How Does Run time data (Parameterization) is handled in QTP?

Efficient run time data handling is quite important for proper test automation through quick test professional. In this article we take up discussion regarding how run time data is parameterized or handled during a run session in quick test professional.

The parameterization of run time data is necessary in quick test professional  as it enhances test components. 

What happens in Run-time Data Parameterization?

- In run time data parameterization or handling, a variable is passed as a parameter or an argument via an external source which is generally a generator in most of the cases. 

- This variable or parameter which is passed essentially consists of a value that is assigned via the generator as mentioned in the previous line. 

- The parameterization of the variables in the test component can be done in a series of different check points as well as in a series of a set of different steps as it is required by the situation.

- Apart from normal values, the parameterization of the action data values can also be done. 

- For parameterizing the same value in a series of several steps the data driven wizard can be used.  

How it is handled in QTP?

- Quick test professional test automation suite comes with an in built integrated spread sheet when the run time data table is filled up with the test data. 

- This spread sheet is just like the excel spread sheet and thus multiple test iterations can be created which in turn will save you a big deal on the side of programming efforts. 

- The run time data can be entered either manually or in an automatic way by importing the data from the spread sheets, text files, data bases and so on. 

- The spread sheets in quick test professional come with full functionality as that of the excel spread sheets. 

- Using these spread sheets following tasks can be achieved:

1. Manipulation of the data sets
2. Creation of multiple iterations of the tests
3. Expanding test coverage without unnecessary programming and so on.

- In simple form, parameterization can be defined as providing multiple test data or inputs to the tests. 

- While working on quick test professional, input can be supplied in the below mentioned 4 ways:

1. Input through note pad
2. Input through key board
3. Input or import via a data base
4. Input through excel spread sheet.

What is Run Time Data

Run time data is nothing but a live version of the data that has a current association with the test that is currently under execution. 

There are two methods available for the parameterization of the run time data as mentioned below:

1. DTSheet.GetParameter: with this parameterization method the specified parameter can be retrieved from the run time data table.
2. DTSheet.AddParameter: with this parameterization method a new column is added.

Properties of Run-Time Data

1. Name property: It defines the name of the column in the run time data table.
2. Raw value property: It defines the raw value of a cell residing in the current row of the parameter under consideration. The actual string written in the cell before computation is called the raw value for example actual text present in some formula.
3. Value property: This is the default property of the parameter and used for retrieving as well as setting the value of the cell of the active row in run time data table.
4. Value by row property: It is used for retrieving the value of the in the row specified by the parameter.  

What is a Run-Time Data Table? Where can I find and view this table?

The quick test professional always makes it a point to produce a run time data table at the end of every run session so that the user can have a live view of the data table that is currently associated with the test being carried out at that time. 

What is a Run-Time Data Table?

- While the run session is still in progress, the run time data table is displayed in the data table pane of the quick test professional window. 

- This is to make it easy for the user to view any changes that are constantly made to data during the run session.

- At the end of the run session, this run time data table is closed and in the data table pane the stored design time data table is displayed again in the place of the run time data table. 

- In some of the cases the data which entered in to the run time data table during the run session is not saved along with the test.

- At the end of the run session the data in the table is finalized and is displayed is run time data table column of the results window of the test. 

- The name of the run time data table was derived from the fact that it is generated during the run time. 

- With every script or component there is an associated run time data table which serves the purpose of displaying the data.  

- One run time data table has the property to access the data from some other data table during the run time. 

After a particular test has been executed with either of the following:

1. Data table parameters and
2. Data table output value steps

The following are displayed by the run time data table:

1. Parameterized values that were used during the testing and automation and
2. Output values that were saved in the data table during the run session.

Certain data table methods are provided by the quick test professional with the help of which the user can alter the data table as required and these are:

1. Add sheet: This data table method can be used to add sheets in to the pre existing run time data table. Syntax used is:

Datatable.addsheet (name of the sheet)

2. Delete sheet: This data table method as obvious from its name is used for deletion of the already added sheets in a run time data table. However at one time only one sheet can be deleted. Syntax used is:

Datatable. Deletesheet (“ID of the sheet”)

3. Get sheet count: This data table method gives you the number of sheets that you have in your run time data table. Syntax used is:

Datatable. Getsheet count

4. Get sheet: This methods returns the sheet specified from the run time data table by the user. Syntax used is:

Datatable. Getsheet( ID of the sheet)

5. Get row count: Returns the number of rows present in a particular sheet of the run time data table. Syntax used is:  datatable. Getrowcount
6. Value: This data table method serves two purposes i.e., using it you can either obtain value of a specified cell or you can modify the value of the cell. Syntax for both the cases is:

Variable = datatable. Value( name of the parameter, name of the sheet)

Variable = datatable. Value( name of the parameter, name of the sheet) = value

  There are some other data table methods also like:

1. Set current row
2. Set next row
3. Set previous row
4. Import
5. Export and so on.

Is load testing possible using WinRunner? Does WinRunner help you in web testing?

