author-img

Bhumi Khimani's Posts

Sr. Quality Analyst

post

In our previous tutorial, we had seen the most common security threats. Let's see Main Seven Tips and its Recommendations on How You Can Protect Yourself from These Threats are mention below.

1. Saved Login Credentials

It is recommended not to save credentials in the browser. Instead, use password managers like Password Safe and KeePass to store credentials.

Password managers work through a central master password and help you keep your website passwords secure.

You can also set the administrator to access a saved login or URL, depending on your convenience and security reasons.

2. Removable Browsing History

Deleting the browser cache is a way to remove risky information, especially when engaging in confidential activities such as online banking. This step can be performed manually in the browser or set to automatic when the browser is closed. Another way to stay protected from this threat is to use Incognito or Private Browsing mode, where no saves can be harvested.

3. Disable Cookies

The best solution to the threat of cookies is to disable them when using your browser.

However, it is not exceptional, as many websites rely on cookies and thus get limited access to their functionality once they are turned off.

Disabling cookies may also result in annoying prompts. Getting rid of cookies on a periodic basis can help you protect your browser, beware of duplicate information by websites as a side effect of it.

4. Reduce Browser Cache by using Incognito Mode

Protection from such threats can be achieved through incognito browsing as well as by manually clearing the cache as per the requirement, especially after a sensitive browser search.

5. Look for Standard Java Configuration

Java is a widely used language for running Windows and other operating system-related code. It is designed in such a way that the applets inside it run in a separate sandbox environment, which helps prevent them from accessing other operating system components and applications. But more often than not, these vulnerabilities allow small applications to escape from the sandbox environment and cause the threat.

To avoid Java-related threats, search and choose a standard Java security configuration that works best with your browser as well as PC and deploy these configurations through a key source such as Group Policy.

6. Third-Party Plugins or Extensions

Browsers often have third-party add-ons or extensions provided for various tasks, for example, JavaScript or Flash for viewing or working with content. These are both from well-known high-quality dealers, however, there are various modules and add-ons from less legitimate sources and may not, however, offer a business-related benefit. For this type of threat, it is recommended to only allow business-related plugins and extensions as a key aspect of the official business approach, for example, to use the Internet and email. Depending on the browser(s) used in your link, explore ways to whitelist unwanted plug-ins or appropriate plug-ins, so that only those plug-ins can be served. Security modules are arranged for automatic updating or submission of new forms by focused components, (for example, Active Directory Group Policy or System Center Configuration Manager).

7. Ads Popping up and Redirects

Pop-up ads are well-known malicious ads that can be particularly confusing and difficult to work with. They regularly give false notifications, for example, they confirm that PC you have an infection and encourage you to submit their antivirus to activate it. Usually, malware is the thing that really ends up happening. These popups are questionable to close because often there is no X to do it like this.

The best alternative is to close the program completely or use Task Manager in Windows / Execution direction in Linux to close the application.

That's it. If you want to harm-free system, take these tips and apply them to your Web-application. It will help to protect from security threats.

September 25, 20213 minutesauthorBhumi Khimani
post

Web browser, is the most used application or portal for users to access the Internet. These browsers are very advanced, with improved usability and ubiquity. The individual is exposed to different internet browsers. Each of them consists of some perceived and real benefits. However, it is also true that none of them are safe from security threats. In fact, website browsers are more vulnerable to security vulnerabilities and when users interact with websites, they carry the possibilities of malware and other threats in them.

Mainly, 5 most common browser security threats and how to protect your system

With that in mind, here are some of the most common browser security threats and how to protect your system from them are follow below:

1. Removing Saved Login Credentials

Bookmarks associated with saved logins for linked sites is a terrible combination and doesn't really favor your system. When this is done, a hacker with little knowledge can hack it. There are some websites that use two-factor authentication, such as sending OTPs to your mobile phone to access them. However, many of them use this as a one-time access token so that a person can confirm his or her identity on the system they are intended to connect from. Deleting saved credentials is not good for your browser as well as for your system in general. Cybercriminals A can easily reset important identifiers and profiles on almost every website you visit. They can do this from anywhere and at any time. Once they have your IDs and passwords, they can run them from any system of their choice.

