Software Testing – Tips for Automation testing

Automation is an important aspect of software testing. Testers use various tools to automate their testing activities. The choice of instrument depends on the type of application under test. There are various tools available on the market, such as Rational Robot, Mercury Quick Test Pro, Test Complete and many more.

Makes automation to make life easy, but the automation of the testers in itself is a difficult task. There are many problems they face, while the automation of an application and a tester has to find a get around that problem.

In this section we give some tips Geek Test for automation. These tips are mainly drawn from personal experiences and are very useful in cases where a tester is stuck in a similar situation.

Waiting for long to complete processing

A common problem they face, while automation of the financial applications or application that requires too much processing time is expected to appear some windows or buttons to become active after the processing operations very long. This time can vary from 5 min. 30 min. Sometimes the automation tool does not respond after a long interval. One such problem was encountered while automating an insurance company based on the application. The processing time was over 15 minutes and the tool used for automating the answer after 15 minutes. The result was that the evidence cannot be completely automated. To address this issue had many options:

1. Wait Property: allows pausing script execution until the property specified object is equal to the specified value or until the specified timeout is not more than

2. Wait Child: This delays the execution of the functions of the script for the specified period or until the specified object.

3. BUT these tricks do not work for the longer processing time as 30 minutes. This was the work on monitoring the CPU usage. Since this function 'Process. CPU Usage' will constantly monitor the CPU and will pause script execution until the CPU has been reduced to zero or below. This trick is very effective. Even after 40 minutes of processing time, I continue my script execution as intended. Wait for the circuit to the CPU usage becomes 0.

Continue reading...

Software Testing – Need to take care

There are some basic rules of them, who will serve you well in testing any application that deals with lists of information (and applications that do not?).

1.1, few, many”

2. "They make no hypothesis"

3. "Remember to mix a little"

This case study covers a very interesting example of where following the rules of thumbs * exactly * dividends.

The problem of

There was no interactive reporting solution that was having performance issues: in essence, there was some pathological performance degradation in some circumstances.

It contributes the lion's share of wasted time was in a 3rd party component that really could not be

There were several passes on the problem and things always did:

* Direct: get the draft issue and simply pause the debugger at the point of obvious pain

* Scrub indirect: the code in search of opportunities

* (Time) through validation tests: write an automated script to perform the information component through a series of configurable settings

These scrubs palpable difference in each iteration: for reasons related to the limitations of the component of the 3rd party application and framework which was held on traceability was not large in the code and found to be difficult to get the right job the first time.

There were significant improvements made however: minutes became seconds in some cases, giving an indication of the potential seriousness of the issue of interactive applications.

However, it is that even if the encoding was achieved "first law" was not a hidden track that would have caused a return to the bench due to a serious performance problem.

The pump

In this case, it pays to enter a small detail:

Developers and testers have a certain level of awareness of the importance and complexity of a given process run time: in essence, tend to have an expectation that (approximately) the runtime is going as O (n) and many other applications is a strong pressure of nitrogen to a small number, otherwise the user experience can be very disappointing. Many defects arise around the issue that n is not really a small number. In this case, no figure appeared to be an acceptable if not excellent.

Developers and testers got a big surprise when at the last minute of the product release cycle of a project that was presented wholly challenged the performance as seen by developers and quality control. It took years to carry out what is immediately in much larger chunks of data.

What was happening?

The developer to debug the application: the calling sequence like any other data, only taken a very different time.

What is different in the project?

Well, one of the arrested were limits to open from the default of several hundred to several thousand people - that there was never any evidence of this number of elements in these lists but still a thousand years is a small number of modern machines with the functions that have an acceptable order of n.

Therefore, expectations are challenged: What was happening?

The automated test was repeated with the limits set to the default-busting - the quality was still acceptable and much better than the proposed problem.

It has reduced the data in the project. The automated test data that was created in a controlled manner and could not help.

Back to the developer.

They work hard for the last days of term development of the answer suddenly became clear in the purification and compare the behavior of large projects "good" and "bad" major projects.

The behavior of a key role to participate in the interactive exercise component was not simply characterized as O (n). A better indication would be O (n) + O (x) where x and y are the counts of items in the lists used by the component.

Where X and Y, below the default implementation of the second term was never observed by the behavior and the 3rd party component source was never discussed at the level where the fault could be found. When the defaults of the application exceeds this mass O (x) had the opportunity to be - "very important".

Why not capture the automated tests that when the larger sizes, were established in new settings?

Because the tests made a reasonable assumption - that n matter and therefore was not observed by the evaluator and advocate that the size of the list were all the same – x y is always zero

The proposed issue has real data with lists of great and different - all he did was a list that several articles of 1000 long and the other to be small for the performance problem besetting be exposed.

The moral of the story

One could argue the original bug report contained the core of the solution, providing an example of a rule of thumb # 3.

Golden Rule # 1 was initially intended to be covered adequately, but fatally compromised by the pathological behavior of the application. The application appears to be the game of assessors and internal model of development of certain very specific conditions; they were sadly realistic that a key feature: Rule # 3

Continue reading...

