Installation testing comes under the category of quality assurance aspects. It is concerned with the procedure that the user has to follow in order to install that software. Installation may be of any type like partial, full or it might be an installation of an upgrade of the software.
SOME IMPORTANT FACTS ABOUT INSTALLATION TESTING
- Installation testing is carried out by the lead tester and configuration manager.
- Before carrying out installation testing, implementation testing is performed outside the testing environment.
- This is done to minimize the corruption of the software code.
- Usually for installing software, its package software or set up is run.
- The set up is actually a multi-configuration program.
- It plays a great role in the installation of software on a computer system.
- Every phase in the installation of software must be tested before it released to the public.
- In rare cases of distributed systems, it is some times required to change the database schemas and installation process of that particular software.
- For such situations a back up deployment plan is also prepared which can be implemented in case the release is unsuccessful.
- The deployment plan should also be tested as if it is a live plan.
- This kind of procedure for installation testing is called a “dry run”.
Installation testing and implementation testing are very closely related and in fact sometimes they are considered to be the same.
- The installation should be done as such that the installed program is able to cooperate with the other programs that are already installed on the computer system.
- If the program is installed successfully, it’s ok.
But, what if it doesn’t?
- It can cause considerable damage to the system.
- The user may need to format the whole system and reinstall everything again.
- The installation process should be tested both manually and automatically with all the possible configurations.
- Installation testing is a very time consuming process.
- Tests cases require much time to execute.
Un-installation testing also follows the same procedure.
TIPS FOR EFFECTIVE INSTALLATION AND UN-INSTALLATION TESTING
1. List all the configurations that you want to test.
2. Format one of the drives on the system and use it as the base for your testing.
3. Every time you have to execute a configuration, you can create a ghost of the basic images that will be required. This will save your time. This is the only automation that can be done in an installation or uninstallation testing.
4. You can attempt to install software on one operating system many times. Every time you uninstall the software, you can prepare the base for installation of the next configuration.
5. Always keep the flow chart of the whole testing process handy with you. With a flow chart you can how much you have progressed in the testing.
6. If previously you have installed the compact version of the software, then for the next test case install the full version.
7. If you are going according to the flow chart for installation process, then follow the same flow chart bottom up for the un-installation testing.
8. You can even use the flow chart to design automated test cases.
9. Check the amount of space that the software requires. Make sure that only that much is utilized and not more than that or less than that.
10. Always carry out installation and un-installation testing in a distributed testing environment. This helps you in managing many test cases simultaneously. You no need to manage different systems.
11. Try crashing the installation and un-installation process in between.
Friday, February 10, 2012
What are installation/ uninstallation testing? What are some tips for installation testing?
Automated Test Data Generation Using an Iterative Relaxation Method ?
Software development is not complete without software testing. It constitutes an inseparable part of software development process. Almost 50 percent of the total funds for development of a software are spend on software testing and this process consumes most of the time of the whole development process.
AUTOMATED TEST DATA GENERATION
Generation of test data for the given test and according to the testing criteria proves to be quite a difficult problem.
- The automated test data generation can relieve much stress of the software testers.
- Generation of test data that is used to make a program follow a given path is the most prominent and an important problem that arises while carrying out the path oriented testing.
- The obtained input is refined by various iterations and another input is obtained.
- The whole process predicates on this obtained input.
- The statements of the program relevant to the evaluation of each branch are executed in each iteration.
- Up on each iteration, a set of linear constraints is obtained which are then solved to obtain the increment values for the input data.
- The obtained increment values are added to the current input value to obtain the input data that is to be used for the next iteration.
RELAXATION METHODS
- The relaxation method provides knowledge about the amount by which the value of each input variable should be modified for the branches on the path in order to evaluate the desired result.
ITERATIVE RELAXATION METHODS
- These can be defined as techniques for solving system of equations.
- Relaxation methods are also iterative methods defined for numerical problems of mathematics.