2. Permission to Browser History

Your browser's browsing history is a type of map or mechanism that keeps track of what you're doing and what sites you're visiting. It not only tells us which sites you visited, but for how long and when as well. If a criminal wants to get your credentials from the sites you access, they can do so easily, knowing which sites you have accessed through your browsing history.

3. Cookies

Cookies made up of locally stored files that identify association with certain files are another common browser security threat. Similar to browsing history, it can also track the site you visit and get credentials.

4. Browser Cache

Browser cache consists of storing sections of website pages which makes accessing and loading sites easier and faster, every time you visit. This can also identify the site or portal you have accessed and the content you have gone through. It also saves your location and device detection, making it a risky item as anyone can identify your location and device.

5. Autofill Information

Autofill information can pose a huge threat to your browser. Browsers like Chrome and Firefox store your address information, sometimes your profile information, and other personal information. But are you prepared if you fall into the wrong hands? Isn't it? Well, the criminal is now aware of and privacy to all your personal details.

In our next tutorial, will see Tips and Recommendations on How You Can Protect Yourself from These Threats.

August 23, 20212 minutesauthorBhumi Khimani
post

Nowadays, people are hacking secure data systems, so will See the security testing criteria for reCAPTCHA forms.

reCAPTCHA is a technology that assesses the probability that the entity that uses your web code (page, app, portal, etc.) is a human and not a bot (or the other way around). Grabbing information of behavior (of a user or a bot) encapsulates it in the token that gets sent to your server. On your server, the token is being sent again to Google for returning the assessment on how probable it is that the token was generated by a human. Part of the response returned from Google to your server:

Let's See the points how to Test 🛠️

First, we validate from the frontend

On any reCAPTCHA from removing that div from inspect element and then trying to save, there must be valid and records should not store on the backend as shown in the image.

2021-07-22-60f90c027ead1

Remove this div then save the form there should be a validation message for reCAPTCHA verification and the form should not be saved, if the form is submitted then the data were stored in the data table which was False to the system.

Now Let's see how we validate from the postman

First, add testing form URL on browser and apply Post method and on body add all fields which are added in form lets see on the image.

2021-07-22-60f90c12e0f33

Now add on the header at Key column CSRF token, X-Requested, cookie and add its perspective value as shown in the image.

CSRF token and XSRF-TOKEN will store in the cookie which will get from the front page from inspect element.

2021-07-22-60f90c2315082

Now, click on send request and validate the status should be false as shown in the image

2021-07-22-60f90c3081ca1

If the status changes to true, then the data stored in a table & will create a problem, and the reCAPTCHA form will validate false.

Hence, reCAPTCHA form Test, Hope this helps.

July 22, 20214 minutesauthorBhumi Khimani
post

What is Performance Testing?

Performance testing, which is a non-functional testing method performed to determine system parameters in terms of responsiveness and stability under various workloads. Performance testing measures the quality characteristics of a system, such as a scalability, reliability, and resource use.

Types of Performance Testing

2021-07-01-60dd6e2e103a8

There are mainly six types of performance testing Let's see in detail.

Load Testing

It is the simplest form of testing conducted to understand the behavior of the system under a specific load. The load tests will determine the measurement of important business-critical transactions and will also monitor the load on the database, application server, etc.

Stress Testing

It is performed to find the upper limit capacity of the system and also to determine how the system is operating if the current load greatly exceeds the expected maximum.

Spike Testing

The Spike test is performed by suddenly increasing the number of users by a very large amount and measuring system performance. The main objective is to determine whether the system will be able to carry the workload.

Scalability testing

It Measures performance based on the software's ability to increase or decrease performance measurement attributes. For example, a scalability test could be performed based on the number of user requests.

Volume Testing

Under large test volume no. From. The data is filled in a database and the overall behavior of the program system is monitored. The goal is to check the performance of the software application under different database sizes.

Endurance Testing

It is done to make sure the software can handle the expected load over a long period of time.

We will see full performance testing process points in our next article, to continue...

January 11, 20211 minuteauthorBhumi Khimani
post

In the previous article, we learned 4 cases for how to  test  Android Applications.

In this article, we will learn more cases for how to  test  Android Applications.

5. Compatibility testing test cases

Compatibility testing is performed to protect against mobile application failures as devices have different operating systems, sizes, resolutions, and so on.  Determines that an app works consistently across various platforms and environments. 

