Working in era of web 2.0 is more challenging for QA/testers. specially when you need to be care of security. Here we wil discuss the importance of security testing tools and their availability. also we will try to find out the "Web vulnerabilities " which affect most.
This post is for them who want to take an overview on security testing of web 2.0 applications.
so lets start with the question 'Can automated tool be used for securing a website from hacking inexpensively and easily and what they are ?' so there are numbers of such tools available in market. many of them are free. one can search in internet. there are so many which are paid but parallel they provide their free version also.
But my concern over here is , we should not overestimated the value of such tools or scanner. The manual activities also important to find out the securities vulnerabilities. so just do not underestimate the manual effort given to your testing activities.
The firefox plugin or extension can help us to find this. Most developer use such extension. firebug is one of them. SQL injection is one of the best method to
lets now try to see the most vulnerabilities discovered. I would like to thanks Kevin Beaver, one of the best author I used to read the article. he also given the below fact which i am going to describe.
here re the few most affective Web vulnerabilities according to the order:
1- Cross site scripting (CSS also known as XSS)
2- Broken session management
3- Improper error handling
4- Unvalidated input
5- Injection flaws
6- Insecure config management
7- Broken access control
and many more.
so from this it is very clear that XSS is very common Web vulnerabilities. I have already posted one article on XSS. you can find this here
I have also manage to write white paper on web testing which may help you to understand the whole process of testing web application. That can be find on clicking here.
Thank you for using my blog. I will really appreciate if you write few comments and suggestion to improve it.
Wednesday, October 21, 2009
Friday, September 4, 2009
using selenium RC in your java project - How to run your script in different browser
I have been using selenium IDE fro last 1 year or so. In fact I just use this to automate few of our module. I was not so active user of selenium in this period.
Few months back my company placed me in a java project. I wanted to work with some automation tool not exactly play back and recording. There for I tried my hand in selenium RC. Recently I successfully managed to install RC witheclipse (Java IDE used in my project) and ran some of test case recorded in IDE. I am trying my hand to make them data driven and more specific. For that one should be good in java programming. I am also trying to be good in that.
I have seen many of us seeking help to configure RC in their project. All they want to run very first test case. for that, I decided to write some thing which may help to begin with the very first etst case in RC.
Here in my article I will explain how to configure RC witheclipse and how to run the test case recorded in IDE.
I am assuming that you are good in using IDE record and playback.
So once you done your recording with IDE convert your recorded script in java. for this click on OPTIONS->FORMAT and choose java. save this test case as simple java file.
so you have your test case say test.java.
Now follow the steps to configure Rc and java client driver witheclipse .
1- Download Selenium-RC from the SeleniumHQ downloads page and save this some where you want.
2- launcheclipse
3- Create a new java project (I guess you are aware of creating a new project ineclipse . If not then take help from developer or visit documentation section in http://seleniumhq.org/)
4- Add external jar files. (from the location where you have already saved downloaded selenium rc)
5- Add your saved java file(which you have saved after recording in IDE) to this project
6- Now run this as Junit test
here I am giving some explanation which might help you to get the things easily.
This is the java code which i have recorded using IDE to test the search in Google.
import junit.framework.*;
import com.thoughtworks.selenium.*;
import java.util.regex.Pattern;
import com.thoughtworks.selenium.SeleneseTestCase;
public class test1 extends SeleneseTestCase {
public void setUp() throws Exception {
setUp("http://www.google.co.in/", "*firefox");
}
public void testVishal() throws Exception {
selenium.open("/");
selenium.type("q", "vishal sachan");
selenium.click("btnG");
selenium.waitForPageToLoad("30000");
verifyTrue(selenium.isTextPresent("vishal sachan"));
}
}
Running your test in multiple browser:
You can now run this test in different browse by initializing the desired browser info like firefox, iexplorer, chrome..
setUp("http://www.google.co.in/", "*firefox") ;
I hope this will help you to get started with you very first test using selenium RC.
Few months back my company placed me in a java project. I wanted to work with some automation tool not exactly play back and recording. There for I tried my hand in selenium RC. Recently I successfully managed to install RC with
I have seen many of us seeking help to configure RC in their project. All they want to run very first test case. for that, I decided to write some thing which may help to begin with the very first etst case in RC.
