Unit test:
Write test case for each & every part of the pen, like Refil, Pen cap, the upper neck of the pen & the lower part of the pen etc... Against the configuration mentioned.
Integration Test:
Check integration of Ink flow in the refill, Cap with the pen , both parts of the pen & Refill fits b/w the pen or not etc...
Compatibility Test:
Try to write with the pen on different papers like wet paper , rice paper, Oily paper,
Load Test:
Turn the pen upside down & note the time till which it can write, Ink flow in different weathers etc...
Security testing can be performed in many ways. It can performed specified areas
1. Black-Box Level
2. White-Box Level and finally at
3. Database Level.
For each of these there includes different types of methods and based on these we can follow them. But all these methods can be used manually to test your application in above specified areas. We also require certain tools for few of the methods
Here are the list of security testing methods and techniques used in 3 areas
Functionality Testing
a. Session Hijacking
b. Session Prediction
c. E-mail Spoofing
d. Content Spoofing
e. Phishing
f. Password Cracking
g. Active Program Scripting Exploits
White-Box Testing
a. Malicious Code Injection
b. Penetration testing
c. Input Validation
d. Variable Manipulation
Database Testing (Stored procedures can be testing by SQL Injection and variable manipulation techniques you can fine more info on net)
a. SQL injection
b. Blind SQL Injection (Part of SQL Injection)
c. Input Validation
At last at website/web application level
a. Cross-site scripting
b. SSI Injection
c. IP Spoofing
Hope this gives idea on what is security testing and in which all areas we carry out testing with what all methods and techniques
DDL (Data Definition Language) - creating tables and database
DML (Data Manipulation Language) - manipulations like insert, alter, and delete operations.
DDL is Data Definition Language statements:
CREATE
ALTER
DROP
TRUNCATE
COMMENT
RENAME
DML is Data Manipulation Language statements:
· SELECT
· INSERT
· UPDATE
· DELETE
· MERGE
UPSERT
· CALL
· EXPLAIN PLAN
· LOCK TABLE
DCL is Data Control Language statements:
· GRANT
· REVOKE
· COMMIT
· SAVEPOINT
· ROLLBACK
- COMMIT
· SET TRANSACTION
In DB testing we need to check for,
1. The field size validation
2. Check constraints.
3. Indexes are done or not (for performance related issues)
4. Stored procedures.
5. The field size defined in the application is matching with that in the db.
Database testing involves some in depth knowledge of the given application and requires more defined plan of approach to test the data.
Key issues include:
1) Data Integrity
2) Data validity
3) Data manipulation and updates.
Tester must be aware of the database design concepts and implementation rules
Check for Database Testing
1.To validate the Front end data which is displaying is same as the Back end Data.
2.To validate the extraction processes (nightly or scheduled), whether the correct data is coming in to our project Tables.
1. Print statement is not valid within the function because functions are meant for process or execute group of statement and return a value, where as procedure are meant for executing group of statement and display output.
2. Return keyword is use to return a value from a stored function with specified data type of the value expecting to be returned from stored function.
3. One of the major advantage of stored function is that can be used in the query directly where as an stored procedure can never be used in a query as it is not returning any value.You have to do the following for writing the database test cases.
1. First of all you have to understand the functional requirement of the application thoroughly.
2. Then you have to find out the back end tables used, joined used between the tables, cursors used (if any), triggers used(if any), stored procedures used (if any), input parameter used and output parameters used for developing that requirement.
3. After knowing all these things you have to write the test case with different input values for checking all the paths of SP.
One thing writing test cases for back end testing not like functional testing. You have to use white box testing techniques.
To write test case for database it’s just like functional testing.
1.Objective: Write the objective that you would like to test. eg: To check the shipment that i load thru xml is getting inserted for particular customer.
2.Write the method of input or action that you do. eg: Load an xml with all data which can be added to a customer.
3.Expected :Input should be viewed in database. eg: The shipment should be loaded successfully for that customer, also it should be seen in application.
4.You can write such type of test cases for any functionality like update, delete etc.
The documentation guidelines for database testing should be more and more detailed:
- The tester should know how to log on to the database (The Credentials)
- The tester should know which tables to look at.