Six compatibility test case scenarios questions:

  1. Have you tested on the best test devices and operating systems for mobile apps?
  2. How does the app work with different parameters such as bandwidth, operating speed, capacity, etc.?
  3. Will the app work properly with different mobile browsers such as Chrome, Safari, Firefox, Microsoft Edge, etc.
  4. Does the app's user interface remain consistent, visible and accessible across different screen sizes?
  5. Is the text readable for all users?
  6. Does the app work seamlessly in different configurations? 

6. Security testing test cases

Security testing ensures that the application data and network security requirements are met per the guidelines.  It focuses on identifying possible risks and security vulnerabilities so that the application is not exploited and the data is protected. 

Twenty-four security testing scenarios for mobile applications:

  1. Can the mobile app resist any brute force attack to guess a person's username, password, or credit card number?
  2. Does the app allow an attacker to access sensitive content or functionality without proper authentication?
  3. This includes making sure communications with the backend are properly secured.  Is there an effective password protection system within the mobile app?
  4. Verify dynamic dependencies.
  5. Measures taken to prevent attackers from accessing these vulnerabilities.
  6. What steps have been taken to prevent SQL injection-related attacks?
  7. Identify and repair any unmanaged code scenarios
  8. Make sure certificates are validated and whether the app implements certificate pinning
  9. Protect your application and network from denial of service attacks
  10. Analyze data storage and validation requirements
  11. Create  session management to prevent unauthorized users from accessing unsolicited information
  12. Check if the encryption code is damaged and repair what was found.
  13. Are the business logic implementations secure and not vulnerable to any external attack?
  14. Analyze file system interactions, determine any vulnerabilities and correct these problems.
  15. What protocols are in place should hackers attempt to reconfigure the default landing page?
  16. Protect from client-side harmful injections.
  17. Protect yourself from but vicious runtime injections.
  18. Investigate and prevent any malicious possibilities from file caching.
  19. Protect from insecure data storage in app keyboard cache.
  20. Investigate and prevent malicious actions by cookies.
  21. To provide regular checks for the  data protection analysis
  22. Investigate and prevent malicious actions from custom-made files
  23. Preventing memory corruption cases
  24. Analyze and prevent vulnerabilities from different data streams 

7. Localization testing test cases

Localization testing ensures that the mobile app provides a flawless user experience in a specific locale based on the target language and country.  It aims to ensure that the functionality and content of the application is fully tailored to meet the needs of users in a particular location.  Since fully localized apps and websites outperform their competition, this is a test case that shouldn't be overlooked.  Partnering with a respected third party with global reach alleviates some stresses and unknown variables when using localization.  For example, Testis covers over 100 countries and over 140 languages. 

Eleven localization testing scenarios for mobile applications:

  1. The translated content must be checked for accuracy.  This should also include all verification or error messages that may appear. 
  2. The language should be formatted correctly.(e.g. Arabic format from right to left, Japanese writing style of Last Name, First Name, etc.) 
  3. The terminology is consistent across the user interface. 
  4. The time and date are correctly formatted. 
  5. The currency is the local equivalent. 
  6. The colors are appropriate and convey the right message. 
  7. Ensure the license and rules that comply with the laws and regulations of the destination region.
  8. The layout of the text content is error free. 
  9. Hyperlinks and hotkey functions work as expected. 
  10. Entry fields support special characters and are validated as necessary (ie. postal codes)
  11. Ensure that the localized UI has the same type of elements and numbers as the source product. 

8. Recoverability testing test cases

The recovery test is a non-functional testing technique that determines how quickly a mobile application can recover after a system crash or hardware failure. 

Five recoverability testing scenarios questions:

  1. Will the app continue on the last operation in the event of a hard restart or system crash?
  2. What, if any, causes crash recovery and transaction interruptions?
  3. How effective is it at restoring the application after an unexpected interruption or crash?
  4. How does the application handle a transaction during a power outage?
  5. What is the expected process when the app needs to recover data directly affected by a failed connection? 

9. Regression testing test cases

QA and mobile app testing doesn't end once an app is launched.  When an application is updated, even small changes can create unexpected problems.  This is why regression testing is key.  The purpose of regression testing is to ensure that new code changes in the software do not cause errors or interruptions. 