Here in my article I will explain how to configure RC with
I am assuming that you are good in using IDE record and playback.
So once you done your recording with IDE convert your recorded script in java. for this click on OPTIONS->FORMAT and choose java. save this test case as simple java file.
so you have your test case say test.java.
Now follow the steps to configure Rc and java client driver with
1- Download Selenium-RC from the SeleniumHQ downloads page and save this some where you want.
2- launch
3- Create a new java project (I guess you are aware of creating a new project in
4- Add external jar files. (from the location where you have already saved downloaded selenium rc)
5- Add your saved java file(which you have saved after recording in IDE) to this project
6- Now run this as Junit test
here I am giving some explanation which might help you to get the things easily.
This is the java code which i have recorded using IDE to test the search in Google.
import junit.framework.*;
import com.thoughtworks.selenium.*;
import java.util.regex.Pattern;
import com.thoughtworks.selenium.SeleneseTestCase;
public class test1 extends SeleneseTestCase {
public void setUp() throws Exception {
setUp("http://www.google.co.in/", "*firefox");
}
public void testVishal() throws Exception {
selenium.open("/");
selenium.type("q", "vishal sachan");
selenium.click("btnG");
selenium.waitForPageToLoad("30000");
verifyTrue(selenium.isTextPresent("vishal sachan"));
}
}
Running your test in multiple browser:
You can now run this test in different browse by initializing the desired browser info like firefox, iexplorer, chrome..
setUp("http://www.google.co.in/", "*firefox") ;
I hope this will help you to get started with you very first test using selenium RC.
Monday, May 11, 2009
Manual database testing using stored procedures
I am working in a project where we use web services and only 10% of the testing include front end testing. if we say as a non technical tester then there is a request and a response. The request is in form of XML having sets of data and response is also in form of XML. so here in such cases we need to test the internal behaviors of the application. we need to verify the data inserted to the appropriate destination in database. We need to test the functions working fine or not.
To test such applications a tester should be smart enough in identifying the scenarios which covers the testing of every functionality.
Now one and major part of this testing is to test in back end. the data inserted from from end is properly gone to the correct place. we do it manually. for this we need to know:
1- Detail knowledge of application.
2- Good knowledge of database used(overview of database used, good in query, datamodel, reltionship used).
3- Sound skills to identify the scenarios which covers all the functionality.(some time we need to identify the case which really come into action in production only. for this testers some times need to change from code to execute such scenarios.)
so doing verification of data we generally use some query to fetch data from database. We have sets of statement here.
I would always prefer to make some stored procedure which realy help in excecuting the queruies.
I wil give an simple example here which may help you that how to used stored procedure while testing with database.
I am taking an example here which allow a user to to register with a application by sending a request in form of XML. after registerting this the request will give you a key and using that key you can see the result which the application provide.
The flow of the request will be like:
1- The set of user data inserted
2- A key provided to user as in response
3- User again send a request using this key
4-user information recieved in form of XML.
so here the testing will include
1- wheather user data inserted in proper place in database.
2- The information recieved by user is correct or not.
for this we can make some quesries to fetch the data(it can be manually checked but that will take much time and will not be compatible.)
here we can also make some strored procesure(hope you undersatand basic of stored procesure how to create , how to execute).
suppose I want the user data from user table corresponding to a user id. for this you can write a procesure in a way...
1- Open a new query prompt
2- Write..
create procedure userdetail
{
@user_id numeric(10)
}
as
select * from USER
where USER_ID= @user_id
3- Execute this query
4- Now you can see this procesure in you list.
5- now to execute this you can use
exec userdetail '2001'
or simple go to the listing of procesures and execute there by clicking the option in right click.
you will find a window whete to pass user_id.
this is a simple procedure i used here. in same way we can test by passing inputs .
To test such applications a tester should be smart enough in identifying the scenarios which covers the testing of every functionality.
Now one and major part of this testing is to test in back end. the data inserted from from end is properly gone to the correct place. we do it manually. for this we need to know:
1- Detail knowledge of application.
2- Good knowledge of database used(overview of database used, good in query, datamodel, reltionship used).
3- Sound skills to identify the scenarios which covers all the functionality.(some time we need to identify the case which really come into action in production only. for this testers some times need to change from code to execute such scenarios.)
so doing verification of data we generally use some query to fetch data from database. We have sets of statement here.
