testing circus (january2011)
Post on 07-Apr-2018
222 Views
Preview:
TRANSCRIPT
-
8/6/2019 Testing Circus (January2011)
1/45
TTeessttiinngg CCiirrccuussVVoolluummee 22 -- IIssssuuee 11 JJaannuuaarryy 22001111
YYYooouuurrrMMMooonnnttthhhlllyyyMMMaaagggaaazzziiinnneee
ooonnn
BBBaaasssiiicccsss ooofffSSSoooffftttwwwaaarrreeeTTTeeessstttiiinnnggg
AAAgggiiillleee JJJooouuurrrnnneeeyyy TTTeeeaaammmCCCooommmmmmiiitttmmmeeennnttt tttooo QQQuuuaaallliiitttyyy
IIInnnttteeerrrvvviiieeewww wwwiiittthhhEEErrrkkkaaannn YYYiii lllmmmaaazzz TTTeeesssttt CCCaaassseee PPPrrraaaccctttiiiccceee QQQTTTPPP CCCooodddeee CCCooorrrnnneeerrr EEEssstttiiimmmeeetttrrriiicccsss --- PPPRRREEEDDDIIICCCTTT AAANNNDDD
PPPRRRAAAYYY
IIImmmpppooorrrtttaaannnccceee ooofffcccooommmmmmuuunnniiicccaaatttiiiooonnn iiinnn ttteeessstttiiinnnggg
EEEllleeemmmeeennntttaaarrryyy,,, MMMyyy DDDeeeaaarrr WWWaaatttsssooonnn!!! AAA fffaaakkkeee ttteeesssttteeerrr'''sss dddiiiaaarrryyy HHHaaasss YYYooouuurrr PPPrrroooddduuucccttt PPPaaasssssseeeddd
SSSeeecccuuurrriiitttyyy TTTeeessstttsss???
SSSoooffftttwwwaaarrreee TTTeeessstttiiinnnggg NNNeeewwwsss QQQ---PPPaaatttttteeerrrnnnsss TTTeeesssttteeerrrsss iiinnn TTTwwwiiitttttteeerrr
-
8/6/2019 Testing Circus (January2011)
2/45
Wwww w w . T e s t i n g Ci r c u s . c o m J a n u a r y 2 0 1 1 Page - 2 -
TTeessttiinngg CCiirrccuussVolume 2 - Issue 1 - January 2011Help Ch an dr asek h a r BN, a So ft w ar e Test e r ,bea t Acu t e Lym ph ob las t i c Leuk emia .
Chandrasekhar B N is a 26 year old Software Tester working at
Bangalore. He was detected with Blood cancer (Acute LymphoblasticLeukemia - with Ph+ve) in October. Chandrashekar is the sole bread
earner in the family. His mother is a housewife and his 21 year old
brother is a student, too. Doctors have prescribed chemotherapy
and bone marrow transplant at a cost of Rs. 8 lacs for chemotherapy
+ Rs. 10 lacs for Bone Marrow Transplant. As he is now getting
treatment, with no additional income in the family, family members
and friends are trying to gather funds for his treatment and daily
expenses but are at the end of their resources.
We urge all readers ofTesting Circus to donate generously for this purpose.
Please note: Donations made to CANCER PATIENTS AID ASSOCIATION , CPAA are exempt fromIncome Tax under Section 80G of the Income Tax Act INDIA (50% exemption). Your receipt and
tax exemption certificate will be sent to the address given in the CPAA form. Please enter your
full postal address where CPAA can mail your 80G Exemption Certificate carefully.
No donation is small. You can do it online through your VISA/Master Card. (Donors from outside
India can do it online) https://donations.cpaaindia.org/
Alternately, you can also write a cheque or send demand draft in the name "CANCER PATIENTS
AID ASSOCIATION " and mail it to:
Dr. Shubha Maudgal
Executive Director
Cancer Patients Aid AssociationSmt. Panadevi Dalmia Cancer Management Centre
King George V Memorial, Dr. E. Moses Road,
Mahalakshmi, Mumbai - 400 011
Tel: +91 22 2492 4000 / 2492 8775 Fax: +91 22 2497 3599
Please Note: Write Chandrasekhar B N on the back of the cheque.
http:/ / helpchandru.com/
-
8/6/2019 Testing Circus (January2011)
3/45
Wwww w w . T e s t i n g Ci r c u s . c o m J a n u a r y 2 0 1 1 Page - 3 -
WWhheerree iiss wwhhaatt??
Editorial4 Emails tothe Editor5 AgileJourney6
Elementary,My Dear
Watson!
9
Keystroke
Logging
12
Estimetrics -PREDICT
AND PRAY
15
Q-Patterns19 In LighterMoods22A Fake
Tester'sDiary
23
Importanceof
communication inTesting
26Has YourProductPassedSecurityTests?
29Software
Testers @Twitter
33
Test CaseWritingPractice
35 News OnTesting37 QTP CodeCorner41
Know YourTestingGuru
42Testing
Circus Reps(TCRs
44TestingCircusTeam
44
-
8/6/2019 Testing Circus (January2011)
4/45
-
8/6/2019 Testing Circus (January2011)
5/45
Wwww w w . T e s t i n g Ci r c u s . c o m J a n u a r y 2 0 1 1 Page - 5 -
Thanks for the wonderful magazine!!
It helps me a lot to understand the Testing Concepts especially the Test Cases column.Also, I have told about this magazine to some of my colleagues and really it is helpful
to them too.
Hats off to you and your team of Testing Circus!!~Agrta Kansal
[Editor] Dear Agrta, thank you for your appreciation.
First of all heartiest thanks to the team for coming up with such an innovative idea. Itis certainly going to aid testers from all spheres of life.~Partha Sarathi Samal
First of all, congratulations on your appeal to bring all testers under one shelter to
share, learn and grow together. It was nice to know that you conveyed the massage in
Softech10 by Silicon India. I attended the same in Mumbai last day and I must not
mention but it was a great experience. Would you mind if I suggest not limiting the
Testing Circus core team only to Delhi-NCR and we can have some really
influential/dedicated people in same team across major IT cities like Pune, Mumbai,Hyderabad and Bangalore? What I am thinking is, this will give more scope for TC
community to grow further and along with that it will also facilitate the TCRs to
convince the people in their respective organizations to join TC community. And this is
how we can have a real united Testers Team across the nation. What I feel is instead
of having different groups aiming at same purpose, its always desirable to have all
under one roof. As Testing Circus has already been started it can play the role of an
umbrella.
Wish me luck so that someday I can confidently ask for my membership in TCs coreteam. And am pretty sure, Testing Circus would be the big family by then.~Lalitkumar Bhamare
[Editor] Dear Lalit, the Testing Circus Representative initiative reflects your thoughts
too. Thank you for interest to become a TCR. We will contact you further.
-
8/6/2019 Testing Circus (January2011)
6/45
Wwww w w . T e s t i n g Ci r c u s . c o m J a n u a r y 2 0 1 1 Page - 6 -
AAAgggiiillleee JJJooouuurrrnnneeeyyy TTTeeeaaammm CCCooommmmmmiiitttmmmeeennnttttttooo QQQuuuaaallliiitttyyy
BByyLLiissaa CCrriissppiinn
In agile development, the whole development team, not only the testers, must
commit to quality, and that commitment has to mean something. The entire team has
to be engaged in making sure all testing activities are completed for each story, sprint
and release. Heres an example, from a recent sprint, of what this commitment to
quality means to my own team, which consists of two testers, four programmers, a
DBA, two system administrators and a ScrumMaster.
In the past few sprints, we had started to slide into the bad practice of having leftover
testing task cards that got carried over into the next sprint. Some of these were cards
to write new FitNesse fixtures to automate tests for a particular new piece of
functionality. Some were end to end testing cards that simply take a long time to
complete. There were also development cards left over. A couple of stories had
dragged on more than two sprints without a compelling reason. This was getting awful!
It felt like we were dragging through waist-deep mud of technical debt.
In a sprint retrospective, we got serious about solving these problems. Here are theaction items we created:
Finish leftover cards before starting new stories in new sprint. This meanttaking on less new work for the sprint.
Ask remote team member to work on existing cards before bringing in new stuff Have main developer for a story put his name on the story card and take
responsibility for making sure all tasks are done Write "end to end" test cards for each story (these are cards that remind the
developer assigned to that story to test that all the pieces work together)
-
8/6/2019 Testing Circus (January2011)
7/45
Wwww w w . T e s t i n g Ci r c u s . c o m J a n u a r y 2 0 1 1 Page - 7 -
Developer responsible for story should think about all task cards ahead of time,make sure all necessary cards are there
Ensure everyone needed is copied on emails Stop checking in untested code
In the next sprint, we focused on finishing all the "leftovers" first. For the new
FitNesse fixtures, the programmers asked that I first write example tests with my idea
of how the test should work. One of our team members who works remotely then
wrote the fixtures and updated the tests as needed so that they passed. These fixtures
were difficult to do, as they had to use a lot of legacy code, but the ROI will be big
because they test critical areas where we've had expensive production problems in the
past.
There was only one incident of untested code being checked in, and we talked about it
right away and discussed ways to ensure this stops happening.
