While learning SQL for my testing purpose, I came across many problems.
I know most often in interview there is a question "how to select max, second max or third max salary from table........ect"
I tried my hand on this and came with the final solution taking help from colleague and google devata.
really facing problems finally came with more experience and knowledge.
here I want to share some queries on select statement. Hope these will help specially for beginners
try to execute all the given scenarios , this will help you to understand better.....
1- Create a table first by using the following statement. This will create a table named 'employee' with two columns 'name' and 'salary'.
CREATE TABLE employee (name varchar(256) , salary int)
2- Insert some data in this table. for this use
INSERT INTO employee (name, salary)
VALUES ('vishal' , 32000)
insert more data to this table.for example ('amit', 20000), ('nitin', 25000), ('raju', 30000), ('david', 27000), ('marc', 18000)
3- Selecting max salary from table:
SELECT max(salary) FROM employee
4- Selecting second highest salary from table:
SELECT max(salary) FROM employee
WHERE salary < (SELECT MAX(salary) FROM employee)
5- Selecting third highest salary :
SELECT MAX(salary) FROM employee
WHERE salary < (SELECT MAX(salary) FROM employee
WHERE salary < (SELECT MAX(salary) FROM employee))
6- Selecting fourth highest salary:
SELECT MAX(salary) FROM employee
WHERE salary < (SELECT MAX(salary) FROM employee
WHERE salary < (SELECT MAX(salary) FROM employee
WHERE salary < (SELECT MAX(salary) FROM employee)))
and so on........................
But it seems to heavy and to complicated..............
here I am going to write a query for Nth highest salary....
SELECT salary FROM employee e1
WHERE (N=(SELECT count(distinct(e2.salary)) FROM employee e2 WHERE e2.salary >= e1.salary))
You can put 1, 2 ,3, 4......for first, second, third.......in place of N.
hope you will be happy now.........
Wednesday, December 10, 2008
Monday, August 18, 2008
Selenium IDE- QnA
Through this blog post I am sharing some useful points . While trying IDE, I came accross many question and later I found some solutions of them. Some of the questions and answers are here.
Hope they help you lot.........
how selenium IDE handle checkpoint ?
Can selenium IDE handle any checkpoint like QTP, WinRunner?
I have a login page, if I entered a wrong username, password and try to login, application displayed a msg “ Wrong username and Password, how to handle this situation?
Yes We can use a command -
assertTextPresent <"Error Message">
How to capture input given in Rich Text Editor using Selenium IDE?
You can take the id of this editor using xPath.
I face an error "Element not found" while running script. How can I overcome?
Try using 'clickAndWait' command instead of just 'click'.
Or maybe 'waitForPageToLoad' commands..
How to handle timeout situation?
The default time for time out is 30000ms in selnium. you can change this from option.
But this is not good practice to change default time out. best practice can be use of time out command.
setTimeout30000000
I will be posting more so keep visiting the blog.
Hope they help you lot.........
how selenium IDE handle checkpoint ?
Can selenium IDE handle any checkpoint like QTP, WinRunner?
I have a login page, if I entered a wrong username, password and try to login, application displayed a msg “ Wrong username and Password, how to handle this situation?
Yes We can use a command -
assertTextPresent <"Error Message">
How to capture input given in Rich Text Editor using Selenium IDE?
You can take the id of this editor using xPath.
I face an error "Element not found" while running script. How can I overcome?
Try using 'clickAndWait' command instead of just 'click'.
Or maybe 'waitForPageToLoad' commands..
How to handle timeout situation?
The default time for time out is 30000ms in selnium. you can change this from option.
But this is not good practice to change default time out. best practice can be use of time out command.
setTimeout30000000
I will be posting more so keep visiting the blog.
Thursday, August 7, 2008
Checking security vulnerability -XSS
While testing the web based application we need to test for security . As there are malicious people , you can say hackers , who can apply SQL injection to access some of you data or information of your application. for this we need to check our application for security vulnerabilities. One of the most common vulnerability is XSS (Cross-Site Scripting). This Occurs when web pages accept user input without using proper validation. This allows hackers (or any attacker) to embed malicious script or code which injected to that page. Some time you see some links appearing in any web pages while surfing, these links are kind of this activities. on clicking to these links that embedded code injected to your web pages .
Some of the Risks associated with XSS are:
1- One can track your activities
2- One can stolen your session ID.
3- One can use your cookies
4- One can modify/change/delete the content of your web page.
5- Its possible to crash a browser
6- Some harmful software installation.
and many more..................................
So this is our (Testers) job to find such vulnerabilities while testing. So the question is How to Determine Whether a Web page Is Vulnerable or not?
This is very common vulnerability and can be check easily whether you page is vulnerabile or not.
To check Supply the string"<></>" to your form field which display string.
* If you see "<></>" returned, most likely not vulnerable.
* If you see "<>" returned, most likely vulnerable.
one more simple easy test is to take a current parameter that is sent in the HTTP GET request and modify it. Take for example the following request in the browser address URL bar. This url will take a name parameter that you enter in a textbox and print something on the page. Like "Hello Vishal, thank you for coming to my site"
http://www.yoursite.com/index.html?name=vishal
Now lets modify this request For example try entering something similar to the following request in the browser address URL bar.
http://www.yoursite.com/index.html?name=<script> Alet('You just found a XSS vulnerability')</script>
If this pops up an alert message box stating "You just found a XSS vulnerability", then you know this parameter is vulnerable to XSS attacks. The parameter name is not being validating, it is allowing anything to be processed as a name, including a malicious script that is injected into the parameter passed in. Basically what is occurring is normally where the name George would be entered on the page the message is instead being written to the dynamic page. The alert message just is an example of how to test for the XSS vulnerability. A malicious hacker would be much more devious to this type of security vulnerability.
Cross-site scripting (XSS) attacks are a type of attack in which a variety of techniques are used to attempt to execute malicious script code by injecting it into form input, query strings, or cookies.
XSS vulnerabilities are caused by a failure in the web application to properly validate user input.
what should developer do?
If you are using post method for data submission then client side checks might be sufficient but it is all the more necessary to do server side validation if you are using Get method to retrieve data.