Software Testing - Definition and introduction

Agile and Scrum are not alien to us more. The industry has adopted Scrum and agile for the value they provide. People have used Scrum in many ways and modified it to suite your needs and project requirements. It is not unusual to work together with many variants of the columns, with stretched tasks, defects, burn cards and so on. If you are not familiar with the requirements are managed in Agile / Scrum world, you can find this article interesting stories from users.

To summarize, in general, the requirements are managed agile world in the form of user histories in intersection backlog. During the Sprint planning meeting, intersection owner gives a list of user histories that are important to the current sprint along with their conditions of satisfaction. Equipment breaks the story into smaller tasks and gives your estimated time to finish them.

These tasks are in the task panel, along with user stories and team moves in the board task. Typically a job can move in four stages, has not started, in progress, done and done do. The tasks are treated as 'fact' when developers are finished coding and then moves to 'Done done' when finished taste testers.

Often, teams do not have clarity about the meaning of "Done", and when all tasks must be treated as "Done". Different people interpret 'Done' in different ways according to their functions in the scrum. For example, the developer might say that the task is done when working on your machine, try to work as test is done if you are in a state that is verifiable, Scrum Master might say that one does when one is outside the accumulation and so on. Since people have different meanings in fact, the tasks are carried out, but could be some of the conditions under which it becomes really, there is probably some room for design and code enhancements, documentation, etc...

As a result, management and the client receives a false sense of speed. They think that the features are carried out and are ready for production, but actually made with some caution. Are made, but there are some techniques associated with their debt. Features are made, but are partially tested, documented only rarely optimized and ready for release, but without trust.

A simple solution to this problem could be defined explicitly and clearly so that everyone knows what is the meaning of. This will also give opportunity to the owners of the product to see if they want to do something else before trying to tasks as done. An example might actually be "The task is performed when it is applied, the test unit, the code is revised, integrated, tested across browsers and is ready for further testing"

Once the definition is in fact approved by the entire team can be applied in the form of checklist or individual elements such as unit testing, code review, integration etc. can be treated as separate tasks and can be attached to each story.

This should be the responsibility of all equipment to ensure that every person on the team is adhering to the definition of fact every time a task moves indeed under way, the team must ensure that not only is working on the computer developer, but is made according to the accepted definition of fact.

Once we have this definition in place, the team will be a little closer to his ultimate goal of producing high quality new code as factors that can be deployed at any time with confidence.

Continue reading...

Web Application Security Testing

This is the last article of the series of safety tests of web applications. In previous articles we have seen many interesting exposures as SQL injection, Cross site scripting vulnerabilities related to the environment and so on. If you have not gone through these articles, you may find it interesting to read in the articles section.

In this part we will examine security issues related to authentication and Web Services. Authentication is the core of many Web applications, since in the WWW world, we need to verify the connection of each client to ensure that there is a malicious user. Similarly Web services are commonplace these days, and most common applications used daily, may be using Web services. Threats associated with Web services are very different from what we have seen.

Authentication can be vulnerable for various reasons. As a tester, the security of web application certification, these are the things you should consider --

Fake Cryptography

Traces of cryptography and obtaining traffic information dates back hundreds of years. It becomes even more important when most of our personal data on the Internet for everyone to see, if not encrypted properly.

There are many ways that data can be encrypted so it is hard for anyone on the Internet to understand. Often, developers also rely on weaker encryption technology or use their own substitution cipher, which can be very easy to break for the experienced hacker. It is also possible to get an idea about the encryption technology used by looking at the encrypted data. For example, the presence of alpha-numeric characters only and '=' may indicate that the base64 encoding is used to hide data. Similarly, if you have access to the encrypted data and encrypted data, you can make minor changes in data and analyze the encrypted data to determine whether substitution cipher was used.

The only way to protect against this attack is to use widely known security algorithms like RSA, Triple DES etc. as oppose to inventing something new. Encryption using strong cryptographic process is an effective way of making sure that information is available to only cleared users.

Breaking authentication

In the world of Web applications, is extremely important to ensure that the information given to the appropriate users. Most of the time-out mechanism to make this insurance is through the use of username / password or some other form of validation to ensure that the user requests the user in fact, real. When a legitimate user transmits this information from the browser to the server, this information is online and potentially available to all hackers to exploit. If this data is not coded correctly, this information can be interpreted as if nonce feature does not apply, each applicant can be played by the attacker. Even on the client side, you should ensure that simple and very informative posts related to validation errors are not making life easy for attacker and harder for you. It is also necessary to check whether there are any restrictions on the length of the password field, if the username password case sensitive or not, and so on. If possible techniques such as CAPTCHA (that accompanies the recognition of simple words in image format, it will be difficult for teams to identify, but easy for humans) can also be applied as a protection against brute force attack. You should also make sure you always make sense, information is sent over HTTPS instead of HTTP.