- They are extensively used for solving system of equations which include the following types:
(A) Linear equations
Relaxation methods are used for solving the linear equations. Problems like that of linear least squares are usually addressed under this category.
(B) System of linear inequalities
Iterative or relaxation methods prove very effective in solving the system of linear inequalities which represent the problems similar to those that arise during linear programming.
(C) Non linear system of equations
These days, iterative methods or relaxation methods have been developed and prove a great help in solving system of equations which are non linear.
- Iterative relaxation methods have proven to be very effective and important methodology in providing solutions for linear system of equations.
- They prove to be effective system of equations that are used to solve partial differential equations based on the model of ellipse.
- These systems of equations are basically used to describe problems related to boundary conditions and values in which the value of the function in the solution is indicated or specified on the boundary of a specified domain.
- If the branch conditions on a path are linear in nature, the iterative relaxation technique either obtains a solution for such a path in just one iteration or it declares that the path is in-feasible.
- We can say that the existing approaches require an unacceptably large number of iterations for longer paths since they use only one branch predicate as well as input variable at a time.
- These methods also use back tracking.
- If the branch conditions on a path are non linear in nature, then it takes more than one iteration to get the desired input data.
- But, the set of constraints that has to be solved is linear in nature and can be solved using the method of gauss elimination.
These advantages make the technique of automated test data generation practical as well as suitable for automated testing.
Thursday, February 9, 2012
What are the qualities of a good tester?
The quality of the software testing depends up on the skills of the tester since the whole software testing process revolves on the instructions of the tester. Even a single wrong decision can cause the whole testing process go wrong.
A tester makes a decision based on his testing skills and capabilities. So a tester has to be very careful while taking any decisions regarding the software testing process.
ATTRIBUTES OF A GOOD TESTER
1. GOOD TECHNICAL & PRACTICAL KNOWLEDGE
- It is not necessary that a good tester might be an experienced one.
- A fresher having good technical and practical knowledge about the software testing methodologies and strategies can also perform effective software testing. - Though one learns from experience, it is often seen that there are many testers who even after having much experience are not able to carry out the software testing process efficiently in a well mannered way.
- They often keep bumping into the problems.
2. KNOWLEDGE ABOUT TESTING PROCESS
- A good tester keeps the overview of the whole testing process in mind while drafting out the test plan.
- He/ she include all the aspects to be tested in the test plan.
3. FAULT FINDING
- He insists on finding the faults earlier in the software system or application since discovering the bugs and errors in the earlier phases of the development helps a great deal.
- It takes less effort to fix a bug or an error in the initial stage of the development when compared to the efforts required in the later stages of development.
4. KNOWLEDGE ABOUT COMPUTER PROGRAMMING
- Testers know computer programming well.
- They are capable of maintaining good credibility with the fellow programmers.
- They have senior computer programmers working over them.
5. KNOWLEDGE ABOUT APPLICATION SOFTWARE
- They know the application software under testing very well.
- He/ she should be able to exploit the application software like an end user.
- Thinking like a user open ups new ways in which the application can be used.
6. SMARTNESS
- Good testers are really smart people and know how to exploit the application.
- Their intelligence is at par with the programmers.
7. NOTICING THINGS
- Good testers tend to notice those minute and little things that do not come to the notice of the other people.
- They keep a sharp eye on the behavior of the program.
- Even a little unusual happening can be an indication of a bug or error.
8. HANDLING CHAOS
- Obviously when a team comprising of people at different designations there will be a lot of chaos.
- Handling such chaos depends on the individual character.
- A good tester is expected to have good tolerance capacity or we can say he/ she should have patience.
9. HANDLING CRITICISM
- Testers have to suffer a lot of criticism from the programmers.
- A tester having good sense of humor can easily get through such a trap.
10. TENACITY
- Another social skill called tenacity is found in good testers.
- Tenacity is the ability of an individual to compromise with the opinions of the others.
- A good tester knows how to socially smart and is a good diplomat.
11. KEEPING TRACK
- A good tester keeps a track of his testing.
