Professional Documents
Culture Documents
Software Testing Life Cycle (STLC) is a process used to test software and
ensure that quality standards are met. Tests are carried out systematically over
several phases. During product development, phases of the STLC may be
performed multiple times until a product is deemed suitable for release.
The main goal of the STLC is to identify and document any defects or issues in
the software application as early as possible in the development process. This
allows for issues to be addressed and resolved before the software is released to
the public.
PHASES OF STLC
1. Requirement Analysis:
Requirement Analysis is the first step of the Software Testing Life Cycle
(STLC). In this phase quality assurance team understands the
requirements like what is to be tested. If anything is missing or not
understandable then the quality assurance team meets with the
stakeholders to better understand the detailed knowledge of requirements.
ACTIVITIES:
Reviewing the software requirements document (SRD)
Interviewing stakeholders
dentifying any missing or incomplete requirements
Identifying any potential risks
2. Test Planning:
Test Planning is the most efficient phase of the software testing life cycle
where all testing plans are defined. In this phase manager of the testing,
team calculates the estimated effort and cost for the testing work. This
phase gets started once the requirement-gathering phase is completed.
ACTIVITIES:
Identifying the testing objectives and scope
Developing a test strategy
Identifying the testing environment and resources needed
Identifying the test cases that will be executed
Estimating the time and cost required for testing
ACTIVITIES:
Identifying the test cases that will be developed
Writing test cases that are clear, concise, and easy to
understand
Creating test data and test scenarios that will be used in the
test cases
Identifying the expected results for each test case
5. Test Execution:
After the test case development and test environment setup test execution
phase gets started. In this phase testing team starts executing test cases
based on prepared test cases in the earlier step.
ACTIVITIES:
Test Execution
Defect Logging
Test data preparation
Test environment setup
Test execution
Test Result Analysis
Test Reporting
6. Test Closure:
Test closure is the final stage of the Software Testing Life Cycle (STLC)
where all testing-related activities are completed and documented. The
main objective of the test closure stage is to ensure that all testing-related
activities have been completed and that the software is ready for release.
ACTIVITIES:
Test Summary Report
Defect Tracking
Test environment clean-up
Test closure report
Feedback and Improvement
CATEGORIES OF TESTING
1. Manual Testing
2. Automation Testing
1. Manual testing is the most hands-on type of testing and is employed by
every team at some point. Of course, in today’s fast-paced software
development lifecycle, manual testing is tough to scale.
Branch Coverage
In this technique, test cases are designed so that each branch from
all decision points is traversed at least once. In a flowchart, all edges must
be traversed at least once.
Path coverage
Path coverage tests all the paths of the program. This is a
comprehensive technique which ensures that all the paths of the program
are traversed at least once. Path Coverage is even more powerful than
Branch coverage. This technique is useful for testing the complex
programs.
ADVANTAGES
As internal functionality is considered, all the possible conditions
are considered and test cases are generated. Hence all the
functionalities are being tested.
It minutely verifies whether the program can be successfully
executed with other parts of the application.
It identifies error in the hidden code and thus makes debugging
process.
It removes extra lines of code which are not required in the
program thereby optimizing the program and increases the
efficiency.
As the internal coding of the application is considered while
preparing test cases, it becomes very easy to identify the input and
the expected output data.
It helps in evaluating all the loops and paths.
DISADVANTAGES
Techniques:
1 Matrix Testing
Matrix testing is a technique that examines all variables in an
application. In this technique, technical and business risks are defined
by the developers and a list of all application variables are provided.
Matrix technique states all the used variables in a program.
This technique helps to identify and remove the variables which are
not being used in the program and in turn, helps to increase the speed
of the software.
2 Orthogonal Array Testing
Orthogonal array testing is a technique you can use when your
application has only a few inputs that are too complex or large for
extensive testing. This technique enables you to perform test case
optimization, where the quality and number of tests performed balance
test coverage with effort. This technique is systematic and uses
statistics to test pair-based interactions.
3 Regression Testing
Regression testing is performed when any change is done in
the software or any defect is fixed. It is done to ensure that a new change
or fix done has not impacted any existing functionality of the software.
4 Pattern Testing
Pattern testing is applicable to such type of software that is
developed by following the same pattern of previous software. In these
type of software possibility to occur the same type of defects. Pattern
testing determines reasons of the failure so they can be fixed in the next
software.
ADVANTAGES:
Clear testing goals are established, making it easier for
testers and developers
Testing accounts for a user perspective, improving the
overall quality of products
Testers do not need to have a programming expertise
It can provide the benefits of both black and white box
testing
It can eliminate conflicts between developers and testers
It is cheaper than integration testing
DISADVANTAGES:
It can be difficult to associate defects with root causes in
distributed systems
Code path traversals are limited due to restricted access to
internal application structure
Test cases can be difficult to design
2. Automated testing uses test scripts and specialized tools to automate the
process of software testing. Automated testing is the implementation of
an automation tool to execute test cases. This is well-suited for projects
that are large or require testing to be repeated multiple times. It also could
be applied to projects that already have been through an initial manual
testing process.
