Thursday, 9 August 2012

QTP excel Scripts Few examples

'''Script to create a new excel file , write data

'''save the file with read and write protected
'''''pwd1 is for read protected pwd2 is for write protected

Set xl=CreateObject("Excel.Application")
Set wb=xl.Workbooks.Add
Set ws=wb.Worksheets("sheet1")
wb.Saveas "e:\data2.xls",,"pwd1","pwd2"
Set xl=nothing

'''Script to open excel file ,which is read and write protected write data
'''''pwd1 is for read protected pwd2 is for write protected

Set xl=CreateObject("Excel.Application")
Set wb=xl.Workbooks.Open("e:\data2.xls",0,False,5,"pwd1","pwd2")
Set ws=wb.Worksheets("sheet1")
ws.cells(2,2)="new data"
Set xl=nothing

''Script to get the list of links in Google and do spell check

dim d
set mw=CreateObject("Word.Application")
set d=Description.Create
set a=Browser("Google").page("Google").childobjects(d)
for i=0 to a.count-1
mw.WordBasic.insert s
if mw.ActiveDocument.Spellingerrors.count>0 then
Reporter.ReportEvent 1,"Spelling","spelling error :"&s
end if
set mw=nothing
''''Script to check ON the checkboxes in yahoo mail inbox

Dim d
Set d=Description.Create
Set c=Browser("Inbox (17) - Yahoo! Mail").Page("Inbox (17) - Yahoo! Mail").ChildObjects(d)
For i=1 to 10
c(i).set "ON"
'''script to select a mail having subject 'hi' or 'HI'

For i=2 to n
If lcase(trim(s))="hi" Then
Browser("yahoo").Page("yahoo").WebCheckBox("index:="&i-1).set "ON"
End If
'''''Function to send a mail

Function SendMail(SendTo, Subject, Body, Attachment)
Set otl=CreateObject("Outlook.Application")
Set m=otl.CreateItem(0)
If (Attachment <> "") Then
End If
Set m = Nothing
Set otl = Nothing
End Function
Call SendMail("","hi","This is test mail for testing","")
'''''''''''''''create a new text file

Dim fs,f
Set fs=CreateObject("Scripting.FileSystemObject")
Set f=fs.CreateTextFile("e:\file1.txt")
f.WriteLine "hello"
f.WriteLine "this is sample data"
Set fs=nothing
'''''''''''''''read data from a text file

Dim fs,f
Set fs=CreateObject("Scripting.FileSystemObject")
Set f=fs.OpenTextFile("e:\file1.txt",1)
While f.AtEndOfLine<>True
msgbox f.ReadLine
Set fs=nothing
''''''''''create a new excel file and write data

Dim xl,wb,ws
Set xl=CreateObject("Excel.Application")
Set wb=xl.Workbooks.Add
Set ws=wb.Worksheets("sheet1")
wb.SaveAs "e:\file1.xls"
Set xl=nothing
'''''''open existing file and write data in second column in Sheet1

Dim xl,wb,ws
Set xl=CreateObject("Excel.Application")
Set wb=xl.Workbooks.Open("e:\file1.xls")
Set ws=wb.Worksheets("sheet1")
Set xl=nothing
'''''''''''read data from excel from rows and columns

Dim xl,wb,ws
Set xl=CreateObject("Excel.Application")
Set wb=xl.Workbooks.Open("e:\file1.xls")
Set ws=wb.Worksheets("sheet1")
For i=1 to r
For j=1 to c
v=v&" "& ws.cells(i,j)
print v
print "-----------------------"
Set xl=nothing
''''''''''''''''get the bgcolor in a cell in excel

Dim xl,wb,ws
Set xl=CreateObject("Excel.Application")
Set wb=xl.Workbooks.Open("e:\file3.xls")
Set ws=wb.Worksheets("sheet1")
For i=1 to r
For j=1 to c
msgbox x
Set xl=nothing
'''''''''''''''''''''create word and write data

dim mw
set mw=CreateObject("Word.Application")
mw.selection.typetext "hello"
mw.ActiveDocument.SaveAs "e:\file1.doc"
set mw=nothing
''''''''''script will display all the doc files in all the drives in the system