- Check the names of the tables
- Specify which columns should be concentrated on in the table.
- Check the spellings of columns
- Give a sample data example for the table to be tested.
- Specify the possible values for a column
- Specify the conditions of pass/fail for the data in the column
Database Testing is a process working with data that's stored in the database. If we change anything in the front-end and back end then what will the effect on the database.
Example: An table which has stored the records of students name, roll no., class and sections etc. if we delete the students name in front end then what's effect in database whether we test the student name deleted or not from database.
While doing Functional Test:
From the front end do the Transaction like, creating new order, update order, delete order, then login into the data base and check the related table to see if the order has been inserted, updated or deleted.
Database testing means test engineer should test the data integrity, data accessing, query retrieving, modifications, updation and deletion etc.
Database testing involves mainly
1. When a record is inserted in the front end checking whether the record is inserted in the corresponding tables correctly in the back-end.
2. Whether the field size validations are done according to the requirements in front-end as well as back end.
3. Testing the performance of the stored procedures.This is done by calculating the time taken to execute the stored procedure.
4. Primary key,foreign key validations are done correctly.
Data bas testing basically include the following.
1)Data validity testing.
2)Data Integritity testing
3)Performance related to data base.
4)Testing of Procedure,triggers and functions.
for doing data validity testing you should be good in SQL queries
For data integrity testing you should know about referential integrity and different constraint.
For performance related things you should have idea about the table structure and design.
for testing Procedure triggers and functions you should be able to understand the same.
Basically in Database testing to check:
1.Data integritity and validaty testing.
2.Any strored procedure written.
3.Execution of Triggers and constraints.
Database testing generally deals with the following:
a) Checking the integrity of UI data with Database Data
b) Checking whether any junk data is displaying in UI other than that stored in Database
c) Checking execution of stored procedures with the input values taken from the database tables
d) Checking the Data Migration.
Client server Technology:
1. Number of clients is predicted or known
2. Client and server are the entities to be tested
3. Both server and client locations are fixed and known to the user
4. Server to server interaction is prohibited
5. Low multimedia type of data transaction
6. Designed and implemented on intranet environment
Web based Technology:
1. Number of clients is difficult to predict (millions of clients)
2. Client, Server and network are the entities to be tested
3. Server location is certain, client locations are not certain
4. Server to server interaction is normal
5. Rich multimedia type of data transaction
6. Designed and implemented on internet environment
Client Server Testing:-
In client server testing test engineer are conduct the following testings:-
1.Behaviour testing(GUI TESTING)
2.Input domain testing
3.Error Handling testing
4.Backend testing
Web Based Testing:-
In Web testing test engineer are condut the following testings:-
1.Behaviour Testing
2.Static web testing
3.Input domain testing
4.Backend testing
5.Error handling testing
6. Frame Level testing
A software program for hosting and managing Web applications on Microsoft Windows platform.।
Internet Information Server (IIS) is a World Wide Web server, a Gopher server and an FTP server all rolled into one. IIS means that you can publish WWW pages and extend into the realm of ASP (Active Server Pages) whereby JAVA or VBscript (server side scripts) can generate the pages on the fly. IIS has fun things like application development environment (FrontPage), integrated full-text searching (Index Server), multimedia streaming (NetShow), and site management extensions.
Internet Information Services (IIS) 6.0
Internet Information Services (IIS) 6.0 provide the services to support a secure, available, and scalable Web server on which to run your Web sites and applications.
IIS 6।0 Request Processing ModelsWorker process isolation mode is the new IIS request processing model. In this application isolation mode, you can group Web applications into application pools, through which you can apply configuration settings to the worker processes that service those applications.
Architecture of Worker Process Isolation Mode by IIS 6.0
Application Pool
· W3wp.exe
· Worker Process
· ISAPI Extensions
· ISAPI Filters
Lsass.exe
Inetinfo.exe
Svchost.exe
Application Pool
An Application Pool can contain one or more applications and allows us to configure a level of isolation between different Web applications.
Example: if you want to isolate all the Web applications running in the same computer, you can do this by creating a separate application pool for every Web application and placing them in their corresponding application pool. Because each application pool runs in its own worker process, errors in one application pool will not affect the applications running in other application pools.