I would always prefer to make some stored procedure which realy help in excecuting the queruies.
I wil give an simple example here which may help you that how to used stored procedure while testing with database.
I am taking an example here which allow a user to to register with a application by sending a request in form of XML. after registerting this the request will give you a key and using that key you can see the result which the application provide.
The flow of the request will be like:
1- The set of user data inserted
2- A key provided to user as in response
3- User again send a request using this key
4-user information recieved in form of XML.
so here the testing will include
1- wheather user data inserted in proper place in database.
2- The information recieved by user is correct or not.
for this we can make some quesries to fetch the data(it can be manually checked but that will take much time and will not be compatible.)
here we can also make some strored procesure(hope you undersatand basic of stored procesure how to create , how to execute).
suppose I want the user data from user table corresponding to a user id. for this you can write a procesure in a way...
1- Open a new query prompt
2- Write..
create procedure userdetail
{
@user_id numeric(10)
}
as
select * from USER
where USER_ID= @user_id
3- Execute this query
4- Now you can see this procesure in you list.
5- now to execute this you can use
exec userdetail '2001'
or simple go to the listing of procesures and execute there by clicking the option in right click.
you will find a window whete to pass user_id.
this is a simple procedure i used here. in same way we can test by passing inputs .
Tuesday, April 7, 2009
Testing in Agile software Development
Hi Folks!
Continuing to my last article....
In era of the rapid software development where the changes take places randomly and requirement chances every hours, the role of testers is very tough and challenging.
The biggest challenges in agile software development is to handle the changes made rapidly. Software changes every hour. The new code is being pushed in test server every day or even every hour and hence the testing system becomes changing. To deal with such cases and to test this , we need a different kind of approach of testing with may be totally differ with a scripted testing. This need different set of skills and tactic. For this tester need to very flexible and very innovative. I found in some case company don't allow to adopt any approach other than the scripted one. But For this a agile tester should have a valid reason and tendency to make project manager/ seniors agree to adopt new approaches. I always have a reason to adopt my approach. Some time I need to make significant change in our testing approach and I do this because I do have confidence in my approach.
propose your plan to the team without hesitation after all our prime motive is same which is "to make s/w bug free". So if you have any idea in your mind and you believe this will work , don't wait and let your bosses know.
Agile testers need to be well versed in following area:
1- Active participation in scrum meeting to make decision on agile test plan. I pointed agile test plan here specially because the test plan we make here can be quite different as a normal. take decision on what will you do next, how will you do, and the reason of doing this means how it is meaning full and how it will how practically.
2- Experiencing the application in different ways to improve the understanding of risk, c to find such scenarios which might be missed during first planing. and expected behaviors. I always preffer to see my application in different ways: QA, Tester(Some how technical, data model, flow of application ), End users, and layman.
So these should be the common and beneficial practices in agile software development.
Some time we work in such project where there are many teams works together sitting in different places. There are many challenges in testing such projects. Few things(other that the expected skills from a tester) which I feel every tester should follow to accept the challenges in testing of such project.
1- Tester must be very active in participating in all meeting and conference calls with other teams and client. If this is not happening in your project, just ask for this.
2- Need to be very active and flexible to adopt the changes during development. Documentation can help to manage them. To identify the scenario at the spot.
3- Need to practice to make a TO DO LIST (I adopted this from of my manager and believe me it is working) . This practice really help you to remember the things to be implemented. once come back from meeting just review the TO DO LIST and update your documents.
4- Should be very straight forward. Don't say YES all the time. if you feel this is wrong, put your thought to the front of team. Realize that you are responsibility for over all quality of the application and process.
5- Do regular meeting with team working with, to find the gaps in requirement. As there are not fixed requirement and this keep changing so there might be the cases that you are not communicated some changes during development. some changes for most of them think no This is not beneficial to Tester. No I don't think so, every thing weather it is requirement change or changes in architecture or design, the tester should know about this. So This meeting will insure you that really you did not missed nay thing.
