1 / 40

Testing Phases

Testing Phases. Mario Peshev Insight technologies. Contents. Testing process Test types Common testing mistakes Role of QAE Manual vs. Automation testing. Introduction to testing. Software development. Enables you to solve real problems with complex algorithms

alaire
Download Presentation

Testing Phases

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Testing Phases Mario Peshev Insight technologies

  2. Contents • Testing process • Test types • Common testing mistakes • Role of QAE • Manual vs. Automation testing

  3. Introduction to testing

  4. Software development • Enables you to solve real problems with complex algorithms • The point is to automate repetitive activities, collect and manipulate information fast and easy • Creating software products based on a specification

  5. Development phases • Analyse • Design • Coding • Testing • Deployment

  6. Phase ‘Testing’ • As you see, testing comes right before deployment process • …which means that the better testing released, the more successful deployment occurred. • Testing phase is crucial part for all other phases

  7. Testing • By definition, testing is performed in order to • Find bugs • Prove the correct behavior of an application • Stands for quality • Test size depends on the • Input data • Complexity

  8. Testing (2) • Steps • Create scenario • Design test example over the scenario • Log the results • Two kinds of testing visibility • White box testing • Black box testing

  9. Testing types

  10. Testing types • There are 4 main categories for testing types: • Console/Script testing • GUI testing • Web testing • Common • Testing could be hidden or visible (black and white box methods)

  11. Console testing • Basically simple console applications or scripts • Forwarding input and output streams to check for valid data • (some console app)

  12. GUI testing • Software applications with graphical user interface • Checks for data validation, correct components’ activities, exception handling, right consequence of events • Marathon, Jacareto, Abbot record tools

  13. Web testing • Projects with web interface • Checks for data validation, arbitrary code vulnerabilities and injections; overflows, correct input/output • Checks and analyses HTTP queries • Selenium

  14. Common testing • Doesn’t depend on the interface • Inline injected assertions (JUnit) for correct data checks • Database queries logging (log4j, log4c) • Bug report systems • Developer side • Client side (integrated in the app)

  15. Common testing mistakes and vulnerable hotspots

  16. Common mistakes • The worst mistake is the absence of testing process (= • There should be a separate phase and even additional person for testing • Code injection vulnerabilities • XSS attacks, SQL injections etc. • Using user input for file names

  17. Common mistakes (2) • Buffer (stack) overflows • Improper use of cookies and hidden parameters • They could hide confidential information • Lack of security certificates for authorization forms • The most vulnerable layer is Web

  18. The role of QAE

  19. Quality Assurance • QA stands for an abbreviator of Quality Assurance • A process to investigate code quality • Code style • Correct data manipulation • Vulnerability checks

  20. QAE • Usually a separate person in the team with a security knowledge • QAE is a security expert with testing experience • Plays prepared scenarios to test a product for vulnerabilities and correct execution • Uses a set of tools • Worse case is wasting developers’ time for coders to check for vulnerabilities

  21. Client’s role • Often the best test cases are the client ones • Get into the psychological side of a usual client • Prepare for common client-side tests • Remember that the client is not a developer and doesn’t have a mystical experience

  22. Common advantages

  23. Advantages • Java based • OS Independent • Freeware/Open Source products • Support Record-Play scenarios

  24. Jacareto

  25. Jacareto

  26. About • Capture & replay tool for Java programs • Macros like • 2-sides front end: • CleverPHL (GUI) • Picorder (command line) • Very user friendly and easy to use

  27. Features • Capturing mouse, key, window, focus events • Storing records in different formats – XML, serialized • 2 front ends • Annotations • Open Source application

  28. Features (2) • Different behaviors • Animated demonstrations • Non- programming experience required (no source code defined for execution of macros) • Editable user actions • Log4J support

  29. Marathon

  30. Marathon

  31. About • Simple Java GUI testing tool • Capture almost all Swing actions including drag’n’drop • Doesn’t capture resize/move actions • Use Jython as scripting language

  32. Features • Record and play mechanism • Supports script editing and developer side action manipulations • Has console for output messages • You can write test cases even before the program under test is built

  33. Features (2) • Syntax aware editor (jedit-syntax) • Supports all JDK 1.2+ platforms • Colored output pane • Online and batch run – GUI ITE execution or through a batch file

  34. Features (3) • XML, Text or HTML test reports • Separated snippet module organization of records – Jython functions with appending enabled • Setup and teardown fixtures

  35. Abbot

  36. Abbot

  37. About • Can be invoked from Java code (unit tests) or using XML scripts • Requires ‘Costello’ editor for script editing • Possible bugs and kind of complicated framework

  38. Features • For each component there is a test class with methods that can be invoked for the certain component • Scripts • Component lookup • Component actions • Assertions

  39. Goals • Reliable reproduction of user input for tests • Scripted control of actions • Loose component bindings • High-level semantic actions, low-level OS events

  40. Have a nice day!

More Related