W3wp.exe
w3wp.exe is a process associated with application pool in ISS. If you have more than one application pool, you will have more than one instance of w3wp.exe running. This process usually allocates large amounts of resources. This program is important for the stable and secure running of your computer and should not be terminated.
Worker Processes
A worker process is user-mode code whose role is to process requests, such as processing requests to return a static page, invoking an ISAPI extension or filter, or running a Common Gateway Interface (CGI) handler.
In both application isolation modes, the worker process is controlled by the WWW service. However, in worker process isolation mode, a worker process runs as an executable file named W3wp.exe,
Worker processes use HTTP.sys to receive requests and to send responses by using HTTP. Worker processes also run application code, such as ASP.NET applications and XML Web services. You can configure IIS to run multiple worker processes that serve different application pools concurrently.
ISAPI consists of two components: Extensions and Filters. These are the only two types of application that can be developed using ISAPI. Both Filters and Extensions must be written in C++ and compiled into DLL files which are then registered with IIS to be run on the web server.
Lsass.exe
"lsass.exe" is the Local Security Authentication Server. It verifies the validity of user logons to your PC/Server. It generates the process responsible for authenticating users for the Winlogon service. This process is performed by using authentication packages such as the default Msgina.dll. If authentication is successful, Lsass generates the user's access token, which is used to launch the initial shell. Other processes that the user initiates inherit this token.
Inetinfo.exe
"inetinfo.exe" belongs to Microsoft Internet Information Services (IIS) and is used for debugging.
svchost.exe
svchost.exe is a system process belonging to the Microsoft Windows Operating System which handles processes executed from DLLs.
AJAX is simply about JavaScript on the client (web browser) communicating with the server using XML. It is based on JavaScript and HTTP requests.
The Ajax web model is based on the traditional web model with changes to the transmitted message on the web server and the web browser.
What happens when the user submits a request?
When user submits request, the steps below occur sequentially:
1. Web browser requests for the content of just the part of the page that it needs.
2. Web server analyzes the received request and builds up an XML message, which is then sent back to the web browser.
3. Web browser receives the XML message. It parses the message in order to update the content of that part of the page.
AJAX uses JavaScript language through HTTP protocol to send/receive XML messages asynchronously to/from web server.
Note - Asynchronously means that data is not sent in a sequence.
An HTML page has two components as shown in the figure below:
Document Object Model (DOM):
• The W3C Document Object Model is a platform and language neutral interface that allows programs and scripts to dynamically access and update content,structure and style of a document
• The HTML DOM is the Document Object Model for HTML. The HTML DOM defines a standard set of objects for HTML and a standard way to access and manipulate HTML documents
• The HTML DOM views HTML documents as a tree structure of elements. All elements,along with their text and attributes,can be accessed and manipulated through the DOM tree
• The HTML code below shows DOM Body,Form and Input objects. The Input objects are embedded in the Form and the Form is embedded in the Body object
Javascript
JavaScript is a scripting language that is supported and runs on almost all web browsers,such as Internet Explorer,Mozilla,Firefox,Nestcape and Opera.
· JavaScript was designed to add interactivity to HTML pagesBy embedding JavaScript in an HTML page,parts of the Document Object Model (DOM) within the HTML document can be updated.
The Ajax web model is based on the traditional web model with changes to the transmitted message on the web server and the web browser.
What happens when the user submits a request?
When user submits request, the steps below occur sequentially:
1. Web browser requests for the content of just the part of the page that it needs.
2. Web server analyzes the received request and builds up an XML message, which is then sent back to the web browser.
3. Web browser receives the XML message. It parses the message in order to update the content of that part of the page.
AJAX uses JavaScript language through HTTP protocol to send/receive XML messages asynchronously to/from web server.
Note - Asynchronously means that data is not sent in a sequence.