Dim mw
Set mw=CreateObject("Word.Application")
Set fs=createobject("Scripting.FileSystemObject")
Set d=fs.Drives
For each dr in d
msgbox dr
For each i in mw.FileSearch.FoundFiles
print i
Set f=fs.GetFile(i)
print f.Name&" "&f.Size&" "&f.DateCreated
print "-------------------------------------------------------------------"
'''''''''Open Internet Explorer and navigate to yahoomail

Dim ie
Set ie=CreateObject("InternetExplorer.Application")
ie.Navigate ""
msgbox x
''''''Create word, Create table and write all the services names

Set mw = CreateObject("Word.Application")
mw.Visible = True
Set dc = mw.Documents.Add()
Set objRange = dc.Range()
Set objTable = dc.Tables(1)
strComputer = "."
Set wms=GetObject("winmgmts:\\" & strComputer & "\root\cimv2")
Set colItems = wms.ExecQuery("Select * from Win32_Service")
For Each s in colItems
If x > 1 Then
End If
objTable.Cell(x, 1).Range.Font.Bold = True
objTable.Cell(x, 1).Range.Text = s.Name
objTable.Cell(x, 2).Range.text = s.DisplayName
objTable.Cell(x, 3).Range.text = s.State
x = x + 1

Monday, 21 May 2012

Exploratory Testing

Exploratory Testing Techniques
Here are the 4 key techniques that any testers can refer to and use for their exploratory testing.  Each component has its own strengths/weaknesses.  Tester do not have to stick with a single component, but should spread out and make use of all of them or a combination of them.  The trick is to know which one to choose and apply and when. 
1. Freestyle
This is basically Ad-hoc testing.  Hit the product from black box standpoint.  From the customer’s perspective.  Pros: Low cost.  Anyone can do it.  Encourage creativity.  Cons: May not yield the critical bugs.  Low quality bugs are typically found with lots of dupes.  Difficult to determine coverage.
2.  Scenario based
Using a pre-defined end-to-end scenarios, complete with actual reproducible steps and validation methods prior to testing.  Testers can use these scenarios as the base, and figure out new end-to-end path that will achieve the same goals.  Pros: Easy to trace the repro steps and follow.  Can determine test coverage.  Cons: Pre-defined scenarios may actually not represent what the customer really wants. 
3.  Strategy based
Testers do have some background of the product.  Thoroughly understand the architecture and flow of the product.  Tester can then leverage the product knowledge and combined with well-known testing techniques to go about testing.  More to come on the techniques later.  Pros: Test techniques are proven to be effective.  Testers just need to master them and apply them in the right situation.  Testers are also pretty much free to use their own instinct and creativity to go about testing the product.  Focus on learning.  Cons: Newer testers on the team may not have the sufficient experience or knowledge of the product to be completely effective. 
4. Feedback based
Start out pretty much same as Freestyle testing.  But as testing sessions are conducted, testers build up a history of test executions, areas covered, bugs identified, code churns, etc.  Very similar to our session notes.  Testing from historical data such as bug records, data from automations and scripts, application logs, customer reported issues, etc.  Use these data as input so tester can identify which areas may yield the most bugs.  Pros: Knowledge is not lost.  Make use of previous knowledge is very powerful.  Cons: Sometimes it’s very difficult to make use of existing data effectively (especially if there are a lot).  May actually spend more time gathering and processing these data rather than actual testing.