Winrunner, apart from just serving as a test automation tool has also proved itself to be quite an effective tool for load testing. However, the winrunner can function as a load testing tool only at the level of the graphical user interface layer.  

Why it is so?

- This is so because at this level only the record and play back options are possible as if they are being carried out by a real world human user. 

How is load testing possible using WinRunner?

- The loadrunner counterpart of the winrunner is the proper load testing tool but sometimes winrunner is also used as one in addition to it. 

- Firstly, a user session such as a web browsing session is simulated. 

- The user actions taking place are recorded by the winrunner and are used for load testing. 

- No action is taken at the protocol layer by the wirnunner except recording and playing back of the events and all this seems as if some invisible real world human user is performing all these actions. 

- For the winrunner to perform load testing, it is required to give the control of the pc to it so that it can execute the previously recorded test scripts. 

- But at the same time a load test cannot be run in winrunner as a means of load generation. 

- The number of PCs required is directly proportional to the load that has to be given to the software system or application. 

- In spite of this disadvantage the winrunner will always be valued as a good load testing technology which provides the only means for the determination of the actual user response time. 

- The actual user response it calculates is inclusive of the processing that takes place on the side of the client hardware.

How WinRunner helps you in web testing?

- The context sensitive operations on the web (HTML) objects present in the web site can be recorded and run by the winrunner when it is loaded among with the web test add- in support. 

- This works if the web site in the browsers such as the internet explorer and Netscape. 

- With the help of the web test add- in, the properties of the web objects can be viewed and the information regarding the web objects present in the web site can be retrieved. 

- The check points can be created on the web objects present in the web site for the testing of the functionality of the web site. 

- Apart from internet explorer and netscape, the web browser AOL can be used for running tests and recording the objects in the web site but cannot be run or recorded on the following web browser elements:

1. Back button
2. Forward buttons
3. Navigate buttons and so on.

- When the tests are created using the web test add- in the below mentioned objects are recognized by the winrunner:

1. Text links
2. Frames
3. Images
4. Web form objects
5. Tables and so on.

- Different properties are possessed by every object. 

- These properties form a key aspect in the following tasks:

1. identification of the objects
2. Retrieval and checking of the property values.
3. Performing web functions.

- All the above three tasks ensure that your web site is working perfectly or not. 

- You should take care that you start the winrunner with the web test add- in loaded in before you open your web browser to start the web testing. 

- The recorded tab of the GUI spy can be used for viewing the properties and values of the properties that were recorded by the winrunner for the selected GUI objects.

- This is how the winrunner makes it possible to do the web testing. 

What are different aspects of Interactive SQL injection attack?

SQL injection attacks are one of the security threats that are quite prevalent in the cyber world these days, attacking and stealing sensitive information from a million web sites and web applications.

SQL injection attacks are also known for disrupting the functioning of the web sites and web applications. There are so many types of SQL injection attacks. This article is all about the aspects of interactive SQL injection attacks. 

About Interactive SQL

- Using interactive SQL the data base administrator or programmer can easily and quickly define, delete, check or update the data base contents for problem analysis, data base management and testing. 

- Interactive SQL allows the programmer to insert two rows in to a table as well as test the SQL statements before they are executed in a software system or application. 

- Not only this, the interactive SQL can be used by data base administrator for the below mentioned purposes as well:

1. For revoking and granting the privileges

2. Create or drop tables, views, and schemas etc.

3. For selecting information from the catalogue of the system tables.

- A message regarding the complete execution of the statements or error during the execution is generated at the end of the run of the SQL statements. 

- During the execution of the statements are quite long and take more time are accompanied with some status messages regarding the completion of the statements. 

- In some cases, help messages are also generated whenever needed. 

- There are some functions that are supplied by the interactive SQL:

             1. The statement entry provides the following functions:

(a) Typing in an interactive SQL statement and executing it.

(b)  Retrieving statements

(c)  Editing statements

(d)  Prompting for SQL statements

(e)  Paging through the previous statements

(f)   Paging through the previous messages

(g)  Calling session services

(h)  Starting the list selection functions

(i)    Exiting the interactive SQL

2. The prompt function: Using this function either a complete SQL statement or a partial statement can 

be typed in to a program. After this the syntax of the statement can be prompted. You can also have the

menu for the SQL statements at one command. One can select the SQL statement of his/ her choice from 

the menu and prompt the syntax for that particular statement.

    3. The list selection function: Using this function one can select from the lists of one’s authorized schemas, relational data bases, views, tables, SQL packages, columns, constraints and so on. These selected elements then can be later inserted in to the SQL statement wherever the cursor is positioned.

      4.The call session services: These services account for the following functions:

(a)   Changing the session attributes.