Six days into the two-week sprint, we still had lots of testing cards and not manydevelopment ones. The programmers, of their own volition, decided during the Scrum
to attack the test cards. By the end of the day, most of the test cards were finished!
Then they went on to the stories that were new that sprint.
Since a glance at the online storyboard now tells us who the main developer is on each
story, communication has improved. When more than one developer works on tasks for
a story, they're communicating better. Lots of pairing is happening too.
Communication is better all around, including with the remote team member.
Eight days into the sprint, a programmer was writing up the information on the
functionality he had changed for a batch processing story, and as he wrote, herealized that he missed a use case. He fixed
it, but was concerned there wasn't enough
time left in the sprint to adequately test
the new functionality. We decided to
postpone that story to the next sprint.
Consciously deciding to put off testing to
the next sprint isn't a bad thing, when
there's a good reason for it.
Towards the end of this sprint, we were still
very busy, but felt great to see ourstoryboard for the sprint with almost all the
cards moved to the 'done' column. Since it
was holiday time, people were taking time
off, so time is short. A task to automate
testing for a new UI feature implemented
with Ajax was rolled over to the next sprint,
because the test script was blowing up.
-
8/6/2019 Testing Circus (January2011)
8/45
Wwww w w . T e s t i n g Ci r c u s . c o m J a n u a r y 2 0 1 1 Page - 8 -
Again, this was a
conscious decision by the
team, not a case of
"Oops! Today is the last
day of the sprint and we
didn't get this finished".Many teams struggle with
trying to finish all the
testing for all the stories
by the end of each
iteration. If this happens
to you, the first action to
take is to limit the
amount of new work
brought into the next
sprint, so you can focus
on finishing the leftovers.
As you catch up and are
able to reduce your
technical debt by
finishing testing and test
automation tasks, you'll
be able to increase your
velocity later, without
sacrificing quality. This
has to be a team effort.
If youre doing your best
and working hard, and
you still dont finish what
you planned for the
sprint, dont beat
yourselves up. Use your
retrospective to identify
impediments, and focus
on how you can overcome
one or two of them. Talkabout what your team
commitment to quality
really means, and take
baby steps to do a little
better every iteration.
Youll enjoy your agile
journey!
An agile testing coach and practitioner, Lisa Crispin is the co-
author, with Janet Gregory, ofAgile Testing: A Practical Guide
for Testers and Agile Teams (Addison-Wesley, 2009), and a
contributor to Beautiful Testing (OReilly, 2009) and Testen in
der Finanzwelt (2009). She also co-wrote Testing Extreme
Programming (Addison-Wesley, 2002) with Tip House. Lisa
specializes in showing agile teams how testers can add value
and guide development with business-facing tests. For the
past ten years, Lisa has worked as a tester on agile teams
developing web applications in Java and .Net. She teaches
Agile Testing courses and tutorials worldwide. Lisa regularly
contributes articles to publications such as Better Software
magazine, Software Test & Performance Magazine, IEEE
Software Magazine, Methods & Tools, Agile Journal, Agile
Record, She enjoys sharing her experiences at conferences
and user group meetings around the world. Lisa was named
one of the 13 Women of Influence in testing by Software Test
& Performance magazine.
For more about Lisas work, visit www.lisacrispin.com
Lisa can be reached at http://twitter.com/lisacrispin
-
8/6/2019 Testing Circus (January2011)
9/45
Wwww w w . T e s t i n g Ci r c u s . c o m J a n u a r y 2 0 1 1 Page - 9 -
EElleemmeennttaarryy,, MMyy DDeeaarr WWaattssoonn!!
BByyNNNaaannndddaaagggooopppaaalll RRR
The title sounds familiar, right? The master detective Sherlock Holmes often
commented this to his friend Dr. Watson Even though a fictional character, Mr.
Holmes is one of my favorites. I always wondered about his observation, logical
reasoning and deduction skills. Though I would like to believe that Mr. Holmes did
exist, its not the truth that points to the fact that how gifted the writer Sir Arthur
Conan Doyle was! Mr. Holmes could have easily become the best tester in this world if
he was in the Software Industry and Sir Conan Doyle could have been the mostsophisticated criminal the world has ever seen (no offenses meant! I was referring to
the details of the crime scenes in his stories).
Now, lets come to the business part of this yes, you guessed right Observation,
Logical Reasoning and Deduction great skills to have as a tester. Of course, deduction
can be a trivial since one of the most common mistakes done by a tester is the
assumption he/she makes after the deduction of his/her experiments. So be
careful when you try to be the Sherlock Holmes tester
Experience adds a lot to your testing skills in an exploratory method a simple
definition of exploratory testing can be like learning the application by playing with itand using your prior experience. Once you start your career as a tester and become
more experienced, you might be thinking like a tester even in lifes scenarios. Your
eyes and ears become trained to look at things in a lateral way than others. I dont
know whether its good or bad but I like it (and since I like Holmes and am a tester, I
like it more!) I have realized that my lateral thinking has improved since I started my
career as a Tester. I will site a few examples.
-
8/6/2019 Testing Circus (January2011)
10/45
Wwww w w . T e s t i n g Ci r c u s . c o m J a n u a r y 2 0 1 1 Page - 10 -
Scene Number One:
I went out for dinner with my wife last month. There were 3 wash basins in that hotel.
My wife went straight to one and was about to open the tap.
Me: Thats not working use the next one!
Since she had already placed her hand on the tap, she opened it and found that there
is no water coming from it.
She: How did you know that?
Me: The wash basin is dry, the naphthalene polls in it are as it is and looks new, and
the hotel is reasonably full that means the wash basin is not working.
I used Observation, Logical Reasoning and Deduction there and I was right
Scene Number Two:
Since I started my career as a tester, most of the time I flip the correct switches for
lights or fans in an unfamiliar place. You know how? I flip the most commonly used
switches in a switch board they might be evident from color change due to constant
use. I used Observation, Logical Reasoning and Deduction in here too and most of the
time Im right
Testing and Common sense
So, this brings us back to a typical interview question What are the qualities/skills
you have as a tester?
Curiosity, lateral thinking,
problem solving are some of
the skills you should have to
become a good tester. Having
these skills helps you to
become a better tester for
sure. I always wanted to
become a private detective
like Sherlock Holmes. Even
though I couldn't pursue that
dream the way it needs to bedone, I'm happy that I'm doing
it in some other way - I'm a
Software Detective. I use my
curiosity to investigate further
into a problem, use lateral
thinking and hence solve the
problems As somebody
-
8/6/2019 Testing Circus (January2011)
11/45
Wwww w w . T e s t i n g Ci r c u s . c o m J a n u a r y 2 0 1 1 Page - 11 -
rightly said - "the best free tool you
can use in testing is your brain"
Common sense also plays a huge a part
in making you a better tester. It comes
handy when you start making
assumptions. As I have stated in the
start of this topic, assumption is one of
the most commonly committed
mistakes by a tester. Common sense
helps you to get out of assumption
traps and makes you do little things
that might save you a lot of time and
might show you that legendary show-
stopper you always wanted to find I
remember a narration from my friend
when he was reading this topic (assome you might be aware, this is
already published in my blog). My
friend went for a movie and in the
theater; everybody is using one basin
out of three. First one is clean, tap is
good, everybody tried it and they got
only air flowing from it. Second one is
clean, tap is good and it is working.
Everybody is waiting for their turn to
use the second basin. Nobody is tryingthe third. The basin is not clean, the
tap-head is broken and people
conclude that there is no water in it!
He tried and it was working!
Testers observe, apply logic, then
deduct and based on that deduction
starts assuming sometimes. So due to
the bad state of the tap, people assumes that it is not working. As a tester, I must be
trying the tap even if that observation-reasoning-deduction process DOES NOT come
natural to me; that is where commonsense plays the part and it points to another musthave skill for a tester patience!
Elementary, my dear Watson
Nandagopal R is a software tester
with 4+ years of experience,
currently working for RM Education
Solutions India Pvt Ltd, Trivandrum,
Kerala. He is a passionate tester who
likes to practice the context driven
approach. He has vast experience
with web, desktop and mobile
applications and is an active
participant in the crowd sourcing
testing community uTest.
Nandagopal can be reached at
http://twitter.com/nandagopalr
-
8/6/2019 Testing Circus (January2011)
12/45
Wwww w w . T e s t i n g Ci r c u s . c o m J a n u a r y 2 0 1 1 Page - 12 -
IInnffoorrmmaattiioonn ffrroomm tthhee IInntteerrnneett
Keystroke Logging
Keystroke logging (often called keylogging) is the action of tracking (or logging) thekeys struck on a keyboard, typically in a covert manner so that the person using thekeyboard is unaware that their actions are being monitored. There are numerouskeylogging methods, ranging from hardware and software-based approaches toelectromagnetic and acoustic analysis.
Application
Software-based keyloggers:
These are software programs designed to work on the target computers operatingsystem. From a technical perspective there are five categories:Hypervisor-based: The keylogger can theoretically reside in a malware hypervisorrunning underneath the operating system, which remains untouched. It effectivelybecomes a virtual machine. Blue Pill is a conceptual example.Kernel based: This method is difficult both to write and to combat. Such keyloggersreside at the kernel level and are thus difficult to detect, especially for user-modeapplications. They are frequently implemented as rootkits that subvert the operatingsystem kernel and gain unauthorized access to the hardware, making them verypowerful. A keylogger using this method can act as a keyboard driver for example, andthus gain access to any information typed on the keyboard as it goes to the operatingsystem.