Four regression testing scenarios for mobile applications:

  1. Check the changes to existing features
  2. Check the new changes implemented
  3. Check the new features added 
  4. Check for potential side effects after changes start 

That's it. If you want a good application, take these tips and follow cases for Android Application test. It will help to make quality & standardize your Applications.

November 15, 20203 MinutesauthorBhumi Khimani
post

Few main things remember to test an Android Application which is mention below:

1. Functional testing test cases

There are many hands involved in creating a mobile app. These stakeholders may have different expectations. Functional testing determines whether a mobile app complies with these various requirements and uses. Examine and validate all functions, features, and competencies of a product.

Twelve functional test case scenario questions:

  1. Does the application work as intended when starting and stopping?
  2. Does the app work accordingly on different mobile and operating system versions?
  3. Does the app behave accordingly in the event of external interruptions?
  4. (i.e. receiving SMS, minimized during an incoming phone call, etc.)
  5. Can the user download and install the app with no problem?
  6. Can the device multitask as expected when the app is in use or running in the background?
  7. Applications work satisfactorily after installing the app.
  8. Do social networking options like sharing, publishing, etc. work as needed?
  9. Do mandatory fields work as required? Does the app support payment gateway transactions?
  10. Are page scrolling scenarios working as expected?
  11. Navigate between different modules as expected.
  12. Are appropriate error messages received if necessary?

There are two ways to run functional testing: scripted and exploratory.

Scripted

Running scripted tests is just that - a structured scripted activity in which testers follow predetermined steps. This allows QA testers to compare actual results with expected ones. These types of tests are usually confirmatory in nature, meaning that you are confirming that the application can perform the desired function. Testers generally run into more problems when they have more flexibility in test design.

Exploratory

Exploratory testing investigates and finds bugs and errors on the fly. It allows testers to manually discover software problems that are often unforeseen; where the QA team is testing so that most users actually use the app. learning, test design, test execution, and interpretation of test results as complementary activities that run in parallel throughout the project. Related: Scripted Testing Vs Exploratory Testing: Is One Better Than The Other?

2. Performance testing test cases

The primary goal of benchmarking is to ensure the performance and stability of your mobile application

Seven Performance test case scenarios ensure:

  1. Can the app handle the expected cargo volumes?
  2. What are the various mobile app and infrastructure bottlenecks preventing the app from performing as expected?
  3. Is the response time as expected? Are battery drain, memory leaks, GPS, and camera performance within the required guidelines?
  4. Current network coverage able to support the app at peak, medium, and minimum user levels?
  5. Are there any performance issues if the network changes from/to Wi-Fi and 2G / 3G / 4G?
  6. How does the app behave during the intermittent phases of connectivity?
  7. Existing client-server configurations that provide the optimum performance level?

2020-12-26-5fe7040267f4c

3. Battery usage test cases

While battery usage is an important part of performance testing, mobile app developers must make it a top priority. Apps are becoming more and more demanding in terms of computing power. So, when developing your mobile app testing strategy, understand that battery-draining mobile apps degrade the user experience.

Device hardware - including battery life - varies by model and manufacturer. Therefore, QA testing teams must have a variety of new and older devices on hand in their mobile device laboratory. In addition, the test environment must replicate real applications such as operating system, network conditions (3G, 4G, WLAN, roaming), and multitasking from the point of view of the battery consumption test.

Seven battery usage test case scenarios to pay special attention to:

  1. Mobile app power consumption
  2. User interface design that uses intense graphics or results in unnecessarily high database queries
  3. Battery life can allow the app to operate at expected charge volumes
  4. Battery low and high-performance requirements
  5. Application operation is used when the battery is removed Battery usage and data leaks
  6. New features and updates do not introduce new battery usage and data
  7. Related: The secret art of battery testing on Android

2020-12-26-5fe7040b04c51

4. Usability Testing Test Cases

Usability testing of mobile applications provides end-users with an intuitive and user-friendly interface. This type of testing is usually done manually, to ensure the app is easy to use and meets real users' expectations.

Ten usability test case scenarios ensure:

  1. The buttons are of a user-friendly size.
  2. The position, style, etc. of the buttons are consistent within the app
  3. Icons are consistent within the application
  4. The zoom in and out functions work as expected
  5. The keyboard can be minimized and maximized easily.
  6. The action or touching the wrong item can be easily undone.
  7. Context menus are not overloaded.
  8. Verbiage is simple, clear, and easily visible.
  9. The end-user can easily find the help menu or user manual in case of need.
  10. Related: High impact usability testing that is actually doable

We will see more points in our next articles.