(b)   Printing the current sessions.

(c)    Removal of all the entries from a selected session.

(d)   Saving the session in a source file

Aspects of Interactive Session

- The parameter values that have been specified for the STRSQL command.

- The SQL statements that were entered in the session accompanied by the corresponding status messages       following each and every SQL statement.

- Values of the parameters that have been changed via the session services function.

- The selections that one made from the list of the elements.

- A unique session ID consisting of the current work station ID and the user ID is supplied by the interactive SQL. 

- This session ID concept has been developed for supporting the multiple users having the same user IDs for using the interactive SQL from different work stations at the same time. 

- Also, one can run multiple interactive SQL sessions using the same ID and that too simultaneously. 

What are different aspects of web site cookie testing?

In the last post, we already discussed what a cookie is and how and when they are used. So let us explore a little more about these cookies. Here we are going to discuss how the websites that use cookies are tested.

Disabling the cookie

Disabling the cookie feature is perhaps the easiest concept under website cookie testing. Disabling the cookies is the first step in web site cookie testing.

- How the turning off or disabling of the cookies does affects a web site? You can check out by yourself.

- Clean up all the cookies and close all the open browser windows of the site that is to be tested.

- When you close the browser windows, the session cookies are automatically deleted.

- Keep the cookie folder open while you are browsing the site.

- You have to close the browser in order to delete all the cookies.

- You will notice that as you close the browser, the session cookies are automatically deleted.

- Now you disable the cookies and try using the features of the website.

- You will observe that most of the features do not work since the cookies have been disabled.

- So we can conclude that the disabling the cookies, disables the functionality of the web site.

To use the website, the cookies must be enabled.
- The question here worth asking is that whether or not the server of that website is able to recognize its failure while attempting to set the cookies?

- And if it is recognizing also, does it send a notification or a message to user stating that the cookies must be enable in order for that web site to work?

- If this is not the case then the user will keep on trying to use the web site and will get frustrated without knowing that why the web site is not responding.

Amazon.com is one of the websites that work well even without the cookies. In such kind of web sites, the maintenance of the state if taken care of by the server side on the basis of the session ID stated at the end of the URL of the home page.

The URL of the home page of the web site was:
www.amazon.com/…/home.html/104-0233809-0567844

- The rightmost digit was changed from 4 to 5 and reposted in the URL.

- Amazon discards the edited URL and effectively recovers from the URL corruption by creating a URL with the help of a new session ID:
www.amazon.com/…/home.html/107-0357660-1139507

- From the above observation we conclude that the above hypothesis is correct.

To understand the test cases you need to understand how the cookies work and how they are stored and how the cookie settings can be edited? Here we are going to list some test cases for web site cookie testing:


- In concern to your privacy, the cookie privacy policy takes care that your personal data is not stored or used by the cookie.

- If no, then the cookie will save your sensitive data in an encrypted format.

- Always make sure that there is no over usage of cookies on the web site under test.This can annoy the users since the browser will prompt for cookies more often and this can cause a decline in the site traffic.

- If the site under test makes use of cookies, then it will not function properly on the disabling of cookies. Try to navigate through the website and use the features. But, make sure that the web site does not crash.

- Corruption of cookies
Change the values of the cookies to some vague values by editing them in note pad. You may later the contents of the cookie or change the parameters and observer the behavior of the website.

What are cookies and its types? Where are cookies used?

A cookie or an HTTP cookie can be defined as a message used by an origin website to send the information about the state to the browser of the user and by the browser to send the information about its state to the origin site.

An HTTP cookie is known by many names such as web cookie, browser cookie etc.

The information of the state that is sent across the origin site and the user’s browser is used for the purpose of:

- Authentication
- Identification of the session of an user
- Preferences of the user and
- Contents of the shopping cart

In other word HTTP cookies are used for any purpose that can be accomplished using the process storing text data on the computer of the user.

Characteristics and Uses of Cookie
- The main characteristic of Cookies is that they cannot be programmed and thus, cannot carry any kind of viruses or worms.

- Any malware cannot be installed on the host system with the use of a cookie. So they are safe to this extent.

- However, cookies can be effectively used by a spyware to track the browsing activities of the users.

- This is a major privacy concern and has prompted European and US law makers to take action in the past few years.

- Cookies are very easy to steal and are thus often misused by the hackers.

- Hackers steal the cookies and use them to gain access to the web account of the victim.

- Cookies were first used to solve the problem of implementation of the shopping cart.

- Initially the cookies were developed for the Netscape browser.

- They were used to check if the earlier visitors visited the site again.

- Later cookies were developed for internet explorer and other browsers.

- The concept of the cookies was not widely known to the public at that time.

The term “HTTP cookie” came into existence in the year of 1994. It has been derived from “magic cookie”.