API-based: These keyloggers hook keyboard APIs; the operating system then notifiesthe keylogger each time a key is pressed and the keylogger simply records it. APIs suchas GetAsyncKeyState(), GetForegroundWindow(), etc. are used to poll the state of thekeyboard or to subscribe to keyboard events. These types of keyloggers are the easiestto write, but where constant polling of each key is required, they can cause anoticeable increase in CPU usage, and can also miss the occasional key. A more recentexample simply polls the BIOS for preboot authentication PINs that have not beencleared from memory.
-
8/6/2019 Testing Circus (January2011)
13/45
Wwww w w . T e s t i n g Ci r c u s . c o m J a n u a r y 2 0 1 1 Page - 13 -
Form Grabber based: Form Grabber-based keyloggers log web form submissions byrecording the web browsing onSubmit event functions. This records form data before itis passed over the internet and bypasses https encryption.Packet analyzers: This involves capturing network traffic associated with HTTP POSTevents to retrieve unencrypted passwords.
Remote access software keyloggersThese are local software keyloggers programmed with an added feature to transmitrecorded data from the target computer to a monitor at a remote location. Remotecommunication is facilitated by one of four methods:Data is uploaded to a website, database or an FTP account.Data is periodically emailed to a pre-defined email address.Data is wirelessly transmitted by means of an attached hardware system.The software enables a remote login to the local machine via the internet or ethernet,for data logs stored on the target machine to be accessed.
Related featuresSoftware Keyloggers may be augmented with features that capture user information
without relying on keyboard key presses as the sole input. Some of these featuresinclude:Clipboard logging. Anything that has been copied to the clipboard can be captured bythe program.Screen logging. Screenshots are taken in order to capture graphics-based information.Applications with screen logging abilities may take screenshots of the whole screen,just one application or even just around the mouse cursor. They may take thesescreenshots periodically or in response to user behaviours (for example, when a userhas clicked the mouse). A practical application used by some keyloggers with thisscreen logging ability is to take small screenshots around where a mouse has justclicked; these defeat web-based keyboards (for example, the web-based screenkeyboards that are often used by banks) and any web-based on-screen keyboard
without screenshot protection.Programmatically capturing the text in a control. The Microsoft Windows API allowsprograms to request the text 'value' in some controls. This means that some passwordsmay be captured, even if they are hidden behind password masks (usually asterisks).The recording of every program/folder/window opened including a screenshot of eachand every website visited, also including a screenshot of each.The recording of search engines queries, Instant Messenger Conversations, FTPDownloads and other internet based activities (including the bandwidth used).In some advanced software keyloggers, sound can be recorded from a user'smicrophone and video from a user's webcam.
Hardware-based keyloggers
Hardware-based keyloggers do not depend upon any software being installed as theyexist at a hardware level in a computer system.Firmware-based: BIOS-level firmware that handles keyboard events can be modified torecord these events as they are processed. Physical and/or root-level access isrequired to the machine, and the software loaded into the BIOS needs to be createdfor the specific hardware that it will be running on.Keyboard hardware: Hardware keyloggers are used for keystroke logging by means of ahardware circuit that is attached somewhere in between the computer keyboard and
-
8/6/2019 Testing Circus (January2011)
14/45
Wwww w w . T e s t i n g Ci r c u s . c o m J a n u a r y 2 0 1 1 Page - 14 -
the computer, typically inline with the keyboard's cable connector. More stealthyimplementations can be installed or built into standard keyboards, so that no device isvisible on the external cable. Both types log all keyboard activity to their internalmemory, which can be subsequently accessed, for example, by typing in a secret keysequence. A hardware keylogger has an advantage over a software solution: it is notdependent on being installed on the target computer's operating system and therefore
will not interfere with any program running on the target machine or be detected byany software. However its physical presence may be detected if, for example, it isinstalled outside the case as an inline device between the computer and the keyboard.Some of these implementations have the ability to be controlled and monitoredremotely by means of a wireless communication standard.
Wireless keyboard sniffersThese passive sniffers collect packets of data being transferred from a wirelesskeyboard and its receiver. As encryption may be used to secure the wirelesscommunications between the two devices, this may need to be cracked beforehand ifthe transmissions are to be read.
Keyboard overlaysCriminals have been known to use keyboard overlays on ATMs to capture people's PINs.Each keypress is registered by the keyboard of the ATM as well as the criminal's keypadthat is placed over it. The device is designed to look like an integrated part of themachine so that bank customers are unaware of its presence.
Acoustic keyloggersAcoustic cryptanalysis can be used to monitor the sound created by someone typing ona computer. Each character on the keyboard makes a subtly different acousticsignature when stroked. It is then possible to identify which keystroke signaturerelates to which keyboard character via statistical methods such as frequency analysis.The repetition frequency of similar acoustic keystroke signatures, the timings between
different keyboard strokes and other context information such as the probablelanguage in which the user is writing are used in this analysis to map sounds to letters.A fairly long recording (1000 or more keystrokes) is required so that a big enoughsample is collected.
Electromagnetic emissionsIt is possible to capture the electromagnetic emissions of a wired keyboard from up to20 metres (66 ft) away, without being physically wired to it.In 2009, Swiss researchestested 11 different USB, PS/2 and laptop keyboards in a semi-Anechoic chamber andfound them all vulnerable, primarily because of the prohibitive cost of addingshielding during manufacture. The researchers used a wide-band receiver to tune intothe specific frequency of the emissions radiated from the keyboards.
Optical surveillanceOptical surveillance, while not a keylogger in the classical sense, is nonetheless anapproach that can be used to capture passwords or PINs. A strategically placedcamera, such as a hidden surveillance camera at an ATM, can allow a criminal towatch a PIN or password being entered.
Content Sourcehttp://en.wikipedia.org/wiki/Keystroke_logging
-
8/6/2019 Testing Circus (January2011)
15/45
Wwww w w . T e s t i n g Ci r c u s . c o m J a n u a r y 2 0 1 1 Page - 15 -
EEssttiimmeettrriiccss -- PPRREEDDIICCTT AANNDD PPRRAAYY
BBByyyPPaarriimmaallaa SShhaannkkaarraaiiaahh
Akbar, the famous Mughal Emperor once asked his Royal Advisor Birbal, How many
crows are there in our kingdom. After a moments thought, Birbal replied, There are
ninety-five thousand four hundred and sixty-three crows in the kingdom, Sir.
Amazed by his quick response, Akbar asked What if there are more crows than you
mentioned? Without any hesitation, Birbal replied, If there are more crows than my
answer, then it means some crows are visiting from neighboring kingdoms. And if there
are less crows that means that some crows from our kingdom may have gone on
holiday to other kingdoms. Fast forward this story to today.
The Great Saga of Metrics
If you give a manager a numerical target, hell make it even if he has to destroy
the company in the process ~ Deming
Metrics have been both major highlights and big pain points in Testing at the same
time. How many test cases are documented for any product, how long does it take toexecute each test case, how many more is one tester executing compared to his/her
co-worker, how many defects did he/she find
compared to the rest of the team, how many
reported defects were rejected and many more. For
a tester who is willing to test with freedom and
creativity, measurement criteria as above only
discourages them from doing good work. All that the
testers would then choose to do is to adapt
themselves to fit into the parameters that they are
measured against.
For example, if a tester is told to report 30 defects in a quarter (By the way, this is
a real metric in many organizations), he/she would report at least 30 defects by hook
or crook to qualify for the quarterly bonus! Out of 30 defects, if more than 15 were of
low severity, what next? Ah! No worries. That becomes a metric for the next quarter:
Report at least 20 high severity defects of priority type Showstopper/High. Now,
if the product under test has been in the market for more than a few years and if
customers are hardly escalating issues and if there are hardly any feature
-
8/6/2019 Testing Circus (January2011)
16/45
Wwww w w . T e s t i n g Ci r c u s . c o m J a n u a r y 2 0 1 1 Page - 16 -
improvements, how realistic is it to find 20 high severity defects in that product
unless testing was performed by a few people who didnt know what testing is in the
first place?
Numbers Game
Suppose that a routine medical report showed something suspicious about oneshealth. Apart from the family doctor, some people would prefer second/third opinion
especially in critical cases. Such people areoften baffled after different doctorsinterpret same medical report in differentways. One doctor would have focused onthe positive aspect of the report and saidYes, there is a problem. But, we can getyou out of it as long as you believe inyourself and our team. Another doctormight say You are going to live only fornext six months. Get ready with your will.While the third one gives a perfect pictureof what is going on without a speck ofemotion or warmth. Do you go looking fora fourth opinion or decide what is good
enough for your own self?
Ashok T, Founder and CEO at Stag Software Private Limited asks Is 33 diseases in ahuman body good enough to be healthy? Is that a good number to measure the wellbeing of a human being? Does the number of fungal cells wreck as much havoc as thecancerous cells? Is it fair to even compare fungal vs. cancerous cells in the first place?Is any such meaningless comparison and the measurement that follows it any good atall?
