Aditi Technologies

Basic Concepts of Software Testing

Software Testing
Basic Concepts and Industry awareness

Page 1 of 60

Aditi Technologies

Basic Concepts of Software Testing

Table of Contents 1. Introduction.................................................................................................4 2. Types of Testing...........................................................................................4 2.1. White Box Testing...................................................................................4 2.2. Black Box Testing....................................................................................4 2.3. Unit Testing............................................................................................5 2.3.1. Benefits ...........................................................................................5 2.3.2. Encourages change ...........................................................................5 2.3.3. Simplifies Integration ........................................................................5 2.3.4. Documents the code .........................................................................5 2.3.5. Separation of Interface from Implementation .......................................6 2.3.6. Limitations .......................................................................................6 2.4. Integration testing .................................................................................6 2.4.1. Purpose ...........................................................................................6 2.5. Performance Testing................................................................................7 2.5.1. Technology ......................................................................................7 2.5.2. Performance specifications .................................................................7 2.5.3. Tasks to undertake ...........................................................................8 2.6. Stress Testing ........................................................................................8 2.7. Security Testing......................................................................................9 2.7.1. Security Testing Techniques ...............................................................9 2.8. Usability Testing.....................................................................................9 2.9. Stability Testing....................................................................................10 2.10. Acceptance Testing..............................................................................10 2.11. Installation Testing..............................................................................10 2.12. Alfa Testing........................................................................................11 2.13. Beta Testing.......................................................................................11 2.14. Product Testing...................................................................................11 2.15. System Testing...................................................................................12 2.16. Regression Testing...............................................................................12 2.17. Compatibility Testing...........................................................................13 2.18. Test Cases, Suits, Scripts and Scenario..................................................13 2.19. Defect Tracking...................................................................................14 2.20. Formal Verification...............................................................................14 2.20.1. Validation and Verification ..............................................................14 2.21. Fuzz Testing.......................................................................................15 2.21.1. Uses ............................................................................................15 2.21.2. Fuzz testing methods .....................................................................15 2.21.3. Event-driven fuzz ..........................................................................16 2.21.4. Character-driven fuzz ....................................................................16 2.21.5. Database fuzz ...............................................................................16 3. Manual Testing...........................................................................................17 3.1. Facts...................................................................................................17 3.2. Software Crisis .....................................................................................17 3.3. Software Myths ....................................................................................17 3.3.1. Management Myths .........................................................................17 3.3.2. Developers Myths ...........................................................................17 3.3.3. Customer’s Myth .............................................................................18 3.3.4. What do we do? ..............................................................................18 3.4. Software Quality Assurance: ..................................................................18 3.4.1. Verification: ...................................................................................18 3.4.2. Validation: .....................................................................................18 3.5. Software Life Cycle Models: ...................................................................18

Page 2 of 60

Aditi Technologies

Basic Concepts of Software Testing

3.6. What makes a good Software QA engineer? .............................................18 3.7. Testing: ..............................................................................................19 3.7.1. Why Testing? .................................................................................19 3.8. Test Life Cycle .....................................................................................19 3.9. Testing Techniques ...............................................................................19 3.10. Test Plan: ..........................................................................................19 3.10.1. Test Specification: .........................................................................20 4. Testing Procedure.......................................................................................20 4.1. Bug Tracking .......................................................................................20 5. Testing Tools and Software..........................................................................23 5.1. Load and Performance Test Tools ...........................................................23 5.2. Java test Tools......................................................................................23 5.3. Link Checking Tools...............................................................................27 5.4. Perl Testing Tools..................................................................................28 5.5. Web Functional and Regression Testing Tools............................................28 5.6. Web Site Security Test Tools...................................................................33 5.7. Web Site Management Tools...................................................................37 5.8. Other Web Testing Tools........................................................................45 6. Testing FAQ ..............................................................................................50

Page 3 of 60

In other words Testing is nothing but CRITICISM or COMPARISION. glass-box and clear-box.2. the word testing is connoted to mean the dynamic analysis of the product—putting the product through its paces. not merely a matter of creating and following rote procedure. Black-box test design is usually described as focusing on testing functional requirements. He or she can then see if the program diverges from its intended goal. There are many approaches to software testing. Refer to the ISO standard ISO 9126 for a more complete list of attributes and criteria. and all visible code must also be readable. and the product answers with its behavior in reaction to the probing of the tester. This is a software testing technique whereby explicit knowledge of the internal workings of the item being tested are used to select the test data. where the "questions" are things the tester tries to do with the product. stability. 2. Synonyms for white-box include: structural. Black-box test design treats the system as a "black-box". With that in mind. but effective testing of complex products is essentially a process of investigation. Although most of the intellectual processes of testing are nearly identical to that of review or inspection. so it doesn't explicitly use knowledge of the internal structure. 2. White Box Testing White box testing is also known as glass box. structural. portability. The quality of the application can and normally does vary widely from system to system but some of the common quality attributes include reliability. and it focuses specifically on using internal knowledge of the software to guide the selection of test data. testing can never completely establish the correctness of computer software. Black Box Testing Testing of a function without knowing internal structure of the program.1. Here comparison in the sense comparing the actual value with expected one. white box testing uses specific knowledge of programming code to examine outputs. clear box and open box testing. and closed-box. completeness and quality of developed computer software. maintainability and usability. Unlike black box testing. Page 4 of 60 . Black-box and white-box are test design methods. One definition of testing is "the process of questioning a product in order to evaluate it". functional. opaque-box. White-box test design allows one to peek inside the "box". White box testing does not account for errors caused by omission. The test is accurate only if the tester knows what the program is supposed to do. Introduction Testing is a process used to help identify the correctness.Aditi Technologies Basic Concepts of Software Testing 1. Types of Testing 2. Synonyms for black-box include: behavioral.

3. This isolated testing provides four main benefits: 2. One has to use a mixture of different methods so that they aren't hindered by the limitations of a particular one.Benefits The goal of unit testing is to isolate each part of the program and show that the individual parts are correct. By testing the parts of a program first and then testing the sum of its parts will make integration testing easier.Documents the code Unit testing provides a sort of "living document" for the class being tested. Unit testing is usually associated with structural test design. a unit test is a method of testing the correctness of a particular module of source code. etc. Behavioral test design is slightly different from black-box test design because the use of internal knowledge isn't strictly forbidden. 2. 2.2. Unit Testing In computer programming. This type of testing is mostly done by the developers.3.3. It is important to understand that these methods are used during the test design phase.) can use any test design methods. system testing. 2. In practice.3. Clients looking to learn how to use the class can look at the unit tests to determine how to use the class to fit their needs. but it's still discouraged.Encourages change Unit testing allows the programmer to re-factor code at a later date. but this is because testers usually don't have well-defined requirements at the unit level to validate. This provides the benefit of encouraging programmers to make changes to the code since it is easy for the programmer to check if the piece is still working properly.Simplifies Integration Unit testing helps eliminate uncertainty in the pieces themselves and can be used in a bottom-up testing style approach.4.3. The idea is to write test cases for every non-trivial function or method in the module so that each test case is separate from the others if possible.Aditi Technologies Basic Concepts of Software Testing While black-box and white-box are terms that are still in popular use. Page 5 of 60 . many people prefer the terms "behavioral" and "structural".1. Note that any level of testing (unit testing. Some call this "gray-box" or "translucent-box" test design. but others wish we'd stop talking about boxes altogether. and make sure the module still works correctly (regression testing). It provides a written contract that the piece must satisfy. and their influence is hard to see in the tests once they're implemented. 2.3. it hasn't proven useful to use a single test design method.

it may not be trivial to anticipate all special cases of input the program unit under study may receive in reality. testing a class can frequently spill over into testing another class. By definition. 2. for example. These "design items". the software developer abstracts an interface around the database connection. thus minimizing dependencies in the system. it will not catch integration errors. The overall idea is the "building block" approach in which verified assemblages are added to a verified base which is then used to support the Integration testing of further assemblages. and then implements that interface with their own Mock Object. takes as its input modules that have been checked out by unit testing.3.5. success and error cases being simulated via appropriate parameter and data inputs. In addition. As a result. Therefore. assemblages (or groups of units).6. are exercised through their interfaces using Black box testing. it only tests the functionality of the units themselves.4. This results in loosely coupled code. Simulated usage of shared data areas and inter-process communication is tested.3. All test cases are constructed to test that all components within assemblages interact correctly.1. in order to test the class. because a unit test should never go outside of its own class boundary.Purpose The purpose of Integration testing is to verify functional. 2. It follows unit testing and precedes system testing. A common example of this is classes that depend on a database. across procedure calls or process activations. performance and reliability requirements placed on major design items. 2. i. performance problems and any other system-wide issues.Separation of Interface from Implementation Because some classes may have references to other classes. individual subsystems are exercised through their input interface.4.Limitations It is important to realize that unit-testing will not catch every error in the program. Integration testing Integration Testing is the phase of software testing in which individual software modules are combined and tested as a group. This is a mistake.e. applies tests defined in an Integration test plan to those aggregates. the tester finds herself writing code that interacts with the database. groups them in larger aggregates.Aditi Technologies Basic Concepts of Software Testing 2. Unit testing is only effective if it is used in conjunction with other software testing activities. and delivers as its output the integrated system ready for system testing. Page 6 of 60 .

i. Performance Testing In software engineering. The usual sequence is to ramp up the load – starting with a small number of virtual users and increasing the number over a period to some maximum. Performance testing can be combined with stress testing. etc. The test result shows how the performance varies with the load.g.. it is often crucial (and often difficult to arrange) for the test conditions to be similar to the expected actual use. performance testing is frequently used as part of the process of performance profile tuning. are available to perform such tests. Performance testing can serve different purposes. response time. In performance testing. It is sometimes a difficult task to identify which part of the system represents this critical path.e. in order to see what happens when an acceptable load is exceeded –does the system crash? How long does it take to recover if a large load is reduced? Does it fail in a way that causes collateral damage? 2. The idea is to identify the “weakest link” – there is inevitably a part of the system which. Or it can measure what parts of the system or workload cause the system to perform badly. Various tools. given as number of users vs.5. Sometimes the results can reveal oddities. there are outliers of a few key transactions that take considerably longer to complete – something that might be caused by inefficient database queries. 2. coordinating and gathering metrics from each of the injectors and collating performance data for reporting purposes.2. Tools in this category usually execute a suite of tests which will emulate real users against the system. It can demonstrate that the system meets performance criteria. a separate PC acts as a test conductor. that while the average response time might be acceptable. performance testing is testing that is performed to determine how fast some aspect of a system performs under a particular workload.Technology Performance testing technology employs one or more PCs to act as injectors – each emulating the presence or numbers of users and each running an automated sequence of interactions (recorded as a script. no one will have expressed what the maximum acceptable response time for a given population of users is. Usually. and some test tools come provided with (or can have add- Page 7 of 60 . software engineers use tools such as profilers to measure what parts of a device or software contribute most to the poor performance or to establish throughput levels (and thresholds) for maintained acceptable response time.5. if it is made to respond faster.Aditi Technologies Basic Concepts of Software Testing 2. In the diagnostic case. will result in the overall system running faster. including Compuware Corporation's QACenter Performance Edition. However.Performance specifications Performance testing is frequently not performed against a specification. or as a series of scripts to emulate different types of user interaction) with the host whose performance is being tested. e.5. It can compare two systems to find which performs better.1.

deployment of server instrumentation. Set up of a configuration of injectors/controller Set up of the test configuration (ideally identical hardware to the production platform). It involves testing beyond normal operational capacity. For example. It is always helpful to have a statement of the likely peak numbers of users that might be expected to use the system at peak times.Aditi Technologies Basic Concepts of Software Testing ons that provide) instrumentation that runs on the server and reports transaction times. often to a breaking point. 2. database access times.3. or investigation of critical path and recommendation of corrective action. There is an apocryphal story of a company that spent a large amount optimizing their software without having performed a proper analysis of the problem.5. network overhead. but even having the most efficient idle loop in the world obviously didn’t improve overall performance one iota! Performance testing almost invariably identifies that it is parts of the software (rather than hardware) that contribute most to delays in processing users’ requests. It can also be done in-house. etc. router configuration. where they had found the system spent most of its time. in order to observe the results. which can be analyzed together with the raw performance statistics. quiet network (we don’t want results upset by other users). They ended up rewriting the system’s ‘idle loop’. 2. If there can also be a statement of what constitutes the maximum allowable 95 percentile response time. Without such instrumentation one might have to have someone crouched over Windows Task Manager at the server to see how much CPU load the performance tests are generating.Tasks to undertake Tasks to perform such a test would include: • • • • • • Analysis of the types of interaction that should be emulated and the production of scripts to do those emulations Decision whether to use internal or external resources to perform the tests. and even done in different parts of the country. a web server may be stress tested Page 8 of 60 . Running the tests – probably repeatedly in order to see whether any unaccounted for factor might affect the results. Analyzing the results. Stress Testing Stress Testing is a form of testing that is used to determine the stability of a given system or entity. Performance testing can be performed across the web. since it is known that the response times of the internet itself vary regionally. although routers would then need to be configured to introduce the lag what would typically occur on public networks. either pass/fail. then an injector configuration could be used to test whether the proposed system met that specification.6.

Downtime. Data theft. including making things work with people.7. A designers' primary function should be more than appearance. If usability testing uncovers difficulties. Data corruption and application Defacement. such as people having difficulty understanding instructions." Page 9 of 60 . a document. 2. forcing designers to develop systems based on management expectations instead of people's needs. bots. Security within an application or web service is crucial to avoid such vulnerabilities and new threats.1. An external security vulnerability review by Third Eye Testing will give you the best possible confidence that your application is as secure as possible.8. whereas general human-computer interaction studies attempt to formulate universal principles. 2.you must arrange an experiment that measures a subject's ability to use your document. i. or interpreting feedback. Usability Testing Usability testing is a means for measuring how well people can use some humanmade object (such as a web page. manipulating parts. or a device) for its intended purpose. software testing.Aditi Technologies Basic Concepts of Software Testing using scripts. a computer interface. During usability testing. to discover errors and areas of improvement.Security Testing Techniques • • • • • • • • Vulnerability Scanning Network Scanning Password Cracking Log Views Virus Detect Penetration Testing File Integrity Checkers War Dialing 2. then developers should improve the design and test it again. the detection of application vulnerabilities requires independent evaluation of your specific application's features and functions by experts. Usability testing focuses on a particular object or a small set of objects.7. "Caution: simply gathering opinions is not usability testing -. usability testing measures the usability of the object. Designers commonly focus excessively on creating designs that look "cool". and various denial of service tools to observe the performance of a web site during peak loads. the aim is to observe people using the product in as realistic a situation as possible. Stress testing a subset of load testing.e. This is often caused by pressure from the people in charge. Security Testing Application vulnerabilities leave your system open to attacks. Also see testing. performance testing. While automated tools can help to eliminate many generic security issues. compromising usability and functionality.