# Always do input validation.
# If possible do output validation as well.
# Never rely on client side scripting.
# Avoid Get method for sending data.
# Always use validateRequest=True;
# Always replace ‘(single quote-if you are storing data in a database especially) to prevent SQL Injection.
# Avoid using Cookies.
# Always verify and check the lengths of string to safeguard against stack-overwriting attacks and SQL errors
So bieng a tester , we need to test our site for this and let dev team know abt this.
There are many tools available to check thesase vulnerabilities. I tried one which is paid but its taril version is available to use. This will facilitate the XSS checking.
http://www.acunetix.com/vulnerability-scanner/
steps:
->open this link
->you need to fill a form with basic info. Make sure you must have to put a valid email id.
->later you wil recieve a mail having a link to download this tool.
->you will get an exe file. install the ......Now what.... play with this and find more.
Happy QA,ing
References:
http://www.nus.edu.sg/
http://www.lboro.ac.uk/
http://www.testingsecurity.com/
Some of the Risks associated with XSS are:
1- One can track your activities
2- One can stolen your session ID.
3- One can use your cookies
4- One can modify/change/delete the content of your web page.
5- Its possible to crash a browser
6- Some harmful software installation.
and many more..................................
So this is our (Testers) job to find such vulnerabilities while testing. So the question is How to Determine Whether a Web page Is Vulnerable or not?
This is very common vulnerability and can be check easily whether you page is vulnerabile or not.
To check Supply the string"<></>" to your form field which display string.
* If you see "<></>" returned, most likely not vulnerable.
* If you see "<>" returned, most likely vulnerable.
one more simple easy test is to take a current parameter that is sent in the HTTP GET request and modify it. Take for example the following request in the browser address URL bar. This url will take a name parameter that you enter in a textbox and print something on the page. Like "Hello Vishal, thank you for coming to my site"
http://www.yoursite.com/index.html?name=vishal
Now lets modify this request For example try entering something similar to the following request in the browser address URL bar.
http://www.yoursite.com/index.html?name=<script> Alet('You just found a XSS vulnerability')</script>
If this pops up an alert message box stating "You just found a XSS vulnerability", then you know this parameter is vulnerable to XSS attacks. The parameter name is not being validating, it is allowing anything to be processed as a name, including a malicious script that is injected into the parameter passed in. Basically what is occurring is normally where the name George would be entered on the page the message is instead being written to the dynamic page. The alert message just is an example of how to test for the XSS vulnerability. A malicious hacker would be much more devious to this type of security vulnerability.
Cross-site scripting (XSS) attacks are a type of attack in which a variety of techniques are used to attempt to execute malicious script code by injecting it into form input, query strings, or cookies.
XSS vulnerabilities are caused by a failure in the web application to properly validate user input.
what should developer do?
If you are using post method for data submission then client side checks might be sufficient but it is all the more necessary to do server side validation if you are using Get method to retrieve data.
# Always do input validation.
# If possible do output validation as well.
# Never rely on client side scripting.
# Avoid Get method for sending data.
# Always use validateRequest=True;
# Always replace ‘(single quote-if you are storing data in a database especially) to prevent SQL Injection.
# Avoid using Cookies.
# Always verify and check the lengths of string to safeguard against stack-overwriting attacks and SQL errors
So bieng a tester , we need to test our site for this and let dev team know abt this.
There are many tools available to check thesase vulnerabilities. I tried one which is paid but its taril version is available to use. This will facilitate the XSS checking.
http://www.acunetix.com/vulnerability-scanner/
steps:
->open this link
->you need to fill a form with basic info. Make sure you must have to put a valid email id.
->later you wil recieve a mail having a link to download this tool.
->you will get an exe file. install the ......Now what.... play with this and find more.
Happy QA,ing
References:
http://www.nus.edu.sg/
http://www.lboro.ac.uk/
http://www.testingsecurity.com/
Wednesday, August 6, 2008
Cookies Testing
Following are some possible test cases to test the cookies. There are more cases are possible. add them and revert back with them
Test1-
----------------------------------------------------------------------------------------------
Purpose: Test for Disable cookies
Test1-
----------------------------------------------------------------------------------------------
Purpose: Test for Disable cookies
Prerequisite: Close all browsers, delete all previously written cookies before performing this test
Steps action: Disable the cookies on browser and open the application.
Expected Result: The major functionalities should not work properly. Appropriate message like “For smooth functioning of this site make sure that cookies are enabled on your browser” should be displayed. There should not be any page crash
Test2-
------------------------------------------------------------------------------------------------
Purpose: Test for Delete cookies
Steps action: Disable the cookies on browser and open the application.
Expected Result: The major functionalities should not work properly. Appropriate message like “For smooth functioning of this site make sure that cookies are enabled on your browser” should be displayed. There should not be any page crash
Test2-
------------------------------------------------------------------------------------------------
Purpose: Test for Delete cookies
Prerequisite: Close all browsers, delete all previously written cookies before performing this test
Steps action: Open site/page and allow cookies to be written and then delete these cookies and then navigate application.
Expected Result:No crash should be there. Site should function well.
Test3-
-------------------------------------------------------------------------------------------------
Purpose: Test for Corrupt cookies
Test4-
-----------------------------------------------------------------------------------------------
Purpose: Test Session cookies
Steps action: Open site/page and allow cookies to be written and then delete these cookies and then navigate application.
Expected Result:No crash should be there. Site should function well.
Test3-
-------------------------------------------------------------------------------------------------
Purpose: Test for Corrupt cookies
Prerequisite: Close all browsers, delete all previously written cookies before performing this test
Steps action: Allow cookies to be written and edit them in note pad by changing the parameters by some vague values. eg. Alter the name or its expiry date. Now navigates the site.
Expected Result:
Steps action: Allow cookies to be written and edit them in note pad by changing the parameters by some vague values. eg. Alter the name or its expiry date. Now navigates the site.
Expected Result:
Test4-
-----------------------------------------------------------------------------------------------
Purpose: Test Session cookies
Prerequisite: Close all browsers, delete all previously written cookies before performing this test
Steps action: allow cookies to be written and then close the browser. Now check for stored cookies
Expected Result: There should be no any cookie stored.
these are some possible points to keep in mind while testing for cookies. Revert back with your feedback. Thanks
Steps action: allow cookies to be written and then close the browser. Now check for stored cookies
Expected Result: There should be no any cookie stored.
these are some possible points to keep in mind while testing for cookies. Revert back with your feedback. Thanks
Tuesday, August 5, 2008
SeleniumIDE- Useful Points part-I
1- Xpaths:-
In one of my project when I was recording my script for create a post, I found that IDE is unable to record the text box activity. Actually that text box was Javascript content editor 'Tinymce' . Later I recognized that IDE is unable to find this editor as there was no label used for this. So I used X paths option available on right click to locate the element ID.
