Increases Company Reputation
Recognition by IT management for professional achievement
Competency resources to IT staff
Helpful for Marketing with the clients
Increased Confidence in Personal Capabilities
Improved Software Testing Methods, Techniques, and Measurement
Certification gives you a competitive edge for promotion and hiring.
Raises profile of testing in an organization
Able to detect defects those others miss and save your employers and clients from costly and embarrassing field failures.
Knows how to apply sound software testing techniques
Reduced development costs
Increased customer trust and confidence
We understood the software life cycle
Quality of the defect has been increase
Understood the testing terminology
Increase the standard for defect post
Started thinking out of the box
Communication
Testing based on the risk factors
We started concentrating on usability
Started conducting meeting and reviews
Soft skills (e.g. handling the development team)
Updated the process/frame work
Increase the type of testing. (e.g. compatibility)
Possible test cases for a/c transactions are:
test case 1 : name of the a/c holder ( max and min character value)
test case 2 : available balance
test case 3 : max no of transactions ( withdrawals )on a particular day
test case 4 : total amount drawn on a a particular against amount withdrawal limit
Test Cases for Mobile Phone:
1)Chek whether Battery is inserted into mobile properly
2)Chek Switch on/Switchoff of the Mobile
3)Insert the sim into the phone n chek
4)Add one user with name and phone number in Address book
5)Chek the Incoming call
6)chek the outgoing call
7)send/receive messages for that mobile
8)Chek all the numbers/Characters on the phone working fine by clicking on them..
9)Remove the user from phone book n chek removed properly with name and phone number
10)Chek whether Network working fine..
11)If its GPRS enabled chek for the connectivity.
12)if its bluetooth there check it.
13) check mobile performance
14) check the talk time
15) check the mobile panel and keys
Test case for cut/Paste in XL
=>Verify that the Excel is install in your computer or not.
=>Verify that the Excel is open and work carrectly
=>Verify that the text is cut and save in clipboard after cutting a text.
=>verify that the Text(which is cut by cut command) is paste in the place where you want to paste.
TC 1 :- succesful card insertion.
TC 2 :- unsuccessful operation due to wrong angle card insertion.
TC 3 :- unsuccesssful operation due to invalid account card.
TC 4 :- successful entry of pin number.
TC 5 :- unsuccessful operation due to wrong pin number entered 3 times.
TC 6 :- successful selection of language.
TC 7 :- successful selection of account type.
TC 8 :- unsuccessful operation due to wrong account type selected w/r to that inserted card.
TC 9 :- successful selection of withdrawl option.
TC 10 :- successful selection of amount.
TC 11:- unsuccessful operation due to wrong denominations.
TC 12 :- successful withdrawl operation.
TC 13 :- unsuccessful withdrawl operation due to amount greater than possible balance.
TC 14 :- unsucceful due to lack of amount in ATM.
TC 15 :- un due to amount greater than the day limit.
TC 16 :- un due to server down.
TC 17 :- un due to click cancel after insert card.
TC 18 :- un due to click cancel after indert card and pin no.
TC 19:- un due to click cancel after language selection,account type selection,withdrawl selection, enter amount
Unit test:
Write test case for each & every part of the pen, like Refil, Pen cap, the upper neck of the pen & the lower part of the pen etc... Against the configuration mentioned.
Integration Test:
Check integration of Ink flow in the refill, Cap with the pen , both parts of the pen & Refill fits b/w the pen or not etc...
Compatibility Test:
Try to write with the pen on different papers like wet paper , rice paper, Oily paper,
Load Test:
Turn the pen upside down & note the time till which it can write, Ink flow in different weathers etc...
Security testing can be performed in many ways. It can performed specified areas
1. Black-Box Level
2. White-Box Level and finally at
3. Database Level.
For each of these there includes different types of methods and based on these we can follow them. But all these methods can be used manually to test your application in above specified areas. We also require certain tools for few of the methods
Here are the list of security testing methods and techniques used in 3 areas
Functionality Testing
a. Session Hijacking
b. Session Prediction
c. E-mail Spoofing
d. Content Spoofing
e. Phishing
f. Password Cracking
g. Active Program Scripting Exploits
White-Box Testing
a. Malicious Code Injection
b. Penetration testing
c. Input Validation
d. Variable Manipulation
Database Testing (Stored procedures can be testing by SQL Injection and variable manipulation techniques you can fine more info on net)
a. SQL injection
b. Blind SQL Injection (Part of SQL Injection)
c. Input Validation
At last at website/web application level
a. Cross-site scripting
b. SSI Injection
c. IP Spoofing
Hope this gives idea on what is security testing and in which all areas we carry out testing with what all methods and techniques
DDL (Data Definition Language) - creating tables and database
DML (Data Manipulation Language) - manipulations like insert, alter, and delete operations.