Rather. paper prototypes. when testing instructions for assembling a toy. For example. Instruction phrasing. The idea is that if the software works as intended and without issues during a simulation of normal use. a scenario would describe a situation where a person needs to send an e-mail attachment. The technique popularly used to gather data during a usability test is called a think aloud protocol. 2. "Do you understand this?". Acceptance Testing User acceptance testing (UAT) is one of the final stages of a software project and will often occur before the customer accepts a new system. to test the attachment function of an e-mail program. Stability Testing In software testing. and the toy's design all affect the assembly process.9. the test subjects should be given the instructions and a box of parts. and ask him or her to undertake this task. so that developers can see problem areas. Test designers will draw up a formal test plan and devise a range of severity levels. In the pharmaceutical field. Page 10 of 60 .). Results of these tests will allow both the customers and the developers to be confident that the system will work as intended. wherein the person performs a list of tasks using the product being tested while observers watch and take notes. developers have derived from the User Requirements Specification. The test scripts will emulate real-world usage of the system. The focus in this type of testing is less on simple problems (spelling mistakes. The aim is to observe how people function in a realistic manner. ideally. and pre. the focus is on a final verification of the required business function and flow of the system. software will not run etc. it will work just the same in production. it refers to a period of time during which a multi-dose product retains its quality after the container is opened. Installation Testing Installation testing (in software engineering) can simply be defined as any testing that occurs outside of the development environment. or realistic situation.10. For example. and what people like. illustration quality.and post-test questionnaires are also used to gather feedback on the product being tested. to which the system should conform.Aditi Technologies Basic Concepts of Software Testing Rather than showing users a rough draft and asking. 2. stability testing is an attempt to determine if an application will crash. Users of the system will perform these tests which. usability testing involves watching people trying to use something for its intended purpose. Developers should have worked out these issues during unit testing and integration testing. cosmetic problems) and show stoppers (major problems like the software crashing. Several other test instruments such as scripted instructions. 2.11. Setting up a usability test involves carefully creating a scenario.

the software is released to a limited audience who would finally form the end users. Whilst the ideal installation might simply appear to be to run a setup program. Ideally. In-house developers often test the software in what is known as 'ALPHA' testing which is often performed under a debugger or with hardware-assisted debugging to catch bugs quickly. testing is usually required before release to the general public. This process helps in determining whether the final software meets its intended purpose and whether the end users would accept the same.13. the generation of that setup program itself and its efficacy in a variety of machine and operating system environments can require extensive testing before it can be used with confidence. however no serious or critical bugs would exist. Product Testing Software Product development companies face unique challenges in testing. Beta Testing Many a time. The product handed out as a Beta Release is not bug free.12. This is often known as the second stage of alpha testing. This technique is known as black box testing.14. Page 11 of 60 . A factor that can increase the organizational requirements of such an exercise is the need to synchronize the data in the test deployment environment with that in the live environment with minimum disruption to live operation. to use it / test it and come back with feedback or bugs. 2. 2. particularly where software is to be released into an already live target environment (such as an operational web site) installation (or deployment as it is sometimes called) can involve database schema changes as well as the installation of new software. Product testing experts design the test process to take advantage of the economies of scope and scale that are present in a software product.Aditi Technologies Basic Concepts of Software Testing Such testing will frequently occur on the computer system the software product will eventually be installed on. 2. In distributed systems. the deployment plan itself should be tested in an environment that is a replica of the live environment. Deployment plans in such circumstances may include back-out procedures whose use is intended to roll the target environment back in the event that the deployment is unsuccessful. Alfa Testing In software development. It can then be handed over to testing staff for additional inspection in an environment similar to how it was intended to be used. A beta release is very close to the final release. Only suitably organized and executed test process can contribute to the success of a software product.

System testing is testing conducted on a complete.15. Regression testing is more of a limiting type of testing.Aditi Technologies Basic Concepts of Software Testing These activities are sequenced and scheduled so that a test activity occurs immediately following the construction activity whose output the test is intended to validate. As a rule. 1990. should require no knowledge of the inner design of the code or logic (IEEE. System testing falls within the scope of Black box testing. During this testing. Alpha testing and Beta testing are sub-categories of Regression testing. 2. System testing is more of a limiting type of testing. 1990. The purpose of Integration testing is to detect any inconsistencies between the software units that are integrated together called assemblages or between any of the assemblages and hardware.16. Regression Testing Regression Testing is typically carried out at the end of the development cycle. Regression testing is testing conducted on a complete. where it seeks to detect both defects within the "inter-assemblages" and also the system as a whole. New York. The purpose of Integration testing is to detect any inconsistencies between the software units that are integrated together called assemblages or between any of the assemblages and hardware. Page 12 of 60 .). integrated system to evaluate the system's compliance with its specified requirements. As a rule. as its input. According to the IEEE Standard Computer Dictionary. and as such. System testing takes. NY. 2. should require no knowledge of the inner design of the code or logic (IEEE. Regression testing takes. where it seeks to detect both defects within the "inter-assemblages" and also the system as a whole. as its input. New York. and as such. IEEE Standard Computer Dictionary: A Compilation of IEEE Standard Computer Glossaries. NY. all of the "integrated" software components that have successfully passed Integration testing and also the software Regression itself integrated with any applicable hardware Regression(s). integrated system to evaluate the system's compliance with its specified requirements. all bug previously identified and fixed is tested along with it's impacted areas to confirm the fix and it's impact if any. Alpha testing and Beta testing are sub-categories of System testing. all of the "integrated" software components that have successfully passed Integration testing and also the software system itself integrated with any applicable hardware system(s).). Regression testing falls within the scope of Black box testing. IEEE Standard Computer Dictionary: A Compilation of IEEE Standard Computer Glossaries. System Testing According to the IEEE Standard Computer Dictionary.

It can occasionally be a series of steps but with one expected result or expected outcome. The ideal scenario test has five key characteristics. Suits. Test scripts should be written for modules with the highest risk of failure and the highest impact if the risk becomes an issue. and its expected result. you may also be able to see past test results and who generated the results and the system configuration used to generate those results. It definitely contains a section where the tester identifies the system configuration used during testing. (c) credible. Compatibility Testing One of the challenges of software development is ensuring that the application works properly on the different platforms and operating systems on the market and also with the applications and devices in its environment. The optional fields are a test case ID. and (e) easy to evaluate. Collections of test cases are sometimes incorrectly termed a test plan. related requirement(s). In a database system. It is (a) a story that is (b) motivating. or even a test scenario. A scenario test is a test based on a hypothetical story used to help a person think through a complex problem or system. and descriptions. Test suites and scenarios can be used in concert for complete system tests. A group of test cases may also contain prerequisite states or steps. thus ensuring you that the application is compatible with various hardware. and descriptions of the following tests. Compatibility testing service aims at locating application problems by running them in real environments. They are usually different from test cases in that test cases are single steps and scenarios cover a number of steps. Page 13 of 60 . operating system and browser versions. A test case should also contain a place for the actual result. along with various additional pieces of information. depth. test category. Most companies that use automated testing will call the code that is used their test scripts. They may also be called a test script. and regression testing. Most white box tester write and use test scripts in unit. system. The test suite often also contains more detailed instructions or goals for each collection of test cases. A test case is usually a single step. These past results would usually be stored in a separate table.17. spreadsheet. Scripts and Scenario Black box testers usually write test cases for the majority of their testing activities. They can be as simple as a diagram for a testing environment or they could be a description written in prose. 2. These steps can be stored in a word processor document. (d) complex. Larger test cases may also contain prerequisite states or steps. test step or order of execution number. author. The most common term for a collection of test cases is a test suite. Test Cases.18. database or other common repository.Aditi Technologies Basic Concepts of Software Testing 2. and check boxes for whether the test is automatable and has been automated.

E.20.. Defect Tracking In engineering. or recording feedback from customers).e. Petri nets. cryptographic protocols. Often one refers to the overall checking process as V & V. Usually formal verification is carried out algorithmically. Validation and Verification Verification is one aspect of testing a product's fitness for purpose. Defect tracking is important in software engineering as complex software systems typically have tens or hundreds of thousands of defects: managing. such as linear temporal logic (LTL) or computational tree logic (CTL). Verification: "Are we building the product right?” i.e. combinatorial circuits. and abstractions of general software components. Validation: "Are we building the right product?” i. 2. abstract interpretation. using formal methods. which is more closely related to exploratory testing. and tracking them to closure.Aditi Technologies Basic Concepts of Software Testing Scenario testing is similar to. but the two concepts can be used in conjunction. and reasoning with the aid of automatic theorem provers such as HOL or Isabelle.. System types that are considered in the literature for formal verification include finite state machines (FSM). does the product conform to the specifications. The properties to be verified are often described in temporal logics. 2. Validation is the complementary aspect. The verification process consists of static and dynamic parts. does the product do what the user really requires.g.20. but not the same as session-based testing. formal verification is the act of proving or disproving the correctness of a system with respect to a certain formal specification or property. abstraction refinement. The main approaches to implementing formal verification include state space enumeration. Formal Verification In the context of hardware and software systems. for a software product one can inspect the source code (static) and run against specific test cases (dynamic). labeled transition systems (LTS) and their compositions. symbolic state space enumeration. Page 14 of 60 . timed automata and hybrid automata. defect tracking is the process of finding defects in a product. Defect tracking systems are computer database systems that store defects and help people to manage them. processalgebraic methods. testing.19.1. evaluating and prioritizing these defects is a difficult task.. (by inspection. digital circuits with internal memory. 2.

Aditi Technologies Basic Concepts of Software Testing Validation usually can only be done dynamically. If the program fails (for example. Fuzz testing methods As a practical matter. usually before applying it to the software. and in many cases passing a fuzz test may only demonstrate that a piece of software handles exceptions without crashing. Thus. However. then there are defects to correct.e. The advantage here is that the cost of generating the tests is relatively low. The great advantage of fuzz testing is that the test design is extremely simple. and fuzz testing is one of the techniques which offer a high benefit to cost ratio. by crashing. 2. 2. such as relational databases. the test data is preserved. developers need to reproduce errors in order to fix them. These usually have a budget to develop test tools. fuzz testing can only be regarded as a proxy for program correctness. Fuzz Testing Fuzz testing is a software testing technique.21. 2. fuzz testing is not a substitute for exhaustive testing or formal methods: it can only provide a random sample of the system's behavior.21. and free of preconceptions about system behavior. Fuzz testing is thought to enhance software security and software safety because it often finds odd oversights and defects which human testers would fail to find. with fuzz test failures actually being more useful as a bug-finding tool than fuzz test passes as an assurance of quality. i. Modern software has several different types of inputs: • Event driven inputs are usually from a graphical user interface. Uses Fuzz testing is often used in large software development projects that perform black box testing.. There are at least two different forms of fuzz testing: Page 15 of 60 . Fuzz testing is also used as a gross measurement of a large software system's quality. so that if the computer fails dramatically. • Database inputs are from tabular data.1. • Character driven inputs are from files or data streams. almost all fuzz testing makes a record of the data it manufactures. rather than behaving correctly.2. and even careful human test designers would fail to create tests for. the product is tested by putting it through typical usages and atypical usages ("Can we break it?"). or by failing in-built code assertions). rather than a direct measure. third party testers have used fuzz testing to evaluate the relative merits of different operating systems and application programs. The basic idea is to attach the inputs of a program to a source of random data. or possibly from a mechanism in an embedded system.21. For example. For this reason.

because input and comparison constraints reduce the invalid data in a database. and then ignore impossible requests.21. Database fuzz is controversial.Aditi Technologies Basic Concepts of Software Testing • • • Valid fuzz attempts to assure that the random input is reasonable. The queue is filled with data structures that have random values.4. software must validate all fields of every queue entry. To succeed in a fuzz-tested environment. Character-driven fuzz Normally this is provided as a stream of random data. fuzz-generated randomness can test the un-designed behavior surrounding a wider range of designed system states. when the character data exceeds the available buffer space. Robust error detection systems will report only the most significant or most recent error over a period of time. and a general-purpose interface is available to users. Simple fuzz usually uses a pseudo random number generator to provide input.21. The classic source in UNIX is the random data generator. Since major customer and enterprise management Page 16 of 60 . Event-driven fuzz Normally this is provided as a queue of data-structures. However.5. By using all of these techniques in combination. 2. or conforms to actual production data. One of the more interesting issues with real-time event handling is that if error reporting is too verbose. Fuzz testing may use tools to simulate all of these domains. simply providing error status can cause resource problems or a crash.21. One common problem with a character driven program is a buffer overrun.3. Database fuzz The standard database scheme is usually filled with fuzz that is random data of random sizes. Another is that decode tables or logic may be incomplete. This problem tends to recur in every instance in which a string or number is parsed from the data stream and placed in a limited-size area. 2. decode every possible binary value. often the database is more tolerant of odd data than its client software. Often the same schema descriptions can be used to automatically generate fuzz databases. Some IT shops use software tools to migrate and manipulate such databases. A combined approach uses valid test data with some proportion of totally random input injected. without even crude validation. The most common problem with an event-driven program is that it will often simply use the data in the queue. not handling every possible binary value. 2.

Aditi Technologies

Basic Concepts of Software Testing

software is starting to be open-source, database-based security attacks are becoming more credible. A common problem with fuzz databases is buffer overrun. A common data dictionary, with some form of automated enforcement is quite helpful and entirely possible. To enforce this, normally all the database clients need to be recompiled and retested at the same time. Another common problem is that database clients may not understand the binary possibilities of the database field type, or, legacy software might have been ported to a new database system with different possible binary values. A normal, inexpensive solution is to have each program validate database inputs in the same fashion as user inputs. The normal way to achieve this is to periodically "clean" production databases with automated verifiers.

3. Manual Testing
3.1.
• • •

Facts
In India itself, Software industry growth has been phenomenal. IT field has enormously grown in the past 50 years. IT industry in India is expected to touch 10,000 crores of which software share is dramatically increasing.

3.2.
• • •

Software Crisis
Software cost/schedules are grossly inaccurate. Cost overruns of several times, schedule slippage’s by months, or even years are common. Productivity of people has not kept pace with demand. Added to it is the shortage of skilled people. Productivity of people has not kept pace with demand Added to it is the shortage of skilled people.

3.3.
• • • • • •

Software Myths
Software Management is different. Why change or approach to development? We have provided the state-of-the-art hardware. Problems are technical If project is late, add more engineers. We need better people.

3.3.1.Management Myths

3.3.2.Developers Myths
• • • • We must start with firm requirements Why bother about Software Engineering techniques, I will go to terminal and code it. Once coding is complete, my job is done. How can you measure the quality...it is so intangible.

Page 17 of 60

Aditi Technologies

Basic Concepts of Software Testing

3.3.3.Customer’s Myth
• • A general statement of objective is good enough to produce software. Anyway software is “Flex-ware”, it can accommodate my changing needs.

3.3.4.What do we do?
• • • • Use Software Engineering techniques/processes. Institutionalize them and make them as part of your development culture. Adopt Quality Assurance Frameworks : ISO, CMM Choose the one that meets your requirements and adopt where necessary.

3.4.