An HTML page has two components as shown in the figure below:
Document Object Model (DOM):
• The W3C Document Object Model is a platform and language neutral interface that allows programs and scripts to dynamically access and update content,structure and style of a document
• The HTML DOM is the Document Object Model for HTML. The HTML DOM defines a standard set of objects for HTML and a standard way to access and manipulate HTML documents
• The HTML DOM views HTML documents as a tree structure of elements. All elements,along with their text and attributes,can be accessed and manipulated through the DOM tree
• The HTML code below shows DOM Body,Form and Input objects. The Input objects are embedded in the Form and the Form is embedded in the Body object
Javascript
JavaScript is a scripting language that is supported and runs on almost all web browsers,such as Internet Explorer,Mozilla,Firefox,Nestcape and Opera.
· JavaScript was designed to add interactivity to HTML pagesBy embedding JavaScript in an HTML page,parts of the Document Object Model (DOM) within the HTML document can be updated.
ASP.NET is the modern form of ASP. ASP.NET was introduced with Microsoft .NET Framework 1.0 in 2001. ASP.NET is a complete makeover of ASP and introduces a new paradigm of Web development.
ASP.NET is programmable using any .NET language (VB.NET, C#, J#, JScript.NET, etc.). The .NET Framework languages are object oriented languages, supporting the full capabilities of a programming language as compared to scripting languages which are a subset of the actual language.
The ASP.NET pages are saved with the .aspx extension. The (asp_net.dll) component works along with IIS to parse, compile and respond to any requests for ASP.NET pages.
Some of the advantages that ASP.NET offers over classic ASP are:
· Event based programming model
· A vast library of pre-built controls
· Ability to develop custom controls
· Easy configuration and deployment
· No machine/application restarts required on configuring new components
· Improved application and session states
· Allows separation of server-side code from HTML (a feature known as Code Behind)
ASP is a COM (Component Object Model) based technology. The ASP component (asp.dll) attaches itself with the IIS (Internet Information Server). Upon receiving a request for an ASP page (.asp), IIS redirects it to the asp.dll. The asp.dll parses the ASP page for any script within it and if found, combines it with the HTML code and returns it to IIS which then forwards it to the requesting browser.
A sample of an ASP script is shown in the snippet below.:
<%
Response.Write("ASP script embedded inside HTML")
%>
ASP, Active Server Pages, is a Microsoft server-side technology that was introduced for developing dynamic Web applications for the Windows platform. ASP 3.0 was the last version of ASP introduced with Windows 2000.
ASP programming is done using JavaScript, JScript or VBScript; with VBScript being the most popular. The ASP pages are saved with a .asp extension and the script is embedded inside width the HTML within “<% %>” delimiters.
There are no special installation requirements for ASP. It is available by default with the IIS (Internet Information Server) and if it is installed on your machine, you will have ASP available.
Web sites can be classified into two major categories; static and dynamic.
Static Web sites
Web sites on the Internet providing you with nothing more than just information presented on HTML (।htm or ।html) Web pages with navigation are usually static sites. This is because the technology that they are based on is static. Such Web sites have a set of Web pages that contain all the content and the content structure predefined into them by the designers. The content of these Web sites cannot be changed, customized or personalized by the visitors of the Web site. Such Web sites don’t utilize no database or any other such technology that dynamically builds up their pages or content at runtime based on their visitor’s input or their preferences.
Dynamic Web sites
Web sites that provide its visitors the ability to modify content based on their input are dynamic Web sites। You would have seen several examples of such Web sites on the Internet. Online shopping stores, search engines, email, chat and community portals, etc. are all examples or dynamic Web sites that allow you to save your profiles, customize the appearance of your account, alter default settings based on your preferences and a lot more.
The .NET framework is a software technology that is directed towards connecting information, people, systems and devices seamlessly. The high level of software integration that has been attempted through use of XML web services enables the creation of small, discrete, building block types of applications. These applications are connected to other applications over the Internet.
The three primary components of the .NET architecture are the Common Language Runtime (CLR), the Common Type System (CTS), and the .NET Framework class libraries.
The CLR is essentially the runtime engine that executes .NET applications;
the CTS define all of the basic data types as well as the operations that can be performed on those data types। The .NET Framework class libraries is a base set of classes grouped into Namespaces that provide access to system resources as well as standard language capabilities, such as string manipulation, I/O, and numerical functions.
The three primary components of the .NET architecture are the Common Language Runtime (CLR), the Common Type System (CTS), and the .NET Framework class libraries.