6- Practice to make scenario(a high level scenario which really does not have the steps to test) and document this in a different folder. Discuss these scenarios with your PM and other seniors persons and ask them to review. This will be a green signal to your cases that you have not missed any thing and are sufficient to cover the testing. Later you can extend these scenarios to a detailed test cases as per the time arability.
at the end , I say... The agile method don't use a typical QA process, but this does't meas that we produce a quality less product using agile method. In Agile, we need to do frequent communication among the whole team. Break down the testing in smaller part and that to be flexible. Allow end user to access application ASAP and in a very early phase which also let you know that whether application behaves accordingly or not. exploratory testing should be the part of this methodology. Over all , in net the quality of application is much high in agile software developemnet..
Thanks,
Vishal Sachan
Sr.QA, Tekriti Software
Continuing to my last article....
In era of the rapid software development where the changes take places randomly and requirement chances every hours, the role of testers is very tough and challenging.
The biggest challenges in agile software development is to handle the changes made rapidly. Software changes every hour. The new code is being pushed in test server every day or even every hour and hence the testing system becomes changing. To deal with such cases and to test this , we need a different kind of approach of testing with may be totally differ with a scripted testing. This need different set of skills and tactic. For this tester need to very flexible and very innovative. I found in some case company don't allow to adopt any approach other than the scripted one. But For this a agile tester should have a valid reason and tendency to make project manager/ seniors agree to adopt new approaches. I always have a reason to adopt my approach. Some time I need to make significant change in our testing approach and I do this because I do have confidence in my approach.
propose your plan to the team without hesitation after all our prime motive is same which is "to make s/w bug free". So if you have any idea in your mind and you believe this will work , don't wait and let your bosses know.
Agile testers need to be well versed in following area:
1- Active participation in scrum meeting to make decision on agile test plan. I pointed agile test plan here specially because the test plan we make here can be quite different as a normal. take decision on what will you do next, how will you do, and the reason of doing this means how it is meaning full and how it will how practically.
2- Experiencing the application in different ways to improve the understanding of risk, c to find such scenarios which might be missed during first planing. and expected behaviors. I always preffer to see my application in different ways: QA, Tester(Some how technical, data model, flow of application ), End users, and layman.
So these should be the common and beneficial practices in agile software development.
Some time we work in such project where there are many teams works together sitting in different places. There are many challenges in testing such projects. Few things(other that the expected skills from a tester) which I feel every tester should follow to accept the challenges in testing of such project.
1- Tester must be very active in participating in all meeting and conference calls with other teams and client. If this is not happening in your project, just ask for this.
2- Need to be very active and flexible to adopt the changes during development. Documentation can help to manage them. To identify the scenario at the spot.
3- Need to practice to make a TO DO LIST (I adopted this from of my manager and believe me it is working) . This practice really help you to remember the things to be implemented. once come back from meeting just review the TO DO LIST and update your documents.
4- Should be very straight forward. Don't say YES all the time. if you feel this is wrong, put your thought to the front of team. Realize that you are responsibility for over all quality of the application and process.
5- Do regular meeting with team working with, to find the gaps in requirement. As there are not fixed requirement and this keep changing so there might be the cases that you are not communicated some changes during development. some changes for most of them think no This is not beneficial to Tester. No I don't think so, every thing weather it is requirement change or changes in architecture or design, the tester should know about this. So This meeting will insure you that really you did not missed nay thing.
6- Practice to make scenario(a high level scenario which really does not have the steps to test) and document this in a different folder. Discuss these scenarios with your PM and other seniors persons and ask them to review. This will be a green signal to your cases that you have not missed any thing and are sufficient to cover the testing. Later you can extend these scenarios to a detailed test cases as per the time arability.
at the end , I say... The agile method don't use a typical QA process, but this does't meas that we produce a quality less product using agile method. In Agile, we need to do frequent communication among the whole team. Break down the testing in smaller part and that to be flexible. Allow end user to access application ASAP and in a very early phase which also let you know that whether application behaves accordingly or not. exploratory testing should be the part of this methodology. Over all , in net the quality of application is much high in agile software developemnet..
Thanks,
Vishal Sachan
Sr.QA, Tekriti Software
Wednesday, April 1, 2009
Exploratory testing in agile environments
In era of rapid development of agile software project, testing is totally changed to a new way from typical scripted method. The exploratory testing here can help in this scenario for tester(new in project) to meet with the expectations regards application quality and robustness. Here in this article I will try to explore the term exploratory testing and the cases where it can be fit in agile software development and what will be the benefit using this.
