Working on items in your status report that are critical and moving them to a green status

For a good Project manager or Program Manager, maintaining the status of the project is one of the most critical items that they need to do. The status of the project is a dashboard that reflects on the status of the various risks and issues that may be faced by the project, and which can cause delay or otherwise imperil the schedule of the project.
For any project, there are a large number of items that can cause problems to the schedule of the project, but not all of them are problematic at the same time. A risk or issue may be small or minimal at some point in the project and be much more significant at another stage of the project, and it is upto the project manager to have the current status of the project in hand at all stages of the project.
So, you have a situation where the project manager already has a listing of all the major items or issues that can cause a risk to the project and is also on the lookout for more such issues that could cause risk, and it is very important that the project manager highlights the risks that are significant at this point of time and brings them up to the attention of the management team of the product.
But it is not just the highlighting of the risks that is a primary job of the project manager. The project manager is not just somebody who reports the issues and risks of the project, but also takes the lead in trying to solve the risks / issues. For this purpose, the project manager needs to have a good understanding of the risks / issues and work with the relevant people for understanding how the risk needs to be mitigated. This needs to be followed by actually working out the mitigation plan (and if these are known risks or issues that were known even before they were actually a risk, then the mitigation plan would already be known) and ensuring that the mitigation plan is as per the actual risk, since even for a known issue, the actual mitigation plan depends on the exact scenario in which the problem occurred.
In some cases, the mitigation plan does not depend on only the team but may need help from outside the team. For example, there may be a situation where the team is behind in the schedule and needs more people helping out the team, and this cannot be solved by the team; the similar is the case when there is a dependency which needs a resolution from outside the team. In such cases, the project manager should bring this plan to the management team of the product where it can even be escalated to outside the team and to senior management if required. It is the responsibility of the project manager to drive this process and reach a point where the plan has helped in reducing the critical status items of the project to less than critical where they can then be managed to become a normal problem.

What is meant by data driven automation?

Test automation is perhaps one of the best testing methodologies and this testing methodology is exploited usually by one of the either ways as mentioned below:

1. Code driven testing and

2. Graphical user interface testing

In this article we are going to discuss about the data driven automation. Data driven automation is a self justifying term. You can easily make out that data driven automation is one in which the data is obtained from the external files.

About Data Driven Automation

Now what is that which makes it so special with the testers? 

-  In this type of automation, you can easily change the input data without going down.

-  Data driven automation in a way regulates easy maintenance of the scripts.

- Data driven automation is all about how the software system or application performs with multiple sets of the input data. 

- While carrying out data driven automation, it is necessary that you link the data to the test scripts with which the concerned data is being driven. 

- This whole process of linking the data to the test scripts is called “parameterization of the tests”. 

- The data to be fed as input is recorded in a data table. 

- This operation can be done either manually or it can also be automated by using some data driver wizard. 

- Data driven automation is like picking up data from a data table (which has been parameterized) or query data base and writing down these parameters in some other file so that the software can track it back. 

- As we approach a complex functionality whose testing requires more test cases, the work becomes quite laborious as the testing becomes more and more complicated. 

- For multiple sets of test cases as well as data you can execute one common test in order to figure out which data will pass the test and which will not. 

- The automation script is created for just one input and is used for the rest of the similar inputs. - Data driven automation today has become critical and strategic necessity. 

- In the past, the software systems and applications were quite simple but today we have explosive web deployments and software systems and applications that require rigorous software testing. 

Now the question arises, “how to test such software systems and applications?” there are two answers to this:

1. Either we increase the number of people employed in manual testing or
2. We migrate to some greater level of test automation.

Data driven automation is often abbreviated to DDA. As the size and the complexity of the functionality grows, it becomes more and more laborious to test the functionality since the number of test cases also grows. 

In most of the tools like Winrunner, the data cannot be obtained from excel or notepad and so therefore it has to be taken from the data driven tables. 

Data flow testing is a white box testing technique - Explain?

A program is said to be in active state whenever there is some data flow in the program. Without having the data flowing around the whole program, it would not have been possible for the software systems or application to do any thing.