December 03, 20204 minutesauthorBhumi Khimani
post

Introduction to Bug Life Cycle

The fault life cycle or defect life cycle is the specific set of states that a fault goes through before it is closed or resolved. When a fault is detected - by a tester or someone else on the team - the life cycle provides a tangible way to track the progress of a bug fix, and during the fault's life, multiple individuals touch it - directly or indirectly. Troubleshooting is not necessarily the responsibility of a single individual. At different stages of the life cycle, several members of the project team will be responsible for the error. This blog will help you understand how many cases the error goes through vary from project to project. The life cycle diagram covers all possible situations.

What’s The Difference Between Bug, Defect, Failure, Or Error?

Bug: If testers find any mismatch in the application/system in the testing phase then they call it a Bug.

As I mentioned earlier, there is a contradiction in the usage of Bug and Defect. People widely say the bug is an informal name for the defect.

Defect: The variation between the actual results and expected results is known as a defect.

If a developer finds an issue and corrects it by himself in the development phase then it’s called a defect.

Failure: Once the product is deployed and customers find any issues then they call the product a failure product. After release, if an end-user finds an issue then that particular issue is called a failure

Error: We can’t compile or run a program due to coding mistakes in a program. If a developer is unable to successfully compile or run a program then they call it an error.

Software Defects Are Basically Classified According To Two Types:

Severity

Bug Severity or Defect Severity in testing is a degree of impact a bug or a Defect has on the software application under test. A higher effect of bug/defect on system functionality will lead to a higher severity level. A Quality Assurance engineer usually determines the severity level of a bug/defect.

Types of Severity

In Software Testing, Types of Severity of bug/defect can be categorized into four parts:

Critical: This defect indicates complete shut-down of the process, nothing can proceed further

Major: It is a highly severe defect and collapses the system. However, certain parts of the system remain functional

Medium:/ It causes some undesirable behavior, but the system is still functional

Low: It won't cause any major break-down of the system

Priority

Priority is defined as the order in which a defect should be fixed. The higher the priority the sooner the defect should be resolved.

Priority Types

Types of Priority of bug/defect can be categorized into three parts:

Low: The Defect is an irritant but a repair can be done once the more serious Defect has been fixed

Medium: During the normal course of the development activities, defects should be resolved. It can wait until a new version is created

High: The defect must be resolved as soon as possible as it affects the system severely and cannot be used until it is fixed

(A) High Priority, High Severity

An error occurs on the basic functionality of the application and will not allow the user to use the system. (E.g. A site maintaining the student details, on saving record if it doesn't allow saving the record then this is a high priority and high severity bug.)

(B) High Priority, Low Severity

High Priority and low severity status indicate defects have to be fixed on an immediate basis but do not affect the application while High Severity and low priority status indicate defects have to be fixed but not on an immediate basis.

(C) Low Priority Low Severity

A minor low severity bug occurs when there is almost no impact on the functionality, but it is still a valid defect that should be corrected. Examples of this could include spelling mistakes in error messages printed to users or defects to enhance the look and feel of a feature.

(D) Low Priority High Severity

This is a high severity error, but it can be prioritized at a low priority as it can be resolved with the next release as a change request. On the user experience. This type of defect can be classified in the category of High severity but Low priority.

Bug Life Cycle

2020-12-18-5fdca76589590

New: When a new defect is logged and posted for the first time. It is assigned a status as NEW.

Assigned: Once the bug is posted by the tester, the lead of the tester approves the bug and assigns the bug to the developer team

Open: The developer starts analyzing and works on the defect fix

Fixed: When a developer makes a necessary code change and verifies the change, he or she can make bug status as "Fixed."

Pending retest: Once the defect is fixed the developer gives a particular code for retesting the code to the tester. Since the software testing remains pending from the tester's end, the status assigned is "pending retest."

Retest: Tester does the retesting of the code at this stage to check whether the defect is fixed by the developer or not and changes the status to "Re-test."

Verified: The tester re-tests the bug after it got fixed by the developer. If there is no bug detected in the software, then the bug is fixed and the status assigned is "verified."