1. UNIT TESTING
Unit testing is a software testing process for testing specific units,
components, or software elements. This is the most basic type of testing,
and the goal for this level of testing is to validate that each unit of code
performs how it should and is free of bugs, errors, and glitches.
2. INTEGRATION TESTING
Integration testing, which is when different software components and
modules are combined and tested as a group to make sure everything is
ready for the next level. Since a standard software project will likely
consist of various modules, coded by multiple programmers, the goal is to
test to expose potential defects or bugs between the various modules.
Sometimes, this phase is referred to as I & T (integration and testing),
thread testing, or string testing.
3. SYSTEM TESTING
System testing checks for a system’s compliance in accordance with the
necessary given requirements. System testing inspects components like
performance, load, reliability, and security with the goal of evaluating the
end-to-end system specifications.
4. ACCEPTANCE TESTING
Acceptance testing is a quality assurance (QA) process that determines to
what degree an application meets end users' approval. Depending on the
organization, acceptance testing might take the form of beta testing,
application testing, field testing or end-user testing.
Alpha Testing
Alpha testing is performed by testers who are usually internal
employees of the organization.
Alpha testing is performed at the developer’s site.
Alpha testing ensures the quality of the product before
forwarding to beta testing.
Beta Testing
Beta testing is performed by clients who are not part of the
organization.
Beta testing is performed at the end-user of the product.
Beta testing also concentrates on the quality of the product but
collects users input on the product and ensures that the product
is ready for real time users.
1. New: When a new defect is logged and posted for the first time. It is
assigned a status as NEW.
2. Assigned: Once the bug is posted by the tester, the lead of the tester
approves the bug and assigns the bug to the developer team
3. Fixed: When a developer makes a necessary code change and verifies the
change, he or she can make bug status as “Fixed.”
4. Pending retest: Once the defect is fixed the developer gives a particular
code for retesting the code to the tester. Since the software testing
remains pending from the testers end, the status assigned is “pending
retest.”
5. Retest: Tester does the retesting of the code at this stage to check whether
the defect is fixed by the developer or not and changes the status to “Re-
test.”
6. Verified: The tester re-tests the bug after it got fixed by the developer. If
there is no bug detected in the software, then the bug is fixed and the
status assigned is “verified.”
7. Reopen: If the bug persists even after the developer has fixed the bug, the
tester changes the status to “reopened”. Once again the bug goes through
the life cycle.
8. Closed: If the bug is no longer exists then tester assigns the status
“Closed.”
9. Duplicate: If the defect is repeated twice or the defect corresponds to the
same concept of the bug, the status is changed to “duplicate.”
10.Rejected: If the developer feels the defect is not a genuine defect then it
changes the defect to “rejected.”
11.Deferred: If the present bug is not of a prime priority and if it is expected
to get fixed in the next release, then status “Deferred” is assigned to such
bugs
12.Not a bug: If it does not affect the functionality of the application then
the status assigned to a bug is “Not a bug”.
Pesticide paradox:
Repeating the same test cases, again and again, will not find new
bugs. So it is necessary to review
the test cases and add or update test
cases to find new bugs.
BUG
A bug means that the
software product or the
application is not
working as per the
adhered requirements set.
When we have any type of
logical error, it causes
our code to break, which
results in a bug.
DEFECT
A Defect is a deviation between the actual and expected output
A defect refers to a situation when the application is not working as per the
requirement and the actual and expected result of the application or
software are not in sync with each other.
ERROR
An Error is a mistake made in the code due to which compilation or
execution fails.
Error is a situation that happens when the Development team or the
developer fails to understand a requirement definition and hence that
misunderstanding gets translated into buggy code.
FAULT
It is a condition that causes the software to fail to perform its required
function. Sometimes due to certain factors such as Lack of resources or
not following proper steps Fault occurs in software which means that the
logic was not incorporated to handle the errors in the application.
FAILURE
Failure is the accumulation of several defects that ultimately lead to
Software failure and results in the loss of information in critical modules
thereby making the system unresponsive.
TESTING TYPES
Penetration Testing
Penetration testing (or pen testing) is a security exercise where a cyber-
security expert attempts to find and exploit vulnerabilities in a computer
system. The purpose of this simulated attack is to identify any weak spots
in a system’s defenses which attackers could take advantage of
Types
Open-box pen test - In an open-box test, the hacker will be provided with
some information ahead of time regarding the target company’s security
info.
Closed-box pen test - Also known as a ‘single-blind’ test, this is one
where the hacker is given no background information besides the name of
the target company.
Covert pen test - Also known as a ‘double-blind’ pen test, this is a
situation where almost no one in the company is aware that the pen test is
happening, including the IT and security professionals who will be
responding to the attack.
External pen test - In an external test, the ethical hacker goes up against
the company’s external-facing technology, such as their website and
external network servers. This can mean conducting the attack from a
remote location or carrying out the test from a truck or van parked nearby.