I read many article and white papers and found that the term exploratory testing is used equivalent to ad hoc testing. I fed up. I am not agree with this. there Once a guy asked me that 'is exploratory testing and ad hoc testing is same?' My answer was very simple.
"It depends on you , if you think an ad hoc testing is a very rough and thought less testing then I would say that no, exploratory testing and ad hoc testing are not same ". Guys please make it clear, I am using exploratory testing here is not like this. Exploratory Testing is always done with the intent of understanding the functionality of the application
In Agile software project when a new tester join the project, I would suggest to do this testing . This will help him to perform testing and getting familiar with application. What bad in this? Unlike traditional test methods where there are certain process , exploratory testing is more of a real-time process. Tell me one thing...Is this practical possible to adopt a scripted testing in agile development. I hope most of you will say NO. so what? We can say it is better way for a tester to get familiar with application parallel to their testing activities, to follow the exploratory testing. It is also true most of the testers follow this at least once or later this approach in their project testing but the problem they never go with its definition and a proper way.
I have been working in a project which used the agile development method and I am working as a lead QA off shore for that project. I always asked my colleague to explore the application using exploratory testing.
To deal with the constant changes on an agile project, testers need to understand which risks are important to the project , team and should focus on what is going to be changed and to be done in project. We generally gone through the scrum meeting to discuss the work plan and work which is done last and what to be done in next.
In my project I separately do regular meeting to discuss my test scenarios with whole team to find the gaps and to make them clear.
Agile project have their own challenges to the testing team like- Unclear project scope, iteration, Minimal Documentation, early and frequent testing. all these demand diverse and special skills testing guys. So one of the skill 'exploratory testing' is important here. This will cover, exploration od application, touring the application through GUI, analyzing the product/application ect..
Any way, the article was intended to discuss on exploratory testing so I will take an another separate note to explore my experience on my process of doing the testing in agile software project.
So now lets discuss the merits and demerits of Exploratory Testing. I will cover this section pointing out questions and then the appropriate answers:
Why Exploratory Testing (I wil use ET now onward for this)? - ET is much more capable to find those bugs which can not be found in scripted testing approach this means ET extend our test coverage which we generally prepared using specification. here the question may be that why we miss such bugs in our scripted method. So as specification is intended to a specific s/w behavior so the change to miss some scenarios which may produce some untouched bugs which can be found in ET.
Is ET is simliar to Ahdoc testing? As I pointed this issue earlier in this post only, the answer can be YES or NO depends on the person and his understanding on this. One more thing i want to point here that adhoc testing can be done by any one . but for ET the person should be more skilled.
I read many article and white papers and found that the term exploratory testing is used equivalent to ad hoc testing. I fed up. I am not agree with this. there Once a guy asked me that 'is exploratory testing and ad hoc testing is same?' My answer was very simple.
"It depends on you , if you think an ad hoc testing is a very rough and thought less testing then I would say that no, exploratory testing and ad hoc testing are not same ". Guys please make it clear, I am using exploratory testing here is not like this. Exploratory Testing is always done with the intent of understanding the functionality of the application
In Agile software project when a new tester join the project, I would suggest to do this testing . This will help him to perform testing and getting familiar with application. What bad in this? Unlike traditional test methods where there are certain process , exploratory testing is more of a real-time process. Tell me one thing...Is this practical possible to adopt a scripted testing in agile development. I hope most of you will say NO. so what? We can say it is better way for a tester to get familiar with application parallel to their testing activities, to follow the exploratory testing. It is also true most of the testers follow this at least once or later this approach in their project testing but the problem they never go with its definition and a proper way.
I have been working in a project which used the agile development method and I am working as a lead QA off shore for that project. I always asked my colleague to explore the application using exploratory testing.
To deal with the constant changes on an agile project, testers need to understand which risks are important to the project , team and should focus on what is going to be changed and to be done in project. We generally gone through the scrum meeting to discuss the work plan and work which is done last and what to be done in next.
In my project I separately do regular meeting to discuss my test scenarios with whole team to find the gaps and to make them clear.
Agile project have their own challenges to the testing team like- Unclear project scope, iteration, Minimal Documentation, early and frequent testing. all these demand diverse and special skills testing guys. So one of the skill 'exploratory testing' is important here. This will cover, exploration od application, touring the application through GUI, analyzing the product/application ect..
