Tuesday, July 10, 2012

Cookie Testing

What is Cookie?
  • Cookie is small information stored in text file on user’s hard drive by web server. 
  • It is usually a small piece of data sent from a website and stored in a user's web browser while a user is browsing a website. 
  • When the user browses the same website in the future, the data stored in the cookie can be retrieved by the website to notify the website of the user's previous activity.
Cookie Testing Test Cases
  • Check if the application is writing cookies properly or not.
  • Test to make sure that no personal or sensitive data is stored in the cookie. If it is there in cookies, it should be in encrypted format.
  • If the application under test is a public website, there should not be overuse of cookies. It may result in loss of website traffic if browser is prompting for cookies more often.
  • Close all browsers, delete all previously written cookies and disable the cookies from your browser settings. Navigate or use that part of web site which use cookies. It should display appropriate messages like "For smooth functioning of this site please enable cookies on your browser."
  • Set browser options to prompt whenever cookie is being stored / saved in your system. Navigate or use that part of web site which use cookies. It will prompt and ask if you want to accept or reject the cookie. Application under test should display an appropriate message if you reject the cookies. Also, check that if pages are getting crashed or data is getting corrupted.
  • Close all browsers windows and manually delete all cookies. Navigate various web pages and check and see if these web pages show unexpected behavior.
  • Edit few cookies manually in notepad or some other editor. Make modifications like alter the cookie content, name of the cookie, change expiry date etc. Now, test the site functionality. Corrupted cookies should not allow to read the data inside it.
  • Cookies written by one web site should not be accessible by other website.
  • If you are testing an online shopping portal, Check if reaching to your final order summary page deletes the cookie of previous page of shopping cart properly and no invalid action or purchase got executed from same logged in user.
  • Check if the application under test is writing the cookies properly on different browsers as intended and site works properly using these cookies. This test can be done on browsers like different versions of internet explorer, Mozilla Firefox, Netscape, Opera etc.
  • If the application under test is using cookies to maintain the logging state for users. Check if some id is being displayed in the address bar. Now, change the id & press enter. It should display an access denied message and you should not be able to see other user's account.
Posted by at No comments:
Labels: , , ,

What is Web Testing?

  • Web testing is the name given to software testing that focuses on web applications. 
  • Complete testing of a web-based system before going live can help address issues before the system is revealed to the public.
  • Issues such as the security of the web application, the basic functionality of the site, its accessibility to handicapped users and fully able users, as well as readiness for expected traffic and number of users and the ability to survive a massive spike in user traffic, both of which are related to load testing.
Web security testing
  • Web security testing tells us whether Web based applications requirements are met when they are subjected to malicious input data.
Web Testing Checklist
  • Functionality Testing
    • Link Testing
    • Form Testing
    • Cookie Testing
    • HTML/CSS Validation
    • Database Testing
  • Usability testing
    • Navigation Checking
    • Content Checking
  • Interface testing
    • Web server and application server interface
    • Application server and Database server interface.
  • Compatibility testing
    • Browser compatibility
    • Operating system compatibility
    • Mobile browsing
    • Printing options
  • Performance testing
    • Load Testing
    • Stress Testing
  • Security testing
    • URL Manipulation
    • Session Testing
    • SQL Injection
    • Cross Site Scripting
    • Vulnerability Testing
    • Password Cracking
    • Spoofing
For Complete Web Application Checklist, Please visit the below link: http://softwaretestingreference.blogspot.in/p/web-application-testing.html
Posted by at No comments:
Labels: , , , , , , , , ,

Monday, July 2, 2012

What is Ad Hoc Testing?

  • Ad hoc testing is a commonly used term for software testing performed without planning and documentation. 
  • The tests are intended to be run only once, unless a defect is discovered. Ad hoc testing is the least formal test method. As such, it has been criticized because it is not structured and hence defects found using this method may be harder to reproduce (since there are no written test cases). 
  • However, the strength of ad hoc testing is that important defects can be found quickly.
  • It is performed by improvisation: the tester seeks to find bugs by any means that seem appropriate. 
  • Ad hoc testing can be seen as a light version of error guessing, which itself is a light version of exploratory testing
Posted by at No comments:
Labels: ,

What is Performance Testing?