This was like id('tinymce')/p. Here title was not used so we need to pass it's ID manually. It is done using Xpaths .
2- Regular expression:-
Now in case if alert or pop up window appears so how you handle your script. I faced this situation and cane up with this solution.
Why our script fail. The reason is because the alert has a dynamic section and to handle that we need to put a regular expression marker with a regular expression. Your command should look something like verifyAlert ok.
you can also use assetX(asserttext, assetalert.....) for regular expression. I used this for select box functionality (Drop Down).
3-waitFor:-
I created a script and was trying to run this. But failed? why? Its times out!!!!! element not found!!!!! window not appear!!!!!!!....ect.
Actually what was happening , when my script start executing the page element was not loaded.
In AJAX base programing you never know, how long it will take to load the page element. This was the reason my script was failing again and again. Finally I came up with the solution using waitFor command. You can use this command to wait your script execution until the page element not loaded. (This is little similar to wait() command used in win runner )
Here are some expansion for this command : waitForX(waitForElement, waitForText, waitForAlert...........)
In one of my project when I was recording my script for create a post, I found that IDE is unable to record the text box activity. Actually that text box was Javascript content editor 'Tinymce' . Later I recognized that IDE is unable to find this editor as there was no label used for this. So I used X paths option available on right click to locate the element ID.
This was like id('tinymce')/p. Here title was not used so we need to pass it's ID manually. It is done using Xpaths .
2- Regular expression:-
Now in case if alert or pop up window appears so how you handle your script. I faced this situation and cane up with this solution.
Why our script fail. The reason is because the alert has a dynamic section and to handle that we need to put a regular expression marker with a regular expression. Your command should look something like verifyAlert ok.
you can also use assetX(asserttext, assetalert.....) for regular expression. I used this for select box functionality (Drop Down).
3-waitFor:-
I created a script and was trying to run this. But failed? why? Its times out!!!!! element not found!!!!! window not appear!!!!!!!....ect.
Actually what was happening , when my script start executing the page element was not loaded.
In AJAX base programing you never know, how long it will take to load the page element. This was the reason my script was failing again and again. Finally I came up with the solution using waitFor command. You can use this command to wait your script execution until the page element not loaded. (This is little similar to wait() command used in win runner )
Here are some expansion for this command : waitForX(waitForElement, waitForText, waitForAlert...........)
Wednesday, July 30, 2008
Web Testing- Common Checklist
When you are testing a web application, your task become more challenging. Every web application need a strong testing and this task is more critical specially working with middle organization where budget is often limited. I have been involved in such application testing. Every site needs to be thoroughly tested to ensure that it is accessible, user-friendly , and error free.
So to meet this, I would always prefer to make a checklist for this. I am sharing this here. Generally some points which are very common and recommended to test for most web application.
Here are some common points which must be covered while testing any web application.
1- Test every page individually: Here I always prefer to test each page individually. For this List out all the page and test them one by one.
2- Validate the Markup for every page: Validate every page for markup. You can use some markup validation tools. For this use W3C's HTML and CSS validator.
3- Test for link and navigation: Test whole application for links and their navigation. Every link should navigate to its target page. Navigation should be user friendly. Every page should have links.
Check if any page not having any links.
4- Perform Cross-Browser testing: This is very important point. As you never know that in which browser , your site is going to be access. So You need to test site for cross-browser compatibility. Find out the target audience and test it with all possible browsers. Test it on IE6, IE7, Mozilla Firefox, safari and opera on different OS.
5- Test error page : Test for 404 error pages. There should have a common 404 page which navigates the user to home page. Also check for error message which should be user friendly and meaning full.
6- Test application on various display and color setting: Always prefer to check the site on varrious color setting and display. This become very essential if your application have video related functionality
7- Test application on various resolution: check application on various resolution. I.e 1024x768, 600x800, 640x480.
8- Security Test: Always check the application for security. You can check the authorization and authentication. User login password. Other than this I always check the application for cookies. Here are some possible test cases for cookies testing.
* Test for Disable cookies
* Test for Delete cookies
* Test for Corrupt cookies
* Test for Session cookies
9- Form validation:
* Check for acceptance of invalid inputs
* Check for Manadatory fields
* Check for field range
For this you can use Boundary Value analysis to test range.
So these are some basics point to check while testing a web site. I hope post is helpful to readers.
Please revert back with your feed back and suggestion.
Thursday, June 26, 2008
Testing Web Application
Recently I took part in our company "Tekriti White Paper Publishing Contest". There were many participants for various technologies and department. As a QA I have also taken part to this contest. Here I with my colleague Debajit Hajarika finally decided to write some content on testing methodologies and process for web based application. Finally we both work hard and conclude with a massive but useful documents and submitted it to the organizer.
Now here through my blog , I would like to share this with all of you. I hope this will really help you. I would like to say here that as testing is an art so there must be scope of improvement here with this doc. So your suggestion are most welcome.
2. What can be the best practice to prevent bugs.
3. What is the best way to get them managed.
4. What is the ideal testing process.
Now here through my blog , I would like to share this with all of you. I hope this will really help you. I would like to say here that as testing is an art so there must be scope of improvement here with this doc. So your suggestion are most welcome.
1. Introduction
Testing process in any software organization is the key element to produce bug free, highly quality oriented software applications. This White Paper provides a great deal of information regrading testing process of web based applications.
Before we go ahead, we would like to provide an idea what Software Testing is all about.
Software Testing is an activity aimed at evaluating an attribute or capability of a program or system and determining that it meets its required results. It also ensures the working of the designed application as per specification. There are many approaches to software testing, but effective testing of complex products is essentially a process of investigation, not merely a matter of creating and following rote procedure.
Mainly, we have targeted to cover the answers of the following four points:
1. Why we encounter bugs in software applications2. What can be the best practice to prevent bugs.
3. What is the best way to get them managed.
4. What is the ideal testing process.
Software testing continues to grow more complex as the nature of web software application is getting more complicated and the vista of these application are becoming widen making it challenging for any tester to cope up with this process.
