What are different guidelines for smoke test?

In the field of software testing, smoke testing is defined as a preliminary test for the further testing of the software program or the application.

- The smoke is basically intended to reveal the simple failures but big enough to get prospective and deserving software rejected for release.

- The “smoke” in the term smoke testing is taken to be metaphorical.

- Typically in a smoke testing, a sub set of the test cases (includes all the test cases that have been selected to be performed on the software system or application) are selected and run on the software system or application.

- All the selected test cases cover all the most important functionalities of the components of the software system or application.

- This is done in order to ascertain that whether the most crucial functions of a software system or application are working properly or not?

To make it easy to understand let’s say that the smoke testing involves enquiring about the following questions:

- Whether the program runs or not?
- Whether it opens a window or not?
- Whether clicking on the main button triggers any action or not?

And so on!

- The main aim is to determine the status of the software system or application i.e., whether or not the software system or application is in such a bad or broken state that it requires further testing.

According to the book “lessons learned in software testing” the " smoke testing covers all the features of the software product in a broad manner and also in limited time".

- It also states that if the key features of the software system or application are not working or if the major bugs have not been fixed, then the software developers and testers won’t have to waste their time further by installing the application or testing it.

- A smoke test that is being performed on a particular build is commonly known as a build verification test.

- Performing a daily smoke and build test is now being considered as one of the best practices in the industry of software testing.

- These days the testers now prefer to perform smoke testing before accepting a build for further testing of the software system or application.

- The software giant Microsoft once claimed after the code reviews that the smoke testing can be effectively stated as the most cost effective method for identifying the major bugs and fixing them in software program.

- In the case of Microsoft, a smoke test is usually seen as a process of validating the changes made to the code before they are set in to the source control.

- Smoke testing can be performed either manually or it can be made automated by using an automated tool.

- When an automated tool is used the initiation of the test cases takes place automatically by the same process that is responsible for generation of the build itself.

Smoke tests are categorized in to two major categories namely:
- Functional tests
- Unit tests

The functional tests are responsible for exercising the complete software system or application with various forms of inputs whereas the unit tests are responsible for exercising the individual functions, object methods and sub routines.

The functional tests as well as unit tests behave as a third party products that do not form a part of the whole compiler suite.

Functional tests are usually a scripted series of program inputs whereas unit tests are separate functions embedded within the code or the driver layer itself that links to the source code without making an alteration to the code that is under test.

What are different aspects of exploratory testing?

First let us discuss a little about what is exploratory testing actually?
It is a term rarely heard of! Exploratory testing is a usual approach to software testing and can be defined as a test designing, test execution and simultaneously a learning process. It was named by Cem Kaner in 1983.

He stated:

"exploratory testing as a kind of software testing that is emphasized and focused up on the responsibility and the personal freedom of the software tester to optimize the quality and effectiveness of his /her work continually by taking in to consideration mutually supportive activities like test designing, test related learning, test result interpretation and test execution".

- These activities run in parallel to each other.

- Exploratory testing basically heeds to exploiting the creativity of the tester or the programmer.

- During the testing of the software, the tester comes across various new things to learn together with experiencing them.

- The tester or the developer with his /her creativity can generate new and better test cases to run.

- Exploratory can be thought of as a black box testing methodology or technique instead of thinking of it as an approach to testing that can be used for any type of testing methodology and also at any phase of development of the software system or application.

According to some misconceptions, the testing technique or the object is considered to be the key here but, it is not so.

- In actual, the key is the cognitive engagement of the software tester and his /her responsibility of managing time.

- The effectiveness of the exploratory testing depends basically on how it is performed.

- Exploratory testing should always be performed by skilled testers or developers.

- Exploratory testing can also be though of as an intellectual activity.

- Exploratory testing is all about discovering how the software system or application actually works and how it handles both the easy and difficult cases.

- The effectiveness or the quality of the testing is largely dependent on the skills for developing test cases by the tester.

- It also depends on his/ her ability to find defects in the software code.

We can say that the quality of the testing is directly proportional to the knowledge of the tester about the software product and different test methods.

- The more he/ she know about the software system under test and testing methodologies, the better will be the exploratory testing.

- While carrying out the exploratory testing, the expectations should be kept open.

- Only some results can be expected or predicted but not all.

- The tester is responsible for configuring, operating, observing and evaluating the product itself and its behavior, investigating the result and reporting information.

- If we see practically the actual testing is a combination of both scripted testing and exploratory testing but, depending on the context of the testing the tendency is towards either one.