Web Services

Last part of this series is devoted to security testing for Web services. In recent years we have seen tremendous growth in the use of Web services. Before housing in the safety issues associated with Web services, to analyze very briefly, what is web service? Web Services are self-described, independent of the functionality of the modular pieces that can be published, located, and invoked across the Internet. Web services can expose business functionality, data and services via the web through their interfaces. At the heart of Web services are different technologies such as Extensible Markup Language (XML), Simple Object Access Protocol (SOAP), Web Service Description Language (WSDL) and Universal Description, Discovery and Integration (UDDI). XML is used to describe data independent of the application, platform, protocol, etc SOAP is used to transport network XML, WSDL contains information related to the UDDI interface and allows you to find specific web service you need. WSDL offers many advantages over traditional APIs that it provides flexibility, platform independence, together with architecture vague, imprecise because of their architecture and general availability of its interface, Web services are vulnerable to threats from some more, along with some of the threats that have already included in our previous articles.

WSDL Scanning Attack

Although WSDL is designed to expose and describe all information that is available in a method, not a time for information in its side wall corporation may also be accessible to the general public. This can occur for many reasons. For an experienced striker who could be a wonderful piece of information. WSDL Scanning publicly available is not very difficult. Most citizens from Web services can also be accessed by search engines by specifying your search, for example, on Google you can search for specific file types or the presence of certain keywords, as in the WSDL URL.

Parameter Manipulation

As the person responsible for ensuring that their service is safe and secure website, you need to make sure they still do all the validations that you would otherwise. For example, the underlying format for transferring data in web services is XML and it can be assumed that a valid request for data will be well trained and follow the rules specified in XML schema, still need to validate all data it receives. XML examine 1 = 1 or - as a valid string, but you must ensure that the chains and understand how these can be used for attacks in your web application and must be validated before being processed.

X Path Injection

X Path is a language for querying XML documents. It is very similar to SQL in purpose, but instead of consulting a database of tables and rows, using X Path can query an XML document for specific information by specifying the node, node-set, etc. An attacker can inject malicious X Path expression as part of a valid SOAP request, which can lead to unauthorized access of data. While using web services, try injecting XPAT very similar to SQL injection and are based on the validation of all data it receives.

Recursive and high attack payload

XML uses nesting to represent the complex relationship between the elements. When an element within another element, the inner element which is called nested. Nesting is often used to represent real world structures in a better way. However, an attacker can easily nest thousands of elements or attributes in an attempt to break the Web service. Since most XML based system attempts to load the entire document before processing, nesting or too large XML document can potentially break the web services. Especially if your application is using DOM (XML loaded into memory before accessing it), could be susceptible to this vulnerability.

These items are influenced by the book ( "How To Break Web Software" by Mike Andrews and James A. Whittaker) I recently read and you should be good reading for you if you need information on the implementation of web security testing.

Continue reading...

Software testing techniques: detail view

For an IT organization, developing a software system that meets the needs of business clients is always a challenge. The company must ensure that the software system is delivered to clients is free of errors or defects and reaches the customer's needs as required. But this can only be ensured by the following test software and rigorous procedures for quality assurance.

Software testing is a process without which the life cycle of software development (SDLC) is incomplete. It is the process that identifies the accuracy, completeness and quality of programs developed during the SDLC. Software bugs and poorly tested code cost millions in damages and millions more in time and money to repair the defect. The organizations seek to develop software applications that must act in a manner that causes the least amount of surprises for the user. In short, it must be free of errors. New paradigms of software testing are being adopted and used in the software development process.

Due to this, the program testing field has emerged from the shadows in the world IT space & has claimed its rightful place in the IT market. Gone are the days when program testing was considered a poor cousin of program development. Today the global program testing market is estimated to be USD 13 billion dollars. & according to IDC, USD 1 billion dollars of the global market size was accounted by Indian companies. In this article, they talk about program testing techniques, trends that are coming up in this arena & also new program development paradigms.

Software Testing Techniques

Software testing is not just about facts and error correction, but also to emphasize customer needs and evidence that these requirements are met by the software solution / application. It is the most important functional phase in the SDLC as it shows all errors, defects and errors in the software developed. Without rectifying theses errors, known technically as "bugs", software development is not considered complete. Therefore, software testing becomes an important parameter to ensure the quality of the software product.

The ways they can be tested are broadly classified as manual testing and automated testing. Although these methods of control software can be more branched in different types of software testing techniques, such as white box testing, Black box testing, integration testing, unit testing, sanity testing, functional testing, system testing , load tests, etc, depending on the set of requirements and cases.

The manual testing of the program happens in several phases. Self-testing, which is done by developers themselves or by tiny development teams, should be restricted to build cycle itself and should be done while the program development is in the production stage. The program testing method gets initiated from the beginning of the project, where the aspects of the data java script: select All ()provided by the clients are examined by developers and programmers to find out the flaws and issues. They also contribute by providing their views on how to enhance the quality of the program.

Continue reading...