2. Why we encounter bugs in software applications:
Many of us encounter bugs in day to day life in the application that we use. Have we ever tried to give a thought why we encounter bugs in a software application. There are many factors playing a major role behind a buggy software. Most are man introduced and some are machine oriented.
If we elaborate the issue , we will have the following points:
2.1. Lack of proper communication: People associated with developing the software is not we aware of what an application should do and what it should not. In short, lack of requirements gathering.
2.2. Complexity of Software: Now a days software enters in to every domain of work. Complexity of current software system is so hard that it is very difficult to comprehend for anyone without the experience and knowledge of modern day software development. Right from Windows-type interfaces, client-server and distributed applications, data communications, enormous relational databases to sheer size of applications have all contributed to the exponential growth in software/system complexity. And the use of object-oriented techniques can complicate instead of simplify a project unless it is well-engineered.
2.3. Programing error committed by programmers: It is obvious that programmers can introduce syntax error or logical error without their knowledge, which may lead to disaster situation.
2.4. Rapid changes of requirements: Client can request any feature or changes in the mid of the development without knowing the impact of the changes. If there are many minor changes or any major changes, known and unknown dependencies among parts of the project are likely to interact and cause problems, and the complexity of keeping track of changes may result in errors. Redesign, rescheduling of engineers, effects on other projects, work already completed that may have to be redone or thrown out, hardware requirements that may cause unbalance in the developed system.
2.5. Dead Line and Time pressure: When unrealistic deadline is given, people rush in hurry without going in-depth of the product. Scheduling of software projects is difficult at best, often requiring a lot of guesswork. When deadlines predominate and the crunch comes, mistakes will be made.
2.6. Poorly Documented Code: It’s very tough to maintain and modify code that is badly written or poorly documented. That appears or results as a bug later after any changes. In many organizations management provides no incentive for programmers to document their code or write clear, understandable code. In fact, it’s usually the opposite: they get points mostly for quickly turning out code, and there’s job security if nobody else can understand it.
2.7. Lack of real Testing Environment: It is also important to consider the real environment where the software program will be implemented. It is very common that we can miss out those test conditions and scenarios to test for the lack of proper testing environment. This might be turned out as critical defect leakage at times.
2.8. Undefined Testing Process: Testing of a software system is not taken as seriously and carried out undocumented and undefined testing activities. Lack of well trained and experience QA professional also be the cause of buggy software.
3. What can be the best practice to prevent bugs:
We know that prevention is better than cure. This is the section in which we will discussion what can be done to prevent bugs before testers come to rescue. We had seen enough evidence in our company earlier that very few were interested in taking the initiative to prevent early mistakes. However, since the guide line in place, we witnessed a lot of improvement in the software developing stage.
3.1. Writing quality code: Though quality is a non tangible attribute, but programmer needs to ensure it right from the beginning.
3.2. Unit testing:
Programmer should debug the code using any Unit testing tool to insure the functionality of the developed module. They should not limit themselves to positive cases but also negative use cases.
3.3. Use Editor tools: Despite the availability of automatic error prevention tools for coding, it seems developers pay less interest in adopting such tool. Automatic error prevention tools are the good way to guarantee syntax error free code.
4. Testing Practices:
Before we go in top the details of software testing process, lets have a look on the different software product/application segment that is dealt by software companies. In general, the software industries can be segmented in various part based on nature of the project/product :
New Product Development ( Product)
New Application Development ( Project)
Existing product undergoing major version release( New Release)
Maintenance Projects
Based on the above software segments, it has the possibility that organization may adopt different testing process suitably to fit in to their projects.
Testing Process: Software Testing process is a very indispensable part of any software development process. If you are developing a web based application for your business, then the scope of testing challenges are getting increased. If the develop web site does not perform well under the stress of many customer visiting your site, you will lose business, customer and credibility. So, it's very essential to follow a software application testing process to deal with these issue and to measure the quality of it. A typical testing process starts from the initiation of Software Application. We are portraying the Software Testing Life Cycle with help of following diagram. This will let you know the different phases and its inter dependencies.
4.1. Requirement Gathering: Requirement gathering is an essential part of any project and project management. Understanding fully what a project will deliver is critical to its success. We want to be sure that the requirements specification contains all the requirements that are known about. While we know that there will be evolutionary changes and additions, we would like to restrict those changes to new requirements. We also consider the functional and non functional requirements for testing. As far as non functional requirements are concerned, it is the response by the system on a particular action. In other word, if system needs to respond to an event in 1 sec then we are talking about how the system must work; not what the system does. In this phase we refer to the following documents to collect the requirements details for testing.
• Requirement Specification documents
• Functional Specification documents
• Design Specification documents (use cases, etc)
• Use case Documents
• Test Trace-ability Matrix for identifying Test Coverage
On completion of this phase, we move out to start planning the testing process.
4.2.Test Plan: Test plan specifies process and scheduling of an application under test. QA Manager/Test lead prepares test plan document based on what to test, how to test, when to test, whom to test. It contains test plan id, one or two lines about project, estimated project testing start date, actual project testing start date, estimated project testing end date, actual project testing end date, selected test engineer names for the current project, training needs, schedule, use of automation tools, risks and mitigations, selecting test cases for regression testing. A Test Plan describe the following points:
• Introduction and Objectives
• Scope of Testing.
• Test items
• Features to be tested (who , what and when)
• Entry and Exit criteria
• Testing task
• Testing strategy and approach
• Assignment of Role and responsibilities
• Testing scheduling
• Risks and contingencies
• Staff and training needed
• Identify the areas for automation
• Automation Tool to use
• Test Deliverables
Basically, a Test Plan is systematic approach to testing a developed system. The plan typically contains a detailed understanding of what the eventual work flow will be. We draw plan to keep track of progress on the software that is being built.
4.3. Test Environment Setup: This is phase we prepare the Test bed. We need to set up the environment in terms of software/Tools and hardware according to the specification provided by client. This process involves with software and hardware installation required for testing. We also focus on network connectivity. Moreover, a good coordination is establish with vendors and maintenance departments for smooth running of testing activities.
4.4. Test Design: In this phase, we cover test design of software testing life cycle. It starts with in-depth coverage of test case design techniques for black box testing. This includes Equivalence Class Partitioning, Boundary Value Analysis, and Decision Tables. We emphasize on design activities and writing Test Design Specifications including documenting test conditions, test cases, test scripts and procedures and expected results. We pursue the following three stages in Test case developing which are described below:
• Develop test scenarios.