DDL is Data Definition Language statements:
CREATE
ALTER
DROP
TRUNCATE
COMMENT
RENAME
DML is Data Manipulation Language statements:
· SELECT
· INSERT
· UPDATE
· DELETE
· MERGE
UPSERT
· CALL
· EXPLAIN PLAN
· LOCK TABLE
DCL is Data Control Language statements:
· GRANT
· REVOKE
· COMMIT
· SAVEPOINT
· ROLLBACK
- COMMIT
· SET TRANSACTION
In DB testing we need to check for,
1. The field size validation
2. Check constraints.
3. Indexes are done or not (for performance related issues)
4. Stored procedures.
5. The field size defined in the application is matching with that in the db.
Database testing involves some in depth knowledge of the given application and requires more defined plan of approach to test the data.
Key issues include:
1) Data Integrity
2) Data validity
3) Data manipulation and updates.
Tester must be aware of the database design concepts and implementation rules
Check for Database Testing
1.To validate the Front end data which is displaying is same as the Back end Data.
2.To validate the extraction processes (nightly or scheduled), whether the correct data is coming in to our project Tables.
1. Print statement is not valid within the function because functions are meant for process or execute group of statement and return a value, where as procedure are meant for executing group of statement and display output.
2. Return keyword is use to return a value from a stored function with specified data type of the value expecting to be returned from stored function.
3. One of the major advantage of stored function is that can be used in the query directly where as an stored procedure can never be used in a query as it is not returning any value.You have to do the following for writing the database test cases.
1. First of all you have to understand the functional requirement of the application thoroughly.
2. Then you have to find out the back end tables used, joined used between the tables, cursors used (if any), triggers used(if any), stored procedures used (if any), input parameter used and output parameters used for developing that requirement.
3. After knowing all these things you have to write the test case with different input values for checking all the paths of SP.
One thing writing test cases for back end testing not like functional testing. You have to use white box testing techniques.
To write test case for database it’s just like functional testing.
1.Objective: Write the objective that you would like to test. eg: To check the shipment that i load thru xml is getting inserted for particular customer.
2.Write the method of input or action that you do. eg: Load an xml with all data which can be added to a customer.
3.Expected :Input should be viewed in database. eg: The shipment should be loaded successfully for that customer, also it should be seen in application.
4.You can write such type of test cases for any functionality like update, delete etc.
The documentation guidelines for database testing should be more and more detailed:
- The tester should know how to log on to the database (The Credentials)
- The tester should know which tables to look at.
- Check the names of the tables
- Specify which columns should be concentrated on in the table.
- Check the spellings of columns
- Give a sample data example for the table to be tested.
- Specify the possible values for a column
- Specify the conditions of pass/fail for the data in the column
Database Testing is a process working with data that's stored in the database. If we change anything in the front-end and back end then what will the effect on the database.
Example: An table which has stored the records of students name, roll no., class and sections etc. if we delete the students name in front end then what's effect in database whether we test the student name deleted or not from database.
While doing Functional Test:
From the front end do the Transaction like, creating new order, update order, delete order, then login into the data base and check the related table to see if the order has been inserted, updated or deleted.
Database testing means test engineer should test the data integrity, data accessing, query retrieving, modifications, updation and deletion etc.
Database testing involves mainly
1. When a record is inserted in the front end checking whether the record is inserted in the corresponding tables correctly in the back-end.
2. Whether the field size validations are done according to the requirements in front-end as well as back end.
3. Testing the performance of the stored procedures.This is done by calculating the time taken to execute the stored procedure.
4. Primary key,foreign key validations are done correctly.
Database testing generally deals with the following:
a) Checking the integrity of UI data with Database Data
b) Checking whether any junk data is displaying in UI other than that stored in Database
c) Checking execution of stored procedures with the input values taken from the database tables
d) Checking the Data Migration.
Client server Technology:
1. Number of clients is predicted or known
2. Client and server are the entities to be tested
3. Both server and client locations are fixed and known to the user
4. Server to server interaction is prohibited
5. Low multimedia type of data transaction
6. Designed and implemented on intranet environment
Web based Technology:
1. Number of clients is difficult to predict (millions of clients)
2. Client, Server and network are the entities to be tested
3. Server location is certain, client locations are not certain
4. Server to server interaction is normal
5. Rich multimedia type of data transaction
6. Designed and implemented on internet environment
Client Server Testing:-
In client server testing test engineer are conduct the following testings:-
1.Behaviour testing(GUI TESTING)
2.Input domain testing
3.Error Handling testing
4.Backend testing
Web Based Testing:-
In Web testing test engineer are condut the following testings:-
1.Behaviour Testing
2.Static web testing
3.Input domain testing
4.Backend testing
5.Error handling testing
6. Frame Level testing
A software program for hosting and managing Web applications on Microsoft Windows platform.।
Internet Information Server (IIS) is a World Wide Web server, a Gopher server and an FTP server all rolled into one. IIS means that you can publish WWW pages and extend into the realm of ASP (Active Server Pages) whereby JAVA or VBscript (server side scripts) can generate the pages on the fly. IIS has fun things like application development environment (FrontPage), integrated full-text searching (Index Server), multimedia streaming (NetShow), and site management extensions.