Any way, the article was intended to discuss on exploratory testing so I will take an another separate note to explore my experience on my process of doing the testing in agile software project.
So now lets discuss the merits and demerits of Exploratory Testing. I will cover this section pointing out questions and then the appropriate answers:
Why Exploratory Testing (I wil use ET now onward for this)? - ET is much more capable to find those bugs which can not be found in scripted testing approach this means ET extend our test coverage which we generally prepared using specification. here the question may be that why we miss such bugs in our scripted method. So as specification is intended to a specific s/w behavior so the change to miss some scenarios which may produce some untouched bugs which can be found in ET.
Is ET is simliar to Ahdoc testing? As I pointed this issue earlier in this post only, the answer can be YES or NO depends on the person and his understanding on this. One more thing i want to point here that adhoc testing can be done by any one . but for ET the person should be more skilled.
Monday, March 16, 2009
Multiple versions of IE on the same machine
"IETester"
Hi Folks,
Generally a tester need to test the application for cross browser to check the compatibility of the application if different browsers. Sometimes we need to test the application in IE for various version and for this we need multiple IE . When have a single system and then the the question is"how to test in different IEs".
We generally use "Multiple IE" but the problem here I faced that when we use IE6 and IE7 parallel, IE7 works fine. but In IE6 it seems that some features are missing and testing is not done properly. For this I was using separate system or remote access of the system where slandered alone IE6 is present. But that was also not feasible in most cases. So i was wondering for some permanent solution.
Recently I came to know about a tool for testing in IE. and that is IETester. This not only allow to access IE6 and IE7 but You can use it to test pages in IE5.5, IE6, IE7 and IE8 all on the same machine without messing around with your main installed version of IE. This feature I liked more and forced me to use this.
Later I acme across few users and found that there are also some restrictions using this. It seems that this is about 90% of IE......what ever personally i do not have much issue over here.
Now I am happy using this. Hope this help all of you as well.........
Thanks,
Vishal Sachan
Sr. QA, Tekriti Software
Hi Folks,
Generally a tester need to test the application for cross browser to check the compatibility of the application if different browsers. Sometimes we need to test the application in IE for various version and for this we need multiple IE . When have a single system and then the the question is"how to test in different IEs".
We generally use "Multiple IE" but the problem here I faced that when we use IE6 and IE7 parallel, IE7 works fine. but In IE6 it seems that some features are missing and testing is not done properly. For this I was using separate system or remote access of the system where slandered alone IE6 is present. But that was also not feasible in most cases. So i was wondering for some permanent solution.
Recently I came to know about a tool for testing in IE. and that is IETester. This not only allow to access IE6 and IE7 but You can use it to test pages in IE5.5, IE6, IE7 and IE8 all on the same machine without messing around with your main installed version of IE. This feature I liked more and forced me to use this.
Later I acme across few users and found that there are also some restrictions using this. It seems that this is about 90% of IE......what ever personally i do not have much issue over here.
Now I am happy using this. Hope this help all of you as well.........
Thanks,
Vishal Sachan
Sr. QA, Tekriti Software
Wednesday, January 14, 2009
QA: back end testing
Generally tester prefer to test front end of a site. but for a bug free and high performance of your application, we need to test its back end.
In fact Back end/database testing is a separate area of testing which it a kind of white box testing. But we can cover some of this in out QA/ testing. Now the question is , How and what? Is this possible to do this manually?
Yes, at least doing some thing is better than avoiding . In my projects I always prefer to do database testing. Testing the front end of a site, should not be considered only. We need to practice back end testing also. I manage to write some SQL queries and execute them manually. This is all depend on you depth knowledge of the application database. the relations among various tables. Write yoy test cases and implement them into queries.
will be pointing out some case here . Basic thing is that , to test back end we need to be strong in database. To test application we need to gain knowledge of the data model and the relation ship among the different tables. If you are new to this job you can take help from your team mates to get in touch with database.
There are some tools to test database. but in most case working in small project or middle organization, you are not facilitated with this. In such case we need to practice it manually. I will cover all this later here in this post only.
just have look here why we need to test database in more....
If your data server's slow then there is no chances that your front-end coding will improve things. The most common reason must be Poorly optimized table indexes. so in this case we need to test Index.