• Develop Test Cases.
• Review Test Cases.
• Writing/recording test script.
Developing test scenarios is crucial to successful implementation of test cases. On the basis of Test Scenario, we create test cases. Once we are completed with test case writing process, we send the test case document to Team Lead or higher level for review process.
As the test case writing is an art, and anyone can enhance the skill on writing test cases by the experience and practices. Keeping the following facts in mind, we can write effective test cases. 1. Always try to design the test cases in such a way to ensure the maximum coverage of
functionality with less number of test cases.
2. Read the specification carefully before developing test cases.
3. Focus on boundary value analysis and equivalent class partitioning techniques.
4. Make the test cases generic.
5. Try to make the test case as simple as that anyone can understand easily.
6. Classify the test cases according to the module/feature.
7. Identify those test cases which are required for Sanity Test of a build and make a
separate file for it.
Use specific test case template that covers all the necessary information which required in execution of test cases. Though every company has its own Test Case template, we have designed the following template to cover all the important information suitably.
In parallel, we always look out for the areas that can be automated so that manual testing effort can be reduced. This effort is generally made for functionality which are repeated in nature and stable. This automation scripts are written to perform sanity test and regression testing.
4.5. Test Execution and Defect Tracking: This phase begins with the execution of Test Design described in previous phase of STLC. This includes:
1. Execution of test cases manually.
2. Execution of automation script.
3. Update the test case status(pass/fail) after comparing the expected result with actual result.
4. Defect Reporting and Tracking.
5. Re-testing of defects fixes
6. Regression testing of modules.
7. Perform Sanity Testing on current build.
During this phase, we comply to the guideline that is set for us. Here
1. Execute the test cases which are meant for test to pass first.
2. Execute the test cases priority wise.
3. Execute the test case group wise which are interrelated.
4. Execute the test cases which are written to break the functionality.
Once we go through the test case execution process, there might be the case that some test cases will fail and some will pass. Now, it is of utmost important to track those fail test cases. This situation invokes the need of some defect management tools to track those fail test cases (bugs). To meet this need, we use defect tracking tools like Bugzilla, Mantis, Jira etc as per availability.
Now, you might think what happens once a bug is found. Well, once a bug is found in the system, it takes it own life cycle. A bugs goes through many stages before it get fixed. Here, we are trying to elaborate the Bug Life Cycle a bug goes through. We are depicting the Big Life Cycle with the following diagram:
Now, we are going to explore different stages of the Bug from it’s inception to closer. The life of bug starts from when it is logged and ends when it is fixed by developer, and verified & closed by Software Tester. Following are the status associated with a bug:
1- New:When a bug is found/discovered for the first time, we, the tester communicates it to Team Lead in order to confirm if that is a valid bug. After getting confirmation from the Test/Team Lead, we log the bug in defect tracker and status of the bug become ‘New’.
2- Assigned: Once a bugs is reported as “New” developers review it. If it is a valid bugs developers or team lead assigned the bug to appropriate person to fix it and the status of bug get changed to “Assigned”.
3- Resolved: Once a bug is assigned to developer, he/she make some changes in code and fix it, the state of bug becomes “Resolved”. Developers change the state to Resolved in bug tracker. In this Resolved state the bug might take various possible Resolutions which are listed below:
• Rejected: the bug is invalid as per the explanation from the development, he/she rejects the bug and marks its status as ‘Rejected’.
• Unable to reproduce: If developers can not produce the bug at their end the he/she can assign “Unable to reproduce” state to bug.
• Won't fix: Sometimes it may happens that improvement can not be fixed. In this state bug is said “Won't fix”.
• Deferred: If developers thinks that this bugs is not so important to fix and can be avoided then he/she can change the state of bug to “Deferred”. It means that the bugs will be taken care of at later release.
• Duplicate: It may happens that the same bug is filed again, then this bug can be resolved with the resolution “Duplicate”.
4- Closed: Once the bug state gets changed to Resolved, tester verified this bug to make sure that it is fixed actually. If the bug found resolved then tester close the bugs and the state becomes “Closed”.
5- Reopened: If after retesting the software for the bug opened, if the system behaves in the same way or same bug arises once again, then the tester reopens the bug and again sends it back to the developer marking its status as “Reopened”.
Many times we have encountered such a situation where developer is unable to reproduce a bug. This situation might lead to conflict between testers and developers. In this case, tester need to keep their head cool and communicate the bug effectively so that developer can understand the bug easily. We need to improve our skills in order to reproduce such issues. The following tips might work wonder in this confrontation:
Try to capture the story around the issue and not just steps.
Capture the complete Test Environment
Capture all the available Test Execution Results. This includes your test data, screen shots, applications logs, system logs, server logs
Need more patience (they won’t occur easily)
Need more observation skills on the application behavior under test.
Narrate the story around the issue to the stake holders and to corner the issue.
4.6. Test Report and Acceptance: This is the phase in which we, the tester, prepare test reports. The test report is the primary work deliverable from the testing phase. It passes around the information from the test execution phase that is needed for project managers, as well as the clients, to make further decisions. This reports is the summery of the test performed and the their results. The test report includes:
• Details of test cases(or test script) executed.
• Name of the software tester.
• The location of all test logs.
• Summaries of the results of each test non-conformity
• Summaries of the results of each test failure.
• The details of any code changes made during testing and the location of the modified
source code.
• Recommendations of any action to be taken as a result of the acceptance tests, where
applicable.
• Suggestion to the scope of improvement
Apart from that, one more important aspect is defects analysis. This is where we report defect information such as the number of defects found, defect severity classification, defect density, etc. We use Test Metrics to complement this section. Below are list of available metrics that can be used:
Test defect by test phase -- Analyze test defects by test phase
Test defect by severity level -- Analyze test defects by severity level
Accepted vs. rejected test defects
Defect density -- The number of defects per test cases
In general, writing the test report is important to make sure readers can make correct conclusions based on it. The output of this report will mold your readers' perception of you. The better your report, the better your reputation as tester.
Once we are done with Test Report, the User Acceptance Testing has taken place. It is the process that a client uses to verify that the delivered and installed product is ready to be put into production use. From the user's point of view, this means that every user oriented function should be thoroughly exercised. In this process what we will need to hand over to the team that will test your product is:
User's Manual or Guide.