- He/ she keeps his observations organized.
12. SKEPTICAL NATURE
- A good tester is a bit skeptical.
- He/ she do not takes anything for granted and questions every thing suspicious for bugs and errors.
13. TOUGH
- A good tester is tough since he/ she has to suffer a lot of criticism and questions of the programmers.
14. SEARCHING NEW WAYS
- They are always searching for new ways of testing an application.
- They are technology hungry. Testing is quite a laborious task.
15. HONESTY
- Finally a good tester is honest with his duty and doesn’t follow any corruption.
Wednesday, February 8, 2012
What are different security testing techniques?
Security testing techniques are needed to defend the vulnerabilities of a software system or application and to protect it from security threats. Every web site and application has some kind of vulnerabilities which weaken the application’s security and exposes it to the exploitation.
The security should be carried out along all other testing phases so that a uniform security is maintained throughout the application and vulnerabilities and threats are discovered and addressed from time to time. But, unfortunately the security testing is usually conducted at the last phase of the development cycle.
PENETRATION & STATIC ANALYSIS TESTING TOOLS
- Penetration testing tools or web application scanners help a great deal in identifying the vulnerabilities of a web site or application.
- The human brain cannot mentally check out the whole source code and aspects for vulnerabilities and weak points.
- Another class of tools that can be used for this purpose is static code analysis tools.
- Both these penetration tools and static code analysis tools are needed for security testing of web sites and web applications.
- These tools work very effectively in digging out the vulnerabilities.
- On the other hand, static code analysis tools belong to the white box testing tools.
- They are used by the security groups to complement the penetration tools and they focus up on finding the specific root vulnerabilities.
- Penetration testing tools are to be used when the tester is having a limited knowledge of the web application under testing.
- These security tools are employed to check out the following security issues:
(a) SQL injection attacks
(b) Cross site scripting attacks
(c) Directory traversal attacks
(d) Issues related to session management
(e) Validation of the supplied input
The penetration testing tools emphasize upon the following security areas of a web site or web application:
- Network security
- Data base security
- Security sub- system
- Web application security
The penetration testing tools though focus up on both the positive and negative requirements; the more emphasis is on the negative ones. On the other hand normal software testing focuses only up on the positive requirements.
TECHNIQUES USED TO CARRY OUT SECURITY TESTING OF WEB APPLICATIONS
1. Fuzz Test Technique
- This type of testing involves injection of various types of generated data at the interface of the web site or application under testing.
- The data is either randomly generated or systematically.
2. Syntax Test Technique
- This type of testing involves generation of both legal and illegal data.
- This data input values are fed to the application and the behavior of the web application is observed i.e., whether it accepts or rejects the input.
3. Data Analysis
- The data generated by the web application is checked and the context of cryptography is employed here.
4. Exploratory Testing
- This testing is carried out without any test plan.
- There are no specific expectations in this type of security testing and the outcomes are also not expected.
5. Scaffolding
- Testers require some support to carry out their own specially designed testing techniques.
- For that they require supportive tools.
- This is termed as scaffolding.
6. Monitoring the behavior of the program
- Automated tools are used to monitor the outcomes of the different security testing techniques applied and also the behavior of the web application is monitored.
- This technique saves a lot of time.
Security testing of the web sites and applications is crucial to the security of the enterprise since the web sites and applications need to be available to the people all time and the threats and vulnerabilities possess a big danger to the cyber world.
What is the approach for Security Testing of Web Applications?
Like our real world, our cyber world also needs security as rate of cyber crime is also increasing day by day. Attackers are misusing the technology to benefit themselves and this has caused the end users to suffer.
The security of the web sites and web applications needs to be very tight so that attackers are not able to break in to the data bases of the sites and applications and use the critical data and information to their heart’s content.
ABOUT SECURITY OF WEB SITES
- Several security measures are being designed these days and many of them have been adopted.
- The security level of the web sites and web applications needs to be tested just like any other aspect of softwares to ensure that it is error proof and meets the standards.
