Clck the image to enlarge view
Wednesday 28 March 2012
Monday 26 March 2012
Boundary Value Analysis & Equivalence Partitioning with examples
Boundary Value Analysis
- Black-box technique that focuses on the boundaries of the input domain rather than its center
- Whenever the engineers need to develop test cases for a range kind of input then they will go for boundary value analysis.
BVA guidelines:
1. If
input condition specifies a range bounded by values a and b, test cases should
include a and b, values just above and just below a and b
2. If
an input condition specifies and number of values, test cases should be
exercise the minimum and maximum numbers, as well as values just above and just
below the minimum and maximum values
3. Apply
guidelines 1 and 2 to output conditions, test cases should be designed to
produce the minimum and maxim output reports
4. If
internal program data structures have boundaries (e.g. size limitations), be
certain to test the boundaries
Equivalence Partitioning
- Black-box technique that divides the input domain into classes of data from which test cases can be derived
- An ideal test case uncovers a class of errors that might require many arbitrary test cases to be executed before a general error is observed
- Whenever the test engineer need to develop test cases for a feature which has more number of validation then one will go for equableness class partition. Which describe first divide the class of inputs and then prepare the test cases
Thursday 22 March 2012
Web Application UI Checklist
Testing user interface for web application is slightly different from testing user interface of traditional applications. Irrespective of the web application there are certain things which should be tested for every web application. Following checklist will give some information on items that should be tested to ensure quality of the user interface of your web application.
COLORS
- Are hyperlink colors standard?
- Are the field backgrounds the correct color?
- Are the field prompts the correct color?
- Are the screen and field colors adjusted correctly for non-editable mode?
- Does the site use (approximately) standard link colors?
- Are all the buttons are in standard format and size?
- Is the general screen background the correct color?
- Is the page background (color) distraction free?
CONTENT
Tuesday 20 March 2012
Test Summary Report
Test Summary Report
A test summary report is a testing work product that formally summarizes the results of all testing on an endeavour.
Why Required?
- Summarize all of the testing that was performed since the previous test summary report.
- Enable project management and the customer to know the status of project testing.
Benefits
Project Management and end customer can:
- Able to get project testing status
- Able to get application quality status
- Able to take corrective actions, if required
Guidelines
1. A Test summary report should generated on regular basis
2. It should be in metrics, charts and table forms, if possible
3. Copy of each summary report should maintain until the build release. It can be kept on central location, for future reference
Friday 16 March 2012
Security Testing Techniques
Application Access
It doesn’t matter if it is website of desktop application – all the options in access security are implemented by “Roles and Rights Management”. This is often has to be done implicitly when covering functionality: for example, the receptionist in the hospital is hardly concerned about the medical tests in the lab because his job is to register patients appointments. That’s why he has no access to the menus, forms and other information related to lab tests as his Role in the Hospital Management System is “Receptionist”.How to test the access security? When testing this point of the security options all of the Roles should be checked. Tester should create the accounts with all possible Roles. Then he needs to use all of these accounts in order to be sure that every role has an access only to its own forms, menus and screens. If any access conflict is found, this issue should be logged with complete security.
Data Protection
There are three main aspects in data security. The first one is: the particular user should view or utilize only the data he is supposed to view and use. This option is also provided by roles and rights, for example the company’s telesales manager can only view the data about the available stock, but he doesn’t have any access to the information about how much raw materials was bought for production.The second aspect is about how the data is stored in the database. You should understand that all the data which is sensitive must be encrypted in order to make it secure. Especially encryption should be very strong for such an important and sensitive data like passwords to user accounts, numbers of credit cards and other business information.
The third aspect is actually an extension of the second one. It is related to the information flows. When the flow of the sensitive data described above occurs in the application, the proper security level must be provided. It doesn’t matter if the information flow is between different modules of the application of between different apps, the data must be safely encrypted in order to protect it.
It’s not actually necessary to say that all the above aspects should be properly tested before using the application. First, the tester should query the DB for passwords to user accounts, clients billing info and other sensitive data. Then he should verify that all this data is thoroughly encrypted being stored in the database. The proper data encryption should also be checked when transmitting it between different forms and screens. After that the tester should verify if the data is successfully decrypted after reaching the destination. The sensitive information like accounts passwords shouldn’t be displayed within the submission form in any understandable format.
Brute-Force Attack
This technique is often done by different software tools. The main idea of it is that the system is trying to get a password match using the valid ID by attempting to login again and again. The most common example of the security technique against this kind of attack is account blocking for some period of time. This is used by such mailing services as Yahoo! or Hotmail. The user has a number of consecutive attempts (mostly 3 ones) to login the account. If these attempts fail, the system blocks the account for a while (the time of blocking varies from 30 minutes to 24 hours).How to test: The first thing to do is to verify if the mechanism of account suspension is valid and working good. It is simple to check: the tester must try to login the account with invalid user IDs or passwords to make sure that the application successfully blocks the account which is being attempted to login with invalid registration data. If so, the application is secure about any kind of brute-force attack. In other case, there is a security vulnerability that must be reported.
The security aspects described below and also the ones we were talking about in the first part of the article should be taken both for web and desktop apps. The following aspects are related only to web applications.