Software Quality Assurance:

The purpose of Software Quality Assurance is to provide management with appropriate visibility into the process being used by the software project and of the products being built. • Software Quality Assurance involves reviewing and auditing the software products and activities to verify that they comply with the applicable procedures and standards and providing the software project and other appropriate managers with the results of these reviews and audits.

3.4.1.Verification:
• • Verification typically involves reviews and meetings to evaluate documents, plans, code, requirements, and specifications. The determination of consistency, correctness & completeness of a program at each stage.

3.4.2.Validation:
• • Validation typically involves actual testing and takes place after verifications are completed The determination of correctness of a final program with respect to its requirements.

3.5.
• • • •

Software Life Cycle Models:
Prototyping Model Waterfall Model – Sequential Spiral Model V Model - Sequential

3.6.

What makes a good Software QA engineer?

The same qualities a good tester has are useful for a QA engineer. Additionally, they must be able to understand the entire software development process and how it can fit into the business approach and goals of the organization.

Page 18 of 60

Aditi Technologies

Basic Concepts of Software Testing

Communication skills and the ability to understand various sides of issues are important. In organizations in the early stages of implementing QA processes, patience and diplomacy are especially needed. An ability to find problems as well as to see 'what's missing' is important for inspections and reviews.

3.7.
• • • • • •

Testing:
An examination of the behavior of a program by executing on sample data sets. Testing comprises of set of activities to detect defects in a produced material. To unearth & correct defects. To detect defects early & to reduce cost of defect fixing. To avoid user detecting problems. To ensure that product works as users expected it to.

3.7.1.Why Testing?
• • • • To To To To unearth and correct defects. detect defects early and to reduce cost of defect fixing. ensure that product works as user expected it to. avoid user detecting problems.

3.8.
• • • • • • • •

Test Life Cycle
Identify Test Candidates Test Plan Design Test Cases Execute Tests Evaluate Results Document Test Results Casual Analysis/ Preparation of Validation Reports Regression Testing / Follow up on reported bugs.

3.9.
• • •

Testing Techniques
Black Box Testing White Box Testing Regression Testing

These principles & techniques can be applied to any type of testing.

3.10.

Test Plan:

A Test Plan is a detailed project plan for testing, covering the scope of testing, the methodology to be used, the tasks to be performed, resources, schedules, risks, and dependencies. A Test Plan is developed prior to the implementation of a project to provide a well defined and understood project roadmap.

Page 19 of 60

Determine test approaches and methods . and test ware through life cycle • • • • • • • • • • • • • • • • • • 4.Aditi Technologies Basic Concepts of Software Testing 3.) Determine test-ware requirements (record/playback tools.) Identify application's higher-risk aspects. A Test Specification is produced as the first step in implementing a Test Plan.) Determine test input data requirements Identify tasks. boundary value analyses. set up or obtain test input data Obtain and install software releases Perform tests Evaluate and report results Track problems/bugs and fixes Retest as needed Maintain and update test plans.1. milestones Determine input equivalence classes. test cases. load. comprehensive definition of a testing campaign. It provides a repeatable.1. Test Specification: A Test Specification defines exactly what tests will be performed and what their scope and objectives will be. test tracking. system. set up test tracking processes. etc. set up logging and archiving processes. required standards and processes (such as release processes.10. functional design.unit. error classes Prepare test plan document and have needed reviews/approvals Write test cases Have needed reviews/inspections/approvals of test cases Prepare test environment and test-ware. Testing Procedure The following are some of the steps to consider: • • Obtain requirements. obtain needed user manuals/reference documents/configuration guides/installation guides. 4. change processes. timelines. prior to the onset of manual testing and/or automated test suite development. and labor requirements Set schedule estimates. etc. Determine project-related personnel and their responsibilities. Obtain budget and schedule requirements. Determine test environment requirements (hardware. etc. those responsible for tasks. problem/bug tracking. communications. functional. integration. usability tests. Bug Tracking What's a 'test case'? Page 20 of 60 . and internal design specifications and other necessary documents. etc. test environment. software. coverage analyzers. and determine scope and limitations of tests. set priorities. reporting requirements.

If a problem-tracking system is in place. Bug identifier (number. A test case should contain particulars such as test case identifier. screen. input data requirements. module. where the bug occurred Environment specifics. it should encapsulate these processes. relevant hardware specifics Test case name/number/identifier One-line bug description Full bug description Description of steps needed to reproduce the bug if not covered by a test case or if the developer doesn't have easy access to the test case/test script/test tool Names and/or descriptions of file/data/messages/etc. get an idea of it's severity. For this reason. test case name. and determinations made regarding requirements for regression testing to check that fixes didn't create problems elsewhere.Aditi Technologies Basic Concepts of Software Testing • • A test case is a document that describes an input. system. or event and an expected response. Note that the process of developing test cases can help find problems in the requirements or design of an application. and reproduce it if necessary. After the problem is resolved.) Current bug status (e. ID. objective.g. steps. object. used in test File excerpts/error messages/log file excerpts/screen shots/test tool logs that would be helpful in finding the cause of the problem Severity estimate (a 5-level range such as 1-5 or 'critical'-to-'low' is common Was the bug reproducible? Tester name Test date Bug reporting date Name of developer/group/organization the problem is assigned to Description of problem cause Description of fix Code section/file/module/class/method that was fixed Date of fix Application version that contains the fix Tester responsible for retest Retest date Retest results • • • • • • • • • • • • • • • • • • • • • • • • • • Page 21 of 60 . What should be done after a bug is found? • The bug needs to be communicated and assigned to developers that can fix it. fixes should be re-tested. and expected results. 'Released for Retest'. action. etc. etc. A variety of commercial problem-tracking/management software tools are available (see the 'Tools' section for web resources with listings of such tools). it's useful to prepare test cases early in the development cycle if possible. etc. to determine if a feature of an application is working correctly.) The application name or identifier and version The function. since it requires completely thinking through the operation of the application. test conditions/setup. platform. 'New'. feature. The following are items to consider in the tracking process: Complete information such that developers can understand the bug..

the result is bugs. Software complexity . Poorly documented code . often requiring a lot of guesswork. Changing requirements . testers need to know when retesting is needed. enormous relational databases. When deadlines loom and the crunch comes. work already completed that may have to be redone or thrown out. continuously modified requirements may be a fact of life. And the use of objectoriented techniques can complicate instead of simplify a project unless it is well engineered. can make mistakes. If there are many minor changes or any major changes. Egos . like anyone else.it's tough to maintain and modify code that is badly written or poorly documented. and sheer size of applications have all contributed to the exponential growth in software/system complexity.Aditi Technologies Basic Concepts of Software Testing • • • • Regression testing requirements Tester responsible for regression tests Regression testing results A reporting or tracking process should enable notification of appropriate personnel at various stages. Windows-type interfaces. etc. effects on other projects. and the complexity of keeping track of changes may result in errors. hardware requirements that may be affected. management must understand the resulting risks. mistakes will be made. and QA and test engineers must adapt and plan for continuous extensive testing to keep the inevitable bugs from running out of control. In this case.as to specifics of what an application should or shouldn't do (the application's requirements).people prefer to say things like: o 'no problem' o 'piece of cake' o 'I can whip that out in a few hours' o 'it should be easy to update that old code' Instead of: o 'that adds a lot of complexity and we could end up o making a lot of mistakes' o 'we have no idea if we can do that. Why does software have bugs? • • Miscommunication or no communication . client-server and distributed applications. In many • • • • • • • Page 22 of 60 . Programming errors . known and unknown dependencies among parts of the project are likely to interact and cause problems. until I take a close look at it' o 'we can't figure out what that old spaghetti code did in the first place' If there are too many unrealistic 'no problems'. rescheduling of engineers. In some fast-changing business environments. the result is bugs. or may understand and request them anyway . and reporting/summary capabilities are needed for managers.scheduling of software projects is difficult at best.the complexity of current software applications can be difficult to comprehend for anyone without experience in modern-day software development. For instance. data communications.programmers. Time pressures . Enthusiasm of engineering staff may be affected. we'll wing it' o 'I can't estimate how long it will take.the customer may not understand the effects of changes. developers need to know when bugs are found and how to get the needed information.redesign.

Software development tools . scripting tools. and other server technologies as well. Tag Libs. GJTester Java unit. GUI interface emphasizing ease of use. Filters. class libraries. Monitors applications as soon as installed no coding is needed. Enables test case and test script development without programming. Included 'LeakHunter'identifies potential memory leaks. RMI. Java/J2EE Profiler and other modules. without implementing test clients. metrics. often introduce their own bugs or are poorly documented. Cactus A simple open-source test framework for unit testing server-side java code (Servlets.1. and server application's modules. and a component recognition algorithm that takes into account a variety of attributes. etc. Useful for testing CORBA.). and clone detection tools from Semantic Designs. execution and management of automated Java/Swing application tests. Introscope Performance monitoring tool from Wily Technology. it should be hard to read'). profiler. and there's job security if nobody else can understand it ('if it was hard to write. Recorded GUI elements. Testing Tools and Software 5. it's usually the opposite: they get points mostly for quickly turning out code. qftestJUI Record/playback test tool from Quality First Software for creation. and monitoring products for java development from AppPerfect Corp. 5. regression testing for JAVA VM upgrades. Test private and protected functions. Code Analyzer. Extensive documentation.Aditi Technologies Basic Concepts of Software Testing • organizations management provides no incentive for programmers to document their code or write clear. AppPerfect DevSuite Suite of testing. Includes a natural user interface. resulting in added bugs. Includes: Unit Tester. In fact. and contract (black box) test tool from TreborSoft. Load and Performance Test Tools AppPerfect DevSuite 5. etc. regression. understandable code. tuning. 'Transaction Tracer' can provide detailed tracing of execution paths and component response times for individual transactions in production systems. Java test Tools Java Development Tools Java coverage. scripting capabilities. intuitive views of interrelation between system components and application infrastructure. Intent is to allow fine-grained continuous testing of all files Page 23 of 60 .2. user actions and associated data are automatically integrated into an editable tree view reflecting the hierarchical structure of the application's GUI. presents data in easy-to-use customizable dashboards which enable deep. EJBs. compilers.visual tools.

jfcUnit Framework for developing automated testing of Java Swing-based applications at the UI layer (as opposed to testing at lower layers. From Apache Software Foundation. QStudio for Java Java code inspection tool from QA Systems allows automation of a major portion of code inspection process. HTML. TEXT) or custom report generation. Koalog Code Coverage Code coverage analyzer for Java applications from Koalog SARL. or from the command line. It uses JUnit and extends it. using Ant. (Abbot = "A Better 'Bot'). Site includes a large collection of extensions and documentation. and session merging to allow compilation of overall results for distinct executions.Aditi Technologies Basic Concepts of Software Testing making up an application: source code but also meta-data files (such as deployment descriptors. For use by developers implementing unit tests in Java. Intended for use where there are performance/scalability requirements that need re-checking while refactoring code. which can then be run automatically and independent of other JUnit tests. licensed under the BSD License. By Mike Clark/Clarkware Consulting. Includes: in-process or remote coverage computation. Provides recording and playback capabilities. capability of working directly on Java method binaries (no recompilation). etc) through an in-container approach. Free Open Source Software released under the IBM Public License and hosted on SourceForge.Framework to write repeatable java unit tests A regression testing framework written by Erich Gamma and Kent Beck.Robot class. Contains Page 24 of 60 . Enables quick composition of a performance test suite. CSV. JUnit . JUnitPerf Allows performance testing to be dynamically added to existing JUnit tests. Jemmy A Java library that is used to create automated tests for Java GUI applications. Couples advanced static analysis capabilities to ISO 9126 quality standard framework. a script editor/recorder. Supports customizing existing rules and defining custom rules.awt. for which JUnit may be sufficient). for early detection of software defects and automatic assessment of code quality. predefined (XML. Abbot Java GUI Test Framework Testing framework by Timothy Wall provides automated event generation and validation of Java GUI components. Free Open Source Software from SourceForge site. The framework may be invoked directly from Java code or accessed without programming through the use of scripts via 'Costello'. LaTex. Also available as plugins for JBuilder and Eclipse. Integrates with Ant and JUnit.available under the GNU Lesser General Public License. improving upon the very basic functions provided by the java. Suitable for use both by developers for unit tests and QA for functional testing. Typically use within your IDE. Free . Integrates with leading Java Development Environments and platforms.

a tool and technique for writing reliable software. J_Diagrammer for Java code logic analysis.e. a syntax testing tool that automatically builds a Java-based test data generator. JMSAssert. user-friendly performance diagnosis tool from Quest Software for Page 25 of 60 . . Inc. J_SQA for ObjectOriented software quality measurement.Aditi Technologies Basic Concepts of Software Testing methods to reproduce all user actions which can be performed on Swing/AWT components (i. components. virtual machines. text typing. J_Structure for Java code structure analysis and diagramming. package and produces reports in multiple formats. Coverage API provided. JBrowser class browser. and J_Playback for GUI operation capture and automatic playback. Works with source or compiled files. JemmyTest is a program written in Java which uses the Jemmy API to test applications. package. Clover Code coverage tool for Java from Cenqua. reView Java source code visualization tool from Headway Software. TrueJ Source code audit and metrics tool from BlueBay systems. Fully integrated plugin for NetBeans. method. C. control flow analysis and diagramming. View coverage data in XML. source distribution. for speed. statements.). Gathers coverage measures of branches. and C++ applications.. or via a Swing GUI. a Java source analyzer to generate code comments and metrics such as inheritance depth. and dependencies for Java. methods. etc. HTML. JCover Java code test coverage analysis tool from Codework Limited. etc. configurable. tree node expanding. J_Test for test coverage analysis and test case minimization. at all levels and between all levels. Coverage difference comparison between runs. Halstead Measures. Seamless integration with projects using Apache ANT. Cyclomatic Number. application. class. Available as binary distribution (including documentation). Fifty different audits and metrics. classes. and other IDE's. integrates with build tools for quality gate and reporting. JBuilder. JVerify Java class/API testing tool uses an invasive testing model allowing access to internals of Java objects from within a test script and utilizes a proprietary OO scripting language. etc. it can be used separately as well as together with the NetBeans IDE. integrates with a variety of editors/IDE's. or jar file. Shows all dependencies. file. JBench Freeware Java benchmarking framework to compare algorithms. button pushing. PerformaSure Low-overhead. highly scalable. J_DocGen for Java code static analysis. JPretty reformats Java code according to specified options.. Panorama for Java Visual environment containing six integrated java tools from ISA. compiler-style output. JSynTest. Java Tool Suite from Man Machine Systems Includes JStyle. JEvolve.. Reverse engineer and automatically lay out and view code. an intelligent Java code evolution analyzer that automatically analyzes multiple versions of a Java program and shows how various classes have evolved across versions. can 'reason' about selective need for regression testing Java classes. JCover test coverage analyzer. PDF.