- Security testing of web applications is very necessary as the security of a web site or application is responsible for the safety of our personal information that we use to access the cyber services and other sensitive information.
WHAT APPROACH SHOULD BE USED TO TEST WEBSITES?
Here the question arises that what approach should be followed for security testing of the web sites and applications?
- For security testing of web applications a planned approach should be followed. - The vulnerabilities of the web application should be listed first so that you can draw out your test plan.
- As the number of users is increasing, the need for a proper security system is also increasing.
- The security testing of the web applications needs to very efficient.
- In security testing, the privacy level of the data is tested i.e., whether or not it stays confidential and that it is not leaked to those for whom it is not meant.
- It also makes sure that the end users are able to perform only those tasks which have been authorized for them and that the users are not able to alter the features and functionalities of a web site or application.
- The tester carrying out the security testing should have good knowledge of Hyper Text Transfer Protocols (HTTP).
- It is important to know how exactly the communication takes place between the browser and the server.
- He/ she should also know about the issues mentioned above in the list.
STEPS INCLUDED IN A TEST PLAN
1.Password cracking
- This is done to access the intimate areas of a web application.
- Password cracking can take a very long time if the password is complex.
- Sometimes the user names and passwords are stored in un-encrypted cookies.
- The attacker can very well steal such cookies to get the user name and password.
2. URL manipulation
- In this step, the URL should be tested for any important information in its query.
- Some times information is passed when the HTTP GET method is employed for passing information between the browser and the server by the application.
3. SQL injection
- This is the third issue to be checked.
- Any unauthorized character entered in the text box by the user should be rejected by the application.
- While testing this aspect, if the tester encounters an error or a bug in the data base of the application, then the web application’s security is said to be vulnerable.
- If the application is not checked against the SQL injections, the critical information can be stolen from the application’s data base.
4.XSS cross site scripting
- This is the fourth aspect to be checked.
- The tester should check whether or not the web application accepts any HTML script.
- If the site or application is found to be supporting HTML scripts, then it is prone to the cross site scripting attacks.
During security testing the configurations of the server and the application should not be touched and modified and security test should not be performed on a production system.
Tuesday, February 7, 2012
What are different kinds of risks involved in software projects?
When we create a development cycle for a project, we develop everything like test plan, documentation etc but we often forget about the risk assessment involved with the project.
It is necessary to know what all kinds of risks are involved with the project. We all know that testing requires too much of time and is performed in the last stage of the software development cycle. Here the testing should be categorized ion the basis of priorities. And how you decide which aspect requires higher priority? Here comes the role of risk assessment.
Risks are uncertain and undesired activities and can cause a huge loss. First step towards risk assessment is the identification of the risks involved. There can be many kinds of risks involved with the project.
DIFFERENT KINDS OF RISKS INVOLVED
1.Operational Risk
- This is the risk involved with the operation of the software system or application.
- It occurs mainly due to false implementation of the system or application.
- It may also occur because of some undesired external factors or events.
- There are several other causes and main causes are listed below:
(a) Lack of communication among the team members.
(b) Lack of proper training regarding the concerned subject.
(c) Lack of sufficient resources required for the development of the project.
(d) Lack of proper planning for acquiring resources.
(e) Failure of the program developers in addressing the conflicts between the issues having different priorities.
(f) Failure of the team members in dividing responsibilities among themselves.
2. Schedule Risk
- Whenever project schedule falters, schedule risks are introduced in to the software system or application.
- Such kinds of risks may even lead it to a complete failure bringing down the economy of the company.
- A project failure can badly affect the reputation of a company.
- Some causes of schedule risks have been stated below:
(a) Lack of proper tracking of the resources required for the project.
(b) Sometimes the scope of the project may be extended due to certain reasons which might be unexpected. Such unexpected changes can alter the schedule.
(c) The time estimation for each stage of the project development cycle might be wrong.