Internet Information Services (IIS) 6.0
Internet Information Services (IIS) 6.0 provide the services to support a secure, available, and scalable Web server on which to run your Web sites and applications.
IIS 6।0 Request Processing ModelsWorker process isolation mode is the new IIS request processing model. In this application isolation mode, you can group Web applications into application pools, through which you can apply configuration settings to the worker processes that service those applications.
Architecture of Worker Process Isolation Mode by IIS 6.0
Application Pool
· W3wp.exe
· Worker Process
· ISAPI Extensions
· ISAPI Filters
Lsass.exe
Inetinfo.exe
Svchost.exe
Application Pool
An Application Pool can contain one or more applications and allows us to configure a level of isolation between different Web applications.
Example: if you want to isolate all the Web applications running in the same computer, you can do this by creating a separate application pool for every Web application and placing them in their corresponding application pool. Because each application pool runs in its own worker process, errors in one application pool will not affect the applications running in other application pools.
W3wp.exe
w3wp.exe is a process associated with application pool in ISS. If you have more than one application pool, you will have more than one instance of w3wp.exe running. This process usually allocates large amounts of resources. This program is important for the stable and secure running of your computer and should not be terminated.
Worker Processes
A worker process is user-mode code whose role is to process requests, such as processing requests to return a static page, invoking an ISAPI extension or filter, or running a Common Gateway Interface (CGI) handler.
In both application isolation modes, the worker process is controlled by the WWW service. However, in worker process isolation mode, a worker process runs as an executable file named W3wp.exe,
Worker processes use HTTP.sys to receive requests and to send responses by using HTTP. Worker processes also run application code, such as ASP.NET applications and XML Web services. You can configure IIS to run multiple worker processes that serve different application pools concurrently.
ISAPI consists of two components: Extensions and Filters. These are the only two types of application that can be developed using ISAPI. Both Filters and Extensions must be written in C++ and compiled into DLL files which are then registered with IIS to be run on the web server.
Lsass.exe
"lsass.exe" is the Local Security Authentication Server. It verifies the validity of user logons to your PC/Server. It generates the process responsible for authenticating users for the Winlogon service. This process is performed by using authentication packages such as the default Msgina.dll. If authentication is successful, Lsass generates the user's access token, which is used to launch the initial shell. Other processes that the user initiates inherit this token.
Inetinfo.exe
"inetinfo.exe" belongs to Microsoft Internet Information Services (IIS) and is used for debugging.
svchost.exe
svchost.exe is a system process belonging to the Microsoft Windows Operating System which handles processes executed from DLLs.
ASP.NET is the modern form of ASP. ASP.NET was introduced with Microsoft .NET Framework 1.0 in 2001. ASP.NET is a complete makeover of ASP and introduces a new paradigm of Web development.
ASP.NET is programmable using any .NET language (VB.NET, C#, J#, JScript.NET, etc.). The .NET Framework languages are object oriented languages, supporting the full capabilities of a programming language as compared to scripting languages which are a subset of the actual language.
The ASP.NET pages are saved with the .aspx extension. The (asp_net.dll) component works along with IIS to parse, compile and respond to any requests for ASP.NET pages.
Some of the advantages that ASP.NET offers over classic ASP are:
· Event based programming model
· A vast library of pre-built controls
· Ability to develop custom controls
· Easy configuration and deployment
· No machine/application restarts required on configuring new components
· Improved application and session states
· Allows separation of server-side code from HTML (a feature known as Code Behind)
ASP is a COM (Component Object Model) based technology. The ASP component (asp.dll) attaches itself with the IIS (Internet Information Server). Upon receiving a request for an ASP page (.asp), IIS redirects it to the asp.dll. The asp.dll parses the ASP page for any script within it and if found, combines it with the HTML code and returns it to IIS which then forwards it to the requesting browser.
A sample of an ASP script is shown in the snippet below.:
ASP, Active Server Pages, is a Microsoft server-side technology that was introduced for developing dynamic Web applications for the Windows platform. ASP 3.0 was the last version of ASP introduced with Windows 2000.
ASP programming is done using JavaScript, JScript or VBScript; with VBScript being the most popular. The ASP pages are saved with a .asp extension and the script is embedded inside width the HTML within “<% %>” delimiters.
There are no special installation requirements for ASP. It is available by default with the IIS (Internet Information Server) and if it is installed on your machine, you will have ASP available.
Web sites can be classified into two major categories; static and dynamic.
Static Web sites
Web sites on the Internet providing you with nothing more than just information presented on HTML (।htm or ।html) Web pages with navigation are usually static sites. This is because the technology that they are based on is static. Such Web sites have a set of Web pages that contain all the content and the content structure predefined into them by the designers. The content of these Web sites cannot be changed, customized or personalized by the visitors of the Web site. Such Web sites don’t utilize no database or any other such technology that dynamically builds up their pages or content at runtime based on their visitor’s input or their preferences.