and network metrics. OS. and clarity. written in Java. and size metrics related to reusability. Hundreds of easily-confugured run-time. 2000 Sun discontinued accepting orders for these products. servlets. includes JProbe Profiler and JProbe Memory Debugger for finding performance bottlenecks and memory leaks.) Page 26 of 60 . Check listed web sites for current information. and race conditions. coverage analysis. procedural. code coverage analyzer and code analysis for Java. maintainability. or load testing of java applets. JProfiler freeware version available. Enhanced Cyclomatic Complexity. (Note: some other tools in these listings also handle testing. thread and event analysis. testability. thread debugger. complexity. stalls. Has online advisor for quality improvement. Integrates with several Java IDE's. TCAT for Java Part of Software Research's TestWorks suite of test tools. Sun's Java Test Tools As of February 4. and JProbe Threadalyzer for finding deadlocks. and code coverage tool suite from Borland (formerly from VMGear). Includes suggestions for optimization techniques. VTune Intel's performance tuning tool for applications running on Intel processors. It automatically generates and executes JUnit tests and checks whether code follows 400 coding standards and can automatically correct for many. to diagnose and resolve performance bottlenecks. or are planning to add such capabilities. automatic unit testing and standards compliance tool for Java. OptimizeIt Profiler. Halstead Software Science metrics. Traces and reconstructs execution path of end-user transactions across all components of a clustered multi-tieer J2EE system. includes Java support. LProbe Coverage code coverage tool. LOC metrics and MOOD metrics. Krakatau Metrics for Java Software metrics tool from Power Software includes more than 70 OO. and applications. Includes Cyclomatic Complexity. JProbe Developer Suite Collection of Java debugging tools from Quest Software. DevPartner Java Edition Compuware's (formerly NuMega) debugging/productivity tool to detect and diagnose Java bugs and memory and performance problems. Jtest ParaSoft's Jtest is an integrated. management.Aditi Technologies Basic Concepts of Software Testing distributed J2EE applications.

replaces links but does not reformat or restructure HTML code. ChangeAgent Link checking and repair tool from Expandable Language. partial testing of ftp and gopher sites. familiar interface for managing files. can be automatically scheduled.3. DNS servers and SSL certificates. Site Map. For Windows. For Windows platforms. Web Link Validator Link checker from REL Software checks links for accuracy and availability. free trial period available. InfoLink Link checker program from BiggByte Software. evaluation version available. Link Checking Tools HiSoftware Link Validation Utility Link validation tool. Xenu's Link Sleuth Freeware link checker by Tilman Hausherr. CSV. such as internal and external links. supports SSL websites. Alert Linkrunner Link check tool from Viable Software Alternatives. for Windows. Page 27 of 60 . provides multiple-level undo/redo for all operations. Link Checker Pro Link check tool from KyoSoft. Ideal for dynamic sites requiring frequent link checking. fixes broken links with an easy. employs a simple. detects and reports redirected URL. Freeware 'REL Link Checker Lite' version available for small sites. domain names. HTTPS. For Windows. used to test and validate critical website components. multiple page list and site list capabilities. free version or low-cost pro version. customizable reports.. 3-click process. finds broken links or paths and links with syntactic errors. Identifies orphan files and broken links when browsing files. Runs as often as every hour. and FTP protocols. HTML. can also produce a graphical site map of entire web site. Export to text. previews files when fixing broken links and before orphan removal. RTF. SiteAnalysis Hosted service from Webmetrics. Automatically-scheduled reporting by e-mail. several report formats available. updates links to moved and renamed files. For Windows. or as infrequent as once a week. Handles HTTP. Excel. Linkalarm Low cost on-the-web link checker from Link Alarm Inc. Site Audit Low-cost on-the-web link-checking service from Blossom Software. includes FTP link checking.Aditi Technologies Basic Concepts of Software Testing 5.

Utilizes the HTTP 'HEAD' request instead of the 'GET' request so that it does not require retreival of the entire html page. formatting disorganized editing. page size analysis. LinkLint Open source Perl program checks local/remote HTML links. PERL script for a web spider for web site maintenance.4. LinkScan Electronic Software Publishing Co. timeouts. Includes cross referenced and hyperlinked output reports. Perl Testing Tools W3C Link Checker Link checker PERL source code. Results stored in database. reports of orphan files and files with mismatching case. For Windows. ID/Password entries.5. support for all standard server-side image maps. Distributed under Gnu General Public License. For all UNIX flavors. It helps users to create.net. via the WWW Consortium (the folks who set web standards). Discontinued. For automatic fixing of HTML errors. originally by Dave Raggett. doc-not-found. configurable. by Francois Pottier. reports URLs changed since last checked. can check for bad links due to specified problems such as server-not-found. HTML TIDY Free utility available from SourceForget. Handles one URL at a time. MOMspider Multi-Owner Maintenance Spider. Windows.0 or 3. organize and Page 28 of 60 . Available as source code or binaries. Web Functional and Regression Testing Tools IeUnit IeUnit is an open-source simple framework to test logical behaviors of web pages.0 validator programs for AWK or PERL by H. but old versions still available as freeware. results can be exported to database. CyberSpyder Link Test Shareware link checker by Aman Software. unauthorized-access. HTMLchek for awk or perl Old but still useful HTML 2. Available as source code. 5. Mac. capabilities include automated retesting of problem links. and finding problem HTML areas. for UNIX and PERL. Validates hyperlinks for all major protocols. Not updated in recent years. randomized order checking.'s link checker/site mapping tool.Aditi Technologies Basic Concepts of Software Testing changed-link checking. Includes capabilities for central management of large multiple intranet/internet sites. Has not been updated in recent years. Windows. 'what's new' reporting. support of proxy servers for remote URL checking. HTML syntax error checking. relocations. For Windows. link checker. binary avaialable for Linux. This site contains an interesting discussion on the use of META tags. ability to check password-protected areas. allowing for customizable queries and reports. Big Brother Freeware command-line link checker for Unix. capabilities include specified URL exclusions. 5. Not updated in recent years. Churchyard. site has much documentation and related info. released under IBM's Common Public License. test resumption at interruption point.

servlets. retry on error. PHP. and loop. Free and professional versions available.) or it can be used to create a suite of HTTP level functional or regression tests. autocomplete. CGI. Freeware. and Test Writing Assistant . Can be used to unit test any individual component with an HTTP interface (JSP. HtmlUnit etc. HTML forms.Web browser plug-in module to assist the test writing process. and monitoring products from AppPefect Corp. Records browser interaction by element instead of screen coordinates. automatic recording of any Web browser events and translates into an Python editable scripts. robust handling of page modifications. For Windows and MSIE. Record and playback capability. Page 29 of 60 . supports ASP. QEngine Web Test Studio Web functional test tool from AdventNet. fail definitions can be specified for each step of the automated workflow via JavaScript. HTML. JStudio SiteWalker Test tool from Jarsch Software Studio allows capture/replay recording. Multilingual for Asian. provision to add GUI. HTML-based test result reports can be generated. includes web functional testing capabilities.EXE files to enable running web macros on demand and integration into other software frameworks. page titles and HTML element properties. integrates with a variety of IDE's. tuning. Supports handling dynamic content created by JavaScript. Advanced framework for writing test scripts in Java (similar to open-source frameworks like HttpUnit. Includes Script Editor.DLL and . cookies. Includes a test runner with GUI interface. Works with a variety of browsers and OS's. run-time debugging features. Secure recording on password fields. AppPerfect DevSuite Suite of testing. ASP. Supports keyword-driven testing. WebInject Open source tool in PERL for automated testing of web applications and services. Enables creation of scenarios from spreadsheets. Test Complete Enterprise Automated test tool from AutomatedQA Corp. files. etc. that includes a web functional testing module. QEngine Test tool from AdventNet enables functional testing of Web sites and Web-based applications. KUMO Editor Toolset from Softmorning LTD for creation and editing of web macros and automated web tests. Test data from any database or Excel spreadsheet can be mapped to enter values automatically into HTML form controls. Macro recorder transforms any click to a C# directive. Includes syntax-coloring editor with intellisense. built-in exception handling and reporting facility. SSL. Application Map Editor to view and edit the map object properties. Scripting uses Jython. JavaScript's Document Object Model enables full access to all document elements. Implemented in JavaScript for the Windows XP platform with Internet Explorer. records using page elements controls symbolically rather than with raw screen coordinate. JSP. Page objects navigator allows browsing of hierarchy of web objects in a page. actiWate Java-based Web application testing environment from Actimind Inc. Works with Internet Explorer. Can export created .Aditi Technologies Basic Concepts of Software Testing execute functional unit tests. eastern and western European languages. data-driven Test wizard to fetch script data from external source. Database and File checkpoints and verify database tables. but with extended API). Shareware for Windows/MSIE. Supports multiple OS's and browsers.

SimpleTest Open source unit testing framework which aims to be a complete PHP developer test solution. Provides a high-level API for navigating a web application combined with a set of assertions to verify the application's correctness including navigation via links. and Runner executes the test case document. Key features besides capture/playback include automatically detecting and capturing standard and custom content errors. Free including source code. such as bitmap or text matching. The simple navigation methods and ready-to-use assertions allow for more rapid test creation than using only JUnit and HttpUnit. Controls are recorded as individual objects independent of screen positions or resolution. Standard reporting XSLT stylesheets included. and other typical business web application features. Utilizes HttpUnit behind the scenes. Enables 'Persistent Acceptance Testing' that activates tests each time a web application is used. etc. Test results are reported in either plain text or XML format for later presentation via XSLT. TestSmith Functional/Regression test tool from Quality Forge. 90-day evaluation copy available.Aditi Technologies Basic Concepts of Software Testing Site Test Center Functional and performance test tool from Alliance Software Engineering. Maker creates test case documents. with its HTML objects recognition. test case documents are always synchronized with the application. Editable scripts can be recorded in SmithSript language or in Java. ensure robustness of scripts with Synchronization commands. Active-X controls. Adaptable and MultiThreaded Playback Engine. This includes web page navigation. Has an XMLbased scripting capability to enable modifying captured scripts or creating new scripts. Includes an Intelligent. HTML/DOMAware and Object Mode Recording Engine. Canoo WebTest Free Java Open Source tool for automatic functional testing of web applications. STC Master and STC Master Service. branching statements. (300+ commands). Reports information needed to troubleshoot problems. scripts have to be developed manually. but also adds mock objects. Includes a WinTask Scheduler. until recording capabilities are added. playback window/size can be different than in capture. Includes all of the typical functions that would be expected from JUnit and the PHPUnit ports. TestAgent Capture/playback tool for user acceptance testing from Strenuus. Fuzzy matching capabilities. and can be adapted to any reporting style or requirements. Flash. WinTask Macro recorder from TaskWare. Utilizes a distributed testing model and consists of three parts: STC Administrator. jWebUnit Open source Java framework that facilitates creation of acceptance tests for web applications. automates repetitive tasks for Web site testing (and standard Windows applications). form entry and submission. validation of table contents. TestCaseMaker/Runner Test case document driven functional test tool for web applications from Agile Web Development. Can group tests into a testsuite that again can be part of a bigger testsuite. animated bitmaps. Page 30 of 60 . LLC. can be inserted during a recording. XMLbased test script code is editable with user's preferred XML editor. C++ or C++/MFC. has some JWebUnit functionality as well. Special validation points. etc. but all recorded items are validated and logged 'on the fly'. Handles Applets. cookie testing and form submission. Includes capability to expand scope of macros by editing and adding loops. and a Data-Driven.

Solex Web application testing tool built as a plug-in for the Eclipse IDE (an open. For Windows. Supports unlimited set of ODBC-compatible data sources as well as MS Excel. dynamic Web applications. The Web Crawler is useful for verifying consistency of a static web structure. This module comes with a set of default Page 31 of 60 . screen names. and parsing of response codes or parsing page content for expected or unexpected strings. data driven scenarios. reporting various metrics. This module can be used "as-is" or its functionality can be extended using plugins. Supports HTTPS/SSL. includes an HTTP Recorder and Web Crawler. Testers enter test data into a spreadsheet used to populate objects that appear for the particular test scenario defined. HTTP-WebTest A Perl module which runs tests on remote URLs or local Web files containing Perl/JSP/HTML/JavaScript/etc.no need to keep track of GUI maps for each window. HTTP requests and responses are fully displayed in order to inspect and customize their content. many Perl cpan library functions. and assertions to responses in order to validate a scenario during its playback. Easy development and maintenance . Allows creation of completely new test scenarios without ever having performed that test before. Multi-platform written in Java. all without changing tool. PureTest Free tool from Minq Software AB.. Utilizes Collections. Advanced object binding reduces script changes when Web-based apps change. tab/comma delimited file formats. recorded sessions can be saved as XML and reopened later. allowing inheritance of all Perl functionality including regular expressions. Perl module that allows a user to automate use of IE via Perl scripts. testware architecture (object names.Aditi Technologies Basic Concepts of Software Testing MITS. Free Demo and Test Script available. SAMIE Free tool designed for QA engineers . Allows the attachment of extraction or replacement rules to any HTTP message content. source code avalable. QA Wizard Automated functional web test tool from Seapine Software.GUI Unique test automation tool from Omsphere LLC. Badboy Tool from Bradley Software to aid in building and testing dynamic web based applications. For Windows platforms. extensible IDE). Plugins can define test types and provide additional report capabilities. Perl dbi database access. Written in ActivePerl. Includes capability for automated scripting. It can test thousands of test scenarios without use of any scripts. Methods. broken links and the structure of the crawled web. break points and response introspection. Uses IE's built in COM object which provides a reference to the DOM for each browser window or frame. and generates a detailed test report. Events and Properties exposed by the DHTML Object Model. PAMIE Free open-source 'Python Automated Module For Internet Explorer' Allows control of an instance of MSIE and access to it's methods though OLE automation . Includes a Task API for building custom test tasks. Free for most uses. Combines sophisticated capture/replay ability with performance testing and regression features. etc). Includes a scenario debugger including single step. has an intelligent state machine engine that makes real-time decisions for navigating through the GUI portion of an application.'Simple Automated Module For Internet Explorer'. Next-generation scripting language eliminates problems created by syntax or other language errors. Records HTTP messages by acting as a Web proxy. Create scenarios using the point and click interface. and more. allowing creation of more scripts in less time. or logic associated with the engine.