An Installation Guide that tells the testing team how to install your product/application and who to contact in the event of problems.
A link to your Project Plan which should describe the user requirements that our team committed to at the beginning of the project.
5. Conclusion: As the software testing is never ending process and its an art, obviously, we can not limit ourself to a defined process. There are lots of scope to venture and explore this field and software testing is becoming more challenging. We have written this document to share our knowledge that we have gain from experience and how we overcome the challenges we faced while testing. One thing is for sure that it is the tester who makes the life of user/customer easier. To become a good tester, one should have good understanding and listening power with an eye which can see the things from users point of view.
Before we sign off, we would like to thank our Director Mr. Manish Dhingra for his moral support and encouragement which make it possible to deploy this White Paper. Also we are thankful to all Teknokrats (Employee in Tekriti called as Teknokrat) for sharing their views and experience.
Besides, we can not ignore the author's articles to which we refer for help. Thank You. We are signing off.
Authors:
Vishal S. Sachan
Debajit Hazarika
Member of Quality Assurance Dept.
Tekriti Software Pvt Ltd, Gurgaon.
Date:19/05/2008
Monday, June 23, 2008
Automate your test using Selenium IDE
Hi user,
I was started R & D on selenium open source tool few months back. and from that time I was continually trying my hands on this. And here is a good news. i have found some useful information and points which will really help you to implement this with in your project. Recently in my current company, I have given demo on selenium IDE and Core. Here in this article I will point out about IDE. The core , I will cover later in my next article.
I am not not going to write here about basic of selenium. you can find all this here with http://selenium-ide.openqa.org. so I am starting with downloading and using. make sure the IDE is only can be use in Firefox.
Selenium IDE is a firefox plug in and can be install simply. For downloading this use http://selenium-ide.openqa.org/download.jsp. this will automatically install the IDE in your fireforx browser . Once downloaded with this IDE you can find it in tool menu bar.
Now point is this, how we can automate our test case using IDE.
So here I am taking an example:
Suppose you have to test the login module. so what are the possible test cases for this. some of them are:
1- Enter the correct user name and wrong password- result should be an error message " Invalid password"
2- Enter the wrong user name and correct password- result should be an error message " Invalid user name"
3- Enter the user name and leave the password field blank- result should be an error message "Password field can not be blank"
4- ..........
5..........
6............
.....
....
and the last one is enter both the fields with correct data. Login should success.
so what is the steps to automate these test cases. Suppose I want to automate the last test case. For this We need to record the steps and make the script. for this follow:
-> Open Firefox browser and then open Selenium from tool.
-> Now stop recording (make sure when selenium open first time it opens in record mode) by clicking the record button.
-> Now enter the url of your application.
-> Start recording by clicking start button again.
-> Now perform the steps (for login put the correct user name and put the correct password and then click on submit button now once you log in with application you need to verify your login). For this you need to use "VerifyText Present" function/method. For this you can select the login user name ( That is you expected result ) from top of the header and right click and select verify text present option.
-> Stop the recording. Now you have done with your first test . Here is the example I am giving , it is for login with rediffmail.com.
-> Now you need to save this test. You can save this anywhere using .html ext. Later you will need to make a test suit (to run multiple test at a time ). for this make a test suite and map all the test with in this suit. you need to create a folder and place all your test with in this folder. Your test suit will also be in this folder only.
-> Now run this test.
-> You will see the status of your test as passed in green color. For this you can play with testrunner screen. here is the test runner screen
Here you can see the result of your test. This is pass in this case.
So this is all about basic of how to record and run your test.
Now you can also edit your test and can be categorize using various methods/function available. So now you can implement this in your project as well.
If you have any question or suggestion, just drop a comment here or you can mail me at vishal.sachan@gmail.com
I appreciate your feed back,
references:
http://www.openqa.org/
I was started R & D on selenium open source tool few months back. and from that time I was continually trying my hands on this. And here is a good news. i have found some useful information and points which will really help you to implement this with in your project. Recently in my current company, I have given demo on selenium IDE and Core. Here in this article I will point out about IDE. The core , I will cover later in my next article.
I am not not going to write here about basic of selenium. you can find all this here with http://selenium-ide.openqa.org. so I am starting with downloading and using. make sure the IDE is only can be use in Firefox.
Selenium IDE is a firefox plug in and can be install simply. For downloading this use http://selenium-ide.openqa.org/download.jsp. this will automatically install the IDE in your fireforx browser . Once downloaded with this IDE you can find it in tool menu bar.
Now point is this, how we can automate our test case using IDE.
So here I am taking an example:
Suppose you have to test the login module. so what are the possible test cases for this. some of them are:
1- Enter the correct user name and wrong password- result should be an error message " Invalid password"
2- Enter the wrong user name and correct password- result should be an error message " Invalid user name"
3- Enter the user name and leave the password field blank- result should be an error message "Password field can not be blank"
4- ..........
5..........
6............
.....
....
and the last one is enter both the fields with correct data. Login should success.
so what is the steps to automate these test cases. Suppose I want to automate the last test case. For this We need to record the steps and make the script. for this follow:
-> Open Firefox browser and then open Selenium from tool.
-> Now stop recording (make sure when selenium open first time it opens in record mode) by clicking the record button.
-> Now enter the url of your application.
-> Start recording by clicking start button again.
-> Now perform the steps (for login put the correct user name and put the correct password and then click on submit button now once you log in with application you need to verify your login). For this you need to use "VerifyText Present" function/method. For this you can select the login user name ( That is you expected result ) from top of the header and right click and select verify text present option.
-> Stop the recording. Now you have done with your first test . Here is the example I am giving , it is for login with rediffmail.com.
-> Now you need to save this test. You can save this anywhere using .html ext. Later you will need to make a test suit (to run multiple test at a time ). for this make a test suite and map all the test with in this suit. you need to create a folder and place all your test with in this folder. Your test suit will also be in this folder only.
-> Now run this test.
-> You will see the status of your test as passed in green color. For this you can play with testrunner screen. here is the test runner screen
Here you can see the result of your test. This is pass in this case.
So this is all about basic of how to record and run your test.
Now you can also edit your test and can be categorize using various methods/function available. So now you can implement this in your project as well.