Reopen: If the bug persists even after the developer has fixed the bug, the tester changes the status to "reopened". Once again the bug goes through the life cycle.

Closed: If the bug no longer exists then the tester assigns the status "Closed."

Duplicate: If the defect is repeated twice or the defect corresponds to the same concept of the bug, the status is changed to "duplicate."

Rejected: If the developer feels the defect is not a genuine defect then it changes the defect to "rejected."

Deferred: If the present bug is not of a prime priority and if it is expected to get fixed in the next release, then the status "Deferred" is assigned to such bugs

Not a bug: If it does not affect the functionality of the application then the status assigned to a bug is "Not a bug".

Defect Life Cycle Explained

2020-12-18-5fdca75fd9a1a

  1. The tester finds the defective status assigned to the defect.

  2. A defect is forwarded to the project manager for analysis.

  3. The project manager decides whether a defect is valid.

  4. Here the defect is invalid. The status is "Rejected".

  5. The project manager assigns a rejected status.

  6. If the bug is not resolved, the next step is to check that it is in scope.

Suppose we have another function - email functionality for the same application, and you find a problem with it. However, it is not part of the current version if such errors are assigned as a deferred or deferred status.

  1. Next, the manager checks to see if a similar error has occurred earlier. If so, a duplicate status is assigned to the error.

  2. If not, the bug is assigned to the developer, who starts correcting the code.

  3. During this phase, the defect is assigned a status in the process,

  4. Once the code is fixed. A defect is assigned a status fixed.

  5. Next, the tester tests the code again. If the test case is passed, the defect is closed. If the test cases fail again, the bug is reopened and assigned to the developer.

  6. Consider a situation where, during the first release of the flight reservation, an error was detected in the fax order, which has been fixed and the status of closed has been assigned. The same error occurred again during the second upgrade version.

In such cases, a closed defect is opened again.

"That's all to Bug Life Cycle"

October 13, 20206 minutesauthorBhumi Khimani
post

Different Types Of Software Testing

Given below is the list of some common types of Software Testing:

Accessibility Testing:

The purpose of accessibility testing is to determine whether the software or application is accessible to people with disabilities or not. Here disability means deaf, color-blind, mentally disabled, blind, elderly, and other disabled groups. Various checks are performed, such as font size for the visually impaired, color and contrast for color blindness, etc.

Ad-Hoc Testing:

The name itself suggests that this test will be conducted on an ad hoc basis, i.e. without reference to the test case and also without a plan or documentation for such type of test. The aim of this test is to find the flaws and breaks the application is executed by executing any sequence of application or random functionality. Ad hoc testing is an informal way of finding bugs and can be done by anyone on the project. It is difficult to identify bugs without a test case, but sometimes it is possible that bugs found in ad hoc tests were not identified using existing test cases.

Alpha Testing:

It is the most common type of test used in the software industry. The objective of this test is to identify all possible problems or defects before launching it to the market or to the user. Alpha Testing takes place at the end of the software development phase but before Beta Testing. Still, minor design changes can be made as a result of such testing. Alpha testing is done on the developer's site. An internal virtual user environment can be created for this type of test.

API Testing:

API testing is done for the system, which has a collection of APIs that should be tested. During the test, a test of the following things is examined: explore the boundary conditions and ensure that the test harness varies the parameters of the API calls in order to verify functionality and expose faults. Parameters. Checks the API behavior that is considering external environment conditions such as files, peripheral devices, etc. Check the sequence of API calls and check if the APIs produce useful results from subsequent calls.

Beta Testing:

Beta tests, also known as user tests, are carried out by the end-users at the end user's location to verify the usability, functionality, compatibility, and reliability tests to provide input on the design, functionality, and usability of a product. These inputs are not only critical to the success of the product but also an investment in future products if the data collected is effectively managed.

Boundary Testing:

Boundary value analysis is a type of black box or specification-based testing technique in which tests are performed using the boundary values.

Example:

An exam has a pass boundary at 50 percent, merit at 75 percent, and distinction at 85 percent. The Valid Boundary values for this scenario will be as follows:

49, 50 - for pass
74, 75 - for merit
84, 85 - for distinction

Boundary values are validated against both valid boundaries and invalid boundaries.