Solaris. designed and implemented by Russell Gold. supports hyperlinks targeted at new instances of browser. dynamic testing. can enforce over 200 HTML. and web-based applications. databases. Can run load tests based on the tool's analysis of web server log files.net/Open Source Development Network. assists user during the recording with visual feedback. Can extract web data and save as CSV file or process the data via a script. Power users can manually edit a recorded macro. Playback can run in background while other tasks are performed on the same machine. HTTP-Redirects and cookies. tables. WML and XHTML coding standards or customized standards. HttpUnit Open source Java program for accessing web sites without a browser. Utilizes multiple validation methods. Includes ServletUnit to test servlets without a servlet container. script testing and information gathering. Emulates the relevant portions of browser behavior. Works by remote controlling the browser. and webserver load and capacity analysis. IntelliScripting logic removes the reliance on specific browser window sizes. A command line interface allows for easy integration with other test software. form filling. The 'TestPartner Visual Navigator' can create visual-based tests. Inc that uses a 'Test Enabled Web Browser' test engine that provides browser-based client side quality checking. Records any combination of browsing. clicking.Aditi Technologies Basic Concepts of Software Testing plugins. Jython is used as the scripting language. or XML. includes an HTTP proxy recorder to automate test script generation. content validation. and static analysis test suite from ParaSoft. Compuware TestPartner Automated software testing tool from Compuware designed specifically to validate Windows. for easier script maintenance. Linux. For Windows. For Windows and MSIE. Open-source project maintained by Ilya Martynov. Maps and tests all possible paths through a dynamic site. eValid Web test tool from Software Research. page performance tuning. CSS. TestWeb Test tool from Original Software Group Ltd. Allows creation of rules for automatic monitoring of dynamic page content. including form submission. 508 compliance.org. and a mechanism for playing tests back from the GUI and command line. an XML DOM. cookies and automatic page redirection. but can be easily extended with third-party plugins. load. Can handle data input from text files. thus automatically supports advanced features such as SSL. Ideally suited for automated unit testing of web sites when combined with a Java unit test framework such as JUnit. from SourceForge. and allows Java test code to examine returned pages as text. MaxQ Free open-source web functional testing tool from Tigris. Works as a proxy server. and links. It analyses the underlying intentions of the script and executes it by direct communication with web page elements. iOpus Internet Macros Macro recorder utility from iOpus Inc. component location and mouse movements for accurate replay. basic http authentication. Java. or containers of forms. or MS VBA can be used for customized scripting. JavaScript. Rational Functional Tester Page 32 of 60 . WebKing Web site functional. written in Java. and JUnit is used as the testing library. automates repetitious aspects of web site testing. utilizes a new approach to recording/playback of web browser scripts.

5. etc. etc. Features include: test creation and customization. and to validate compliance with security requirements. hanging. ERP. XML. includes support for testing Web. network appliances. DOMbased testing and validation. compiling. choice of scripting languages and editors. Handles ActiveX. e-Test Suite Integrated functional/regression test tool from Empirix for web applications and services and . and more.6. and other applications.NET and J2EE applications.NET. test plans. Includes full VBA script development environment and options such as javascript. ERP. 'Data Bank Wizard' simplifies creation of data-driven tests. test process management capabilities.) SecurityMetrics Appliance Page 33 of 60 . and record/playback. recovery system for unattended testing. protocol analyzers. Evaluation version available. editing. test planning and management. direct database access and validation. and IDE for developing. and web-based applications. Codenomicon HTTP Test Tool Tool for discovering and eradicating security-related flaws in HTTP implementations via robustness testing. etc. produces defect analyses. Java or traditional client/server-based applications. and debugging scripts. DHTML. Compuware's QARun QARun for functional/regression testing of web. Assessment module can be used by auditors and compliance officers to conduct comprehensive audits. HTML. C++. proxies. scripting language. Java beans. Web Site Security Test Tools Watchfire's AppScan Tool suite from Watchfire automates web application security testing. SilkTest Functional test tool from Segue for Web. Enables data-driven testing. etc. includes site monitoring and load testing capabilities. Java. QuickTest Pro Functional/regression test tool from Mercury. includes support for testing Web. (HTTP implementations may be utilized in web servers. browsers. and offers recommendations for fixing detected security flaws. Tool systematically generates very large numbers of protocol messages containing exceptional elements simulating malicious attacks. Java. running. . in order to induce component crashes. PDAs and cell phones. and denial-ofservice situations which may affect component/application security. Winrunner Functional/regression test tool from Mercury. For Windows and Linux.Aditi Technologies Basic Concepts of Software Testing IBM's (formerly Rational's) automated tool for testing of Java. Java.

Includes instructions to help immediately remedy security problems. an upgrade to the TAMU 'tiger' program . websites. provides proactive 'Managed Vulnerability Assessment'. plug-in facility for third party apps. Freeware. Win servers STAT Scanner Page 34 of 60 . MacAnalysis database is updated regularly with a "Vulnerability Update" function to update database of more than 100 new holes per month. based on the SATAN model. Lightning Console Security management tool from Tenable Network Security for multiple security and network administrators across multiple organizations. and more for security vulnerabilities which may lead to interrupted service. routers. network security scan. Mac. updated bi-monthly. Qualys Free Security Scans Several free security scan services from Qualys. SANS/ISTS certified. inside and outside the firewall. Also available is 'Tiger Analytical Research Assistant' (TARA). Provides detailed reports and vulnerability fix recommendations. can audit UNIX. and browser checkup tool. vulnerability assessment scripts and program enhancements nightly. Perimeter Check SecurityMetrics 'Perimeter Check' service analyzes external network devices like servers. Supports the FBI/SANS Top 20 Consensus.a set of scripts that scan a Unix system for security problems.Aditi Technologies Basic Concepts of Software Testing Integrated software and hardware device includes Intrusion Detection and Prevention Systems and Vulnerability Assessment. CVE standards support. MacAnalysis Low cost Network Security audit tool from Lagoon Software. including SANS/FBI Top 20 Vulnerabilities Scan. Scheduled vulnerability scanning. remediation management of vulnerabilities. data theft or system destruction. network topology discovery and organizational executive reporting for hundreds of administrators via easy-to-use web interface. remote self scan and API facilities. Can automatically schedule vulnerability assessment of designated IP addresses during low traffic times. Automatically downloads latest IDS attack signatures. Operates as a Layer 2 Bridge no network configuration needed. Inc. asset management. firewalls. real-time IDS event analysis. Runs on Macintosh. Qualys Guard Online service that does remote network security assessments. SARA 'Security Auditor's Research Assistant' Unix-based security analysis tool from Advanced Research Corp.

Nessus is made up of two parts : a server and a client. based on 'never trust the version number' and 'never trust that a given service is listening on the good port'. Utilizes comprehensive updatabale vulnerability databases to automatically detect vulnerabilities. select or ignore specific vulnerabilities via configuration files. Works with a variety of operating systems. and SAINTbox scanner appliance. adapting penetration strategy based on previous results. open-source remote network security auditing tool. Customizable reporting. Secure-Me Automated security test scanning service from Broadbandreports. Learns about network as it scans. by Renaud Deraison. Limited free or full licensed versions available. track vulnerability trends via analyses comparing current and previous assessments. Nessus Security Scanner Free. CVE compatible. NMap Network Mapper Page 35 of 60 . Includes more than 1000 tests in 23 vulnerability categories. web server requests-per-second benchmark. Capabilities include: scan and analyze an entire network domain and/or a single machine. analysis reports of vulnerabilities with detailed information relating to the name/description/risk level of each vulnerability. product runs on Windows.Security testing tool from SAINT Corporation. denial-of-service checks. Scans systems and services on the network and safely simulates common intrusion or attack scenarios. retest corrected vulnerabilities immediately. SAINT Security Administrator's Integrated Network Tool . whereas the client is a frontend designed to collect the results. for security analysis of Windows/UNIX/Linux and other resources. customizable security reports for management and technical personnel. 45 common web server vulnerability checks. enabling identification of exactly where to correct vulnerabilities to enforce corporate security policies. Runs on many UNIX flavors. and a wide variety of other tests. An updated and enhanced version of the SATAN network security testing tool. correct vulnerabilities across the network with 'AutoFix' function. Utilizes a root-cause and path-analysis engine to illustrate exact sequence of steps taken to uncover vulnerabilities. NetRecon Network vulnerability assessment scanner from Symantec. Port scans. Also available is 'WebSAINT' self-guided scanning service. Includes DoS testing. Single machine or full network scans.com for individual machines. reports specify severity levels of problems.Aditi Technologies Basic Concepts of Software Testing Tool from Harris Corp. the server (nessusd) manages the 'attacks'. Can scan a variety of operating systems. Updated regularly. eliminate vulnerabilities using recommended solutions with links to related websites and knowledge-base articles. and Nessus Attack Scripting Language.

NetIQ Security Analyzer Multi-platform vulnerability scanning and assessment product. routers. Uses raw IP packets in novel ways to determine what hosts are available on the network. to uncover and report systems vulnerabilities that might be open to attack. firewalls. what type of packet filters/firewalls are in use. etc. Scans any device on network regardless of platform. publications. scanners. etc. Foundstone Vulnerability management software tools from McAfee/Network Associates can provide comprehensive enterprise vulnerability assessments. operating systems. servers. bv-Control for Internet Security Secutiry scanning tool from BindView. intrusion detection resources. InternetScanner Tool from Internet Security Systems. electronic law. provides automated vulnerability assessment for measuring online security risks. 'hotlist' section includes extensive collection of links. includes capabilities for checking and remediation of security problems of servers. Performs scheduled and selective probes of network services. CyberCop ASaP Managed vulnerability assessment service from McAfee/Network Associates. Automatic update service allows updating with latest security tests.Aditi Technologies Basic Concepts of Software Testing Free open source utility for network exploration or security auditing. CERIAS Security Archive Purdue University's 'Center for Education and Research in Information Assurance and Security' site. to hundreds of security information resources and tools. routers. Remotely evaluates security of network perimeter. hubs. etc. software product. or managed service. what services (ports) they are offering. Also includes an FTP site with a large collection of (mostly older) security-related utilities. Page 36 of 60 . Includes a Software Developer's Kit to allow custom security test additions. intrusion detection tools. organized by subject. and any other devices with an IP address on a network. workstations. prepares remediation advice. Runs on most flavors of UNIX as well as Windows. remediation information. For Windows/Solaris/Linux. DMZ and externally visible assets. printers. desktops. Systems are analyzed on demand or at scheduled intervals. etc. designed to rapidly scan large networks or single hosts. and many other characteristics. Provides flexible risk management reports. Available as a hardware appliance. what operating system (and OS version) they are running.

and OS's. for maintaining. for monitoring compliance standards related to Privacy.) 5. server management and optimization tools. Maxamine Knowledge Platform Integrated site managment tool from Maxamine Inc. combined utilities/tools. not just for testing. Inc.roll-up of results from different business units or global Web sites for overall views of site compliance. (Includes various types of security tools. service types. Inc. actively monitors and evaluates the health of a site's live applications utilizing synthetic business transactions. WebCEO Tool from Radiocom Ltd. site scores. Passive monitoring records real user sessions and reliably detects and logs all error situations encountered by real-users. Includes link checker. SilkCentral Performance Monitor Tool from Segue Software... Top 75 Security Tools Listing of 'top 75' network security tools from survey by Insecure. Integrates performance Page 37 of 60 . analyzing web sites. and online service available. Capabilities include: high-level summary reports. combining site content. works with a variety of web servers. database servers. and Web Governance. Recorded transactions can then be analyzed when production errors occur and fed back into SilkPerformer for real-world performance testing scenarios. Free and professional versions available. Information Assurance.7. FPT/publishing. Accessibility. traffic analysis. structure and visitor traffic data into one searchable data base.org. Web Site Management Tools (This section includes products that contain: site version control tools. and authoring/publishing/deployment tools that include significant site management or testing capabilities.Aditi Technologies Basic Concepts of Software Testing trend analyses and comprehensive data sets to support policy enforcement. promoting. webSensor Integrated site measurement and analysis tool from Moniforce BV. and site monitoring capabilities. Limitedcapability free version also available. ManageEngine Applications Manager Site management tool from AdventNet. to enable detailed analysis of what is going on behind the scenes of Web operations. complete inventory of Web sites and Comparison Inventory Reports to compare different versions of a Web site.) COAST WebCentral Site management tool from Coast Software. Similar managed service also available. and trend analyses using intuitive browser-based reports. WYSIWYG editor. Desktop product for multiple platforms.

Web Compliance Manager to manage integrity and accessibility. Other capabilities include search engine optimization. for performance and availability monitoring. net send. page aborts. applications. run scripts. RealiTea Web application management solution that provides detailed visibility into availability and functionality issues to enable efficient problem identification. bandwidth usage. Cuevision Network Monitor Monitoring tool from Cuevision for monitoring website. SMS. response errors. response times. including server errors. pagers. automatically reboot servers. providing context and correlation data for application failure analysis. real-time executive dash board. from AllScoop. etc. For Windows. Freeware version of GFI Network Server Monitor is also available. and 'Real Scripts' automatically generated from recorded user sessions for use in specified other load testing tools. page sizes. GFI Network Server Monitor Server management tool from GFI Software Ltd. suited to large systems. eliminates need for programmers and special production staff to maintain catalogs. visitor segmentation. isolation.Aditi Technologies Basic Concepts of Software Testing and availability data with site traffic data. includes modules to check HTTP and ICMP/ping for checking availability of HTTP and HTTPS sites. network errors. ContentStudio E-catalog management tool from TechniCon Systems with Win Explorer-type interface with drag and drop functionality. etc. Asset Manager to securely centralize images. Add-on capabilities include a 'Dashboard' to provide real-time. RedDot CMS Web content managment system from RedDot Solutions includes modules such as SmartEdit. services. Legacy-to-Web Tools can "bulk-load" online catalog from legacy Page 38 of 60 . restart apps and services. click path analysis. Captures and monitors real user sessions. Web Site Monitoring Performance Monitoring . customizable views of success/failure rates for key online business processes and other critical metrics. network management. and popup. Alerts via email. restart services. checks network and servers for failures and fixes them automatically. Site Manager to create and manage your web site. capabilities include notifications via email. and diagnostics.Free open-source website performance monitoring and uptime notification application in PERL. PROGNOSIS Comprehensive tool from Integrated Research Ltd. sends email notification if site is slow or down. and network. and more. and repair. server.