Numbers in general are used to impress people. Higher the number, better are theresults. Unfortunately, many organizations today fall victims to this number game andgrant incentives to employees who manage to earn them either through manipulationor least amount of effort. But, their reliability is often suspected. Numbers should notbe used for checking the performance of testers or their efficiency simply becausetesters can bluff around their superiors in any case. After all, it is part of humannature.
Rewards and Incentives
Tester who filed the most number of severity 1 defects, tester who executed most
number of test cases in shortest period of time, tester who helped programmers themost by unit testing several new features (though it was their responsibility to unittest before dropping off the feature to testing teams), testers who say Yes boss to notjust their manager, but also to other teams managers who they interact withirrespective of what is right and ethical to do in any situation and testers who areliked more by nepotists for weird reasons and less for their skills Hurray, these arethe testers who get rewarded in the long run. People in power consider above numbersas The Metrics to measure their sub-ordinates against. Testers consider these astheir personal targets. Once they hit these targets, its done! They dont have to sloganymore. They dont have to work harder. Anyway, they will be rewarded because
-
8/6/2019 Testing Circus (January2011)
17/45
Wwww w w . T e s t i n g Ci r c u s . c o m J a n u a r y 2 0 1 1 Page - 17 -
they crossed their targets. Why bother testing the product further and waste any moretime?
Estimation
The joy of an early release lasts but for a short time. The bitterness of an unusable
system lasts for years ~ Anonymous
For any brand new project, requirements are studied, functional and technical designdocuments are analyzed, test cases are written, detailed test plans are created,appropriate schedules are worked out, detailed project plans are created, publishedand approved by the big guy who is often the project manager or the director of theengineering team in collaboration with the product management team. All of thesewithout involving actual people who code or test the product!
Typically they would need anything between 2-4 weeks to come up with an estimationplan. What? You mean close to one months planning for a project that lasts 2 months.Oh Wow! Of course, there is a lot of documentation to be done, many meetings to
attend, have demos of prototypes and fights/arguments with product managementteams and customers regarding timelines and cost respectively. It does take onemonth. May be, even more. Justified! It is common practice in most organizations tospend a fortune on project plans and estimating how much time it takes to executethem. Mind you, just execute them. Not execute them rightfully!
Does your Number match mine?
Test estimation at a high level includes identifying features to be tested, operatingsystems and browsers to be used, number of test cases that need to be run, number oftesters available, the deadline by which product has to be tested and hand over toproduct management for a formal release. None of these is considered when atimeline is decided for many releases. A tentative date would be decided with someamount of buffer time which mostly goes to programmers. This date is just anestimated date, but it is made out to be THE DATE for the release. All that testersneed to do is to squeeze in their tasks within this limited timeline, Do their best and
leave the rest to their reporting managers.
Project managers and Product managers are keenon just one thing. What is the earliest time bywhich a project can be tested *completely* and*thoroughly*. By thoroughly, they meanexhaustively. They have a rough timeline in theirminds by which their gut feeling says that so andso product can be tested and released in thistimelines. If the testing team comes up withanything equal to or greater than that, these guyshave a problem. They always want to reduce thatnumber and speed up the release. Agree that thecustomer is time pressed to buy the product atthe earliest, but the question is Do you reallywant to deliver a baby in 6 months?
-
8/6/2019 Testing Circus (January2011)
18/45
Wwww w w . T e s t i n g Ci r c u s . c o m J a n u a r y 2 0 1 1 Page - 18 -
Estimates Gone Mad
The word estimation itself says that its justan estimate. It could go wrong. There is a highprobability that estimates end up beingwrong. In spite of this, any deadline
committed is committed. Testers often haveto stretch, work extra hours, sleep in office atnights, work on weekends and still stick to thedeadline. Whether drops to testers weredelayed, whether new requirements came inat last minute, whether defect verificationsresulted in newer defects, whetherregressions failed big time, no one reallyseems to bother unless one killer defectcomes from the customer which cost theorganization, that complete deal. Testers willmanage anyway. After all, that is what they
are hired for! Half the time, they wait. Restof the time, they slog!
Plan, Plan, Plan
Having a plan is a good thing. It will helpforesee many hidden risks within the project.However, worshipping the plan as if someonefrom the top is going to shoot you dead is abad practice. Planning forever, but hardlydoing anything with respect to the plan oracting on it doesnt make any good difference
to any project. Having a preliminary plan,going by that plan, making modifications asnecessary, being flexible to changing prioritiesand timelines, taking some buffer time intoaccount to accommodate miscellaneous issuesare also important. This is how a meaningfulplan is built. To quote Steven M Smith, Havea plan. Dont worship the plan. Follow theenergy and respond to it
Plug and Play
These are the times when customers areready to shell out money to buy products thatare Plug and Play. All it matters to them isproducts have to solve their business problems
with least amount of effort and time from their side.
Times are changing. Measurement mechanisms are changing. And so are organizationalpractices and standards. These days, all that the customer is doing is PREDICT AND
PRAY!
Parimala Shankaraiah has more than
seven years of experience in testing and
mentoring teams of software testers.
Apart from testing that she is most
passionate about, she loves mentoring
upcoming testers and has mentored
over 30 testers. She frequently writes
about her testing experiences at her
Blog. She is also a regular contributor of
articles on testing and issues
concerning testing. Apart from testing,
she loves to play with her 3 yo, read
books, magazines, articles and many
more. She is a self-claimed emotional
overeater who eats to beat everyemotion in the world.
Parimala Shankaraiah works as a
Principal Tester at Consona
Corporation, Bangalore. She blogs at
http://curioustester.blogspot.com/
Parimala can be contacted at
http://twitter.com/curioustester
-
8/6/2019 Testing Circus (January2011)
19/45
Wwww w w . T e s t i n g Ci r c u s . c o m J a n u a r y 2 0 1 1 Page - 19 -
QQQ---PPPaaatttttteeerrrnnnsssQuestioning Patterns (Part 2)
BBByyyVVViiipppuuulll KKKoooccchhheeerrr
Access Rights
Intent
We know that To err is human, so everybody cant be given rights to do anything
neither in social life nor in our systems/applications. Hierarchies are always there to
control or restrict actions of users.
If you have used Administrator/User hierarchy in your code/test you may ask following
questions:
Administration
1. Administration management Administrator role management How is new administrator created Can it be deleted Can new administrators be created Any roles/groups as role for component management only, user management
only etc.
Password management Default password? Change password facility?
This is the last part of two part series of article on Questioning pattern. Readers
are encouraged to read the first part of this article published in the December
2010 issue ofTesting Circus. - Editor
-
8/6/2019 Testing Circus (January2011)
20/45
Wwww w w . T e s t i n g Ci r c u s . c o m J a n u a r y 2 0 1 1 Page - 20 -
1. Can an administrator create the sub administrator? If yes what all rights given tothem to differentiate between administrator and sub administrator.
2. Whether the rights have been divided into separate groups like basic, advancedetc.?
Usage
3. Can a user define roles for herself?4. Can a user create groups for herself?5. Whether the user can view/modify her own rights or only administrator can take
care of this?6. There should be a limited no. of groups etc.( user is not supposed to create a
different group for each role).7. Can a user account temporarily be locked?UI
8. How the rights of a user may be viewed and modified?9. Can the administrator see the rights given to each user on a single screen (like intree structure etc.)?10.Can administrator make the same modification on more than one user/group
simultaneously?
Secur i t y
11.Number of users to access a resource, file etc. can be restricted or not?12.Can a user be restricted from not using certain privileges?13.Whether the Read/Write accesses etc. are being taken care?Performance
14.How much time will it take to show the different screens of user right policies?15.How much time will it take to add/delete/modify roles to users?Search
Intent
Search is the only way to find the existence or non-existence of a record. Search isevery there whether it is in a database, in a document or it is a web-search.If you are using Search in your code/test you may ask following questions:
Administration
1.
Who can perform the search (only an administrator, a user or certain right is to begiven for search)?Usage
1. Does it search on exact matching string?2. Does it allow wild card search?3. What are the wild card characters that are recognized?4. Is wild card substitution for single alphabet/numeric or string recognized?5. When more than one search criteria is allowed does it allow OR or AND of the
conditions?
-
8/6/2019 Testing Circus (January2011)
21/45
Wwww w w . T e s t i n g Ci r c u s . c o m J a n u a r y 2 0 1 1 Page - 21 -
6. Can all kind of operators (relational, logical) be used in search query?7. When using the relational operators for search on alphanumeric characters, what is
the behavior?8. Does it allow specifying default sort order of the search results?9. In case of search criteria being a date/time, does it recognize a specific format or
all the formats?
10.Does it allow search in both directions (up and down)?11.Is the search criterion case-sensitive?12.Can we define the search area (eg. from line number n1 to line number n2)?13.What is the behavior of search in case of check boxes are used in the search form?14.Is the search possible on each component of the application or not?15.Can search results be saved in a different file or not?UI
1. Does it give a correct error message when no matching entries are found?2. When more than one entry satisfies the search criteria does it allow complete
navigation between the entries?3. Does it give an error message in case awrong/invalid format is specified in the searchcriteria?4. If we give wrong search condition then whathappens? It simply shows no result or an errormessage appears?Security
1. Are different levels of search used (eg. Anadministrator can see all the records of anemployee but a user is restricted to some of therecords).Performance
1. If the search result shows 10,000 or 1,00,000records then how much time will it take?2. What happens if we give a very complex queryin search condition?3. What happens if we join contradictory queriesin search condition?
