What are merits and demerits of ad hoc test approach?

Ad hoc testing as the name suggests is the testing that is carried out without any formal planning and formal documentation though it can be used for scientific experimental studies.

- The ad hoc testing is meant to be carried out only once until and unless a defect is found.
- It would not be wrong if we call the least formal methodology of testing a software application or system.
- It has always been under criticism because of its uneven structure and also because the defects discovered through this kind of testing are difficult to reproduce due to a lack of written test cases.

However, there is still a plus point of ad hoc testing as important defects or bugs can be found quickly and easily without much efforts and pre planning.

Principle of Ad-hoc testing
The ad hoc testing is based on the principle of improvisation i.e., the software testers seek to find the errors and bugs by any means that seems appropriate to him/ her or we can say tests are performed according to the convenience of the tester.

Ad hoc testing can be appropriately called a primitive version of error guessing which itself is an un- sophisticated version of exploratory testing.

- Formal testing is carried out without any test cases and it proves to be a great help in deciding the duration and scopes for the other types of testing that have to be carried out upon the software system or application.

- This also helps the tester to learn more and more about the software system or application prior carrying out the other kinds of testing.

- It can be called as the least formal method of testing.

- The quick discovery of defects is the best use of ad hoc testing.

- Only reading the specifications and requirements doesn’t give a good sense of how the program or the software system or the application actually works and behaves.

- Even the documentation of the testings does not provide the feel of the software system or application.

- Ad hoc testing can be effectively used to find discrepancies in the testing strategies of the tester and the relations between the sub- systems of the software can be explored that would have been left un- exposed.

- In a way we can say that it serves a tool for checking the quality of our testing methodology.

- It helps in finding the missing cases and so these can be added to the list of test cases.

- Discovering new test cases with ad hoc testing is an indication that root cause analysis should also be performed.

While carrying out the ad hoc testing you should ask yourself and your team members “what other tests should we need to carry out in order to supplement this and make testing more effective?”

SOME IMPORTANT FACTS
- Defects or errors found during ad hoc testing provide examples of forgotten test cases.

- Determining the priority for carrying out other testing can also be thought as another use of ad hoc testing.

- For example, if a program allows the user to carry out some task and the ad hoc testing shows that this function works well, then the formal testing of this functionality might be postponed until the areas having problems are completed.

- On the other hand, if the ad hoc testing discovers any problem, then the formal testing for this functionality can be given highest priority.

- It is concerned with application testing without taking into considerations any rules and regulations.

- For carrying out ad hoc testing effectively the tester should have strong knowledge of the software system or application. Ad hoc testing is performed mainly to save time.

What are different characteristics of Compliance testing?

Compliance testing perhaps sounds a very rare kind of testing, less often heard about. It can be defined as the audit of a software system or application which is carried out against well known criteria.

There are many kinds of compliance testing and some are even developed as per the requests of the customers or the clients. Basically the compliance tests are of the following types:

Systems in Development
It refers to the compliance testing in which the verification of the fact that the intended software system or application under development meets the lock down standards, configurations and specifications as requested by the client or the customer is done.

Operating systems and applications
- It refers to the compliance testing in which the verification of the fact that an operating system and software system or applications have been configured and designed appropriately and properly as per the requirements, specifications and lock down standards given by the clients and the customers is done.

- Thus, this kind of compliance testing provides robust, adequate and efficient controls to ensure the availability, integrity and confidentiality of the software system or application is not affected during its normal usage and is maintained throughout the whole working process.

Management of IT and enterprise architecture
- It refers to the compliance testing in which the verification of the fact that the all the in-place IT management infrastructure aspects of the software system or the application have been put in their appropriate place is done.

- This is generally done to ensure that the audit, change in controls, security procedures and business continuity have been documented, formulated and put in their proper place and remain effective.

Inter- connection Policy
It refers to the compliance testing in which the verification of fact that the business continuity controls and adequate security measures that govern the connection of the software system with other systems like the systems for tele- communication, extranets, intranets, internet and so on, have been put in their appropriate place, have been cross checked with the specifications and requirements stated by the clients and the customers and have been fully documented is carried out.

These were some standard compliance tests.
Apart from these there are some normal compliance tests which encompass either a few or all of the compliance tests mentioned above.
- Some lockdown policies are applied to the underlying applications or software systems and operating systems.
- Some of these policies are passed by the clients or the customers and some by the concerned parties.
- These policies can be referred and can be used as a guidelines as and when required by the customers or clients when the software testers or developers have already performed a compliance test.
- They can also be referred after the penetration testing and vulnerability assessment of the software system or application so that more security measures can be applied to the system’s enterprise in order to improve its security.

The national security agency or NSA as it is often abbreviated has provided a number of lock down policies and guidelines to increase the awareness of the security affairs that are affecting our operating systems, software systems and applications etc.
The policies cover the following:

- Database servers
(a) oracle 10g
(b) oracle 9i
(c) Microsoft SQL server

- Operating systems
(a) Apple server operating systems
(b) Apple Mac OS
(c) Microsoft Windows NT
(d) Microsoft windows XP
(e) Microsoft windows 2000
(f) Sun Solaris 8
(g) Sun Solaris 9
(h) Microsoft windows server 2003


- Routers
- Switches
- Web servers and browsers
- IP and VoIP telephony
- SQL Server 2000
- BIND
- Novell eDirectory