If you have any question or suggestion, just drop a comment here or you can mail me at vishal.sachan@gmail.com
I appreciate your feed back,
references:
http://www.openqa.org/
Tuesday, June 10, 2008
Status Report by QA/Tester
As a tester in fact QA you need to be more practical with your work. there are certain rules and process for doing our job but you should not bond with you to follow. You can even start a process itself which may reflects better that using previously.
As Bill Curtis, co-author of the Capability Maturity Model (CMM)said "Having a process such as CMMI in place doesn't guarantee quality software or systems,".
once I was needing to send the status mail of bugs to one of the client working with. I was very tensed ..what and how ?
For this I goggled and share with our seniors. I was not satisfied with outcomes. Really it was project specific. it can be different for different.
in fact i send it like this.I am sharing this with you. Hope this will beneficial for you also.
QA's Work Status / Bug Status
Prepared By: Vishal Scahan
Project: People Aggregator
Date of preparation: Tuesday, June 10 2008
A) Defect Verified:
I have verified most of the resolved issues in http://www.phil.dev.********.com . Following is the status for same:
Following is the detail of open bugs in mantis for PA project in different versions.
C) Issues holding the QA for verification:
I have verified most of the resolved issues but some of them are in hold . I Would like to request all the reporters of these issue to get them verified and closed respectively.
D) Next Priorities:
I am preparing a document “Detailed Bug Report” for the bugs already reported in Mantis. I will triage all the bugs/features with David and team to take an appropriate action against them.
In between doing QA for http://www.**************.com and reporting new issues will also be in my to do list.
David- I will be reporting new issues related to PHP Notices . I would like to finish this by end of this week. Can you please take these issues as high priority to get them fixed . Once we fixes these issues, It will be better to plan for module wise functional testing.
As Bill Curtis, co-author of the Capability Maturity Model (CMM)said "Having a process such as CMMI in place doesn't guarantee quality software or systems,".
once I was needing to send the status mail of bugs to one of the client working with. I was very tensed ..what and how ?
For this I goggled and share with our seniors. I was not satisfied with outcomes. Really it was project specific. it can be different for different.
in fact i send it like this.I am sharing this with you. Hope this will beneficial for you also.
QA's Work Status / Bug Status
Prepared By: Vishal Scahan
Project: People Aggregator
Date of preparation: Tuesday, June 10 2008
A) Defect Verified:
I have verified most of the resolved issues in http://www.phil.dev.********.com . Following is the status for same:
| Total Issue verified (36) | 11126, 11724, 11751, 11753, 11725, 11726, 11738, 11732, 11739, 11778, 11748, 11747, 11778, 11723, 11728, 11729, 11852, 11845, 11848, 11851, 11847, 11835, 11837, 11827, 11841,11891, 11880, 11877, 11871, 11826, 11854, 11803, 11814, 11801, 12846 |
| Closed(34) | 11126, 11724, 11751, 11753, 11725, 11726, 11738, 11732, 11739, 11778, 11748, 11747, 11778, 11723, 11728, 11729, 11852, 11845, 11848, 11847, 11835, 11837, 11827, ,11891, 11880, 11877, 11871, 11826, 11854, 11803, 11814, 11801, 12846 |
| Re open(2) | 11841, 11851 |
Following is the detail of open bugs in mantis for PA project in different versions.
| New | 69 |
| Block | 5 |
| Assigned | 143 |
| Crash | 4 |
| Resolved | 51 |
| Major | 72 |
| Feed back | 22 |
| Minor | 121 |
| Acknowledged | 19 |
| Feature | 93 |
|
| Total 304 |
| Others | 81 |
C) Issues holding the QA for verification:
I have verified most of the resolved issues but some of them are in hold . I Would like to request all the reporters of these issue to get them verified and closed respectively.
D) Next Priorities:
I am preparing a document “Detailed Bug Report” for the bugs already reported in Mantis. I will triage all the bugs/features with David and team to take an appropriate action against them.
In between doing QA for http://www.**************.com and reporting new issues will also be in my to do list.
David- I will be reporting new issues related to PHP Notices . I would like to finish this by end of this week. Can you please take these issues as high priority to get them fixed . Once we fixes these issues, It will be better to plan for module wise functional testing.
Tuesday, May 20, 2008
QA signoff for a software application
As a part of the QA job, we need to send a sign off document. for this we send the details about the feature/release and the testing overview. Generally there is no any specific format for this, still I found a template for this.
This help me to do my job in a effective way.
here is the formate :
For Project: Project name [eg. Radio Mini]
Feature: Feture or module name [eg. RSS-Feed]
Project Team: Team name ( eg. PA core team)
Dev Team Members: Name of the developers who are involved in developing this feature or module. eg.
• [Santosh Singh]
• [Ekta Singh]
• [Gurpreet Singh]
Extended Team: list out the members if applicable ( manpower from other project who are involved in this work)
Submitted for testing on: Date on which feature handled for testing [dd/mm/yyyy]
Tested by: Testing team member(s) name (eg. Vishal Sachan )
Proof of Compliance: list out all the documents which need to send for your proof. eg.
Testing Checklist – [File Name]
Test Results attached- [File Name]
Testing Overview: mention here the activity you performed for your testing. what kind of testing, what methodologies u applied etc. eg.
Manual Web UI.
Ran all possible test cases.
Held open testing with team members.
Sign-Off Section:
This system conforms to QA requirements. Finally it is done. I am signing off the feature (RSS-Feed) on the version alpha1.2 of peepagg.net and on its child project Radio Mini.
Reference:
http://www.mun.ca/cc/systemdevelopment/content/appendixa/qa_evaluation_template.pdf
This help me to do my job in a effective way.
here is the formate :
QA SIGN-OFF
For Project: Project name [eg. Radio Mini]
Feature: Feture or module name [eg. RSS-Feed]
Project Team: Team name ( eg. PA core team)
Dev Team Members: Name of the developers who are involved in developing this feature or module. eg.
• [Santosh Singh]
• [Ekta Singh]
• [Gurpreet Singh]
Extended Team: list out the members if applicable ( manpower from other project who are involved in this work)
Submitted for testing on: Date on which feature handled for testing [dd/mm/yyyy]
Tested by: Testing team member(s) name (eg. Vishal Sachan )
Proof of Compliance: list out all the documents which need to send for your proof. eg.
Testing Checklist – [File Name]
Test Results attached- [File Name]
Testing Overview: mention here the activity you performed for your testing. what kind of testing, what methodologies u applied etc. eg.