  • Performance testing is a testing performed to determine how a system performs in terms of responsiveness and stability under a particular workload. 
  • It can also serve to investigate, measure, validate or verify other quality attributes of the system, such as scalability, reliability and resource usage.
  • Performance testing is a means of quality assurance (QA). It involves testing software applications to ensure they will perform well under their expected workload.
  • The goal of performance testing is not to find bugs but to eliminate performance bottlenecks
  • The focus of Performance testing is checking a software program’s
    • Speed – Determines whether the application responds quickly
    • Scalability – Determines maximum user load the software application can handle.
    • Stability – Determines if the application is stable under varying loads
Types of performance testing.
  • Load testing – Load testing is the simplest form of performance testing. A load test is usually conducted to understand the behavior of the system under a specific expected load.
  • Stress testing – involves testing an application under extreme workloads to see how it handles high traffic or data processing .The objective is to identify breaking point of an application.
  • Endurance testing – is done to make sure the software can handle the expected load over a long period of time.
  • Spike testing – Spike testing is done by suddenly increasing the number of, or load generated by, users by a very large amount and observing the behaviour of the system. The goal is to determine whether performance will suffer, the system will fail, or it will be able to handle dramatic changes in load.
  • Volume testing – Under Volume Testing large no. of. Data is populated in database and the overall software system’s behavior is monitored. The objective is to check software application’s performance under varying database volumes.
  • Scalability testing – The objective of scalability testing is to determine the software application’s effectiveness in “scaling up” to support an increase in user load. It helps plan capacity addition to your software system.
  • Configuration testing - Rather than testing for performance from the perspective of load, tests are created to determine the effects of configuration changes to the system's components on the system's performance and behaviour. A common example would be experimenting with different methods of load-balancing.
  • Isolation testing - Isolation testing is not unique to performance testing but a term used to describe repeating a test execution that resulted in a system problem. Often used to isolate and confirm the fault domain.
Posted by at No comments:
Labels: , , , ,

Manual Testing and Automation Testing.

Manual testing
  • Manual testing is the process of manually testing software for defects. 
  • It requires a tester to play the role of an end user, and use most of all features of the application to ensure correct behavior. 
  • To ensure completeness of testing, the tester often follows a written test plan that leads them through a set of important test cases.
  • Manual testing is a laborious activity that requires the tester to possess a certain set of qualities; to be patient, observant, speculative, creative, innovative, open-minded, resourceful, unopinionated, and skillful.
Automation Testing
  • Test automation is the use of software to control the execution of tests, the comparison of actual outcomes to predicted outcomes, the setting up of test preconditions, and other test control and test reporting functions.
  • Commonly, test automation involves automating a manual process already in place that uses a formalized testing process.
  • Test automation is the process of writing a computer program to do testing that would otherwise need to be done manually. 
  • Once tests have been automated, they can be run quickly and repeatedly. 
  • This is often the most cost effective method for software products that have a long maintenance life, because even minor patches over the lifetime of the application can cause features to break which were working at an earlier point in time.
Posted by at No comments:
Labels: ,

What is Security testing?

  • Security testing is a process to determine that an information system protects data and maintains functionality as intended.
  • The six basic security concepts that need to be covered by security testing are: confidentiality, integrity, authentication, availability, authorization and non-repudiation
  • Security testing is related to the security of data and the functionality of the application. You should be aware of the following concepts while performing security testing:
    • Confidentiality - The application should only provide the data to the relevant party e.g. one customer's transactional data should not be visible to another customer; the irrelevant personal details of the customer should not be visible to the administrator and so on.
    • Integrity - The data stored and displayed by the application should be correct e.g. after a withdrawal, the customer's account should be debited by the correct amount.
    • Authentication - It should be possible to attribute the data transmitted in the application to either the application or the customer. In other words, no one other than the customer or the bank should be able to create or modify any data.
    • Authorization - The application or a user should only be able to perform the tasks which they are respectively authorized to perform e.g. a customer should not be able to withdraw more than the balance in their account without having an overdraft facility, the application should not be able to levy charges on a customer account without prior customer approval.
    • Availability - The data and functionality should be available to the users throughout the working period e.g. if the bank's operating times are from 8 a.m. to 8 p.m. on all working days, it should be possible for a customer to access their account and make the necessary transactions on their account.
    • Non-repudiation - At a later date, it should not be possible for a party to deny that a particular transaction or data change took place e.g. if a customer withdraws an amount from their account, this should trigger the relevant actions (posting to their transaction records, debiting their account and sending them a notification etc.).
Posted by at No comments:
Labels: , ,

What is System Testing?