Exploratory testing is more about thinking how the testing should be done more than a testing technique. The documentation part of the exploratory testing includes:

- Documentation of all the test cases used.
- Documentation of the bugs.

Exploratory testers use tools like:

- Screen capture
- Video tools

These tools are used to generate situations of interest or as a record of the exploratory session. Bugs are discovered quickly and the approach tends to be more intellectual. Deductive reasoning based on the results of the previous tests can also be used in the exploratory testing. This leads to increased bug detection when used properly. The main disadvantage is that the tests can’t be reviewed before hand.

What are different rules of thumb to write good test cases?

Writing good and effective test cases requires great skills since after all effective testing is achieved by effective test cases only!

Writing such test cases is a great skill in itself and can only be achieved by in depth knowledge of the software system or application on which the tests are being carried out and it also requires some experience.

Here I’m going to share some rules of thumb to write effective test cases, basic test cases definition and test case procedures.

What is a test case actually?
A typical test case is comprised of components that are meant to describe an action or event, input and an expected outcome in order to determine whether the software system or application is working as it is meant to or not.

Before writing a test case you should know the 4 levels or categories of the test cases to avoid their duplication.
The levels have been discussed below:

Level 1:
This level involves writing of basic test cases using the available specifications and requirements and documentation provided by the client.

Level 2:
This level is the practical stage and it involves writing of test cases based on the actual system flow and functional routines of the software system or application.

Level 3:
This level involves grouping of some particular test cases. Some test cases are grouped together and a test procedure is written. A test procedure can have maximum up to 10 test cases.

Level 4:
This level involves the automation of the project. This leads to minimization of the human’s interaction with software system or application. This is done basically to maximize the focus upon the currently updated functionality to be tested rather than focusing on regression testing.

Following this whole pattern you can have an automated testing suite from no testable item, i.e., you can observe a systematic growth.
- The tester should know the objective of each and every particular test case.
- The basic objective of all the test cases is to validate the testing coverage of the software system or application.
- You need to strictly follow test cases standards. Writing test cases reduces the chances of following an ad- hoc approach.

Below given is a basic test case format:
- Test case id
- Units to be tested
- Assumptions
- Input /test data
- Execution steps
- Expected outcome
- Actual outcome
- Success or failure
- Observation
- Comments

You need to write a test case statement also. So here’s the basic format:

- Verify:
This is the first word of the test case statement.
- Using tool names, tag names, dialogues etc: this is basically to identify what is being tested.
- Verification with conditions.
- Verification to result.

For any kind of testing:

- You will cover all types of tests like functional test cases, negative value test cases and boundary value test cases.
- Be careful while writing the test cases.
- Keep it simple and easy to understand.
- Don’t write test case statements with the length of an essay.
- Keep it brief and to the point.
- Follow the test cases and test case statements formats stated above.
- Generally spreadsheets are used to write test cases which make them more presentable and easy to understand.
- You can use tools like “test director” when you want to automate the test cases.
- Writing clear and concise test cases forms an important part of software quality assurance.
- Also be careful that a good number of test cases cover functional testing which means that the primary focus is on how the feature works.

What is software quality assurance and why it is important?

Software quality assurance or SQA as it commonly abbreviated to, can be defined as a standard means of the processes of software engineering and other methods that are used to ensure the quality of the software system or application products.

The methods used for software quality assurance are several in numbers and also they are varied. These methods may include the ensuring of the conformance to more than one model such as CMMI or standards such as ISO 9000.

Software quality assurance encompasses the whole process of the software development.The software development process includes many processes such as:

- Definition of requirements
- Designing of software
- Coding of software
- Control of source code
- Review of code
- Changing the management
- Configuration management
- Testing of the software system or application product and
- Integration of the software product.

Software quality assurance like any other process is complete with certain goals and objectives.
The goals of the software quality assurance process are well organized and have been listed below:
- Commitments
- Abilities
- Activities
- Measurements and
- Verification

The standard definition of software quality assurance can be stated as follows:

“Software quality assurance is that function of software quality that assures that the processes, procedures and standards are right or appropriate for the concerned project and are well implemented.”


This definition of the software quality assurance has been given by NASA. But, the problem with this definition is that this definition confuses with other similar definitions. The problems have been stated below:

- The definition tells us a little about what software quality assurance actually is. I mean to say that is used already defined terms “software” and “assure”.

- The definition doesn’t provide a scope for something or someone who can be said responsible for software quality assurance.

- The definition doesn’t even address the relationship and role of software quality assurance with the software testing.