The list of things we generally cover in database testing:
1. Data integrity-The complete data belonging to each entity should be stored in the database. There should not be any missing data
2. Correctness of the data stored in the database- The data stored should be correct and stored in right place.
3. Data type testing
4. Data size testing- Generally we test Data size only at the front end, but it is essential to test it at back end separately
5. Database performance
6. Data security
7. In case of data migration check Correctness and completeness of data
8- If you are good in database also test for Stored procedure. in this we need to test Every Stored Procedure separately. which may cover:
-. The no. of arguments being passed
-. The data type of each of the arguments being passed
-. The order of the arguments being passed
-. The return value
-. The data type of the return value
9. Input Item verification- In this we verify the input items like text box, combination box, active X controls. generally ask you developer to test this during unit testing.
As in point 5 , it is pointed out that we need to test for performance. So what can we check in database. we measure the executing time to see the performance. Also check the indexing . The poor indexing may cause your application slowness. So always there should be a proper Indexing for better performance.
I am pointing out a simple example here that how can we verify the database entries manually.
Suppose We have a registration form . so in from end we only have a UI where there must be some input fields and a submit button. Most common test is to fill the form and verify weather that user is created or not. but we don't know what is going on in database. so taking this example we first gain full knowledge of our database. Which field is mapped with which table and what are the columns where data will be inserted.
once you are familiar with the data model , we can write some queries using various tables and columns joining.
Now First thing to do- check in front end(execute all test case)
and second- test back end same thing by executing the queries to insure that the data is inserted in right table and the data is correct.
This is not the end in fact, there is lots to do.
Please share your experience and come with the more ideas.
In fact Back end/database testing is a separate area of testing which it a kind of white box testing. But we can cover some of this in out QA/ testing. Now the question is , How and what? Is this possible to do this manually?
Yes, at least doing some thing is better than avoiding . In my projects I always prefer to do database testing. Testing the front end of a site, should not be considered only. We need to practice back end testing also. I manage to write some SQL queries and execute them manually. This is all depend on you depth knowledge of the application database. the relations among various tables. Write yoy test cases and implement them into queries.
will be pointing out some case here . Basic thing is that , to test back end we need to be strong in database. To test application we need to gain knowledge of the data model and the relation ship among the different tables. If you are new to this job you can take help from your team mates to get in touch with database.
There are some tools to test database. but in most case working in small project or middle organization, you are not facilitated with this. In such case we need to practice it manually. I will cover all this later here in this post only.
just have look here why we need to test database in more....
If your data server's slow then there is no chances that your front-end coding will improve things. The most common reason must be Poorly optimized table indexes. so in this case we need to test Index.
The list of things we generally cover in database testing:
1. Data integrity-The complete data belonging to each entity should be stored in the database. There should not be any missing data
2. Correctness of the data stored in the database- The data stored should be correct and stored in right place.
3. Data type testing
4. Data size testing- Generally we test Data size only at the front end, but it is essential to test it at back end separately
5. Database performance
6. Data security
7. In case of data migration check Correctness and completeness of data
8- If you are good in database also test for Stored procedure. in this we need to test Every Stored Procedure separately. which may cover:
-. The no. of arguments being passed
-. The data type of each of the arguments being passed
-. The order of the arguments being passed
-. The return value
-. The data type of the return value
9. Input Item verification- In this we verify the input items like text box, combination box, active X controls. generally ask you developer to test this during unit testing.
As in point 5 , it is pointed out that we need to test for performance. So what can we check in database. we measure the executing time to see the performance. Also check the indexing . The poor indexing may cause your application slowness. So always there should be a proper Indexing for better performance.
I am pointing out a simple example here that how can we verify the database entries manually.
Suppose We have a registration form . so in from end we only have a UI where there must be some input fields and a submit button. Most common test is to fill the form and verify weather that user is created or not. but we don't know what is going on in database. so taking this example we first gain full knowledge of our database. Which field is mapped with which table and what are the columns where data will be inserted.
once you are familiar with the data model , we can write some queries using various tables and columns joining.
Now First thing to do- check in front end(execute all test case)
and second- test back end same thing by executing the queries to insure that the data is inserted in right table and the data is correct.
This is not the end in fact, there is lots to do.
Please share your experience and come with the more ideas.
Subscribe to:
Posts
(
Atom
)