Hence, we conclude that data flow is an extremely important aspect of any program since it is what that keeps a program going on. This data flow also needs to be tested like any other aspect of the software system or application and therefore, this whole article is dedicated to the cause of the data flow testing.

What is Data Flow Testing?

- Data flow testing technique has been categorized under the white box testing techniques since the tester needs to have an in depth knowledge of the whole software system or application.

- Data flow testing cannot be carried out without a control flow graph since without that graph the data flow testing won’t be able to explore any of the unreasonable or unexpected things i.e., anomalies that can influence the data of the software system or application.

- Taking these anomalies in to consideration, it helps in defining the strategies for the selection of the test paths that play a great role in filling up the gaps between the branch testing or statement testing and the complete path testing.

- Data flow testing implements a whole lot of testing strategies chosen in the above mentioned way for exploring the events regarding the use of the data that occurs in a sequential way.

- It is a way determining that whether or not every data object has been initialized before it used and whether or not all the data objects are used at least once during the execution of the program.

Classification of Data types
The data objects have been classified in to various types based up on their use:

- Defined, created and initialized data objects denoted by d.
- Killed, undefined and released data objects denoted by k.
- Used data objects in predicates, calculations etc, denoted by u.

Critical Elements for Data Flow Testing

- The critical elements for the data flow testing are the arrays and the pointers.

- These elements should not be under estimated since they may fail to include some DU pairs and also they should not be over estimated since then unfeasible test obligations might be introduced.

- The under estimation is preferable over the over estimation since over estimation is causes more expense to the organization.

- Data flow testing is also aimed at distinguishing between the important and not so important paths.

- During the data flow testing many a times pragmatic compromises are needed to make since there exist so many unpredictable properties and exponential blow up of the paths.

Anomaly Detection under Data Flow Testing

There are various types of anomaly detection that are carried under the data flow testing:

1. Static anomaly detection
This analysis is carried out on the source code of the software program without the actual execution.

2. Dynamic anomaly detection
This is just the opposite of the static testing i.e., it is carried out on a running program.

3. Anomaly detection via compilers
Such detection are possible due to the static analysis. Certain compilers like the optimizing compilers can even detect the dead variables. The static analysis itself is incapable of detecting the dead variables since they are unreachable and thus unsolvable in the general case.

Other factors:
There are several other factors that play a great role in the data flow testing and they are:
1. Data flow modelling based on control flow graph
2. Simple path segments
3. Loop free path segments
4. DU path segments
5. Def – use associations
6. Definition clear paths
7. Data flow testing strategies

What is the approach for Security Testing of Web Applications?

Like our real world, our cyber world also needs security as rate of cyber crime is also increasing day by day. Attackers are misusing the technology to benefit themselves and this has caused the end users to suffer.

The security of the web sites and web applications needs to be very tight so that attackers are not able to break in to the data bases of the sites and applications and use the critical data and information to their heart’s content.

ABOUT SECURITY OF WEB SITES
- Several security measures are being designed these days and many of them have been adopted.
- The security level of the web sites and web applications needs to be tested just like any other aspect of softwares to ensure that it is error proof and meets the standards.
- Security testing of web applications is very necessary as the security of a web site or application is responsible for the safety of our personal information that we use to access the cyber services and other sensitive information.

WHAT APPROACH SHOULD BE USED TO TEST WEBSITES?
Here the question arises that what approach should be followed for security testing of the web sites and applications?
- For security testing of web applications a planned approach should be followed. - The vulnerabilities of the web application should be listed first so that you can draw out your test plan.
- As the number of users is increasing, the need for a proper security system is also increasing.
- The security testing of the web applications needs to very efficient.
- In security testing, the privacy level of the data is tested i.e., whether or not it stays confidential and that it is not leaked to those for whom it is not meant.
- It also makes sure that the end users are able to perform only those tasks which have been authorized for them and that the users are not able to alter the features and functionalities of a web site or application.
- The tester carrying out the security testing should have good knowledge of Hyper Text Transfer Protocols (HTTP).
- It is important to know how exactly the communication takes place between the browser and the server.
- He/ she should also know about the issues mentioned above in the list.