The Invalid Boundary Cases for the above example can be given as follows:

0 - for lower limit boundary value
101 - for upper limit boundary value

Bottom-Up Integration Testing:

Each component at the lower hierarchy is tested individually and then the components that rely upon these components are tested.

Bottom-Up Integration - Flow Diagram

2020-12-14_5fd6f466c1813

The order of Integration by Bottom-down approach will be:

4,2
5,2
6,3
7,3
2,1
3,1

Top-Down Integration Testing:

Top-down integration testing is an integration testing technique used in order to simulate the behavior of the lower-level modules that are not yet integrated. Stubs are the modules that act as temporary replacements for a called module and give the same output as that of the actual product.

The replacement for the 'called' modules is known as 'Stubs' and is also used when the software needs to interact with an external system.

2020-12-14_5fd6f4bf2e648

The above diagrams clearly state that Modules 1, 2, and 3 are available for integration, whereas below modules are still under development that cannot be integrated at this point in time. Hence, Stubs are used to test the modules. The order of Integration will be:

1,2
1,3
2,Stub 1
2,Stub 2
3,Stub 3
3,Stub 4

Unit Testing:

Unit testing, which is a testing method by which individual units are tested to determine if there are any issues on the part of the developer themselves. It is concerned with the functional health of the independent units.

The main aim is to isolate each unit of the system to identify, analyze and fix the defects.

Unit Testing - Advantages:

Reduces errors in the newly developed functions or reduces errors when changing the existing functionality.

Reduces test costs as errors are detected at a very early stage.

Improves the design and allows for better code redesign. Unit tests also show the quality of the build when integrated into Build.

Unit Testing Life Cycle:

2020-12-14_5fd6f5139750d

Unit Testing Techniques:

  • Black Box Testing - Using which the user interface, input, and output are tested.
  • White Box Testing - used to test each one of those functions' behavior.
  • Gray Box Testing - Used to execute tests, risks, and assessment methods.

System Testing:

System testing (ST) is a black-box testing technique performed to assess the complete system's compliance with specified requirements. In system testing, the functionalities of the system are tested from an end-to-end perspective. System testing is generally carried out by a team that is independent of the development team to measure the quality of the system in an unbiased manner. Includes functional and non-functional tests.

Types of System Tests:

2020-12-14_5fd6f54692474

Sanity Testing:

Sanity testing, which is a software testing method that the testing team performs for some basic tests. The goal of the core test is to perform it whenever a new test architecture is received. Terms such as smoke test, build validation test, basic acceptance test, or health test are used interchangeably, however, each of them is used under a slightly different scenario,

The sanity test is usually unwritten and helps to identify missing dependent functions. It is used to determine if the app partition is still working after making a slight change.

The general health test can be both narrow and profound. A mind test is a narrow regression test that focuses on one or several domains of functions.

Smoke Testing:

The smoke test is a testing technique that is inspired by the hardware test, which checks for smoke from hardware components once the hardware is turned on. Similarly, in the context of software testing, the smoke test refers to testing the basic functionality of the build. If the test fails, the build is declared unstable and is NOT tested again until the build smoke test is passed.

Smoke Testing - Features:

  • Identify the business-critical functions that a product must perform.
  • Design and run the basic functions of the application.
  • Make sure the smoke test passes each and every build to continue testing.
  • Smoke testing enables obvious errors to be revealed, saving time and effort.
  • Smoking testing can be manual or automated.

Interface Testing:

Interface testing is performed to assess whether systems or components are passing data and properly controlling each other. It is to check if all interactions between these modules are working properly and errors are handled properly.

Interface Testing - Checklist

  • Check that communication between systems is done correctly
  • Check if all supported hardware/software has been tested
  • Check if all related documents are supported/open on all platforms
  • Check security requirements or encryption when communicating between application server systems

Regression Testing:

Regression testing for a black-box testing technique consists of re-executing those tests that are affected by code changes. These tests should be performed as much as possible throughout the software development life cycle.

Types of Regression Tests:

  • Final Regression Tests: - A "final regression testing" is performed to validate the build that hasn't changed for a period of time. This build is deployed or shipped to customers.
  • Regression Tests: - A normal regression testing is performed to verify if the build has NOT broken any other parts of the application by the recent code changes for defect fixing or for enhancement.