(d) The program developers may fail to identify the functionalities that are complex in nature and also they may falter in deciding the time period for the development of these functionalities.
3. Technical Risks
- These types of risks affect the features and functionalities of a software system or application which in turn affect the performance of the software system.
- Some likely causes are:
(a) Difficulty in integrating the modules of the software.
(b) No better technology is available then the existing ones and the existing technologies are in their primitive stages.
(c) A continuous change in the requirements of the system can also cause technical risks.
(d) The structure or the design of the software system or application is very complex and therefore is difficult to be implemented.
4. Programmatic Risk
- The risks that fall outside the category of operational risks are termed as programmatic risks.
- These too are uncertain like operational risks and cannot be controlled by the program.
- Few causes are:
(a) The project may run out of the funds.
(b) The programmers or the product owner may decide to change the priority of the product and also the development strategy.
(c) A change in the government rule.
(d) Development of the market.
5. Budget Risk
- These kinds of risks arise due to budget related problems.
- Some causes are:
(a) The budget estimation might be wrong.
(b) The actual project budget might overrun the estimated budget.
(c) Expansion of the scope might also prove to be problem.
What are common programming bugs every tester should know?
A programming bug as we all know is common or “one in all” term for a flaw, error or mistake in a software system or program. A bug is known for producing unexpected result always or results in the abnormal behavior of the software system or program.
CAUSES OF BUGS
- Root causes of the bugs are the faults or mistakes introduced in to the program’s source code or design and structure or its implementation.
- A program or a piece of program too much affected with bugs is commonly termed as a “buggy” program or code.
- They can be introduced unknowingly in the software system or program during the coding, specification, data entry, designing and documentation.
- Bugs can also arise due to complex interactions between the components of a complex computer program or system.
- This happens because the software programmers or developers have to combine a great length of code and therefore, they may not be able to track minor bugs.
- The discovered bugs are also documented and such documents or reports are called bug reports or trouble reports.
HOW BUGS INFECT A PROGRAM ACTUALLY?
- A single bug can trigger a number of faults or errors within the program which can affect the program in many ways.
- The degree of affecting depends on the nature of the bug.
- It can either affect the program very badly causing it to rash or hang or it may have only a subtle affect on the system.
- There are some bugs that are not detected in the entire software testing process.
- Some bug may cause a chain effect which can be described as one bug causing an error and that error causing some other errors and so on.
- Some bugs may even shut down the whole software system or application.
- Bugs can have serious impacts.
- Bugs can destroy a whole machine.
- Bugs are after all mistakes of human programmers.
TYPES OF BUGS
Bugs are of many types. There are certain types of common bugs that every programmer should be introduced with.
First we are listing some security vulnerabilities:
- Improper encoding
- SQL injection
- Improper validation
- Race conditions
- Memory leaks
- Cross site scripting
- Errors in transmission of sensitive data
- Information leak
- Controlling of critical data
- Improper authorization
- Security checks on the client side and
- Improper initialization
SOME COMMON BUGS ARE:
1. Memory leaks
- This bug is catastrophic in nature.
- It is most common in languages like C++ and C i.e., the languages which do not have automatic garbage collection feature.
- Here the rate of consumption of memory is higher as compared to rate of de- allocating memory which is zero.
- In such a situation the executing program comes to a halt because there is no availability of free memory.
2. Freeing the resource which has already been freed
- This bug is quite frequent in occurrence.
- Usually it happens that the resources are freed after allocation but here already freed resource is freed which causes an error.
3. De-referencing of NULL operator
- This bug is caused due to an improper or missing initialization.
- It an also be caused due to incorrect use of reference variables.
4. References
- Sometimes unexpected or unclear references are created during the execution which may lead to the problem of de- allocation.
5. Deadlocks
- These bugs though rare are catastrophic and are caused when two or more threads are mutually locked by each other or those threads get entangled.
6. Race conditions
- These are frequent and occur when the same resource or result is being tried to be accessed by two threads.
- The two threads are said to be racing.