The CLR is essentially the runtime engine that executes .NET applications;
the CTS define all of the basic data types as well as the operations that can be performed on those data types। The .NET Framework class libraries is a base set of classes grouped into Namespaces that provide access to system resources as well as standard language capabilities, such as string manipulation, I/O, and numerical functions.
The .NET Framework Class Library:
The .NET Framework class library contains a collection of programming classes that enable your applications to perform various functions. These classes are organized into related groupings referred to as Namespaces. As the name implies, all class names with a given Namespace must be unique.
The .NET Framework Namespaces use a dot notation syntax scheme to describe a hierarchical organization. This naming scheme allows developers to easily group together related classes as well as to extend the functionality of a Namespace in an organized and easy-to-understand manner. Namespaces adhere to the following naming pattern: companyname.technologyname.
One clear example of this is the Microsoft.Win32 Namespace, which is a Microsoft-created Namespace that contains classes that enable an application to access the Win32
Another example of this naming scheme within the .NET Framework is the System.Data Namespace, which is the root level of the ADO.NET classes.
CTS (Common Type System):
The CTS implements the formal specifications for the type system used by the .NET Framework. All data types represented by the CTS are objects. The CTS defines how a type is defined and the operators that it can accept. One of the primary goals of the CTS is to enable deep language integration by allowing code that's written in one language to be inherited and used by another language. Sharing a common system of data types is one of the most fundamental building blocks that enable this to happen.
CLR (Common Language Runtime):
CLR is basically to load and run ।NET applications. The CLR marks a big change from Microsoft's earlier methods of software development where your application glues together many separate components in order to perform various functions. In many ways, the CLR is analogous to Java's JVM (Java Virtual Machine) or to VB 6's MSVBSM.DLL in that it's a runtime layer over the operating system.
The .NET Framework class library contains a collection of programming classes that enable your applications to perform various functions. These classes are organized into related groupings referred to as Namespaces. As the name implies, all class names with a given Namespace must be unique.
The .NET Framework Namespaces use a dot notation syntax scheme to describe a hierarchical organization. This naming scheme allows developers to easily group together related classes as well as to extend the functionality of a Namespace in an organized and easy-to-understand manner. Namespaces adhere to the following naming pattern: companyname.technologyname.
One clear example of this is the Microsoft.Win32 Namespace, which is a Microsoft-created Namespace that contains classes that enable an application to access the Win32
Another example of this naming scheme within the .NET Framework is the System.Data Namespace, which is the root level of the ADO.NET classes.
CTS (Common Type System):
The CTS implements the formal specifications for the type system used by the .NET Framework. All data types represented by the CTS are objects. The CTS defines how a type is defined and the operators that it can accept. One of the primary goals of the CTS is to enable deep language integration by allowing code that's written in one language to be inherited and used by another language. Sharing a common system of data types is one of the most fundamental building blocks that enable this to happen.
CLR (Common Language Runtime):
CLR is basically to load and run ।NET applications. The CLR marks a big change from Microsoft's earlier methods of software development where your application glues together many separate components in order to perform various functions. In many ways, the CLR is analogous to Java's JVM (Java Virtual Machine) or to VB 6's MSVBSM.DLL in that it's a runtime layer over the operating system.
The operating system is a layer that lies above the hardware and allows control over the different hardware devices। Similarly, a Framework is a layer that lies on top of the operating system and provides the tools to develop programs and applications for it.
By VOIP if you mean "Voice over Internet Protocol" then VOIP is a protocol optimized for the transmission of voice through the Internet or other packet switched networks. Then testing will be carried out to check
- How the Voice is transmitted through the Internet for its clarity.
- For its features such as forwarding, automatic redial, and caller ID.
- For the ability to transmit more than one telephone call using the broadband-connected
telephone line
- For the Secure calls using standardized protocols here the testing will be to check how the call to encrypt and authenticate the existing data stream.
What is meant by Testing Framework
Framework is nothing but a standard approach, which the entire Team follows in the course of a Project. This includes Folder structures, Naming conventions, File paths, Common Functions, etc
Testing Framework is something like a framework designed according to our requirement.
Example: You want to test one application for UI, FUNCTIONAL and LOCALIZATION. For this requirement you can have your own framework...