Manual Web UI.
Ran all possible test cases.
Held open testing with team members.
Sign-Off Section:
This system conforms to QA requirements. Finally it is done. I am signing off the feature (RSS-Feed) on the version alpha1.2 of peepagg.net and on its child project Radio Mini.
Reference:
http://www.mun.ca/cc/systemdevelopment/content/appendixa/qa_evaluation_template.pdf
Friday, April 18, 2008
Zephyr- A Next Generation Test Management System
Recently I came across a newly launched Test management System called Zephyr which is a next generation system.
I spend some time on it and found good. I am sure you will find it better than you using any Test Management System. You can find out all about this by clicking to http://www.getzephyr.com
Zephyr is a slick, feature rich and affordable Test Management System aimed at global SME, IT Departments and Testing Vendors. It brings a whole bunch of innovation in a space that has lacked it for the longest time. We'd like to draw your attention particularly to our customized Testing Desktops, real time Collaboration and Live Reporting via slick Dashboards as well as a host of Web 2.0 features.
Zephyr is a slick, feature rich and affordable Test Management System aimed at global SME, IT Departments and Testing Vendors. It brings a whole bunch of innovation in a space that has lacked it for the longest time. We'd like to draw your attention particularly to our customized Testing Desktops, real time Collaboration and Live Reporting via slick Dashboards as well as a host of Web 2.0 features.
Wednesday, April 16, 2008
Typical Software Testing Process
Every Software development organization follow about similar testing process. Still It can be slightly different for organization to organization.
However in Tekriti we follows the following testing process for the most of our project/products.
1-Requirement Analysis:
Testing process starts in very early phase of software development life cycle(SDLC). In this phase we gather requirement . The requirement for testing can be gather with the help of following documents:
-> Software Requirement Specification(SRS)
-> Functional Specification
-> Designed Documents
-> Use case Documents
All the above documents are prepared by PM, TL and Dev teams itself with meetings with client or Client itself.
This is very first step in testing process. Now once we have requirement, we move to next phase so called planning.
2- Test Planning:
Now in this phase once we have the exact requirement, we plan for testing. It may be the answer of few questions like How to test, what to test, when to test, etc. We can exactly say that this phase is where we make test strategies, test plan or test Bed. The Test plan may have the answer of the questions
-What to test first
-Technologies to be used
-who will test and what
-Methodologies to be used
-Whether it is manual or automated (If automated then what to be automated)
-Risk management
-Which bug tracking tools to be used. etc
Now once we completed with this phase we start setup with test environment. That is our next phase of testing process.
3- Test environment setup:
In this phase of software testing we setup the test environment in which we have to test the application.
It depends upon the software/application to be tested.
Setup the test environment may include
-Network Configuration
-Software and hardware installation.
-Meetings with vender's
-Internet service provider may be the crucial part for for any S/w development Organization.
In Tekriti it all about the system team 's responsibility. So tester can starts working for directly 4th phase
after planning.
4-Test Design:
In this phase we write the test cases. Once the test cases writing completed , we refer this document to the senior level , In some cases we also send it to the client, but it totally depend on the nature of project.
If the process is automated then we also write test script in this phase.
Now once the test case documents is reviewed we plan then to execute.
5-Test execution :
Now exactly the task of testers comes. In this phase we execute the test cases . We also run test script (if applicable) to execute these test cases with the help of automation tools.
6-Defect tracking and report:
In this phase we track the defects which are being monitored in previous phase. If we having any bug tracking tool then we reported and manage through them otherwise we can also track them through xls sheet. Here we are using Mantis, Bugzilla, and Zira for different projects.
7- Test report:
finally, testing team prepare following documents
-Test summary report
-build release notes
-note on what is covered and what to cover in next release.
-Review acceptance. It may be the release note's mail reply from client
Finally,
As testing is never ending process and its depends on project , the process can repeat itself. The requirement changes daily so the writing test cases may be the continue process.
- Vishal Sachan
However in Tekriti we follows the following testing process for the most of our project/products.
1-Requirement Analysis:
Testing process starts in very early phase of software development life cycle(SDLC). In this phase we gather requirement . The requirement for testing can be gather with the help of following documents:
-> Software Requirement Specification(SRS)
-> Functional Specification
-> Designed Documents
-> Use case Documents
All the above documents are prepared by PM, TL and Dev teams itself with meetings with client or Client itself.
This is very first step in testing process. Now once we have requirement, we move to next phase so called planning.
2- Test Planning:
Now in this phase once we have the exact requirement, we plan for testing. It may be the answer of few questions like How to test, what to test, when to test, etc. We can exactly say that this phase is where we make test strategies, test plan or test Bed. The Test plan may have the answer of the questions
-What to test first
-Technologies to be used
-who will test and what
-Methodologies to be used
-Whether it is manual or automated (If automated then what to be automated)
-Risk management
-Which bug tracking tools to be used. etc
Now once we completed with this phase we start setup with test environment. That is our next phase of testing process.
3- Test environment setup:
In this phase of software testing we setup the test environment in which we have to test the application.
It depends upon the software/application to be tested.
Setup the test environment may include
-Network Configuration
-Software and hardware installation.
-Meetings with vender's
-Internet service provider may be the crucial part for for any S/w development Organization.
In Tekriti it all about the system team 's responsibility. So tester can starts working for directly 4th phase
after planning.
4-Test Design:
In this phase we write the test cases. Once the test cases writing completed , we refer this document to the senior level , In some cases we also send it to the client, but it totally depend on the nature of project.
If the process is automated then we also write test script in this phase.
Now once the test case documents is reviewed we plan then to execute.
5-Test execution :
Now exactly the task of testers comes. In this phase we execute the test cases . We also run test script (if applicable) to execute these test cases with the help of automation tools.
6-Defect tracking and report:
In this phase we track the defects which are being monitored in previous phase. If we having any bug tracking tool then we reported and manage through them otherwise we can also track them through xls sheet. Here we are using Mantis, Bugzilla, and Zira for different projects.
7- Test report:
finally, testing team prepare following documents
-Test summary report
-build release notes
-note on what is covered and what to cover in next release.
-Review acceptance. It may be the release note's mail reply from client
Finally,
As testing is never ending process and its depends on project , the process can repeat itself. The requirement changes daily so the writing test cases may be the continue process.
- Vishal Sachan
Subscribe to:
Posts
(
Atom
)