- In the pure form of the definition in which a distinguishing “audit” style group has been established is difficult to be applied to a small environment regarding development.

As we all know well software testing is oriented towards the detection of the vulnerabilities of the software. It makes the quality of the software.

- Quality software is delivered on time and it’s within the budget, it’s free of bugs and errors.
- Quality software reasonably meets the specifications and requirements and it is quite maintainable.

Now coming to the quality assurance of the software, it makes sure that the software product is completed or developed based on the previously mentioned specifications and requirements by the client or the customers.

- It also ensures that the software has been developed according to the stated functionality and the standards and also without any defects and possible errors.

- The quality assurance factor monitors and tries to improve or raise the standards of the development process from the beginning of the software product development.

- It is basically known to be oriented towards the prevention of problems.

- Quality assurance is one such factor that is involved in the software development process right from the beginning.

- This helps a great deal to the development team to figure out the problems and accordingly set up the testing environment and configuration.

- Usually the actual testing starts when the test plan has been framed, reviewed and approved based on the specifications of the software design stated in the documentation.

What are different aspects of network penetration testing?

Penetration test is popularly called pen test. Penetration testing can be defined as a methodology to determine the security level of a network or a computer system.

- This is usually done by simulating an attack from malicious outsiders or the people who are aliens to the system i.e., the people who don’t have any authorized means or permission to access that particular organization’s computer systems or network.

- The process of network penetration testing requires having an active analysis of the whole network and computer system for checking any potential flaws and vulnerabilities in the network system or computer system.

- These potential flaws and vulnerabilities could result from the improper or poor configuration of the network or the computer system.

Other reasons for these potential vulnerabilities and flaws are:

- Unknown and known software and hardware flaws and problems.
- The operational weaknesses of the testing process and counter measures of the technology used.

Typically, this analysis of the network and the computer system is carried out keeping in mind the position of a potential attacker and the process may also involve the active exploitation measures for exploiting security vulnerabilities.

- Security vulnerabilities or issues that are discovered during the testing process are reported to the owner of the network or the computer system.

- An effective penetration testing involves coupling of this information and findings with an already assessed accurate assessment of the potential affects or impact and giving it to the particular organization.

- It also includes outlining of a range of procedural and technical counter measures to overcome those potential vulnerabilities and reduce risks.

There are certain reasons that account for the necessity of carrying out penetration testing. They have been listed below:
- Identification of vulnerabilities that pose a higher risk to the network or the computer system from a combination of vulnerabilities that poses a lower risk. These vulnerabilities are exploited in a designed sequence.

- Determination of feasibility of a particular set of a type of vectors.

- Identification of vulnerabilities that may be impossible and difficult to detect otherwise with automated software scanning application.

- Assessment of the magnitude of impacts of the potential operations and business of the attacks that could be successful.

- Testing of the ability of the network defenders to detect and respond to the attacks by the malicious outsiders.

- Providing of evidence in support of the gradually increasing investments in technology of the security measures.

Penetrations tests can be rightly called the components of a full security audit. Best example that can be given is of payment card industry data security standard.

There are several ways for conducting the penetration tests.

- White box testing and black box testing are the methodologies widely used for carrying out performing penetration testing.

- Before carrying put the penetration testing, it is needed that the testers should determine the extent and location of the systems.

- Here, the white box testing provides the complete information of the infrastructure that is to be tested and it includes source code, IP address information and network diagrams.

- Sometimes grey box testing is also done.

- Penetration tests are called “full disclosure tests” since they provide full information about the network or the computer system to the testing party.

- Penetration testing involves a scan of the IP address space of the concerned organization for a full audit of source code of the application.

- Any computer system deployed in a hostile environment can be used for carrying out the penetration test.

- This measure provides an assurance that any malicious attacker won’t be able to affect the network or the computer system.

What is the difference between web site and web application testing?

Before discussing the main topic i.e., the differences between website test and web application testing, we should know the difference between the two basic terms i.e., web site and web application.

What is a Website?
- A website can be defined as the collection of web pages that contain videos, text, images and other related digital assets.

- A website is generally hosted on a web server and is accessible via an internet connection or network address called “uniform resource locator” or URL.

What is a Web Page and Web Application?
- A web page can be defined as a document usually written in a plane text formatted with the formatting instructions of the HTML (hyper text mark up language) or XHTML (eXtensible hyper text mark up language) language.

- Suitable mark up anchors can be used to incorporate elements from other websites in to a web page.