Receive instant notification by email whenever one of the sites is unavailable. template-based dynamically-created content. which hosts the management system application and the client's administrative interfaces and pushes the final assembled pages to client Web servers.Aditi Technologies Basic Concepts of Software Testing product data. Free for use on small sites. Dynamic Menu. scheduler. Content and Table Management (WYSIWYG-Editor). reporting and fixing problems before users see them. Search. Works on multiple platforms. such as option compatibilities on a single product. detecting. comprehensive Communications Gateway for inbound and outbound data. Trellian InternetStudio Page 39 of 60 . and more. Includes: Ready-to-use Backoffice. Provides complete software developers environment. SpinPike Flexible and scalable content management system from SavvyBox Systems. HTML and GIF optimization. additional features include manual or customizable automated control. Database Backup. TestWEB Monitor Web site monitoring tool from Original Software checks 5 or more URL's up to every 30 seconds. WYSIWYG editor. Installer easily installs system on your server. Design/administrate database connected PHP web applications in combination with individual webdesign. WebLight HTML validator and link checking tool from Illumit LLC. CrownPeak CMS Content management service from CrownPeak Technology. Constructioner Website development software with integrated content management system from Artware Multimedia GmbH. can manage all components across complex Web-enabled applications by measuring and monitoring performance. Message Board. upload resuming. site cleanup. low cost for large sites. and a robust API. Constructioner Light Edition available as Freeware. Statistical Reports. load testing. Capabilities include defining intra-configuration rules. PHP-Code Insertion. high-level functions save template coding time. Multilingualism. link verification. FTP Assistant for Webmasters FTP client from Byteway. based on database-driven. verifying content and functional integrity. Tonic Suite of web site management/monitoring/test tools from Tonic Software. drag-and-drop.com for web site updating. spatial relationships between products. All can be integrated without writing code. etc. User Administration.

multi-lingual support. renaming the files to match the convention. accessibility. administration. privacy compliance. payment processing. Enables collaboration. version control. Basic accounts are free. text editor.capabilites/support include scalability. Watchfire WebXM Content analysis tool from Watchfire analyzes sites for slow loading pages. and DB servers. then Page 40 of 60 . integration with a variety of servers. HTML encryptor/optimizer. security. Runs with a variety of platforms. For Windows. notifications. Serena Collage Content management tool from Serena. HTML Rename Site Migration/Batch processing tool from Expandable Language that enforces file naming conventions (case. prices. image mapper. Can automatically run external programs. business process automation. Documentum Enterprise content management product from EMC Corp. customer relationship management. Update news flashes. etc. and more. stories. advertisements. globalization. more. pager. support for more than 50 document formats.V. invalid chars). image handling. Web500 CMS Web content management and site maintenance solution from Web500. HTML validator. FlexWindow Tool from Digital Architects B.Aditi Technologies Basic Concepts of Software Testing Suite of web site management utilities from Trellian including site upload/publishing tools. Alerts by cell phone. and log events. searchability. approval workflow. Easy to install. e-mail. spell checker. XML-content-based multichannel delivery. Add-on modules allow capabilities such as WAP. Alchemy Eye System management tool from Alchemy Lab continuously monitors server availability and performance. Use any e-mail client capable of producing HTML to format your content or use HTML tags in a plain text e-mail. broken links. and more. browser-based. link checker. product info.. HTML editor. authoring tools. site mapper. site spider. styles. . web servers. length. scalable content management platform for content contributors distributed across an organization. e-commerce site designer/generator. and website standards compliance. Works with content from any platform or application. etc. templates. security. e-commerce. simply create an account and paste one line of javascript into your pages. enables users to update their web site via e-mail. activity tracking.

For Mac or Windows. production. Eliminates problems encountered when moving files between Windows. Broadvision Suite of content and publishing management tools from Broadvision Inc. and indexing content by means of a browser window or via MS Word. editing. allows a distributed team of non-technical content experts to manage every aspect of site content.. conversion services. documents. CGI scripts return errors or the SQL server is not reachable. tracking of revisions. Manages Web content. and archiving. 'Stellent Content Server' uses a web-based repository. Mac. security. integrates with other OpenView products to provide a variety of management and monitoring services and capabilities. Alerts webmasters if a webserver is not working correctly because the web service is down. and services for collaborative environments and for digital asset and records management. replication and administration. Inc. securing and sharing digital and paper-based documents and reports. Enables services such as library services.Aditi Technologies Basic Concepts of Software Testing correcting the links to those files automatically. Rhythmyx Content Manager Web content management product from Percussion Software. diagnose and troubleshoot problem occurrences. isolate. Other modules provide additional services such as: services for creating. and maintaining highly dynamic web sites. publishing. content development. version control. It can constantly monitor any number of servers and ports. deploying. Designed to help IT staff efficiently predict. HP OpenView Internet Services Internet services monitoring/management tool from HP. personalization. Enables end-user emulation of major business-critical applications as well as a single integrated view of the complete Internet infrastructure. based on native XML and XSL technologies. portals and scanned images. For Windows. Stellent Universal Content Management System Content management tool from Stellent. managing and publishing Web content and supporting from one to thousands of Web sites. including creation. Page 41 of 60 . anticipate capacity shortfalls. index/search. Content Management Server Windows based content mgmt tool from Microsoft (formerly 'nResolution' from nCompass Labs). Enables scheduling of content refreshes. staging. and customizable workflow. reuse and access. and manage and report on service level agreements. Enterprise web content management system that enables quickly and efficiently building. IP Check Server monitoring tool from Paessler GmbH. and UNIX systems and publishing to CD-ROM. digital assets. services for capturing. management of workflow. workflow. where all content and content types are stored for management.

Requires MSIE. upload. manage. Capabilities include notification by email and automatic reboot of web server.com designed to help HTML. Over 400 free plugins available for extending and customizing HTML-Kit. automatically resume interrupted transfers. downloading and online editing of files. AgentWebRanking Freeware tool from AADSoft to monitor site's search engine position. external. XHTML. provides notification by displaying a message or sending an e-mail. WebSite Director Page 42 of 60 . rank on page. and update websites. on web server and Windows client. validate. For Windows.Aditi Technologies Basic Concepts of Software Testing HTML-Kit Free. Searches top engines for keywords. Perl. server-side and live preview modes. and much more. Validate XML documents using its DTD and/or check for well-formedness. meta tag creator. Ruby. XML. dragand-drop files. Finds errors and provides suggestions on how to create standards compliant pages. 'Active Protect MetaTags' allowing only search engine spiders to see front-page meta-tags. includes 'anti-caching technology' ensuring more reliable logging by blocking caching of site's pages by visitor's browsers. Uses a highly customizable and extensible integrated development environment while maintaining full control over multiple file types including HTML. FTP Workspace for uploading. XSL. auto or manual submit of URL's to search engines. searches for keywords. page. improve search engine ranks. Includes internal. WS_FTP Pro FTP/web publishing tool from Ipswitch. WebCheck Windows application that runs in background and periodically checks a site for availability and correctness. runs on both Lotus Domino and IBM WebSphere. checks search engine placement including position. and the ability to use hundreds of optional free add-ins through its open plugins interface. IBM Workplace Web Content Management IBM's web content management product for Internet. From Monocle Solutions. and 'Active Deny Access' to prevent particular IP addresses from accessing web site. SSI. support more than 50 host file systems. format. extranet and portal sites. Also has keyword count for pages vs competitor's pages. A1Monitor Utility from A1Tech for monitoring availability of web servers. XHTML and XML authors to edit. JavaScript. WebLog Manager In addition to logging capabilities. 'Active Protect Images' to prevent other sites from "borrowing" images. click paths. can specify search depth. Java. Enhanced logging utilizing custom generated script uploaded to host. CSS. for Windows. preview and publish web pages. PERL. submit URL's. seamless integration with the CSE HTML Validator. lookup help. Requires MSIE and Windows. GUI support of W3C's HTML Tidy. Pro plugins available to paid registered users. Requires UNIX. full-featured editor from Chami. Python. intranet.

proxy server traffic analysis and reporting. link problems. For Windows. Equalizer Load balancing server appliance and site management tool from Coyote Point Systems. number of pending requests. and publishing to websites within a centrally controlled.Aditi Technologies Basic Concepts of Software Testing Web-content workflow management system with browser-based interface includes configurable workflow management. network management. For Windows. e-mail submission of web content. server management. PowerMapper From Electrum Multimedia. scalable web content management solution that enables collaboration. allows defining and applying existing workflow and approval rules to web content management process. XMetal XML development tool from BlastRadius for XML-based web site authoring and validation. Supports multiple platforms and browsers. management. etc. monitoring. alerting. server failure detection. and publishing control tool. Evaluation copy available. Web based interface for load balancing administration. Page 43 of 60 . UNIX. HTML validation. metrics. link checking. E-mail/pager notifications. For Windows. for customizable automated site mapping. Interwoven Team Site Web development. Includes a 'Database Import Wizard'. and e-mail notifications. link analysis and quality control. and can automatically convert output to CALS or HTML table models or to XML. logging capabilities. requires Windows and MSIE. and platforms. Site/C 'Set-and-forget' utility from Robomagic Software. For MS and Netscape web servers. real-time server monitoring of server response time. WebTrends Analysis Suite Web site management tool from NetIQ includes log analysis. for periodic server monitoring for web server connection problems. logging. access control. Macromedia Web Publishing System Macromedia's complete. OS's. works with many servers. standards-based environment. content management and site visualization. Unicenter TNG w/Web Management Option Site management application from Computer Associates includes access and security control. version control. For Windows. monitoring and recovery.

Microsoft FrontPage Microsoft's web site authoring and site management tool. Supports a wide variety of web attributes. link checker. and encryption capabilities. and maintenance. XML repositories. and static files. error info is linked to error in html.. etc. For Windows. link checking. Content Management Server Vignette Corporation's product for web site collaborative content. Date stamper. Runs on servers and monitors server performance. and management product for enterprise-wide internet and intranet projects. publishing. Server side compatible with many available web servers. For Windows and Unix. image tag checker. HomeSite Macromeida's web site project management/authoring/validator tool. file edit merging. logs. file uploading. management. comparison capabilitie. staging/publishing control. and servers. administration. connections. browser interface. links. Page 44 of 60 . HTML PowerTools HTML validator. For Windows or Unix. Includes automated deployment. NetObjects Fusion Site authoring/management tool. thumbnail viewer. security. For Windows. Visual site structure editor. Support for managing content stored in databases. Validates against various HTML versions. spell checker. Monitors mimic users' end-to-end actions. TeamSite Interwoven's collaborative web site production control. From Talicom. layout editor. has updateable rulebase. global search-and-replace. etc. API's. variable lock controls. browser extensions.Aditi Technologies Basic Concepts of Software Testing SiteScope Mercury's product for agentless site monitoring and maintenance. provides notifications of problems. customizable reports. For Windows. Link checker. HTML-to-Text converter. page in screen is validated with results displayed below. graphics management. OpenDeploy Interwoven's configurable control system for deploying from development to production environments. Includes published API for creating custom monitors. databases. includes site management capabilities. Meta manager. Includes version control. scheduled and on-demand reporting.

Aditi Technologies Basic Concepts of Software Testing 5. The predictable network performance of this environment enables reliable modeling of trace data. system resource usage. from how it breaks down the HTML. EngineViewer and SiteTimer Free basic services: EngineViewer . check all the graphical links to ensure they're correct.8. Remote Viewer observers can set markers and add text notes. can specify the screen width(s). and compress the result into a very small file to replay. and system configuration information. A Remote Viewer enables geographically dispersed observers to watch usability tests from any location. and MS Excel for charting and modeling. Extreme Web Analyzer Web site performance analysis tool by Dale Feiste for use in a development or controlled test environment. for automated recording. URL2image. Fiddler An HTTP Debugging tool by Eric Lawrence. upload to a bug tracking system. Consists of 3 components. how it interprets page's robot exclusion rules and more. analyzing and sharing of usability data. Free. examine server's HTTP headers. Other Web Testing Tools Morae Usability test tool for web sites and software.com Service from HREF Tools to check web page appearance in different Browser/OS combinations. Enter URL and receive back report with screenshots taken in real time on real hardware. A Recorder records and synchronizes video and data.reports on how a search engine may view a webpage. to which links it extracts. TestGen Free open-source web test data generation program that allows developers to quickly generate test data for their web-services before publicly or internally releasing the web service for production. For Windows. more. web standards and elastic design. SiteTimer service . Allows user to save and review relevant information for bug reports.Find out how long it takes various connection types to get a page. For anyone interested in css. Repro Manual testing 'helper' tool that records desktop video. where network traffic is captured over a LAN. Any application which accepts an HTTP Proxy can be configured to run through Page 45 of 60 . from TechSmith Corp. system operations in 7 different categories. creating a digital record of system activity and user interaction. requires a system capable of running Ethereal and/or Sniffer. The Manager component includes integrated editing functionality for assembly of important video clips to share with stakeholders. Acts as an HTTP Proxy running on port 8888 of local PC. font magnification(s) and page position(s) for the proofs. Perl. and share with others. Instruments in memory the target application at runtime so no changes are required to application under test. it displays test user's computer screen along with a picture-in-picture window displaying the test participant's face and audio.

environment settings. Will send a popup when one of the servers stops responding. users can watch their web traffic as if they're watching a movie. data creation or capture and replay.NET event-based scripting subsystem. FunnelIT Free utility from ByStorm Software helps streamline test reporting and analysis by gathering Windows platform environment/configuration information (running tasks. set breakpoints. SetSim Pro Northern Webs' free on-the-web meta tag checker. processor information. Designed to be much simpler than using NetMon or Achilles. ports. file system and memory bandwidth benchmarking. and other versions available in multiple languages. physical memory information. device drivers. can generate TCP/UDP connections using different IP addresses. Drive Free Space/Size/Used info. html. memory details. Services information. Available as an executable intended to leave no footprint. manage and monitor throughput. loaded modules. IP Traffic Test and Measure Network traffic simulation and test tool from Omnicor Corp. and also allows gathering TCP/IP Address/Network Information. Diagnostic and Reporting Assistant' utility from SiSoftware. Installed Software and Installed XP Updates. Network Adaptor Information. and "fiddle" with incoming or outgoing data.) in small text files. Professional. VisitorVille Site traffic monitoring tool from World Market Watch Inc. Provides performance enhancing tips. Path Application Manager Page 46 of 60 . and much more. FREEping Free ping software utility from Tools4ever which will ping all your Windows-based servers (or any other IP address) in freely-definable intervals. XML. OS version. services. Reporting via save/print/fax/email in text.). system file listings. etc. and includes a simple but powerful JScript. Free. includes additional search-enginerelated capabilities. and allows inspection of the HTTP data. more. modules. Logs all HTTP traffic between between computer and the Internet. virtual memory settings. Also allows comparisons among results from multiple systems. and delay. etc. tune-up wizard. Provides large variety of information about a Windows system's hardware and software. Full-featured version (not free) has configurable reporting. drives. Free. for Windows. Sandra 'System ANalyser. mainboard. Includes CPU. processes. that depicts website visitors as animated characters in a virtual village. loss. component details. etc.Aditi Technologies Basic Concepts of Software Testing Fiddler. ODBC sources.

any version. or source code. available as on-line service. packet losses. It allows the user to peek inside I. Page 47 of 60 . Free 90-day trial. Also available is PocketXML-RPC and PocketHTTP. originally designed for testing networking protocols. security. SpySmith can also spy on Windows objects. Split-screen display and dual logs for request and response data. Macintosh. such as "Referrer" and "User Agent". Linux RPMs. especially useful when testing web sites and web-based applications. captures and displays packet data between local client and specified web server. SpySmith Simple but powerful diagnostic tool from Quality Forge. or on FreeBSD machines acting as routers or bridges. and other quality factors. and multipath effects. Uses pattern recognition technology to peer deep inside customized or COTS applications. in most versions of every browser ever released. compliance. For Windows. Linux. Browser Cam Service for web developers and testers that creates screen captures of web pages loaded in any browser. freeware. Can log captures to disk. testing.com. Allows viewing of web page appearance on Windows. Inc. Browser-based Documents (including those without a 'view source' command) to extract precise information about the DOM elements in an HTML source. RAMP Section 508 and W3C Accessibility Guidelines tool from Deque Systems that automates analysis and remediation of non-compliant web functionality. any operating system. binaries and source available. and troubleshooting with code coverage capabilities. caching proxies. delays. For Windows. and XML switches. Co-Advisor's current focus is on HTTP intermediaries such as firewalls. Interceptor also allows changing of select request headers on-the-fly. Can be used on user's workstations. Windows (on-demand). Co-Advisor Tool from The Measurement Factory for testing quality of protocol implementations. with GUI. binaries. Other info: runs on FreeBSD packages. robustness. Enables enhancement of QA. can be used in testing to simulate queue and bandwidth limitations.E. Dummynet Flexible tool developed by Luigi Rizzo. HTTP Interceptor A real-time HTTP protocol analysis and troubleshooting tool from AllHTTP. filters.Aditi Technologies Basic Concepts of Software Testing Application Monitoring and management tool from Winmoore. PocketSOAP Packet-capture tool by Simon Fell. View all headers and data that travel between your browser and the server. CoAdvisor can test for protocol compatibility. analogous to running an MRI scan.