  • Testing the behavior of the entire(whole) software/system as defined in software requirements specification(SRS) is known as system testing.
  • Its main focus is to verify that the customer requirements are fulfilled.
  • System testing is done after integration testing is complete. 
  • System testing should test functional and non functional requirements of the software.
  • Testing done by a professional testing agent on the completed software product before it is introduced to the market.
  • Some of the main testing types which need to be covered in system testing:
    • Sanity Testing
    • Usability Testing
    • Stress Testing
    • Load Testing
    • Performance Testing
    • Regression Testing
    • Maintenance Testing
    • Security Testing
    • Accessibility Testing
Posted by at No comments:
Labels: , ,

Unit Testing and Integration Testing.

Unit Testing
  • Testing of individual software components or modules. 
  • Typically done by the programmer and not by testers, as it requires detailed knowledge of the internal program design and code. may require developing test driver modules or test harnesses.
  • The goal of unit testing is to isolate each part of the program and show that the individual parts are correct.
  • A unit test provides a strict, written contract that the piece of code must satisfy. 
  • As a result, it affords several benefits.
Integration testing
  • Integration testing  is the phase in software testing in which individual software modules are combined and tested as a group.
  • It occurs after unit testing and before validation testing. 
  • Integration testing takes as its input modules that have been unit tested, groups them in larger aggregates, applies tests defined in an integration test plan to those aggregates, and delivers as its output the integrated system ready for system testing.
  • Some different types of integration testing are Top Down Testing and Bottom Up Testing.
Top Down Testing
  • Top Down Testing is an approach to integrated testing where the top integrated modules are tested and the branch of the module is tested step by step until the end of the related module.
Bottom Up Testing
  • Bottom Up Testing is an approach to integrated testing where the lowest level components are tested first, then used to facilitate the testing of higher level components. The process is repeated until the component at the top of the hierarchy is tested.
    Posted by at No comments:
    Labels: , , ,

    What is Structural Testing?

    • White-box testing (also known as clear box testing, glass box testing, transparent box testing, and structural testing) is a method of testing software that tests internal structures or workings of an application, as opposed to its functionality (i.e. black-box testing). 
    • In white-box testing an internal perspective of the system, as well as programming skills, are used to design test cases. 
    • The tester chooses inputs to exercise paths through the code and determine the appropriate outputs.
    • White-box test design techniques include, control flow testing, data flow testing, branch testing, path testing, statement coverage and decision coverage.
    Posted by at No comments:
    Labels: ,

    Boundary value analysis and Equivalence partitioning.

    Equivalence partitioning
    • Equivalence partitioning is a black box testing technique that divides the input data of a software unit into partitions of data from which test cases can be derived.
    Example:
    • Assume that you have to test an input box that accepts numbers from 1 to 100. It is not possible to write test cases for all 100 valid data and other test cases for invalid data.
    • By using Equivalence Partitioning method, the above test cases can be divided into three sets of input data called as classes.
    Test cases for input box which accepts numbers between 1 and 100 using Equivalence Partitioning:

    1. Take a single value from range 1 to 100 as a valid test case. If you select any other values between 1 and 100 the result will be same. So one test case for valid input data should be sufficient.
    2. Test any value below the lower limit. ie, any value below 1, as invalid data test case.
    3. Input data with any value greater than 100 to represent third invalid input class.