- HTTP (hyper text transfer protocol) is used to access and transport the web pages.

- The web pages may employ HTTP secure (HTTPS) to provide extra privacy and security for the person who is going to use that web page content.

- The content of the web page content is rendered on to the display by the web browser according to the HTML instructions of the web page.

- A web page can be easily accessed through its URL usually called its home page.

- The URLs organize the web pages in an appropriate hierarchy order and the hyper links on the pages provide the site structure to the user and guide the user towards the right navigation link.

Now let’s describe web application in contrast to the web site.
- A web application can be defined as an application that is accessed through a network like intranet or internet only.

- It can also refer to a software application that has been coded in a language like java script that supports browsers and it is combined with HTML.

- The application is executable through a web browser.

- The ubiquity of the web browsers is what makes the web applications so popular among the users.

- It also provides the convenience of using a web browser as a thin client. They exhibit cross platform compatibility.

- Some common web applications are online retail sales, wikis and web mail.

- A large world wide audience of a web application or web site, its quality and reliability prove to be a crucial factor for the success of a web application or web site.

- Similarly, the characteristics and behavior of the web applications and web sites pose many challenges during their testing.

- Web site testing and web application testing invariably vary in their methodologies of testing.

- These needs are met by tools that meet these specific needs.

- A web application is a bit difficult to test as compared to web site since in a web application test the tester does not has much control over the web application.

- The application is first loaded on to a server (the location of the server might be known or unknown) and then it is installed on the client’s server and tested.

- The application is tested on various web browsers as well as on different operating systems for browser compatibility, OS compatibility, static pages, error testing, load testing and back end testing.

- Like any other the web site testing forms an essential part of building a successful web site.

- Web site testing involves validation of CSS and HTML code.

- There are two ways of validating the HTML code. First is by URL of the web page and secondly by uploading from the computer itself.

- It also involves testing of all the links on the web site to ensure that they are working properly.

- The web site should well exhibit the cross browser compatibility. Other factors that contribute to the success of a web site are speed of the web page and download time.

What is the difference between the dynamic testing and static testing?

Dynamic testing is also called dynamic analysis. It has always been a part of software testing and is basically used to explain the dynamic behavior of a software application or a program.

- Dynamic testing can now be defined as the testing the response or reaction (physical in nature) of the system to the dynamic variables ( the variables which keep changing with time and are not constant) that have been used in the program.

- To carry out a dynamic test for any program, one has to compile the software, run it and work with it.

- Working with the software involves inputting data values to the variables.

- It also involves checking the output if whether or not it is up to the expectations of the programmer.

- The actual program output is checked against the desired program output. Input and output is checked for validation of the software.

Many methodologies have been developed for dynamic testing. Few have been listed below:

- Unit tests
- System tests
- Integration tests and
- Acceptance test

Idea of dynamic testing is typically based on testing the software during execution of the program and also during its compilation.
- Dynamic testing is totally opposite of static testing.

- The software application must be actually compiled and executed and tested as the dynamic testing is a part of validation process, which is again a part of verification and validation process.

- There are many methodologies that can be used for testing a program dynamically. If you are not comfortable with one technique, you can for the other one.

- Dynamic testing includes functional test techniques which are commonly known as black box techniques.

- They help in designing test cases which are based on the functions of the software application under test and there is no need to consider the details of the software structure.

- These techniques are used to check for input and expected output.

White box testing techniques or structural test techniques are used to check the structural design of the software application for flaws and mistakes.

Static testing can be compared in great contrast to the dynamic testing.

- Static testing can be defined as a form of software testing in which the software is not actually used.

- It is not as detailed as the dynamic testing and it is carried out to determine the sanity of the code, document or algorithm.

- It can be primarily stated as the syntax checking of the program code and manual review of the document or the source code to find the errors and bugs.

- Static testing usually used by the software developers who wrote the code in isolation and techniques such as inspections, reviews and walk through are used.

- If we look at the static testing from the point of black box testing, it involves review of specifications and requirements of the software system or application.

- Static testing forms the verification part of verification and validation process.

- Like dynamic testing, static testing can also be automated.

- Static testing involves programs to be analyzed by a compiler or an interpreter
that’s asserts the syntactic validity of the programs.

- Bugs and errors discovered during the static development are easier and less expensive to fix than later in the development cycle.

- The people who are involved in static testing are basically software developers and testers.

- During static testing you need to have a check list to ensure whether the software system or the application is keeping with the standards of the organization or not?

- These standards are basically for coding, deployment and integrating.