and any network. Inc. HiSoftware Web Site Monitor Tool allows user to monitor your server and send alerts. HiSoftware AccVerify Tool for testing site Accessibility & Usability. MITs. and generating test scripts. snoop. freeware. Page 48 of 60 .comm Tool from Omsphere LLC for simulating virtually any software interface (internal or external). Runs on Windows platforms. freeware. tcptrace Tool written by Shawn Ostermann for analysis of TCP dumpfiles. HP Net Metrix. For managing and developing test cases and scripts.) Tool can learn what request/response scenarios are being tested for future tests and can work with any protocol. window advertisements. Allows testing without pitfalls associated with live connections to other systems (TCP/IP. For windows. any message definitions. Allows developers to test down to the unit level by simulating the internal software interfaces (message queues. Available for various UNIX flavors. can also programmatically fix most common errors found. mailboxes. bytes. allows monitoring web sites for changes or misuse of your intellectual property in metadata or in the presented document. for Windows. Privacy and Intellectual Property policy verification. link validation. ProxyTrace Tool by Simon Fell acts as a proxy server to allow tracing of HTTP data.GUI XML Conformance Test Suite XML conformance test suites from W3C and NIST. FTP. etc). contains over 2000 test files and an associated test report (also in XML). can be used by setting browser to use it as a proxy server and then can monitor all traffic to and from browser. This is a set of metrics for determining conformance to the listed W3C XML Recommendation. throughput. The test report contains background information on conformance testing for XML as well as test descriptions for each of the test files. and segments sent and received. and as source code. Works with all text-based IP protocols. or WinDump. Ethernet. and various graphs. Searchability. round trip times. etc. Also available: MITS. Can produce various types of output with info on each connection seen such as elapsed time. retransmissions. Freeware. Overall Site Quality. Custom Checks and Test Suites to meet organization's standards.Aditi Technologies Basic Concepts of Software Testing TcpTrace Tool by Simon Fell acts as a relay between client and server for monitoring packet data. such as those produced by tcpdump. Runs on Windows. and mainframe applications. etherpeek. For automated testing of Web. client/server. Certify Test automation management tool from WorkSoft. Can crawl a site and report errors.

and HTML.9/1. produces a range of configurable reports that breaks down info into network and server speeds. generates reports as web pages with GIF graphics on inbound and outbound traffic. Windows. Freeware.Aditi Technologies Basic Concepts of Software Testing Web Optimizer Web page optimizing tool from Visionary Technologies intelligently compresses web pages to accelerate web sites without changing site's appearance. and Javascript and includes GIF and JPEG optimizer techniques. wide variety of data types and capabilities for custom data types. WebBug Debugging tool from Aman Software for monitoring HTTP protocol sends and receives. For UNIX. MTS. Page 49 of 60 . Govt. HTML2TXT Conversion utility that converts HTML as rendered in MS Internet Explorer into ASCII text while accurately preserving the layout of the text. Removes unnecessary information in HTML.S. Visual C++. errors. COM+. Thread. VJ. includes capabilities such as scripting support that allows user to write VBScripts that modify data to create XML output. allows for entry of custom headers. XML. VC++. capability to read in existing database table structures to aid in data generation. Runs on Solaris or Linux. written in any language ( ASP. Delphi. CSS. XHTML. NIST. Source code available. T-SQL. Windows. DLL. MRTG Multi Router Traffic Grapher . Included with software are examples of using the control from within Visual Basic. T-SQL.0/1. client. without ever attaching to process. Team Remote Debugger Debugging tool from Spline Technologies allows tracing of any number of code units of any kind ( ASP. and developers can then debug their respective code independently of one another no matter if the code units reside on the same servers or on different servers or on any combination thereof. URL.1. WebMetrics Web usability testing and evaluation tool suite from U. data generation interface to Segue SilkTest. For Windows. performance for each server. time period.free tool utilizing SNMP to monitoring traffic loads on network links. Hypertrak Suite of software protocol analyzers from Triometric accurately calculates end-to-end download speeds for each transaction. comparison to SLA's. COM. Remote code can pass messages and dialogs directly to your local machine via Team Remote Debugger component. For UNIX. not just samples. ActiveX Exe. CFML ). handles HTTP 0. Datatect Test data generator from Banner Software generates data to a flat file or ODBC-compliant database. etc. VB. CFML ) residing on multiple shared and dedicated servers at the same time.

What is 'Software Quality Assurance'? Software QA involves the entire software development Process . and ensuring that problems are found and dealt with. 3. What are some recent major computer system failures caused by software bugs? 4. Testing should intentionally attempt to make things go wrong to determine if things happen when they shouldn't or things don't happen when they should. What is 'Software Quality Assurance'? 2. What is a 'walkthrough'? 9. What is software 'quality'? 13. Will automated testing tools make testing easier? 1. Also common are project teams that include a mix of testers and developers who work closely together. What kinds of testing should be considered? 11. Why is it often hard for management to get serious about quality assurance? 5. then D should happen'). It is oriented to 'detection'. What is the 'software life cycle'? 17. What's an 'inspection'? 10. Organizations vary considerably in how they assign responsibility for QA and testing.) 2. What is 'good design'?Top of the Document 15. making sure that any agreed-upon standards and procedures are followed. (See the Books section for a list of useful books on Software Quality Assurance. What is SEI? CMM? CMMI? ISO? Will it help? 16. and does C. Why does software have bugs? 6. Testing FAQ 1. What is verification and Validation? 8.Aditi Technologies Basic Concepts of Software Testing 6. What is 'Software Testing'? 3. It is oriented to 'prevention'. What is 'Software Testing'? Testing involves operation of a system or application under controlled conditions and evaluating the results (eg. It will depend on what best fits an organization's size and business structure. What are some recent major computer system failures caused software bugs? by Page 50 of 60 . What are 5 common problems in the software development process? 12. The controlled conditions should include both normal and abnormal conditions.monitoring and improving the process. How can new Software QA processes be introduced in an existing organization? 7. What is 'good code'? 14. 'if the user is in interface A of the application while using hardware B. with overall QA processes monitored by project managers. Sometimes they're the combined responsibility of one group or individual.

and that the total cost of the incident could exceed $100 million. forced shutdown of 100 power plants. In July 2004 newspapers reported that a new government welfare management system in Canada costing several hundred million dollars was unable to handle a simple benefits rate increase after being put into live operation. the trains were started by altering the control system's date settings. The bug resulted in performance problems for many of the sites simultaneously and required disabling of the software until the bug was fixed. a software bug was determined to be a major contributor to the 2003 Northeast blackout. According to news reports in April of 2004. in the early 1980's one nation surreptitiously allowed a hostile nation's espionage service to steal a version of sophisticated industrial software that had intentionally-added flaws. Software testing was one of the five major problem areas according to a report of the commission reviewing the project. according to mid-2004 news reports. the vendor had reportedly delivered Page 51 of 60 . The company found that many of their newer trains would not run due to their inability to recognize the date '31/12/2000'. Millions of bank accounts were impacted by errors due to installation of inadequately tested software code in the transaction processing system of a major North American bank. Studies were under way to determine which. which was unable to correctly handle and report on an unusual confluence of initially localized events. The error was found and corrected after examining millions of lines of code. The bug was reportedly in one utility company's vendor-supplied power monitoring and management system. news reports revealed the intentional use of a software bug as a counter-espionage tool. the worst power system failure in North American history. According to the report. Reportedly the original contract allowed for only 6 weeks of acceptance testing and the system was never tested for its ability to handle a rate increase. that additional problems resulted when the incident drew a large number of e-mail phishing attacks against the bank's customers. News reports in September of 2000 told of a software vendor settling a lawsuit with a large mortgage lender. A bug in site management software utilized by companies with a significant percentage of worldwide web traffic was reported in May of 2004. The company found and reported the bug itself and initiated the recall procedure in which a software upgrade fixed the problems. and economic losses estimated at $6 billion. if any. This eventually resulted in major industrial disruption in the country that used the stolen flawed software. portions of the project could be salvaged. The failure involved loss of electrical power to 50 million customers. In early 2004. retailer was reportedly hit with a large government fine in October of 2003 due to web site errors that enabled customers to view one anothers' online orders. Articles about the incident stated that it took two weeks to fix all the resulting errors.S. A major U. News stories in the fall of 2003 stated that a manufacturing company recalled all their transportation products in order to fix a software problem causing instability in certain circumstances. government IT systems project. In January of 2001 newspapers reported that a major European railroad was hit by the aftereffects of the Y2K bug.S.Aditi Technologies Basic Concepts of Software Testing • • • • • • • • • • Media reports in January of 2005 detailed severe problems with a $170 million high-profile U.

S. Several investigating panels were convened to determine the process failures that allowed the error to go undetected. which failed for unknown reasons in December 1999. The school district decided to reinstate it's original 25-year old system for at least a year until the bugs were worked out of the new system by the software vendors. work already completed that may have to be redone or thrown out. telecommunications company that resulted in no charges for long distance calls for a month for 400.S. The problem went undetected until customers called up with questions about their bills. Bugs in software supporting a large commercial high-speed data network affected 70.Aditi Technologies Basic Concepts of Software Testing • • • • an online mortgage processing system that did not meet specifications. If there are many minor changes or any major changes. preventing problems is lowvisibility. 4.000 customers. Among other tasks. etc. problems included 10.the complexity of current software applications can be difficult to comprehend for anyone without experience in modern-day software development. like anyone else.000+ students. client-server and distributed applications. Multi-tiered applications.000 erroneous report cards and students left stranded by failed class registration systems. In early 2000. futures exchange. 5.as to specifics of what an application should or shouldn't do (the application's requirements).redesign. data communications.the enduser may not understand the effects of changes. known and unknown dependencies among • • Page 52 of 60 . Why is it often hard for management to get serious about quality assurance? • Solving problems is a high-visibility process. which was shut down for most of a week as a result of the outages. the district's CIO was fired. public school district with 100. In October of 1999 the $125 million NASA Mars Climate Orbiter spacecraft was believed to be lost in space due to a simple data conversion error. effects on other projects. January 1998 news reports told of software problems at a major U.S. major problems were reported with a new computer system in a large suburban U.000 business customers over a period of 8 days in August of 1999. Why does software have bugs? • • Miscommunication or no communication . Software complexity . can make mistakes. This is illustrated by an old parable: In ancient China there was a family of healers. enormous relational databases. the orbiter was to serve as a communications relay for the Mars Polar Lander mission. was delivered late. Among those affected was the electronic trading system of the largest U.programmers. and didn't work. one of whom was known throughout the land and employed as a physician to a great lord. rescheduling of engineers. and sheer size of applications have all contributed to the exponential growth in software/system complexity. Changing requirements (whether documented or undocumented) . hardware requirements that may be affected. or may understand and request them anyway . Programming errors . It was determined that spacecraft software used certain data in English units that should have been in metric units.

Poorly documented code . QA processes should be balanced with productivity so as to keep bureaucracy from getting out of hand. A lot will depend on team leads or managers.see 'What can be done if requirements are changing continuously?' in Part 2 of the FAQ.visual tools. developers. The most value for effort will often be in (a) requirements management processes. 6. we'll wing it' o 'I can't estimate how long it will take. and there's job security if nobody else can understand it ('if it was hard to write. it's usually the opposite: they get points mostly for quickly turning out code.it's tough to maintain and modify code that is badly written or poorly documented. management must understand the resulting risks. until I take a close look at it' o 'we can't figure out what that old spaghetti code did in the first place' If there are too many unrealistic 'no problem's'. testable requirement • • • Page 53 of 60 . continuously modified requirements may be a fact of life. with a goal of clear. also in Part 2 of the FAQ. management and organizational buy-in and QA implementation may be a slower. serious management buy-in is required and a formalized QA process is necessary. Enthusiasm of engineering staff may be affected. How can new Software QA processes be introduced in an existing organization? • A lot depends on the size of the organization and the risks involved. and QA and test engineers must adapt and plan for continuous extensive testing to keep the inevitable bugs from running out of control . the result is bugs. For small groups or projects. feedback to developers. egos . class libraries. Software development tools . a more ad-hoc process may be appropriate. step-at-a-time process. In many organizations management provides no incentive for programmers to document their code or write clear. and the complexity of coordinating changes may result in errors. In this case. complete. When deadlines loom and the crunch comes. maintainable code. understandable.scheduling of software projects is difficult at best. etc. managers.people prefer to say things like: o 'no problem' o 'piece of cake' o 'I can whip that out in a few hours' o 'it should be easy to update that old code' instead of: o 'that adds a lot of complexity and we could end up making a lot of mistakes' o 'we have no idea if we can do that. Time pressures . and testers.Aditi Technologies Basic Concepts of Software Testing • • • • • • parts of the project are likely to interact and cause problems. and ensuring adequate communications among customers. Also see information about 'agile' approaches such as XP. often requiring a lot of guesswork. mistakes will be made. scripting tools. Where the risk is lower. resulting in added bugs. depending on the type of customers and projects. In some fast-changing business environments. often introduce their own bugs or are poorly documented. For large organizations with high-risk (in terms of lives or property) projects. the result is bugs. In fact. compilers. it should be hard to read').

not based on any knowledge of internal design or code. and the purpose is to find problems and see what's missing. as it requires detailed knowledge of the internal program design and code. requires that various aspects of an application's functionality be independent enough to work separately before all parts of the program are completed. or that test drivers be developed as needed. or in 'agile'-type environments extensive continuous coordination with end-users. and specifications. individual applications. issues lists. 7. What is a 'walkthrough'? • A 'walkthrough' is an informal meeting for evaluation or informational purposes.Aditi Technologies Basic Concepts of Software Testing specifications embodied in requirements or design documentation. The result of the inspection meeting should be a written report. code. most problems will be found during this preparation. Tests are based on coverage of code statements. 10. not to fix anything. may require developing test driver modules or test harnesses. Little or no preparation is usually required. walkthroughs. The subject of the inspection is typically a document such as a requirements spec or a test plan. What kinds of testing should be considered? • • • Black box testing . and (c) postmortems/retrospectives. to test particular functions or code modules. White box testing . Typically done by the programmer and not by testers. This can be done with checklists. and inspection meetings. What is verification and validation? • Verification typically involves reviews and meetings to evaluate documents. 8.continuous testing of an application as new functionality is added. Integration testing . branches. Attendees should prepare for this type of meeting by reading thru the document. The term 'IV & V' refers to Independent Verification and Validation. and a recorder to take notes. typically with 3-8 people including a moderator. The 'parts' can be code modules. paths. Tests are based on requirements and functionality.testing of combined parts of an application to determine if they function together correctly. done by programmers or by testers. • • Page 54 of 60 . conditions. Not always easily done unless the application has a well-designed architecture with tight code. 9.based on knowledge of the internal logic of an application's code. client and server applications on a network.the most 'micro' scale of testing. (b) design inspections and code inspections. Validation typically involves actual testing and takes place after verifications are completed. What's an 'inspection'? • An inspection is more formalized than a 'walkthrough'. requirements. reader. plans. Incremental integration testing . Unit testing .