Ot her Suggest ed Pat t erns
Some other useful patterns could be:
UI Pattern (list handling) Groups and templates Error reporting/logging Web related: Java Applets/HTMLpages/ASP/JSP/CGI
Installation
Vipul Kocher is the Co-founder and Co-President ofPureTesting. He is a personwith deep and passionateinterest in software testingwhich also happens to be hisprofession. His other areasof interests are ScienceFiction, Archaeology, Historyof Ancient Bharat, Religions.In his own words Too manyinterests, too few skills.
Vipul can be reached athttp://twitter.com/vipulkocher
-
8/6/2019 Testing Circus (January2011)
22/45
Wwww w w . T e s t i n g Ci r c u s . c o m J a n u a r y 2 0 1 1 Page - 22 -
QQ:: HHooww mmaannyy ssooffttwwaarree tteesstteerrss ddooeess iitt ttaakkee ttoo cchhaannggee aalliigghhtt bbuullbb??
AA:: NNoonnee.. SSooffttwwaarree tteesstteerrss jjuusstt nnoottiicceedd tthhaatt tthhee rroooomm wwaassddaarrkk.. TTeesstteerrss ddoonn''tt ffiixx tthhee pprroobblleemmss,, tthheeyy jjuusstt ffiinndd tthheemm..
QQ:: HHooww mmaannyy DDeevveellooppeerrss ddooeess iitt ttaakkee ttoo cchhaannggee aa lliigghhtt
bbuullbb??AA:: WWhhaatt''ss tthhee pprroobblleemm?? TThhee bbuullbb aatt mmyy ddeesskk wwoorrkkss ffiinnee!!
QQ:: HHooww mmaannyy pprrooggrraammmmeerrss ddooeess iitt ttaakkee ttoo cchhaannggee aa lliigghhttbbuullbb??
AA:: NNOONNEE!! TThhaatt''ss aa hhaarrddwwaarree pprroobblleemm........
-
8/6/2019 Testing Circus (January2011)
23/45
Wwww w w . T e s t i n g Ci r c u s . c o m J a n u a r y 2 0 1 1 Page - 23 -
AA FFAAKKEE TTeesstteerrss DDiiaarryy
ByFFaakkee SSooffttwwaarree TTeesstteerr
The Introduction
Tanash Ramuk is a 23 yr old Software Test Engineer. Having completed his degree in
computer engineering a couple of years back, he joined a start-up and was recently
laid off. 2 Days back, he got a call from Ele Info Systems, a huge off-shoring
software services company known for providing testing services and which could also
boast of becoming a 1 billion $ company from a 1 $ company.
Hes promised to write to us regularly about his adventures with Ele Info Systems
and heres what he wrote to us this week. On how they recruited him.
Chapter 1 - The Recruitment
When Tanash arrived at the walk-in
event, he found himself face-to-face
with 1 of those pretty looking member
of the HR dept. She was given the job
of screening resumes. Observing her
from a distance, Tanash understood
that she was given the job of rejecting
applicants, who did not have --- an
engineering degree, less than 60%
marks in their degree, people whocould not talk proper English. He also
understood that they were hiring for
testing positions.
Tanash slipped in his resume to her and was happy on being shortlisted for the test. He
was asked to sit in a room with another 1000 grads. Looking at the other people who
were writing the test, this is what he saw --- some of them were attending the test to
try and get the job, some of the were there to practice for their CAT exams, some of
-
8/6/2019 Testing Circus (January2011)
24/45
Wwww w w . T e s t i n g Ci r c u s . c o m J a n u a r y 2 0 1 1 Page - 24 -
them looked like wanting to work for pocket money, some of them were there to fund
their MBA exams and classes. His eyes were unable to spot a person for whom testing
was a passion, in the crowd of 1000 people.
Silence --- boomed the mike. Another guy well dressed with a tie took the mike and
announced that they were going to hand out question papers.
Tanashs 1st test lasted 50 mins, 25 questions. He had to solve aptitude problems.
Tanashs 2nd test lasted another 50 mins and another 25 questions. The questions
reminded him of an English test from his school. All questions were objective type
questions.
3 hours later, Tanashs joy grew. He was selected for the interviews scheduled for the
afternoon.
Round 1
His 1st interviewer introduced
himself as a senior Test Lead having
4.78 yrs of experience. Top 3
questions from the interview were:-
1) On Software definitions what is grey box testing? What is thedifference between grey box andwhite box testing? What is thedifference between smoke testingand sanity testing? What is break-in
testing? What is the differencebetween component integrationtesting and system integrationtesting?
2) What is the RequirementTraceability matrix?
3) Tell me about the Defect Life Cycle and the project life cycleRound 2
The 2nd interview was conducted by the manager. The manager initially talked for 10
minutes about himself and the next 5 mins about how challenging it was to work for
this company. Some words he used were cutting edge technology, out of the boxthinking, high-skilled leadership, Browser Wars, etc. Tanash was wondering if he
was being interviewed for some battle. Top 4 questions from the managerial round:-
The italics are Tanashs thoughts on the reply. And the bold ones is the gist of what he
said.
1) Why do you want to join us? (Obviously coz am out of a job) I have alwayswanted to join a company which has become a market leader.
-
8/6/2019 Testing Circus (January2011)
25/45
Wwww w w . T e s t i n g Ci r c u s . c o m J a n u a r y 2 0 1 1 Page - 25 -
2) What do you expect from us? (US, Onsite and lotsa pretty babes).. Achallenging career, working on the latest software and brightest minds,yada yada yada!!!
3) Where do you see yourself in 5 years from now? (@ Whoever pays me what I askfor!!!) Id see myself having experience on the latest technologies, leadinga team and mentoring other new joiners.
4) What can you do for us which the others cannot? (How would I know? I dontknow who else applied) Be more industrious, offer more due to my self-learning abilities, my better writing abilities etc.
Round 3 - HR
And the HR round they were only interested in his
pay. He felt like he was bargaining to a vegetable
vendor across the street. He felt like a resource
while talking to them and not like a humanJ!!!
Top 2 questions from the HR interview
1) Whats your ideal job? (Money, Money andmore money!!!). --- Working in a funenvironment, with the ability to contributetowards the team goals. The atmosphere shouldbe competitive, and should reward quality!!!
2) Why do you think you previous manager is agood manager? (What makes you think hes one? Allmanagers are Jerks and should be fed to the
sharks!!!) --- Coz hes a thought leader and he has been able to effectivelymentor and guide me, without passing on any kind of pressure down to me.
2 more hours later, they promised that the offer letter would arrive in a weeks
time!!!
Only Tanash knew how he came through the tests and interview He was able to
Google the questions and answers the previous day.
Tanashs adventures would continue. Hes promised to write to us about his
adventures!!! Can you identify what you think are fake practices in the above
story?
***All characters and organizations mentioned are imaginary, and any resemblance to
real persons or organization is entirely accidental. - Testing Circus Editorial Team***
-
8/6/2019 Testing Circus (January2011)
26/45
Wwww w w . T e s t i n g Ci r c u s . c o m J a n u a r y 2 0 1 1 Page - 26 -
IImmppoorrttaannccee ooffEEffffeeccttiivvee CCoommmmuunniiccaattiioonn
iinnSSooffttwwaarree TTeessttiinngg
BBByyy DDDeeeeeeppptttiii MMMiiiggglllaaannniii
Testing activity for ensuring quality in any product delivery plays a significant role inthe contemporary picture of IT. Along with the growth of the software industry,Testing departments in the IT companies are getting abundant opportunities to grow.With fast changing environments and increasing demand of quality at low pricesTesting departments are facing new challenges to meet the opportunity.
Effective communication in software testing plays a major part in reducing the scopeof defects, but it has not got the significance it deserves. This paper includes
A. Different forms of Communication in testing describing
t he t ype of communicat ion, common probl ems faced and
recommended solut ion
B .Import ance to say NO in var ious sit uati ons
A. Forms of Communication in TestingCommunication occurs in following forms within and outside the testing team:
Communication amid testing and development team Communication within testing team Communication by test team leader Communication with client
Communication amid testing and development teamObject ive: Development and testing team have to work together in achieving thesingle goal of delivering quality product in predefined time line. It is a two wayprocess.
Pr obl em1: Def ect Report i ng/Unaccept abl e Def ect
Solut i on:An accurately communicated defect plays a major role. Testers have to seehow precise they are explaining the defect to development team. Before reporting
-
8/6/2019 Testing Circus (January2011)
27/45
Wwww w w . T e s t i n g Ci r c u s . c o m J a n u a r y 2 0 1 1 Page - 27 -
testers should reproduce the bug at least twice and report it in well documentedformat. The template/tool used forreporting the defects should includeclear description of defect,sufficient steps to reproduce, exacterror messages, priority, severity
with references to specifications.Tester should also share thescreenshots/logs, examples etc. forready reference and betterunderstanding of defect fordevelopers.
Testing team should ensure that thedefect is communicated within theagreed timelines to the
development team. A defect reported well in time pays long to the team. A defectmay become invalid for the development team after a certain period.