Tuesday, 1 May 2012

Web Service

Web Service:

Web services (sometimes called application services) are services (usually including some combination of programming and data, but possibly including human resources as well) that are made available from a business's Web server for Web users or other Web-connected programs. Providers of Web services are generally known as application service providers.
The term Web services describes a standardized way of integrating Web-based applications using the XML, SOAP, WSDL and UDDI open standards over an Internet protocol backbone. XML is used to tag the data, SOAP is used to transfer the data, WSDL is used for describing the services available and UDDI is used for listing what services are available. Used primarily as a means for businesses to communicate with each other and with clients, Web services allow organizations to communicate data without intimate knowledge of each other's IT systems behind the firewall.
In Simple Term,
  •         Web services are application components
  •         Web services communicate using open protocols
  •         Web services are self-contained and self-describing
  •         Web services can be discovered using UDDI
  •         Web services can be used by other applications
·         XML is the basis for Web services
Advantage of Web Service
  • Web Services are platform-independent and language-independent, since they use standard XML languages. This means that my client program can be programmed in C++ and running under Windows, while the Web Service is programmed in Java and running under Linux.
  • Most Web Services use HTTP for transmitting messages (such as the service request and response). This is a major advantage if you want to build an Internet-scale application, since most of the Internet's proxies and firewalls won't mess with HTTP traffic (unlike CORBA, which usually has trouble with firewalls).
Disadvantages of Web Service:
  • Overhead. Transmitting all your data in XML is obviously not as efficient as using a proprietary binary code. What you win in portability, you lose in efficiency. Even so, this overhead is usually acceptable for most applications, but you will probably never find a critical real-time application that uses Web Services.
  • Lack of versatility. Currently, Web Services are not very versatile, since they only allow for some very basic forms of service invocation. CORBA, for example, offers programmers a lot of supporting services (such as persistency, notifications, lifecycle management, transactions, etc.). Fortunately, there are a lot of emerging Web services specifications (including WSRF) that are helping to make Web services more and more versatile.

How Does it Work?

The basic Web services platform is XML + HTTP.
XML provides a language which can be used between different platforms and programming languages and still express complex messages and functions.
The HTTP protocol is the most used Internet protocol.
Web services platform elements:
  • SOAP (Simple Object Access Protocol)
  • UDDI (Universal Description, Discovery and Integration)
  • WSDL (Web Services Description Language)
What is SOAP?
SOAP is an XML-based protocol to let applications exchange information over HTTP.
Or more simple:
  •         SOAP is a protocol for accessing a Web Service.
  •         SOAP stands for Simple Object Access Protocol
  •         SOAP is a communication protocol
  •         SOAP is a format for sending messages
  •         SOAP is designed to communicate via Internet
  •         SOAP is platform independent
  •         SOAP is language independent
  •         SOAP is based on XML
  •         SOAP is simple and extensible
  •         SOAP allows you to get around firewalls
  •    SOAP is a W3C standard
What is WSDL?
·         WSDL is an XML-based language for locating and describing Web services.
  •          WSDL stands for Web Services Description Language
  •          WSDL is based on XML
  •          WSDL is used to describe Web services
  •          WSDL is used to locate Web services
  •          WSDL is a W3C standard
What is UDDI?
UDDI is a directory service where companies can register and search for Web services.
  • UDDI stands for Universal Description, Discovery and Integration
  • UDDI is a directory for storing information about web services
  • UDDI is a directory of web service interfaces described by WSDL
  • UDDI communicates via SOAP
  • UDDI is built into the Microsoft .NET platform
Type of uses of Web Service
1.      Reusable application-components.
There are things applications need very often. So why make these over and over again?
Web services can offer application-components like: currency conversion, weather reports, or even language translation as services.
2.      Connect existing software.
Web services can help to solve the interoperability problem by giving different applications a way to link their data.
With Web services you can exchange data between different applications and different platforms.
Why Web Services
  •        A few years ago Web services were not fast enough to be interesting
  •                  Interoperability has Highest Priority
When all major platforms could access the Web using Web browsers, different platforms could interact. For these platforms to work together, Web-applications were developed.
Web-applications are simple applications that run on the web. These are built around the Web browser standards and can be used by any browser on any platform.
  •      Web Services take Web-applications to the Next Level
By using Web services, your application can publish its function or message to the rest of the world. Web services use XML to code and to decode data, and SOAP to transport it (using open protocols). With Web services, your accounting department's Win 2k server's billing system can connect with your IT supplier's UNIX server.