involves testing of a complete application environment in a situation that mimics real-world use. Clearly this is subjective. and will depend on the targeted end-user or customer.testing how well the system protects against unauthorized internal or external access. the 'macro' end of the test scale.Aditi Technologies Basic Concepts of Software Testing • • • • • • • • • • • • • • • etc.testing how well a system recovers from crashes. the software may not be in a 'sane' enough condition to warrant further testing in its current state. Sanity testing or smoke testing .black-box type testing that is based on overall requirements specifications. if the new software is crashing systems every 5 minutes. hardware failures. or corrupting databases.testing an application under heavy loads. willful damage. or upgrade install/uninstall processes. Ideally 'performance' testing (and any other 'type' of testing) is defined in requirements documentation or QA or Test Plans.testing of full. applications.final testing based on specifications of the end-user or customer.testing how well software performs in a particular hardware/software/operating system/network/etc. Also used to describe such tests as system functional testing while under unusually heavy loads. bogging down systems to a crawl.black-box type testing geared to functional requirements of an application.term often used interchangeably with 'stress' and 'load' testing. Load testing . input of large numerical values. This type of testing is especially relevant to client/server and distributed systems. For example. Compatability testing .testing for 'user-friendliness'. Functional testing . Automated testing tools can be especially useful for this type of testing. environment. Recovery testing . video recording of user sessions.typically an initial testing effort to determine if a new software version is performing well enough to accept it for a major testing effort. Page 55 of 60 . may require sophisticated testing techniques. or based on use by end-users/customers over some limited period of time. End-to-end testing . Stress testing . Programmers and testers are usually not appropriate as usability testers. Usability testing . such as testing of a web site under a range of loads to determine at what point the system's response time degrades or fails. surveys.term often used interchangeably with 'load' and 'performance' testing. or other catastrophic problems.similar to system testing. this type of testing should be done by testers. using network communications.typically used interchangeably with 'recovery testing' Security testing . Failover testing . Regression testing . and other techniques can be used. etc. large complex queries to a database system.) System testing . Install/uninstall testing .re-testing after fixes or modifications of the software or its environment. covers all combined parts of a system. etc. especially near the end of the development cycle. such as interacting with a database. or interacting with other hardware. Acceptance testing . Performance testing . User interviews. This doesn't mean that the programmers shouldn't check that their code works before releasing it (which of course applies to any stage of testing. It can be difficult to determine how much re-testing is needed. or systems if appropriate. heavy repetition of certain actions or inputs. partial.

Stick to initial requirements as much as possible .testing of an application when development is nearing completion.Aditi Technologies Basic Concepts of Software Testing • • • • • • • • Exploratory testing .allow adequate time for planning. minor design changes may still be made as a result of such testing. testing. the testing approach for life-critical medical equipment software would be completely different than that for a low-cost computer game.testing driven by an understanding of the environment. and be prepared to explain consequences.comparing software weaknesses and strengths to competing products. not paper. insure that information/documentation is available and upto-date . continuous coordination with customers/end-users is necessary. but often taken to mean that the testers have significant understanding of the software before testing it. Ad-hoc testing .determining if software is satisfactory to an enduser or customer. What are 5 common problems in the software development process? • Solid requirements . detailed. Beta testing . complete. networked bug-tracking tools and change management tools. and documentation.start testing early on. design. informal software test that is not based on formal test plans or test cases.testing when development and testing are essentially completed and final bugs and problems need to be found before final release. If possible. culture. Alpha testing . use protoypes if possible to clarify customers' expectations. Typically done by end-users or others. promote teamwork and cooperation.clear. 'Early' testing ideally includes unit testing by developers and built-in testing and diagnostic capabilities. This will provide them a higher comfort level with their requirements decisions and minimize excessive changes later on.preferably electronic. testers may be learning the software as they test it. attainable. by deliberately introducing various code changes ('bugs') and retesting with the original test data/cases to determine if the 'bugs' are detected. For example. User acceptance testing . plan for adequate time for testing and bug-fixing. Mutation testing .often taken to mean a creative. changes. work closely with customers/end-users to manage expectations.be prepared to defend against excessive changes and additions once development has begun. they should be adequately reflected in related schedule changes. groupware. Communication .a method for determining if a set of test data or test cases is useful.require walkthroughs and inspections when appropriate. make extensive use of group communication tools . • • • • Page 56 of 60 . re-test after fixes or changes. Context-driven testing . Typically done by end-users or others.. Adequate testing . etc. re-testing. Realistic schedules . Proper implementation requires large computational resources.e-mail. not by programmers or testers. bug fixing. personnel should be able to complete the project without burning out. In 'agile'-type environments. Use prototypes to help nail down requirements. testable requirements that are agreed to by all players. cohesive. If changes are necessary.similar to exploratory testing. not by programmers or testers. intranet capabilities. and intended use of software. 11. Comparison testing .

a common rule of thumb is that there should be at least as many lines of comments (including header blocks) as lines of code. However. One code statement per line. quality is obviously a subjective term. Each type of 'customer' will have their own slant on 'quality' .) In adding comments. the development organization's. No matter how small. avoid abbreviations. etc. It will depend on who the 'customer' is and their overall influence in the scheme of things.the accounting department might define quality in terms of profits while an end-user might define quality as user-friendly and bug-free. indentations. stockholders. Use whitespace generously . use as many characters as necessary to be adequately descriptive (use of more than 20 characters is not out of line). magazine columnists. an application should include documentaion of the overall program function and flow (even a few paragraphs is better than • • • • • • • • • • • • Page 57 of 60 .use both upper and lower case. What is software 'quality'? • Quality software is reasonably bug-free. Management/accountants/testers/salespeople. avoid abbreviations. naming conventions. Use descriptive function and method names . be consistent in naming conventions. Organize code for readability. here are some typical ideas to consider in setting rules/standards. delivered on time and within budget. less than 100 lines of code is good. and is maintainable.use both upper and lower case. Function descriptions should be clearly spelled out in comments preceding a function's code. Some organizations have coding 'standards' that all developers are supposed to adhere to.vertically and horizontally. and is readable and maintainable. such as McCabe Complexity metrics. It should be kept in mind that excessive use of standards and rules can stifle productivity and creativity. Function and method sizes should be minimized. but everyone has different ideas about what's best. What is 'good code'? • 'Good code' is code that works. be consistent in naming conventions. customer acceptance testers. A wideangle view of the 'customers' of a software development project might include end-users. less than 50 lines is preferable. 'buddy checks' code analysis tools. future software maintenance engineers. meets requirements and/or expectations. Each line of code should contain 70 characters max. customer contract officers. Coding style should be consistent throught a program (eg. 'Peer reviews'. err on the side of too many rather than too few comments. • 13. customer management. Use descriptive variable names . or what is too many or too few rules. these may or may not apply to a particular situation: Minimize or eliminate use of global variables. is bug free. can be used to check for problems and enforce standards. For C and C++ coding.Aditi Technologies Basic Concepts of Software Testing 12. etc. use of brackets. etc. use as many characters as necessary to be adequately descriptive (use of more than 20 characters is not out of line). There are also various theories and metrics.

requirements management. or if possible a separate flow chart and detailed program documentation. However.standard software development and maintenance processes are integrated throughout an organization. initiated by the U. It is geared to large organizations such as large U. What is 'good design'? • 'Design' could refer to many things. Level 1 . Few if any processes in place. understandable. but often refers to 'functional design' or 'internal design'. Level 2 . avoid too many levels of inheritance in class heirarchies (relative to the size and complexity of the application). easily modifiable. Good internal design is indicated by software code whose overall structure is clear.S. to minimize complexity and increase maintainability.) For C++. keep class methods small. What is SEI? CMM? CMMI? ISO? IEEE? ANSI? Will it help? • • SEI = 'Software Engineering Institute' at Carnegie-Mellon University. less than 50 lines of code per method is preferable. a Software Engineering Process • • • Page 58 of 60 . Defense Department contractors. and minimize use of operator overloading (note that the Java programming language eliminates multiple inheritance and operator overloading. make liberal use of exception handlers. Good functional design is indicated by an application whose functionality can be traced back to customer and end-user requirements. realistic planning. many of the QA processes involved are appropriate to any organization. Defense Department to help improve software development processes. successful practices can be repeated. CMM = 'Capability Maturity Model'. periodic panics. successes may not be repeatable. some common rules-of-thumb include: The program should act in a way that least surprises the user It should always be evident to the user what can be done next and how to exit The program shouldn't let the users do something stupid without warning them. • • • 15. Make extensive use of error handling procedures and status and error logging. It's a model of 5 levels of process 'maturity' that determine effectiveness in delivering quality software. Minimize use of multiple inheritance.For programs that have a user interface. developed by the SEI. and maintainable.Aditi Technologies Basic Concepts of Software Testing • • • • nothing). and configuration management processes are in place.S. now called the CMMI ('Capability Maturity Model Integration'). and heroic efforts required by individuals to successfully complete projects. For C++. is robust with sufficient error-handling and status logging capability.software project tracking. Organizations can receive CMMI ratings by undergoing assessments by qualified auditors. For C++. 14. and works correctly when implemented. and if reasonably applied can be helpful. it's often a good idea to assume that the end user will have little computer knowledge and may not read a user manual or even the on-line help. Level 3 .characterized by chaos.

Will automated testing tools make testing easier? Page 59 of 60 . maintenance. the standards can be purchased via the ASQ web site at http://e-standards. updates. after which a complete reassessment is required. internal design. and it applies to many kinds of production and manufacturing organizations. and other aspects.S. document preparation.the focus is on continuous process improvement. 1018 organizations were assessed. ISO = 'International Organization for Standardization' .Quality Management Systems: Fundamentals and Vocabulary.it indicates only that documented processes are followed. 27% were rated at Level 1. Of those. Perspective on CMM ratings: During 1997-2001. the most problematical key process area was in Software Quality Assurance.asq. (For ratings during the period 1992-96. 17. To be ISO 9001 certified.. testing. documentation planning. functional design. The impact of new processes and technologies can be predicted and effectively implemented when required. and other processes. development.4% at 5. Other software development/IT management process assessment methods besides CMMI and ISO 9000 include SPICE. 'IEEE Standard of Software Unit Testing (IEEE/ANSI Standard 1008). 'IEEE Standard for Software Quality Assurance Plans' (IEEE/ANSI Standard 730). 39% at 2. servicing. It includes aspects such as initial concept. 32% of organizations were U. phase-out. In the U. and CobiT.) The median size of organizations was 100 software engineering/maintenance personnel. (c)Q9004-2000 . and 0.The ISO 9001:2000 standard (which replaces the previous standard of 1994) concerns quality systems that are assessed by outside auditors. 13% at 3. and quality is consistently high. requirements analysis. coding.org/ IEEE = 'Institute of Electrical and Electronics Engineers' .iso. creates standards such as 'IEEE Standard for Software Test Documentation' (IEEE/ANSI Standard 829). processes.Quality Management Systems: Requirements. ITIL. federal contractors or agencies. and training programs are used to ensure understanding and compliance. retesting. the primary industrial standards body in the U. 23% at 2. integration. MOF. Trillium. 62% were at Level 1.ch/ for the latest information.among other things. 23% at 3.metrics are used to track productivity. TickIT. ANSI = 'American National Standards Institute'. testing. Also see http://www. Note that ISO certification does not necessarily indicate quality products . not just software. 6% at 4. The full set of standards consists of: (a)Q9001-2000 . and certification is typically good for about 3 years. publishes some software-related standards in conjunction with the IEEE and ASQ (American Society for Quality). 16. and products. production.Aditi Technologies Basic Concepts of Software Testing • • • • • • • Group is is in place to oversee software processes. Level 4 . For those rated at Level 1. Level 5 . 2% at 4.S. (b)Q90002000 . It covers documentation.S.Quality Management Systems: Guidelines for Performance Improvements. Bootstrap. design. installation. and 5% at 5. a third-party auditor assesses an organization. Project performance is predictable. test planning. and others. What is the 'software life cycle'? • The life cycle begins when an application is first conceived and ends when it is no longer in use.

etc. the primary being: http://www. Web test tools . and configuration management.for test case management. Coverage analyzers . documentation. The problem with such tools is that if there are continual changes to the system being tested. interpretation and analysis of results (screens. and maintenance of automated tests/test cases. logs. The 'recording' is typically in the form of text based on a scripting language that is interpretable by the testing tool. If new buttons are added. etc. documentation management. The test drivers 'read' the data/action information to perform specified tests. path coverage.since they are separate from the test drivers. etc.for testing client/server and web applications under various load levels.such as bounds-checkers and leak detectors. buttons. HTML code usage is correct. or on-going long-term projects they can be valuable. or some underlying code in the application is changed. dialog box choices. data. The data and actions can be more easily maintained . Note that there are record/playback tools for text-based interfaces also. in an application GUI and have them 'recorded' and the results logged by a tool. Other tools . Another common type of approach for automation of functional testing is 'data-driven' or 'keyword-driven' automated testing. etc. development.monitor code complexity. For larger projects. Memory analyzers . Load/performance test tools . A common type of automated tool is the 'record/playback' type. and may be oriented to code statement coverage. the 'recordings' may have to be changed so much that it becomes very time-consuming to continuously update the scripts. This document is for internal purposes only. the application might then be retested by just 'playing back' the 'recorded' actions. This approach can enable more efficient control. a tester could click through all combinations of menu choices. Test drivers can be in the form of automated test tools or custom-written testing software.to check that links are valid. the time needed to learn and implement them may not be worth it. adherence to standards. Other automated tools can include: Code analyzers .such as via a spreadsheet .Aditi Technologies Basic Concepts of Software Testing • • • • • • • • • • Possibly For small projects. Additionally. bug reporting. in which the test drivers are separated from the data and/or actions utilized in testing (an 'action' would be something like 'enter a value in a text box'). client-side and server-side programs work.vyomworld.these tools check which parts of the code have been exercised by a test. and comparing the logging results to check effects of the changes. The same has then been reviewed and restructured for better reading and understanding. a web site's interactions are secure. etc. For example.) can be a difficult task.com/testing/. and for all types of platforms. Page 60 of 60 . condition coverage. All contents of this document have been collated from various resources.

Sign up to vote on this title
UsefulNot useful