Selecting Regression Tests:

  • Requires knowledge of the system and its effects on the existing functions.
  • Tests are selected based on the area of ​​common failure.
  • Tests are chosen to include the area where code changes have been made multiple times.
  • Tests are selected based on the criticality of the features.

Regression Testing Steps:

  • Regression tests are the ideal cases of automation that result in better Return On Investment (ROI).
  • Select the regression tests.
  • Choose an apt tool and automate regression testing.
  • Verify applications with checkpoints.
  • Manage regression testing and update as needed.
  • Schedule tests.
  • Integrate with builds.

Load Testing:

Load testing is a performance testing technique using which the response of the system is measured under various load conditions. The load testing is performed for normal and peak load conditions

Load Testing Approach:

  • Evaluate performance acceptance criteria.
  • Identify critical scenarios.
  • Design the workload model.
  • Identify target load levels.
  • Design the tests.
  • Run the tests.
  • Analyze the results

Objectives of Load Testing:

  • Response time.
  • Resource usage rate.
  • Maximum user load.
  • Work-related metrics

Stress Testing:

Stress testing is a non-functional testing technique performed as part of performance testing. During stress testing, the system is monitored after overloading the system to ensure that the system can withstand the stress. System recovery from this phase (after stress) is very critical as it is very likely to occur in the production environment.

Reasons for performing stress tests:

  • This allows the test team to monitor the performance of the system during failures.
  • To check if the system saved data before crashing or NOT.
  • To check if the system is printing messages Significant error during a failure or if it has printed random exceptions
  • To check whether unexpected failures do not lead to safety issues

Stress Tests - Scenarios:

  • Monitor the behavior of the system when the maximum number of 'users are logged in at the same time
  • All users performing critical operations at the same time
  • All users accessing the same file
  • Hardware issues such as the downed database server or some of the servers in a downing farm breakdown.

Compatibility Testing:

Compatibility testing is non-functional testing conducted on the application to evaluate the application's compatibility within different environments. It can be of two types - forward compatibility testing and backward compatibility testing.

  • Operating system Compatibility Testing - Linux, macOS, Windows
  • Database Compatibility Testing - Oracle SQL Server
  • Browser Compatibility Testing - IE, Chrome, Firefox
  • Other System Software - Web server, networking/ messaging tool, etc.

Localization Testing:

Localization testing is a software testing technique by which software behavior is tested for a specific region, locality, or culture. The purpose of conducting the localization test for a program is to test the appropriate linguistic and cultural aspects of a particular site.

Software Testing Methods

There are various methods for testing software. These methods are chosen by testers based on their requirements and methodologies. But three fundamental software testing methods are used in every project development.

Types of Software Testing Methods and Levels

  • White Box Testing
  • Black Box Testing
  • Grey Box Testing

White Box Testing & Levels

The White Box Test is also known as the Open / Clear Box Test / Glass Box Test. From a developer's perspective, it is known as Code Oriented Testing / Structural Testing. In This type of testing, technical tests can be performed within the internal structure, logical design, and implementation of different modules. Here, the tester uses preferred input/exercise paths via code to determine the correct or exact output. is known as code-oriented testing, it contains technical tests and script-based tests as part of its testing phase.

White Box Testing Levels

  • Unit Testing
  • Integration Testing
  • System Testing

Black Box Testing & Levels

This test is known as a behavior test, in which the software tests the internal structure, design, and implementation, as well as the user interface and UX of the software under test, which is not known to the tester. Black box tests are both functional and non-functional, but most of the time they are functional. This testing technique is known as black-box testing because the software or product is not known/confirmed to the tester in advance.

Using this technique of testing to find errors in these mentioned categories:

  • Software malfunction.
  • Error in the interface.
  • Errors in concepts.
  • Errors related to the database.
  • Performance or behavior errors.
  • Errors in product startup or termination

Black Box Testing Levels

  • Integration Testing
  • System Testing
  • Acceptance Testing

Grey Box Testing & Levels

This software testing technique combines the concept of black box and white box testing. In the gray box test, the inside of your product is partly known to the tester. This has partial access to data structures residing internally to design different test cases, but at the same time testing from a user's perspective or as a black box tester.

“Still There are various methods for testing software. These methods are chosen by testers based on their requirements and methodologies.”

September 18, 202011 minutesauthorBhumi Khimani