Saturday, 21 April 2012

How to do Cookies Testing

Below is a list of major scenarios for cookies testing of a website. Multiple test cases can be generated from
these scenarios by performing various combinations.

  1. Check if the application is writing cookies properly or not.
  2. Test to make sure that no personal or sensitive data is stored in the cookie. If it is there in cookies, it should be in encrypted format.
  3. If the application under test is a public website, there should not be overuse of cookies. It may result in loss of website traffic if browser is prompting for cookies more often.
  4. Close all browsers, delete all previously written cookies and disable the cookies from your browser settings. Navigate or use that part of web site which use cookies. It should display appropriate messages like "For smooth functioning of this site please enable cookies on your browser."
  5. Set browser options to prompt whenever cookie is being stored / saved in your system. Navigate or use that part of web site which use cookies. It will prompt and ask if you want to accept or reject the cookie. Application under test should display an appropriate message if you reject the cookies. Also, check that if pages are getting crashed or data is getting corrupted.
  6. Close all browsers windows and manually delete all cookies. Navigate various web pages and check and see if these web pages show unexpected behavior.
  7. Edit few cookies manually in notepad or some other editor. Make modifications like alter the cookie content, name of the cookie, change expiry date etc. Now, test the site functionality. Corrupted cookies should not allow to read the data inside it.
  8. Cookies written by one web site should not be accessible by other website.
  9. If you are testing an online shopping portal, Check if reaching to your final order summary page deletes the cookie of previous page of shopping cart properly and no invalid action or purchase got executed from same logged in user.
  10. Check if the application under test is writing the cookies properly on different browsers as intended and site works properly using these cookies. This test can be done on browsers like different versions of internet explorer, Mozilla Firefox, Netscape, Opera etc.
  11. If the application under test is using cookies to maintain the logging state for users. Check if some id is being displayed in the address bar. Now, change the id & press enter. It should display an access denied message and and you should not be able to see other user's account.

Wednesday, 4 April 2012


1. Identify the module to which the use case belongs to.
 A: Security module.

2. Identify the functionality of the use case with the request of total functionality.
 A: Authentication.

3. Identify the actors involved in the use case.
A: Normal user/Admin user.

 4. Identify the inputs required for testing.
A: Valid and invalid user names and passwords.

 5. Identify whether the use case is linked with other use case or not.
 A: It is linked with Home page and Admin page use cases.

 6. Identify the pre conditions.
A: LOGIN Screen must be available.

7. Identify the post conditions.
A: Either Home page/Admin page for valid users, and error msgs for invalid users.

 8. Identify the functional points and prepare the functional point document.

9. Understand the main flow of the application.
10. Understand the alternative flow of the application.
11. Understand the special requirements.

12. Document the test cases for main flow.
13. Document the test cases for alternative flow.
14. Document the test cases for the special requirements.
15. Prepare the cross reference metrics or traceability metrics.


Functional Point: The point at which the user can perform some actions in the application can be considered as Functional Point.

Test Scenario: The situation where we can do testing.

There are 3 types of flow:
1. Main flow: Main page/Home Page.
2. Alternative flow: Error message page.
3. Exceptional flow: Server problems/Network problems.

Testing process related Documents:

Wednesday, 28 March 2012

Monday, 26 March 2012

Boundary Value Analysis & Equivalence Partitioning with examples

             Boundary Value Analysis

  •      Black-box technique that focuses on the  boundaries of the input domain rather than its center
  •          Whenever the engineers need to develop test cases for a range kind of input then they will go for boundary value analysis.
  BVA guidelines:
        1.     If input condition specifies a range bounded by values a and b, test cases should include a and b, values just above and just below a and b
      2.     If an input condition specifies and number of values, test cases should be exercise the minimum and maximum numbers, as well as values just above and just below the minimum and maximum values
3.     Apply guidelines 1 and 2 to output conditions, test cases should be designed to produce the minimum and maxim output reports
4.     If internal program data structures have boundaries (e.g. size limitations), be certain to test the boundaries