1) UI testing: Identify what to test assume that font, size, and color...
2) Functional: Whether the button is working properly example login.
3) Localization: Test for diff languages at a time.
Frame Work:
1) Write all functional libraries for UI at one place.
2) Write down all functional library methods in own file.
3) Have complete list of strings what are necessary for localization at one place assume that a excel sheet.
4) Using the resources are XML now you can import them and write your script by record and play back or using descriptive programming।
5) Finally test your application।
Keyword Driven Framework
It's an application independent Automation Framework
This Framework will have following components:
1) Data tables /Excel Sheets containing Keywords, Object Names and Object Values. This is the only component which is application dependent. Keywords are the words that we used to represent the test case. For example VerifyEditbox. This can be used to represent the test case: Verify whether the Edit box is accepting the entered text.
2) Test Driver. This contains the scripts to drive the test. Usually it will contain the code for taking keywords one by one from the data table and call respective subroutines for each keyword using the Switch case statement.
3) Common Function Library. This contains all the common functions that are needed to test any application।
Data Driven Framework
It's an application specific Automation Framework . These scripts can be recorded or written manually and modify it by replacing input values with variables. Input values can be written in Data table / Excel sheet. Test Driver in this case contains the scripts to drive the application with external data written in Data tables / Excel Sheet.
The main difference between QTP and WinRunner
1.QTP got Active Screen window
There is no Active Screen window in winRunner
2.QTP got DataTable window
where as winRunner dont have
3.QTP Supports .net technology
where as winRunner dont support
4. QTP got feature like auto documentation facility
where as winRunner dont have
5.QTP Supports XML and capable of display the results in XML format
where as winRunner dont support XML
6.QTP got low leval recording mode
where as winRunner donthave
7.QTP supports VBscript
winRunner supports TSL
8.QTP got Test Fusion facility
winRunner dont have that facility.
===================================================================
WinRunner Compared to QuickTest Pro
Environment Coverage Comparison:
Common environments shared by both WinRunner and QuickTest Pro:
Web-Related Environments IE, Netscape, AOL
JDK, Java Foundation Classes, AWT
Symantec Visual Café
ActiveX Controls
ERP/CRM Oracle: Jinitiator, 11i, NCA
Custom Client Server Windows
C++/C
Visual Basic
Operating Systems Windows 98, 2000, NT, ME, XP
Legacy 3270, 5250 Emulators
VT100
WinRunner Only Environments:
Custom Client/Server PowerBuilder
Forte
Delphi
Centura
Stingray
SmallTalk
ERP/CRM Baan
PeopleSoft Windows
Siebel 5, 6 GUI Clients
Oracle GUI Forms
QuickTest Pro Only Environments:
ERP/CRM SAP
Siebel 7.x
PeopleSoft 8.x
.Net WinForms
WebForms
.Net controls
Web Services XML, HTTP
WSDL, SOAP
J2EE, .Net
Multimedia RealAudio/Video
Flash
Feature Comparison:
Common features found in both WinRunner and QuickTest Pro:
Record/Replay ODBC & Excel Connectivity
Code Editor & Debugger Recovery Manager
Shared Object Repository Rapid Object Import
Numerous Checkpoints Analog
Script & Function Libraries
WinRunner Only Environments:
Function Generator Database Integration
Run Wizard TSL
MDI
QuickTest Pro Only Environments:
Active Screen Test Guard
Tree View Script Fusion
Data Table VBScript
Function Generator*(coming in v7.0) Run Wizard*(coming in v7.0)
=========================================================
Pvcs tracker : pvcs tracker manages problems and change requests that threaten software quality and production schedules. Pvcs tracker prioritizes workloads, communicates results to management, manages multiple projects at the same time, eliminates communication bottlenecks, gives early recognition of software problems, and is fully integrated with pvcs version manager.
Pvcs version manager : intersolv pvcs, the industry standard for software configuration management in the client/server world, supports stand-alone and team development in heterogeneous environments (dos, windows, windows nt, os/2, unix). Pvcs version manager provides revision, version, and promotion management for every file type. Version manager controls parallel development encouraging code reuse across systems.
Subscribe to:
Posts (Atom)