SQL Injection And Cross Site Scripting (XSS)
These are the names of two similar hacking attempts, so we are going to discuss them together. The thing is that malicious scripts are often used by hackers for manipulating the website. That’s why if you want your site to be secure, you need some ways to immune against such problems. Actually, there are several ones. First, all the input fields must be limited by the number of symbols in order to prevent the attempts of inputting any script there. For example you should limit the field “Last Name” by 30 symbols, but not 255. Objectively there are some fields where large information input is needed. For such kind of fields the data should be checked and validated before it is saved in the application. Besides in such fields any HTML or script tags should be disallowed. Moreover, in order to prevent XSS attacks, the system should reject any script redirects from all the untrusted and unknown apps.How to test:The first thing to do is to get sure that all the lengths of all the fields are limited and implemented. Also the tester must get sure that defined length strikes off any script or tag input. Each of these aspects are easy to check, for example, if the defined length of the field is 20 and your input data is “<p>ghjgjghjgjhlkjejfmgmdngjrgk”, than you can verify both of the issues. The last thing to check is that the application doesn’t support anonymous access.
Tuesday 13 March 2012
QTP INTERVIEW QUESTIONS 2
What are the Run modes in QTP?
There are 2 run modes in QTP
* Normal: It shows the execution of your QTP script step by step. This works good in case of debugging your script.
* Fast Run: It will not show the execution line by line.
What are the Debugging modes used in QTP?
Different Debugging modes used in QTP are
* Step Into: To run only the current line of the active test or component.
* Step Out: Runs to the end of the called action or user-defined function, then returns to the calling action and pauses the run session.
* Step Over: to run only the current step in the active test or component. When the current step calls another action or a user-defined function,the called action or function is executed entirety, but the called action script is not displayed in the QuickTest window.
What are the draw backs of QTP?
Disadvantages are
* QTP takes very long to open huge tests. Also CPU utilization becomes 100% in that case.
* QTP scripts are heavy as it stores all the html files (for active screen) as well.
* Block commenting is not provided till 8.2 version.
What are the extension of file..........
* Per test object repository: filename.mtr (Mercury Test Repository)
* Shared Oject repository: filename.tsr (Test Shared Repository)
* User Defined Libary File: filename .vbs
* Test Batch Runner File: filename .mtb
* QTP Recovery Scenarion File : filename .qrs
What are two types of automation in QTP ?
There are 2 run modes in QTP
* Normal: It shows the execution of your QTP script step by step. This works good in case of debugging your script.
* Fast Run: It will not show the execution line by line.
What are the Debugging modes used in QTP?
Different Debugging modes used in QTP are
* Step Into: To run only the current line of the active test or component.
* Step Out: Runs to the end of the called action or user-defined function, then returns to the calling action and pauses the run session.
* Step Over: to run only the current step in the active test or component. When the current step calls another action or a user-defined function,the called action or function is executed entirety, but the called action script is not displayed in the QuickTest window.
What are the draw backs of QTP?
Disadvantages are
* QTP takes very long to open huge tests. Also CPU utilization becomes 100% in that case.
* QTP scripts are heavy as it stores all the html files (for active screen) as well.
* Block commenting is not provided till 8.2 version.
What are the extension of file..........
* Per test object repository: filename.mtr (Mercury Test Repository)
* Shared Oject repository: filename.tsr (Test Shared Repository)
* User Defined Libary File: filename .vbs
* Test Batch Runner File: filename .mtb
* QTP Recovery Scenarion File : filename .qrs
What are two types of automation in QTP ?
Friday 9 March 2012
How to Test Banking Applications
How to Test Banking Applications
Banking applications are considered to be one of the most
complex applications in today’s software development and testing industry. What makes Banking application so complex? What approach should be followed in order to test the complex
workflows involved? In this article we will be highlighting different stages
and techniques involved in testing Banking applications.The characteristics of a Banking application are as follows:
- Multi tier functionality to support thousands of concurrent user sessions
- Large scale Integration , typically a banking application integrates with numerous other applications such as Bill Pay utility and Trading accounts
- Complex Business workflows
- Real Time and Batch processing
- High rate of Transactions per seconds
- Secure Transactions
- Robust Reporting section to keep track of day to day transactions
- Strong Auditing to troubleshoot customer issues
- Massive storage system
- Disaster Management.
Banking applications have multiple tiers involved in performing an operation. For Example, a banking application may have:
Wednesday 7 March 2012
Ten Steps To Test your Web Applications
Ten Steps to Test Your Web Applications
Here are ten steps of testing process for Web Applications:
Objectives
Objectives should be developed with end user requirements and expectations in mind. Clarification of priorities should be present in all cases. Priorities are assigned by asking broad questions and moving toward specific ones. The highest prioritized flaws should be resolved first.
Process and Reporting:
Process and reporting should be approached in simpler way. Major focus is to establish the necessary steps for reporting defects & issues, assigned and categorized in an efficient manner. The reporting process should always support the projects objectives.
Tracking
when you test web applications, you need a tracking tool to support your reporting process. While selecting a tracking system, choose one that is flexible. Tracking systems are tailored to the types of issues and defects that could be encountered in the Web Applications.
Subscribe to:
Posts (Atom)