Pr obl em2: Def ensi ve Development Team
Solut i on: Testers are sometimes seen as pain in neck by development team. It istesters job to find the defects. Development team should not be cynical as it is notalways developers fault. Both the teams should not indulge themselves in cold wars.Defects may occur because of several reasons like environment problems,documentation or data, improper requirement gathering etc. Developers should nottake it in person .It is the imperfection of the application and not theirs. They canvery well analyze the defect, notify the grounds for the defects and fix them.
Communication within testing teamObject ive: Testers within team have to test different modules of single
application/project.
Pr obl em 3: Issue det ai l s ar e not on hand among every t eam member
Solut i on: It is essential that the testing team convene on regular basis to discuss
about their technical challenges where every member gets a platform to put forward
his thoughts. This will help the team members to get the resolutions of issues which
are common to the team. Scrum meetings are daily meetings for usually 15-20 minutes
where this type of technical discussion occurs and Internal Knowledge transfer session
for 30 minutes every week should be planned .These type of meetings help in elevated
productivity. It is important that all members of the team should be aware of every
communication with customer.
Communication by test team leaderProbl em: Keeping balance bet ween t echnical and soft ski l ls
-
8/6/2019 Testing Circus (January2011)
28/45
Wwww w w . T e s t i n g Ci r c u s . c o m J a n u a r y 2 0 1 1 Page - 28 -
Solut i on:Team leader should possess good communication and interpersonal skills sothat he can handle conflicts, motivate team members and if required escalate theissues in the application to the Client.
He needs to allocate task to all Testing Team members and ensure that all of themhave sufficient work in the project. The task allocation should be well communicated
to the team so that everyone is aware of their work priorities. Team leader shouldraise the concerns of testing team to management in a timely manner. Effectivecommunication of team leader creates a health environment and boosts the morale oftesting team members. Team leader should frequently give feedback to his teammembers about their work and should mentor team that how new techniques tools,processes can be implemented. Communicating with client needs effective choice ofwords as project success gets impacted because of miscommunication.
Communication with clientObject ive:Testing team has to often communicate with the customer to update thetesting status, share testing reports, and to deliver a quality product meeting
customer requirements.Probl em: Hidi ng problems
Relationship with the customer depends on how clearly we communicate. Trust withinboth the parties is essential in order to communicate the progress, issues or risks facedduring the testing phase. It is the responsibility of testing team to keep the customerupdated about the anticipated issues or risks well in advance to avoid last minutesurprises for both. Team should provide maximum information of any issue or problemto the customer so as to enhance openness and trust.
Pr obl em: Communicat i on gaps wit h cust omer
Solut i on:We need to define the channelsof communication clearly. Team has toidentify SPOC (Single Point of Contact) toact as the first level of contact betweentest team and the customer. These twopeople are the first-level team forresolving problems as they arise, andadditionally we need to archive allinformation passed to the customer.Escalation procedures should be welldefined .Everyone on each side shouldknow, whom the problem is to be
escalated to. It is always good to haveregular meetings (preferably weekly meetings) with the customer to update the testprogress, issues or risks faced so that there wont be any communication gap. B .Importance to say NO in various situationsA tester should also have refusal skills .He should be aware that what software testingcan achieve and what not. Few situations are discussed below which a tester mighthave to deny.
-
8/6/2019 Testing Circus (January2011)
29/45
Wwww w w . T e s t i n g Ci r c u s . c o m J a n u a r y 2 0 1 1 Page - 29 -
CERTIFICATE OF ZERO DEFECTS: Testerssometimes are considered to be the finalauthority of the successful completion.Testing comes at the end of the lifecycle. It is done to ensure the quality buttested product is not a certificate that
the product delivered is a zero defectproduct. Team can follow numerousprocesses to minimize the defects asmuch as possible.
It is always better to deliver the productwith a list of known bugs instead ofhiding or not revealing them to customer.
LAST MINUTE CHANGE: Sometimes userdemands changes at last moment. Ouraim is to satisfy customer in all respects
but delivery team should understand theimpact of change before accepting thechange for current release. If impact ishigh then it should be taken as changerequest rather than including the changeand hastily testing the product to meettimelines.
TESTING TIME CRUNCH: Testers oftenhave to face the situation where testingtime is bought by development team andthe duration for testing time gets
reduced. It is very important for thetesting team to communicate a time linebeyond which they cannot cut down theirtime and delay in product delivery fortesting, will impact the quality of end
product.
To one side f rom removing bugs and usage of t ools in t he
soft ware test ing we should also work upon eliminat ing
f laws in our communiqu capabili t y to make t he t est ing
process more compet ent .
Deepti Miglani has over 6 yearsof IT experience in Testing andsupport functions, currentlyemployed with HCL TechnologiesGurgaon as a Senior Test Engineerin ECMP domain. In her free timeDeepti likes to read and listen tomusic.
Deepti can be reached athttp://twitter.com/deeptimiglani
-
8/6/2019 Testing Circus (January2011)
30/45
Wwww w w . T e s t i n g Ci r c u s . c o m J a n u a r y 2 0 1 1 Page - 30 -
HHHaaasssYYYooouuurrr PPPrrroooddduuucccttt PPPaaasssssseeeddd SSSeeecccuuurrriiitttyyy TTTeeessstttsss???
BBByyySSSaaannnttthhhooossshhh TTTuuuppppppaaaddd
There are many instances where, I have experienced security bugs which could bring
down the product in few seconds. Some are not exploited and some are. It is hard to
know when the attacker breaks the door and gets in, then steals everything withouttrace or breaks everything inside the house and gets out. So who are these guys? And
why do they want to hack into or attack the products?
Some possible reasons might be,
BlackHat guys doing it for funBlackHat guy wanting to look into the e-mail conversations of his / her friendto have fun and share it with others might be one possible reason.
Newbie Hackers wanting to practice some hacking techniquesSome newbie hackers do it on sites which allow to practice and there are somenewbie hackers who do it on any site because thats how they like it.
Enemies might want to do itBlackHat guy when in school had a enemy and that enemy had a portal and nowthis blackhat guy want to take revenge on what his / her enemy did when he /she was in school.
Product is from X country and their enemy country hackers want to harm Xcountry product
There have been instances where X country wages a war of hacking / dDoSattack on Y country who might be their enemy.
BlackHat guys doing it for moneyIf you search on web, some hackers make a public announcement in forums /blogs etc. saying they will get the credentials of so and so person for so much
of X dollars. Ex-employee who knows the vulnerability and might want to exploit it when he
/ she leaves the employer
Professional enemies might want to do it Attacker / BlackHat guy hates the product Someone wants to buy the product or a company and competitor doesnt want
it to happen
Cyber Warfare
-
8/6/2019 Testing Circus (January2011)
31/45
Wwww w w . T e s t i n g Ci r c u s . c o m J a n u a r y 2 0 1 1 Page - 31 -
Some of t he Techniques in Securi t y Test ing
SQL Injection
There have been many testers talking about SQL Injection but, when asked about how
do they do it? Some of the answers are as I use CheatSheet which is on Google or any
SQL Injection tool and etc. Usage of all these is a good idea but, that could be used asa reference material in future if you want to test better for SQL Injection
vulnerability.
Things a tester might want to do,
Knowing the type of database the product is using [ Say No to Flat FileDatabase, Google will help enemy to get the details if its flat file ]
Common mistakes that might have happened by the developer What version of database is the product using? [ If lower version then Google
for the bugs in that particular version ]
Learning more about the SQL queries and practice executing the queriesHTML Tags Execution / Cross Site Scripting
To do this you got to have knowledge about
HTML tags. There are different tests that you
might want to do with respect to HTML tags
execution.
Entering any of the HTML tags like,Example in the First Name and Last
Name during registration. If it is executed thenit can be seen as big font. [ is the big heading ]
Entering javascript to alert with the cookie information This could be highlyvulnerable if cross site scripting vulnerability exists
Learn JavaScripting. Do not just copy paste some JavaScript tag and concludethat product is not vulnerable to cross-site scripting [ Bugs will be happy if you
are such kind of tester ].
How could this affect the product and end-user? [ Some of the points are under
Usability quality criteria as some of the security tests, which are done affect the GUI
if they are not handled properly ]
Text overlapping Cascade Style Sheet not able to handle the layout properly End-user might feel his eyes are strained looking at the text which are
overlapped on one another but end-user has important information to read
-
8/6/2019 Testing Circus (January2011)
32/45
Wwww w w . T e s t i n g Ci r c u s . c o m J a n u a r y 2 0 1 1 Page - 32 -
Through cross site scriptingattackers could steal someones cookie
information and take the access of the
particular session
In a chat conversation if HTMLtags are executed then it might resultin different problems like, sending
large font size text entering malicious
javascript and making the chat
application to stop functioning [
Javascript if not ended properly might
stop the other part of the code from
execution sometimes ]
And many more problemsdepending on various factors /
parameters
Some of the tools / utilities / add-ons
that can be of help to you in starting
with Security Testing,
Fiddler / WireShark Mozilla Firefox add-ons
Firebug, XSSme, Hackbar and many
more which you might want to explore
TestersDesk.com InMiscellaneous Toolkit you can find SQL
Injection tool
FireSheep by Eric Butler Reading articles / books on
Security Testing
Others are for you to explore
Over the last couple of years,
Santhosh Tuppad has come to beknown for his testing skills,winning bug battles & testingcompetitions across the world. Heis an avid testing blogger, testingenthusiast who organizes monthlymeets for testers in Bangalore &Chennai.