Equivalence Partitioning

  • Black-box technique that divides the input domain into classes of data from which test cases can be derived
  • An ideal test case uncovers a class of errors that might require many arbitrary test cases to be executed before a general error is observed
  • Whenever the test engineer need to develop test cases for a feature which has more number of validation then one will go for equableness class partition. Which describe first divide the class of inputs and then prepare the test cases

Thursday, 22 March 2012

Web Application UI Checklist

Web Application UI Checklist

Testing user interface for web application is slightly different from testing user interface of traditional applications. Irrespective of the web application there are certain things which should be tested for every web application. Following checklist will give some information on items that should be tested to ensure quality of the user interface of your web application.
  • Are hyperlink colors standard?
  • Are the field backgrounds the correct color?
  • Are the field prompts the correct color?
  • Are the screen and field colors adjusted correctly for non-editable mode?
  • Does the site use (approximately) standard link colors?
  • Are all the buttons are in standard format and size?
  • Is the general screen background the correct color?
  • Is the page background (color) distraction free?

Tuesday, 20 March 2012

Test Summary Report

Test Summary Report

test summary report is a testing work product that formally summarizes the results of all testing on an endeavour.

Why Required?
  • Summarize all of the testing that was performed since the previous test summary report.
  • Enable project management and the customer to know the status of project testing.
Project Management and end customer can:
  • Able to get project testing status
  • Able to get application quality status
  • Able to take corrective actions, if required

1.       A Test summary report should generated on regular basis
2.       It should be in metrics, charts and table forms, if possible
3.       Copy of each summary report should maintain until the build release. It can be kept on central location, for future reference

Friday, 16 March 2012

Security Testing Techniques

Application Access

It doesn’t matter if it is website of desktop application – all the options in access security are implemented by “Roles and Rights Management”. This is often has to be done implicitly when covering functionality: for example, the receptionist in the hospital is hardly concerned about the medical tests in the lab because his job is to register patients appointments. That’s why he has no access to the menus, forms and other information related to lab tests as his Role in the Hospital Management System is “Receptionist”.
How to test the access security? When testing this point of the security options all of the Roles should be checked. Tester should create the accounts with all possible Roles. Then he needs to use all of these accounts in order to be sure that every role has an access only to its own forms, menus and screens. If any access conflict is found, this issue should be logged with complete security.

Data Protection

There are three main aspects in data security. The first one is: the particular user should view or utilize only the data he is supposed to view and use. This option is also provided by roles and rights, for example the company’s telesales manager can only view the data about the available stock, but he doesn’t have any access to the information about how much raw materials was bought for production.

The second aspect is about how the data is stored in the database. You should understand that all the data which is sensitive must be encrypted in order to make it secure. Especially encryption should be very strong for such an important and sensitive data like passwords to user accounts, numbers of credit cards and other business information.

The third aspect is actually an extension of the second one. It is related to the information flows. When the flow of the sensitive data described above occurs in the application, the proper security level must be provided. It doesn’t matter if the information flow is between different modules of the application of between different apps, the data must be safely encrypted in order to protect it.

It’s not actually necessary to say that all the above aspects should be properly tested before using the application. First, the tester should query the DB for passwords to user accounts, clients billing info and other sensitive data. Then he should verify that all this data is thoroughly encrypted being stored in the database. The proper data encryption should also be checked when transmitting it between different forms and screens. After that the tester should verify if the data is successfully decrypted after reaching the destination. The sensitive information like accounts passwords shouldn’t be displayed within the submission form in any understandable format.