What are Magic Cookies?
- Magic cookie was actually a data packet that a program receives and sends again to the program on the other side without altering the contents of the packet.

- Magic cookies were used in computing systems long back and were introduced in web communications by Lou Montulli in June 1994.


The development of a cookie for formal specifications is always in progress. Till date many types of cookies have developed. They have been discussed below:

Session cookie:
- This cookie has a lifetime equal to the time period of the user using the website.
- These cookies are automatically deleted after the end of a session.

Persistent cookie:
- These cookies last even after the session has expired.
- If a persistent cookie has its maximum age set to one year, then till the one year is over, the cookie will be sending information to the server every time the website is visited.
- These are also called tracking cookies.

Secure cookie:
- These cookies are used by the browser if it accessing server through an HTTPS connection.
- This ensures that the cookie is always encrypted during the transmission of the information.
- This prevents cookie theft.

HTTP only cookie:
- This type of cookie is mostly supported by all the modern browsers.
- On a browser which supports HTTP, an HTTP only cookie is used during transmission of HTTP requests.
- It restricts the access from other non HTTP scripts.

Third party cookie:
- The first party cookies are set with the same domain or sub domain in the address bar of the browser.
- But, third party cookies are set with various domains other than the one mentioned in the address bar.

Super cookie:
- A cookie with a public suffix domain like .co.uk, .com etc.

Zombie cookie:
- This cookie is automatically recreated after its deletion.

What are some of the formal approaches used for exploratory testing? Continued...

Charter states the goal and the tactics to be used.

A charter can be simple one to more descriptive giving the strategies and outlines for the testing process.
Charter summary contains
- Architectural the charters i.e. test planning.
- Brief information or guidelines on:
1.)Mission: Why do we test this?
2.)What should be tested?
3.)How to test?
4.)What problems to look for?
5.)tools to use
6.)Specific test techniques or tactics to use
7.)What risks are involved?
8.)Documents to examine
9.)Desired output from testing

Session Based Test Management(SBTM)

Session based test management is a formalized approach that uses the concept of charters and the sessions for performing the exploratory testing. A session is not a test case or bug report. It is the reviewable product produced by chartered and uninterrupted test effort. A session can last from 60 to 90 minutes but there is no hard and fast rule on the time spent for testing. If a session lasts closer to 45 minutes, we call it a short session. If it lasts closer to two hours, we call it a long session. Each session designed depends on the tester and the charter. After the session is completed, each session is de-briefed. The primary objective in the de-briefing is to understand and accept the session report, provide feedback and coaching to the tester. The de-briefings should help the manager to plan the sessions in future and also to estimate the time required for testing the similar functionality.
The de-briefing session is based on agenda called PROOF.
Past: What happened during the session?
Results: What was achieved during the session?
Outlook: What still needs to be done?
Obstacles: What got in the way of good testing?
Feeling: How does the tester feel about all this?

A session can be broadly classified into three tasks:
- Session test up: Time required in setting up the application under test.
- Test Design and execution: time required scanning the product and test.
- Bug investigation and reporting: time required finding the bugs and reporting to the concerned.

The entire session report consists of session charter, tester name, data and time started, task breakdown, data files, test notes, issues, bugs.

Network Virtual Terminal (NVT)

Telnet is designed for terminal to terminal communication and distributed computer processing. Each host sets up a Network Virtual Terminal (NVT) and a host at one end assumes that an NVT has been set up at the other end. The NVT defines a set of rules for how information is formatted and sent, such as character set, line termination, and how information about the Telnet session itself is sent.There is the mechanism to negotiate options so that the hosts can operate a more elaborate interface at each end using different fonts etc. than the NVT. The User Host is the one that initiates a conversation whilst the Server Host is the one that is providing services.

The Network Virtual Terminal (NVT) is a bi-directional character device. The NVT has a printer and a keyboard. The printer responds to incoming data and the keyboard produces outgoing data which is sent over the TELNET connection and, if echoes are desired, to the NVT's printer as well. Any code conversion and timing considerations are local problems and do not affect the NVT.

Brief NVT description

- NVT comands are inserted to the data stream via TCP/IP before sending to the TCP/IP connection.
- Every NVT command is prefixed by character "0xFF".
- There are some basic commands with 2 byte interpretation only (EOF, ABORT, BRK, AYT, NOP, EC), and others with defined start ( = 0xFF 0xFA) and defined end ( = 0xFF 0xF0) commands.
- The TCP/IP device separates NVT commands and processes them without delay, while the data stream stores to the output stack.
- The NVT commands can't be found in the serial port data, if the device is Serial / TCP/IP converter.
- If you are sending character "0xFF" (255), the PC will just double it, because in NVT "0xFFFF" means send character "0xFF" to the output.
- NVT uses a negotiation process. It's a way of testing if terminals on the opposite side use ECHO or not ar if there are specific terminals etc.