He loves being hands on. Whilemany youngsters of his age arethinking about job security,
Santhosh was game to start hisown testing services. Santhoshgot into testing because his girlfriend wanted to. He thanks hisgirl friend so much today.Santhosh blogs at -
http://tuppad.com/blog
Santhosh can be reached athttp://twitter.com/santhoshst
These are very few techniques that
the author has shared. In the Part II,
Santhosh Tuppad will be talking
about more security testing
techniques and approaches. StayTuned! Editor.
-
8/6/2019 Testing Circus (January2011)
33/45
Wwww w w . T e s t i n g Ci r c u s . c o m J a n u a r y 2 0 1 1 Page - 33 -
SSSoooffftttwwwaaarrreeeTTTeeesssttteeerrrsss @@@TTTwwwiiitttttteeerrr
Adam GoucherBIO:Tester. Blogger. Instructor. (Though sometimes not in that order)276 following
813 followers100 listed
http://twitter.com/adamgoucher
Mohinder KhoslaBIO: Provide consultancy in Business Analysis, Data Modelling,Test management and
Application Support for major platforms.212 following
195 followers
20 listed
http://twitter.com/mpkhosla
Lanette CreamerBIO: Software tester, writer, presenter.386 following
950 followers
115 listed
http://twitter.com/lanettecream
-
8/6/2019 Testing Circus (January2011)
34/45
Wwww w w . T e s t i n g Ci r c u s . c o m J a n u a r y 2 0 1 1 Page - 34 -
SSSoooffftttwwwaaarrreee TTTeeesssttteeerrrsss @@@TTTwwwiiitttttteeerrr
Elisabeth HendricksonBIO: Agile Consultant. Tester-Developer. Writer. Geek. Test Obsessed.
571 following
2989 followers
350 listed
http://twitter.com/testobsessed
Moolya TestingBIO: Moolya Software Testing Pvt.Ltd. is a brainual software testing services organization
offering Offshore testing, Exploratory Testing, Check Automation & more.0 following
45 followers
2 listed
http://twitter.com/moolyatesting
..... more testers in next issue.
TestingCircus
Bio: Testing Circus is a free e-magazine on Software Testing.
15 following
245 followers
21 listed
http://twitter.com/testingcircus
-
8/6/2019 Testing Circus (January2011)
35/45
Wwww w w . T e s t i n g Ci r c u s . c o m J a n u a r y 2 0 1 1 Page - 35 -
TTTeeessstttCCCaaassseeeWWWrrriiitttiiinnngggPPPrrraaaccctttiiiccceee
BBByyyNNNaaarrreeessshhh BBBiiissshhhtttRequirement A Fountain Pen
Objective: To generate and write test cases to test a fountain pen.
Sr.No.
Steps to Execute Expected Result ActualResult*
Remarks
1 Check the color of the pen. The color should be grey.
2 Check the Logo of the penmaker.
Actual brand logo should be
printed on the pen.
3 Check the grip of the pen. The pen should not slip when
user writes.
4 Write in different surfaces likeplane paper, art paper etc.
The pen should write on all
paper surfaces such as plane
paper, art paper etc.5 Check whether cap is present. The cap should be present with
pen.
6 Check the Hanger in cap. Hanger should provided in the
cap
7 Check the fitting of the pen capwith the body.
Body of the pen should
perfectly fit with the cap of
the pen.
8 Check whether pen is writing inany climate (hot and cold).
It should write smoothly in any
climate.
9 Check the ink storage/refill inthe pen.
Refill/ink storage should bepresent in the pen.
10 Check the volume of ink in therefill.
Refill should indicate the
availability of ink (full/empty
etc).
11 Check leakage in refill of pen. Pen refill should not leek.
-
8/6/2019 Testing Circus (January2011)
36/45
Wwww w w . T e s t i n g Ci r c u s . c o m J a n u a r y 2 0 1 1 Page - 36 -
*Actual Results are written when you get to test the actual stapler.
In this section we will practice to write test cases on various items, objects and
applications. We do not claim that test cases written here are exhaustive. It is just togive ideas to testers, beginners on how to approach for writing test cases. Readers are
encouraged to share their views on the test cases. Editor
12 Check the color of ink. Color should be blue.
13 Check the Size of nib. Size of the nib like 0.5mm.
14 Check whether the pen can
write in any angle.
Pen should write in any angle.
15 Check the quality of thematerial of the pen.
Pen should not break if it falls
from 2 meter height.
16 Check if the ink blots the paper. Pen ink should not blot on the
paper.
Naresh Bisht has 3 years
experience in Software
Testing. He has hands on
experience in both manual
testing and automation testing
using QTP. He is currently
employed with HCL
Technologies, Gurgaon.
Naresh can be reached at
http://twitter.com/Naresh_Bisht
-
8/6/2019 Testing Circus (January2011)
37/45
Wwww w w . T e s t i n g Ci r c u s . c o m J a n u a r y 2 0 1 1 Page - 37 -
NNNEEEWWWSSS ooonnnSSSoooffftttwwwaaarrreee TTTeeessstttiiinnnggg
NCR Testers Monthly Meet -1 (Noida, India)
The first NCR Testers Monthly Meet (NCRTMM) was held on 18th December, at Impetus
Technologies, Noida attended by more than 50 software testers from NCR region. Vipul
Kocher of Pure Testing, Vipul Gupta of Impetus Technologies and Ajoy Kumar Singha of
HCL Technologies launched the NCRTMM.
The idea of the
meet is to get in
touch with testers
from NCR area and
learn, discuss,
debate on testing
ideas, concepts,
issues and
solutions related to
software testingincluding topics
like automation,
performance,
exploratory and
agile testing and
many more. The
participation will
be voluntary and free of cost, as far as possible.
Few highlight of the meet. Mr. Navneet Sharma presented a topic on use tools to make
our life easier- A testers perspective. "Problem on the table" is something where one
person will propose the topic and other testers would talk/debate and share opinion
on the same. There were four problems on the table topics. 1 - Test data for financial
applications. 2 - Planning effective Adhoc Testing. 3 - Estimation when RFP has very
little information. 4 - Increasing unresolved defects in sprints in agile testing.
-
8/6/2019 Testing Circus (January2011)
38/45
Wwww w w . T e s t i n g Ci r c u s . c o m J a n u a r y 2 0 1 1 Page - 38 -
Also there were key
notes topics where
participants would
share their thoughts
on self proposedtopics. These topics
were not decided by
NCRTMM organizers.
Each speaker was
given 5 minutes to sum
up their thoughts.
There were goodies presented from the
venue organizer Impetus Technologies.
The meet was concluded with lunch. The
next meet is scheduled on 15th January at
Nextag Software and Services, Gurgaon.
For more information visit -
http://ncrtesters.blogspot.com
Trends in software testing for 2011Check out software testing trends for 2011 that will make a significant impact on thetesting scene
IT applications are increasingly constituted of complex business processes and are
becoming more intricate and inter-connected. This aspect, combined with the
pressure to reduce IT spend, is forcing enterprises to look for alternate ways to
manage their growing portfolio of requirements; such as streamlining the quality
processes, increasing the degree of test automation etc. In this context, I would like
to briefly touch upon a few of the software testing trends for 2011 that I believe will
make a significant impact on the testing scene.
Key trends for 2011
Testing on the Cloud: To minimize test environment expenditures and gain better
control of their IT resources, companies are beginning to take advantage of a delivery
model known as cloud computing. In cloud computing, applications and information
are provisioned on-demand, as a shared resource. Cloud architecture can be set up as
-
8/6/2019 Testing Circus (January2011)
39/45
Wwww w w . T e s t i n g Ci r c u s . c o m J a n u a r y 2 0 1 1 Page - 39 -
a public cloud with services dynamically delivered from a third-party provider
hosted outside of the firewall; private cloud where a cloud-like architecture can
be set up over the companys private network (inside the firewall); or a hybrid model
utilizing a combination of internal and external providers. Traditionally, IT would have
had to purchase additional server capacity and deploy it in their test environment,
requiring added staff and extra maintenance expenses. Using the cloud architecture,IT managers are now able to quickly replicate their application test environment on
the cloud and have the capacity they need on-demand. Companies are still cautious
about moving all of their mission-critical applications to the cloud.
Agile Testing: Agile development methodology took the IT world by storm when it first
emerged nearly 10 years ago. Organizations turned from waterfall and other
traditional development methodologies to agile, hoping to improve business
responsiveness, make their applications more adaptable to changing market conditions
and enhance the quality of their IT systems. But these organizations are finding their
own, unique forms of agile. Many organizations find success in taking the best of
traditional methodologies and applying them to their agile projects, creating a unique
hybrid model that works for them. Agile Testing does not emphasize rigidly defined
testing procedures, but rather focuses on testing iteratively against newly developed
code. Quality is achieved from an end customers perspective. Agile brings the
development and testing functions closer together, but it does not automatically turn
developers into good testers, or make testers more familiar with the development
process. Organizations need to take a closer look at the skill sets required by the
testing team to effectively support agile methods. Agile testers need to be more
versatile than traditional testers. On the one hand, they must be more technical, more
familiar with development practices, and comfortable with using non-traditional test
automation tools to validate Graphical User Interface (GUI)-less applications. On theother hand, they need to be close to the business to understand the requirements,
work with end-users throughout the project, react quickly to change and tie
application quality directly to business value.