STEPS INCLUDED IN A TEST PLAN

1.Password cracking
- This is done to access the intimate areas of a web application.
- Password cracking can take a very long time if the password is complex.
- Sometimes the user names and passwords are stored in un-encrypted cookies.
- The attacker can very well steal such cookies to get the user name and password.

2. URL manipulation
- In this step, the URL should be tested for any important information in its query.
- Some times information is passed when the HTTP GET method is employed for passing information between the browser and the server by the application.

3. SQL injection
- This is the third issue to be checked.
- Any unauthorized character entered in the text box by the user should be rejected by the application.
- While testing this aspect, if the tester encounters an error or a bug in the data base of the application, then the web application’s security is said to be vulnerable.
- If the application is not checked against the SQL injections, the critical information can be stolen from the application’s data base.

4.XSS cross site scripting
- This is the fourth aspect to be checked.
- The tester should check whether or not the web application accepts any HTML script.
- If the site or application is found to be supporting HTML scripts, then it is prone to the cross site scripting attacks.

During security testing the configurations of the server and the application should not be touched and modified and security test should not be performed on a production system.

What is a bug and bug life cycle? What are guidelines for deciding severity of bugs?

A bug is defined as a defect or some abnormal behavior of software. Testing plays an important part in the removal of bug. Bug has to travel the whole bug life cycle until it is closed. The cycle includes following stages:
- New
When the bug is posted for first time and not yet approved.
- Open
When tester approves that bug is genuine.
- Assign
Bug is assigned to the developer.
- Test
After fixing the bug, it is assigned to testing team to re-test it.
- Deferred
When the bug is changed to deferred state, the bug is expected to be fixed in next releases.
- Rejected
If the developer feels that the bug is not genuine, he can reject the bug.
- Duplicate
If bug is repeated twice or two bugs gives the same concept, then one bug is labeled duplicate.
- Verified
Once the bug is fixed, it is verified that no bug is present and status is changed to verified.
- Reopened
In this stage, the bug traverses the bug cycle once again because the bug still exists.
- Closed
If the bug is fixed and does not exist, the tester changes the status to closed.

SEVERITY AND PRIORITY OF THE BUG HAS TO FOLLOW GUIDELINES:
- Critical bug prevents further testing of the product under test. No work around is possible for such bugs.
- Major bug is in which defect does not function as expected or cause other functionality to fail.
- Medium or average bug in which defects do not conform to standards and conventions.
- Minor or low bugs do not affect the functionality of the system.

To write bug description, follow these guidelines:
- Be specific.
- Use present tense.
- No unnecessary words.
- No exclamation points.
- Do not use all CAPS.
- Mention steps.

What are some of the formal approaches used for exploratory testing?

Some of the formal approaches used for exploratory testing are:

- Identify the domain
The exploratory testing can be performed by identifying the application domain. If the tester has good knowledge of domain, the it would be easier to test the system without having any test cases. If the tester were well aware of the domain, it would help analyzing the system faster and better. His knowledge would help in identifying the various workflows that usually exist in the domain. He would also be able to decide what are the different scenarios and which are most critical for that system. Hence, he can focus his testing depending on the scenarios required. If a QA lead is trying to assign the tester to a task, it is advisable that the tester identifies the person who has the domain knowledge of that testing for exploratory testing.

- Identify the purpose
Another approach to exploratory testing is by identifying the purpose of the system i.e. What is that system used for. Thus, by identifying the primary and secondary functions for the system, testing can be done where more focus and effort can be given to primary functions as as compared to secondary functions.

- Identify the workflows
Identifying the workflows for testing any system without any scripted test cases can be considered as one of the best approaches used. The workflows are nothing but a visual representation of the scenarios as the system would behave for any given input. The workflows can be simple flow charts or data flow diagrams or something like state diagrams, use cases, models etc. The workflows will also help to identify the scope for that scenario. The workflows would help the tester to keep track of the scenarios for testing. It is suggested that the tester navigates through the application before he starts exploring. It helps the tester in identifying the various possible workflows and issues any found which he is comfortable can be discussed with the concerned team.