    • So using equivalence partitioning you have categorized all possible test cases into three classes. Test cases with other values from any class should give you the same result.
    • Equivalence partitioning uses fewest test cases to cover maximum requirements.
    Boundary value analysis
    • Boundary value analysis is a black box testing technique in which tests are designed to include representatives of boundary values.
    • Values on the minimum and maximum edges of an equivalence partition are tested.
    • Boundary value analysis testing technique is used to identify errors at boundaries rather than finding those exist in center of input domain.
    Test cases for input box which accepts numbers between 1 and 100 using Boundary value analysis:
    1. Test cases with test data exactly as the input boundaries of input domain i.e. values 1 and 100 in our case.
    2. Test data with values just below the extreme edges of input domains i.e. values 0 and 99.
    3. Test data with values just above the extreme edges of input domain i.e. values 2 and 101.
    • Boundary value analysis is often called as a part of stress and negative testing.
    Posted by at No comments:
    Labels:

    Black Box Testing and White Box Testing.

    Black Box Testing
    • Black Box Testing is testing without knowledge of the internal workings of the item being tested.
    • For Example: when black box testing is applied to software engineering, the tester would only know the "legal" inputs and what the expected outputs should be, but not how the program actually arrives at those outputs.
    Advantages of Black Box Testing
    • more effective on larger units of code than glass box testing.
    • tester needs no knowledge of implementation, including specific programming languages.
    • tester and programmer are independent of each other.tests are done from a user's point of view.
    • will help to expose any ambiguities or inconsistencies in the specifications.
    • test cases can be designed as soon as the specifications are complete
    White Box Testing
    • White box testing strategy deals with the internal logic and structure of the code.
    • White box testing is also called as glass, structural, open box or clear box testing.
    • The tests written based on the white box testing strategy incorporate coverage of the code written, branches, paths, statements and internal logic of the code etc.
    Advantages of White Box Testing
    • White Box Testing are tests that are run an application with the knowledge.
    • White box testing is testing from the inside--tests that go in and test the actual program structure.
    • As the knowledge of internal coding structure is prerequisite, it becomes very easy to find out which type of input/data can help in testing the application effectively.
    • The other advantage of white box testing is that it helps in optimizing the code.
    • It helps in removing the extra lines of code, which can bring in hidden defects.
    Posted by at No comments:
    Labels: , ,

    Verification and Validation.

    Verification and Validation is independent procedures that are used together for checking that a product, service, or system meets requirements and specifications and that it fulfills its intended purpose.
     
    Verification:
    • Verification is the process of checking or testing items, including software, for conformance and consistency by evaluating the results against pre-specified requirements.
    • Verification: "Are we building the product right"
    • The software should conform to its specification.
    • It is intended to check that a product service, or system meets a set of initial design requirements, specifications, and regulations.
    Validation:
    • Validation looks at the system correctness – i.e. is the process of checking that what has been specified is what the user actually wanted.
    • Validation: “Are we building the right product?”
    • The software should do what the user really requires.
    • It is intended to check that development and verification procedures for a product, service, or system result in a product, service, or system that meets initial requirements, specifications, and regulations.
    Posted by at No comments:
    Labels: ,

    Functional Testing and Non-Functional Testing.

    Functional Testing
    • In functional testing, the focus of testing activities is on functional aspects of the system. 
    • Test cases are written to check the expected output. 
    • Functional testing is normally performed in all the test phases from unit to system testing.
    Non-Functional Testing
    • In non-functional testing, the focus of the testing activities is on non functional aspects of the system. 
    • Non functional testing is normally carried out during the System Testing phase only. 
    • The focus of non functional testing is on the behavior and user experience of the system.
    Posted by at No comments:
    Labels:

    What is Software Testing?

    • Software testing is the process of validating and verifying a software product to ensure its quality. 
    • Software testing is used to measure the quality of developed computer software.
    • It is the process of exercising a system component by manually or automated means to verify that it specifies the specified requirement.
    • The objective of software testing is to find problems and fix them to improve quality.
    • The purpose of software testing is to assess and evaluate the quality of work performed at each step of the software development process.
    • It will increase the functioning of the software.
    • The goal of testing is to ensure that the software performs as intended, and to improve software quality, reliability and maintainability.
    • It will reduce costly errors.
    Posted by at No comments:
    Labels:
    Subscribe to: Posts (Atom)