Internal pen test - In an internal test, the ethical hacker performs the test
from the company’s internal network. This kind of test is useful in
determining how much damage a disgruntled employee can cause from
behind the company’s firewall.
Pilot Testing:
Testing that involves the users just before actual release to ensure
that users become familiar with the release contents and ultimately accept
it. Typically involves many users, is conducted over a short period of time
and is tightly controlled.
Eg: Google offers the Android Beta Program to Nexus users in order
for them to test the Android operating system.
FUNCTIONAL TESTING
It is used to verify the functionality of the software application,
whether the function is working according to the requirement
specification. In functional testing, each function tested by giving the
value, determining the output, and verifying the actual output with the
expected value.
1. Smoke testing
Smoke testing includes only the basic (feature) functionality
of the system. Smoke testing is known as "Build Verification
Testing." Smoke testing aims to ensure that the most
important function work.
In the smoke testing, we only focus on the positive flow of the
application and enter only valid data, not the invalid data. In
smoke testing, we verify every build is testable or not.
For example, Smoke testing verifies that the application
launches successfully will check that GUI is responsive.
2. Sanity Testing:
Sanity testing involves the entire high-level business scenario
is working correctly. Sanity testing is done to check the
functionality/bugs fixed. Sanity testing is little advance than
smoke testing.
For example, login is working fine; all the buttons are working
correctly; after clicking on the button navigation of the page is
done or not.
3. Retesting:
Retesting is a type of testing performed to check the test cases
that were unsuccessful in the final execution are successfully
pass after the defects fixed. Usually, tester assigns the bug
when they find it while testing the product or its component.
The bug allocated to a developer, and he fixes it. After fixing,
the bug is assigned to a tester for its verification. This testing is
known as retesting.
4. Database Testing:
Database testing is a type of testing which checks the schema,
tables, triggers, etc. of the database under test. Database
testing may involve creating complex queries to load/stress
test the database and check its responsiveness. It checks the
data integrity and consistency.
5. Ad-hoc testing:
Ad-hoc testing is an informal testing type whose aim is to
break the system. This type of software testing is unplanned
activity. It does not follow any test design to create the test
cases. Ad-hoc testing is done randomly on any part of the
application; it does not support any structured way of testing.
6. Static Testing:
Static testing is a software testing technique by which we can
check the defects in software without actually executing it.
Static testing is done to avoid errors in the early stage of the
development as it is easier to find failure in the early stages.
Static testing used to detect the mistakes that may not found in
dynamic testing.
Types of Performance Testing
1. Stress Testing
Stress testing involves testing an application under extreme
workloads to see how it handles high traffic or data processing. The
objective is to identify the breaking point of an application.
2. Load Testing
Load Testing that determines the performance of a system,
software product, or software application under real-life based load
conditions. Basically, load testing determines the behavior of the
application when multiple users use it at the same time. It is the
response of the system measured under varying load conditions.
SECURITY TESTING
1. Vulnerability Scanning:
Vulnerability scanning is performed with the help of automated
software to scan a system to detect the known vulnerability
patterns.
Tools: Netsparker, OpenVAS
2. Security Scanning:
Security scanning is the identification of network and system
weaknesses. Later on it provides solutions for reducing these
defects or risks. Security scanning can be carried out in both
manual and automated ways.
Tools: Nmap, Nessus
3. Penetration Testing:
Penetration testing is the simulation of the attack from a
malicious hacker. It includes an analysis of a particular system to
examine for potential vulnerabilities from a malicious hacker that
attempts to hack the system.
Tools: Astra’s Pentest, Metasploit
4. Risk Assessment:
In risk assessment testing security risks observed in the
organization are analyzed. Risks are classified into three
categories i.e., low, medium and high. This testing endorses
controls and measures to minimize the risk.
Tools: Risk Matrix, Decision Tree, Failure modes and effect
analysis (FMEA)
5. Security Auditing:
Security auditing is an internal inspection of applications and
operating systems for security defects. An audit can also be
carried out via line-by-line checking of code.
Tools: Metasploit, Wireshark
6. Ethical Hacking:
Ethical hacking is different from malicious hacking. The purpose
of ethical hacking is to expose security flaws in the
organization’s system and to improve system security.
Tools: Nmap, BurpSuite, Nessus
7. Posture Assessment:
It combines security scanning, ethical hacking and risk
assessments to provide an overall security posture of an
organization.
8. Application security testing:
Application security testing is a type of testing that focuses on
identifying vulnerabilities in the application itself. It includes
testing the application’s code, configuration, and dependencies to
identify any potential vulnerabilities.
1. Vulnerability
This is the weakness of the web application. The cause of such “weakness”
can be due to the bugs in the application, an injection (SQL/ script code),
or the presence of viruses.
2. URL Manipulation
Changing some information in the URL may sometimes lead to unintended
behavior by the server and this termed URL Manipulation.
3. SQL injection
This is the process of inserting SQL statements through the web
application user interface into some query that is then executed by the
server.
4. XSS (Cross-Site Scripting)
When a user inserts HTML/client-side script in the user interface of a web
application, this insertion is visible to other users and it is termed as XSS.