Right Information at the Right Time: As James Whittaker, an international speaker
once pointed out: Information is at the core of everything we do as software testers.
The better our information about what the software is supposed to be doing and how
it is doing it, the better our testing can actually be. I find it unacceptable that testers
get so little information and none of it is specifically designed to make it easier to do
our jobs. I am happy to say that this is changing... rapidly.... and that in the nearterm, we will certainly be gifted with the right information at the right time. This is
definitely one of the trends that will change perceptions in 2011.
Skilled Testing resources: Organizations are constantly on the lookout for better skill-
sets and test profiles that can add real value to improving the quality of software. In
the past, the development team would typically test the systems they developed.
Today, the profile of a tester is changing rapidly and organizations prefer testers who
-
8/6/2019 Testing Circus (January2011)
40/45
Wwww w w . T e s t i n g Ci r c u s . c o m J a n u a r y 2 0 1 1 Page - 40 -
bring both strong technical skills and the relevant domain and business knowledge to
the table. In addition to being knowledgeable about automation technologies, testers
today are able to understand the purpose of business solutions & requirements and
contribute intelligently to improving the quality of the system. They are also able to
provide actionable analysis to the development community, for faster resolution of
defects. Testing is increasingly seen as being closer to the business and considered avery progressive career path with multiple roles and responsibilities.
Analytics / BI (Business intelligence) Testing: In today's fast paced business
environment, it is almost always an unstated fact that the success of any BI (Business
intelligence)/ Data Warehouse solution lies in its ability to not only analyze vast
quantities of data over time but also to provide stakeholders and end-users meaningful
options that are based on real-time data. This requirement mandates an extremely
efficient system that can extract, transform, cleanse and load data from the source
systems on a 24/7 basis without impacting the performance, scalability or causing
system downtime. One of the key elements contributing to the success of a BI
(Business intelligence)/Data Warehouse solution is the ability of the test team to plan,
design and execute a set of effective tests that will help identify multiple issues
related to data inconsistency, data quality, data security, failures in the extract,
transform and load (ETL) process, performance related issues, accuracy of business
flows and fitness for use from an end user perspective. The primary focus of testing is
usually on the ETL processes. This includes, validating the loading of all required rows,
correct execution of all transformations and successful completion of the cleansing
operation. The team also typically thoroughly tests SQL queries, stored procedures or
queries that produce aggregate or summary tables. Keeping in tune with emerging
trends, it is also important for the test team to design and execute a set of tests that
are customer experience-centric. Reusability of testing assets: Organizations areinvesting time in quality solutions where they reuse 45-60% of their testing assets,
leading to increased testing efficiency, high level of test case automation and shorter
testing cycles. Test automation solutions: Organizations are investing on resources to
implement test automation solutions to increase time to market, save money, improve
accuracy, increase test/requirement coverage and improved team morale.
Summary: Many of the trends outlined in this paper are fast being seen as business-as-
usual practices today. However, these trends are still evolving and lean towards
bringing in measurable gains to the business community, so the budgets for IT testing
are justified.http://www.ciol.com/Developer/Testing/Feature/Trends-in-software-testing-for-2011/145154/0/
-
8/6/2019 Testing Circus (January2011)
41/45
Wwww w w . T e s t i n g Ci r c u s . c o m J a n u a r y 2 0 1 1 Page - 41 -
Problem: There is a link on webpage, when I am
moving mouse over the link, color of link gets changed.
How do you check the change in color after moving the
mouse over the link?
Navigate to url http://indianrail.gov.in/
Hover the mouse over any of the link in left pane and
see how color changed.
Solution: Here is the solution
color_before=Browser("Welcome to Indian
Railway").Page("Welcome to Indian
Railway").Link("Availability at
Major").Object.currentStyle.color
Setting.WebPackage("ReplayT
ype") = 2
Browser("Welcome to Indian Railway").Page("Welcome toIndian Railway").Link("Availability at Major").FireEvent"onmouseover"color_after=Browser("Welcome to IndianRailway").Page("Welcome to IndianRailway").Link("Availability atMajor").Object.currentStyle.color
Setting.WebPackage("ReplayType") = 2msgbox color_before&" "&color_after
The same way you can find the Font Size, Font Name etc.Browser("").Page("").Link("").Object.colorBrowser("").Page("").Link("").Object.fontSizeBrowser("").Page("").Link("").Object.fontFamilyBrowser("").Page("").Link("").Object.backgroundColor
Jaijeet Pandey has over 5
years of experience in
Application Development,Maintenance and Testing.
From more than last 3 years
he is involved in automation
testing with QTP and Load
Runner tools. He also teaches
QTP on weekends. He is
currently employed with
Birlasoft, Noida. He can be
reached athttp://twitter.com/jaijeetpandey
-
8/6/2019 Testing Circus (January2011)
42/45
Wwww w w . T e s t i n g Ci r c u s . c o m J a n u a r y 2 0 1 1 Page - 42 -
IInntteerrvviieeww wwiitthhEErrkkaann YYiillmmaazz
In this section, we will publish interview with
Software Testing professionals in every issue. In
this issue Erkan Yilmaz has shared his ideas
about software testing and how he sees future
of software testing. Editor
Q: How long have you been associated withsoftware testing?A: 6 years. Though I tested (software)much earlier, I just didn't call it that way.
Q: How did you become a software tester?A: During a particular university lecture Iobtained an internship in quality assurancefor an IT company. I liked the tasks + thepeople.
Q: By any means, do you regret beingassociated with software testing?A: No. I had the opportunity to learnbesides the so called software testingpath. I got to know interesting individuals
+ learned more about my brain.
Q: Do you think software testing is lessrespected than other departments in ITindustry?A: It depends on whom you ask. One wayto judge this could perhaps be bycomparing the salary (though the questioncomes up how to generalize this).However, it becomes clearer when you tellpeople what you do for a living + see theirreactions. I made the experience that
when you give a more detailed descriptionof your work people tend to respect itmore. Some may see software testing justa repeating cycle, but actually it is allabout learning (not at last about oneself).
Q: What will you suggest to people whowant to join IT industry as softwaretesters?
Name Erkan Yilmaz
Organization Yilmaz Consulting
Role/Designation Shareholder,
Evangelist
Location Karlsruhe, Germany
After working as Quality Manager for a
German IT company, Erkan Yilmaz will
make customers happy with his
consulting company. In his free time
he deepens his interest in systems
thinking and history.
Email ID erkan77@gmail.com
Blog/Site http://iaskquestions.com
Twitter URL
http://twitter.com/Erkan_Yilmaz
-
8/6/2019 Testing Circus (January2011)
43/45
Wwww w w . T e s t i n g Ci r c u s . c o m J a n u a r y 2 0 1 1 Page - 43 -
A: Don't stop learning (e.g. engage in systems thinking)! Interact with people (fromyour field) outside the company! You will make errors but always be open about it!Q: Where do you see software testing in next five years?A: I see the rise of many Jane Doe + John Doe, providing inputs for others in thesoftware testing field. I see how tester clouds will gain importance thus helpingother testers to improve their skills. I also see better quality for open source
software, since it is one good way to train testers in bug reporting. And this will helpsoftware testing in getting more acceptance + recognition (as a cognitive task).
Q: What qualities will you look for in a candidate when you want to recruit someonefor software testing job?A: I look how people approach problems. Since candidates are generally nervous atthe beginning I give them items they are familiar with (pencil, pen, puncher, thechair they sit on ...) + ask them to evaluate these. Later I want to see them workingon a task that they actually expected (a software task). Apart from that I also lookif they are honest how they present themselves.My advice for the interview: also swap tables and ask for the interviewer's opinion.Don't forget: the company must also suit you!
Q: Your weekend routine?A: Talk with friends, listening to erhu + haegeum music + with a fresh coffee mighteven finish a book.
Q: Movie you would like to watch again?A: Gladiator + from Bollywood genre: Kabhi Khushi Kabhie Gham.
Q: I am a social networking site geek Or I hate facebook /orkut / twitter?A: I use twitter + I'm using IRC a lot. I'm also enthusiastic about wikis (Wikipedia,
Wikiversity, ...).
Speed up your Testing Career.
Take Online Trainings on
Software Testing !!!
wwwwww..BBeessttSSooffttwwaarreeTTeessttiinngg..ccoomm
-
8/6/2019 Testing Circus (January2011)
44/45
Wwww w w . T e s t i n g Ci r c u s . c o m J a n u a r y 2 0 1 1 Page - 44 -
We are inviting at least one representative from each IT
organization where testing is practiced as an independent activity
different from development. These TCRs will help us in bringing in
more testers to Testing Circus; to read, contribute and to share
knowledge on software testing. We will publish a list of TCRs in this
magazine. Write to us (tcr@testingcircus.com) with your
organization name and location. Our team will contact you to work further in this
area. Inde
top related