Brute-Force Attack

This technique is often done by different software tools. The main idea of it is that the system is trying to get a password match using the valid ID by attempting to login again and again. The most common example of the security technique against this kind of attack is account blocking for some period of time. This is used by such mailing services as Yahoo! or Hotmail. The user has a number of consecutive attempts (mostly 3 ones) to login the account. If these attempts fail, the system blocks the account for a while (the time of blocking varies from 30 minutes to 24 hours).
How to test: The first thing to do is to verify if the mechanism of account suspension is valid and working good. It is simple to check: the tester must try to login the account with invalid user IDs or passwords to make sure that the application successfully blocks the account which is being attempted to login with invalid registration data. If so, the application is secure about any kind of brute-force attack. In other case, there is a security vulnerability that must be reported.
The security aspects described below and also the ones we were talking about in the first part of the article should be taken both for web and desktop apps. The following aspects are related only to web applications.

SQL Injection And Cross Site Scripting (XSS)

These are the names of two similar hacking attempts, so we are going to discuss them together. The thing is that malicious scripts are often used by hackers for manipulating the website. That’s why if you want your site to be secure, you need some ways to immune against such problems. Actually, there are several ones. First, all the input fields must be limited by the number of symbols in order to prevent the attempts of inputting any script there. For example you should limit the field “Last Name” by 30 symbols, but not 255. Objectively there are some fields where large information input is  needed. For such kind of fields the data should be checked and validated before it is saved in the application. Besides in such fields any HTML or script tags should be disallowed. Moreover, in order to prevent XSS attacks, the system should reject any script redirects from all the untrusted and unknown apps.
How to test:The first thing to do is to get sure that all the lengths of all the fields are limited and implemented. Also the tester must get sure that defined length strikes off any script or tag input. Each of these aspects are easy to check, for example, if the defined length of the field is 20 and your input data is “<p>ghjgjghjgjhlkjejfmgmdngjrgk”, than you can verify both of the issues. The last thing to check is that the application doesn’t support anonymous access.

Tuesday, 13 March 2012


What are the Run modes in QTP?

There are 2 run modes in QTP
* Normal: It shows the execution of your QTP script step by step. This works good in case of debugging your script.
* Fast Run: It will not show the execution line by line.

What are the Debugging modes used in QTP?

Different Debugging modes used in QTP are
* Step Into: To run only the current line of the active test or component.
* Step Out: Runs to the end of the called action or user-defined function, then returns to the calling action and pauses the run session.
* Step Over: to run only the current step in the active test or component. When the current step calls another action or a user-defined function,the called action or function is executed entirety, but the called action script is not displayed in the QuickTest window.

What are the draw backs of QTP?

Disadvantages are
* QTP takes very long to open huge tests. Also CPU utilization becomes 100% in that case.
* QTP scripts are heavy as it stores all the html files (for active screen) as well.
* Block commenting is not provided till 8.2 version.

What are the extension of file..........

* Per test object repository: (Mercury Test Repository)
* Shared Oject repository: filename.tsr (Test Shared Repository)
* User Defined Libary File: filename .vbs
* Test Batch Runner File: filename .mtb
* QTP Recovery Scenarion File : filename .qrs

What are two types of automation in QTP ?

Friday, 9 March 2012

How to Test Banking Applications

How to Test Banking Applications
Banking applications are considered to be one of the most complex applications in today’s software development and testing industry. What makes Banking application so complex? What approach should be followed in order to test the complex workflows involved? In this article we will be highlighting different stages and techniques involved in testing Banking applications.
The characteristics of a Banking application are as follows:
  • Multi tier functionality to support thousands of concurrent user sessions
  • Large scale Integration , typically a banking application integrates with numerous other applications such as Bill Pay utility and Trading accounts
  • Complex Business workflows
  • Real Time and Batch processing
  • High rate of Transactions per seconds
  • Secure Transactions
  • Robust Reporting section to keep track of day to day transactions
  • Strong Auditing to troubleshoot customer issues
  • Massive storage system
  • Disaster Management.
The above listed ten points are the most important characteristics of a Banking application.
Banking applications have multiple tiers involved in performing an operation. For Example, a banking application may have: