page")) throw new RuntimeException("Error getting to the front page!");
webapp = new WebApp(ie);
}

And finally, we can write the tests which should be self explanatory:


@Test
public void testLoginLogout() throws Exception {
webapp.login(username, password);
assertTrue("Logged in.", ie.containsText("You are now logged in"));
webapp.logout();
assertTrue("Logged out.", ie.containsText("You are now logged out"));
}

@Test
public void testUserEnumeration() throws Exception {
webapp.login("notauser","test");
if (ie.containsText("There is no user by the name")) {
fail("Usernames can be enumerated through the login error messages");
}
}

@Test
public void testBruteForce() throws Exception {
int count=5;
for (int i=0;i webapp.login(username,"wrongpassword");
}
webapp.login(username,password);
if (ie.containsText("You are now logged in")) {
fail("After "+count+" incorrect login attempts, the user could still login. This exposes the accounts to brute force attacks.");
webapp.logout();
}
}

Here's a video of the result:

Quite slick. But say I'd like to test whether a user who's not logged in can post articles to the wiki. Well the "Edit" page is only displayed when you are logged in, so there's no way I can click on a non-existent link. And just because the link isn't there doesn't necessarily mean that the server won't accept the request. So what we need to do is perform the POST request to submit an article to the wiki directly and this is where watij stumbles. There's no easy way to create an arbitrary POST request. The recommended approach is to use something like HTTPUnit or HtmlUnit to perform this specific test. Ok, no problem, so I can just use the login function I've already defined in the watij tests, then read the session cookie and pass the cookie onto an HTTPunit test, right? Wrong. You can't read IE cookies from the watij API! So the only option is to re-code the login function in HttpUnit and use that instead. Lots of code duplication and now I'm mixing two different testing frameworks, not ideal.

To summarise the issues with using watij to test security:

• You can't make raw POST requests without there first being a form to post. This is problematic because a lot of security tests are really aimed at testing the server side, not the client. You could augment watir with some Java code, or HttpUnit or HtmlUnit to perform the post request...
• It doesn't appear to be possible to read IE's cookies from watij! This is really annoying, because now I can't reuse the login and logout function and simply pass the session cookie over to httpunit. I'd have to re-write the login function using httpunit - a whole lot of extra and messy work.
• Since it drives a real instance of IE, you have to trick it into ignoring client side validation or client side access control tests. (Of course client side security is no security at all)
• Tests can be quite slow, as watij waits for the entire page to load into the browser before continuing (turning off images and using ad blockers can help).

On the plus side, the JavaScript support is as good as it's gonna get so you'd very very rarely run into a web application which doesn't support IE.

On the whole, I can see the attraction for using watij to positively test functionality - but because of the reasons above, I don't think it's the best choice for performing negative testing (i.e. test what's not there). I hope to write a similar entry about Canoo's WebTest, which provides similar testing functionality, but using XML tests and it's own HTTP and Html engines.

Difference of Sanitary (Sanity Testing) from Smoke Testing types of testing

Sanitary or Sanity Testing

Refers to the type of software testing that is used to prove the operability of a particular function or module in accordance with the stated technical requirements. Often, sanitary testing is used to verify any part of a program or application as a result of changes made to it by environmental factors. Its execution usually occurs in manual mode.

Learn more about: Regression testing services

Smoke Testing

It is considered as a short cycle of tests that are performed in order to confirm the fact of launching and performing the functions of the installed application after building new or edited code. 

The test results of the most important segments of the application should provide objective information about the presence or absence of defects in their work. Based on the results of smoke testing of the application, it is either sent for subsequent full testing, or it is concluded that it needs to be finalized.

Quite often, in an amateur environment of software developers, one can come across allegations that these types of testing are analogs. 

In our opinion, such statements are unfounded, since sanitary testing is focused on the in-depth study of a certain function, and smoke testing - on testing a large amount of functional testing services in the shortest possible time.

Test coverage criteria in Software Testing

Test coverage

- a criterion that displays the quality factor of software testing services. It characterizes the completeness of test code coverage or requirements for it.

The main approach to assessment is the formation of a test pool. The value of the test coverage of the code is directly dependent on the number of selected verification options for it.

The multitasking and versatility of modern software makes it impossible to organize test coverage with an indicator of 100%. So for the maximum coverage of the tested code, special techniques and tools have been developed.

There are three approaches for assessing the quality and expression of test coverage in numerical representation depending on the area of ​​verification: coverage of requirements, code coverage, and coverage based on control flow analysis. Read more about each.

Requirements Coverage

Using the trace matrix, we consider the test coverage of the requirements put forward by the program.
The formula for the assessment is as follows:

Tcov = (Lcov / Ltotal) * 100.

The result is expressed as a percentage.

Explanation of variables:

Tcov - test coverage;
Lcov - the number of requirements selected for testing;
Ltotal - The total number of claims claimed.

. 



One way to simplify the task is to divide the code requirements into subsections. For this, it is important to conduct a thorough analysis of them. Subsequently, the subsection is attached to the validation tests. The sum of these relationships is called the "trace matrix." It allows you to track verified requirements for a specific test case.

It makes no sense to use tests without regard to requirements. At the same time, if the requirement is not tied to verification, its verification will not be carried out. As a result, it will not be possible to judge the level of implementation of the requirement in program code. Since the multitasking of modern software entails some standardization, expressed in general, for standard conditions, solutions, it makes sense to use standard test design techniques.


Learn more about Performance testing services

Code Coverage

In this case, areas of the program code that were not covered by the verification process itself are tracked.

The formula for the assessment looks like this:

Tcov = (Ltc / Lcode) * 100%
The result is expressed as a percentage.

Variables:

Tcov - test coverage;
Ltc - the number of lines of code covered by the check;
Lcode - the total number of lines of code.

Standard tools have been developed for routine work. For example, Clover. This product tracks and provides information about the timing of occurrences during testing. 

Data analysis allows you to significantly expand the coverage area, since duplicate checks and cases of loss of code sections from testing are revealed. 

This technique of coating optimization is used in the analysis according to the principle of "white box" and in the strategies of unit, integration, system testing. 

Not knowing the internal structure of the code, as can be assumed from the formula, this is not the best choice for implementing black box testing. There will be difficulties in configuring, installing. We will have to attract the authors of the product.

Testing Control Flows

This approach is also more convenient when implementing the principle of
“white box”. In this case, the ways of executing software code are analyzed, which is implemented by the development and implementation of test cases to cover testing of these same paths. As in the first case, there is a special principle that facilitates coverage of the desired area. 

The control flow graphs are used. According to the ratio of the number of entry points and exit points, three components are distinguished:

- a process block (one entry and exit point).
- alternative point (there is more than one exit point per entry point).
- connection point (there is more than one entry point per exit point).
Validation of control flows involves several levels of coverage:

Level	Name	Description
Zero	Without name	Detailed testing is entrusted to users. The tester himself conducts a shallow standard research.
First	Coverage (P.) of operators	Each code statement must be involved in the test at least once.
Second	P. branches	Each branch point of the algorithm code is checked at least once
Third	P. conditions	If the condition has two options (TRUE or FALSE) of the solution, it must be satisfied once for each case.
Fourth	P. conditions and branches	A check is provided for each condition and branch.
Fifth	P. set of conditions	The total application of levels from the second to the fourth.
Sixth	P. infinite number of ways	Sometimes the number of paths stubbornly tends to infinity in a loop. Then a limited set of cycles is subject to verification.
Seventh	P. Ways	All paths are subject to verification without exception