For this week’s blog post, I decided to discuss the article “Unit Testing vs Test-Driven Development” by Albert Stec. I chose this article because it compliments the unit testing topic in the syllabus. This article discusses what unit testing is, why its important and how it fits into test driven development.

The first part of this article spends some time defining what a unit test is. “Unit test is usually a method that validates a small portion of the source code. So, the unit test is a programmatically written, automatic test. The unit test takes the initial data, passes it to the code under test, and asserts if the execution result is the same as the expected result.” The article then goes on to discuss what a well designed unit test should have.

The five most important parts of writing a good unit test according to the author are that it is fast, isolated, deterministic, readable and simple. “As we can see it looks simple. Although writing efficient unit tests could be complicated depending on the code we want to test. A well-written unit test should be: 1: Fast. A single project can contain a big number of unit tests, even hundreds, or thousands. Moreover, unit tests can be executed often, e. g., while developing a new feature to avoid regression or in CI/CD pipelines. Therefore, they must run as fast as possible. 2: Isolated. A unit test shouldn’t modify or depend on any external state. 3: Deterministic. A unit test should always return the same result no matter how many times we execute it. Of course, if nothing is changed between runs. 4: Readable. Unit tests are code that needs to be maintained. Therefore, it should be clear and easily understandable. 5: Simple. Often we can read that the unit test should contain a single assertion. Although it can be discussable, the fact is unit tests should validate small portions of the source code.” The next part of the article discusses the importance of unit testing in regard to software development.

This last part of the article discusses how unit testing is important to unit testing development. “To write appropriate unit tests before the logic developers spend more time on analyzing and understanding the problem and its domain. Therefore, the code is more likely to meet all requirements and clients’ needs. It’s one of the most important aims of TDD. The cycles play an important role, as the tests become more specific with time while the implementation becomes more generic.”

Article: https://www.baeldung.com/cs/unit-testing-vs-tdd

From the blog CS@Worcester – P. McManus Worcester State CS Blog by patrickmcmanus1 and used with permission of the author. All other rights reserved by the author.

For this week’s blog post, I decided to discuss the article “Object-oriented Testing in Software Testing” by Mitali Varatiya. I chose this article because it compliments the object oriented testing topic in the syllabus. This article discusses what object oriented testing is, how you can develop test cases with object oriented testing, how to implement object oriented testing, different techniques with implementing object oriented testing, and challenges associated with the implementation of object oriented testing.

The author first discusses how object oriented testing can be done at multiple levels of a program, for example the algorithmic, class, cluster, and system levels. “Object Oriented testing can be performed at different levels to detect the issues. At the algorithmic level, a single module of every class should be tested. As discussed earlier, testing of classes is the main concern of the Object Oriented program. Every class gets tested as an individual entity at the class level. Generally, programmers who are creating the classes are involved in testing. Test cases for Object-Oriented Testing in Software Testing can be constructed based on the requirement specifications, programming language, and models.” The author then goes on to discuss how, at the class level, testing focuses on the integration of individual classes and their interactions with other classes in the program. “Once class-level testing is done, Cluster level testing will be performed. Cluster-level testing is the integration of individual classes. The main purpose of doing integration testing is to verify the interconnection between classes and how well they perform interclass interactions.” The author also discusses some ways in which object oriented test cases can be developed.

The author states that conventional methods of developing test cases are sufficient for creating object oriented test cases, but there are some features that may be helpful with object oriented testing that might be looked over when using more typical techniques on their own. “The following points should be considered while creating test cases for object-oriented environments. Which class is going to be tested should be mentioned properly within the test cases. What is the purpose of using particular test cases? What external pre-condition needs to be conducted while performing the test case? All the states should be specified for testing.” The author then discusses some of the challenges with implementing object oriented testing.

Some challenges that are associated with implementing object oriented testing as described by the author are the impossibility of dynamic testing, the necessity of different types of testing to be implemented to properly test the program, and the difficulties associated with the implementation of testing for inheritance in object oriented programs.

Article: https://www.scaler.com/topics/software-testing/object-oriented-testing-in-software-testing/

From the blog CS@Worcester – P. McManus Worcester State CS Blog by patrickmcmanus1 and used with permission of the author. All other rights reserved by the author.

For this week’s blog post, I decided to discuss the article “A Practical Introduction to Test Driven Development” by Luca Piccinelli. I chose this article because it compliments the test driven development topic in the syllabus. This article discusses what test driven development is, the costs of using test driven development versus not using it, and gives some examples of how test driven development is done.

The author of this article is very blunt about their feelings towards test driven development. “These days you read a ton of articles about all the advantages of doing Test Driven Development (TDD). And you probably hear a lot of talks at tech conferences that tell you to “Do the tests!”, and how cool it is to do them. And you know what? Unfortunately, they are right (not necessarily about the “cool” part, but about the useful part). Tests are a MUST!” As mentioned by the other, some of the advantages that come with using test driven development are you write better software, you have more protection from breaking the whole project when new features are introduced, your software is self documented and you avoid over engineering. However, there is a glaring issue with using test driven development: the cost.

The author discusses the costs of using test driven development versus not using test driven development in good detail. The main differences in the costs are not in terms of value but in timing. “It [test driven development] costs a lot! Probably someone is thinking “but it costs even more if you don’t do the tests” — and this is right, too. But these two costs come at different times: you do TDD you have a cost now. You don’t do TDD you will have a cost in the future.” The author feels the best way to reconcile this problem is to do what comes naturally for the project’s development. “The most effective way to get something done is doing it as naturally as possible. The nature of people is to be lazy (here software developers are the best performers) and greedy, so you have to find your way of reducing the costs now. It’s easy to say, but so hard to do!” The next section I will be covering discusses how the author feels test driven development should ne implemented.

The author feels that the best way to implement test driven development practices would be to use a top down approach. “[A top down] approach is the best friend of over-engineering. You typically build the system in order to prevent changes that you think will come in the future, without knowing if they actually will. Then when some requirement changes, it typically happens in a way that doesn’t fit your structure, no matter how good it is. For me the key to drastically reducing the immediate cost of writing with TDD has been to take a top-down approach”

Article: https://www.freecodecamp.org/news/practical-tdd-test-driven-development-84a32044ed0b/

From the blog CS@Worcester – P. McManus Worcester State CS Blog by patrickmcmanus1 and used with permission of the author. All other rights reserved by the author.

For this week’s blog post, I decided to discuss the article “Security Testing: Types, Tools, and Best Practices” by Oliver Moradov. I chose this article because it compliments the security testing topic in the syllabus. This article discusses the main goals of security testing and the key principles behind security testing, and several examples of security testing and testing tools. In this blog post I will be discussing the section on the main goals of security testing

The first section of this article discusses security testing. The article defines security testing as a series of tests determining if the software is vulnerable to cyber-attacks. “Security testing checks whether the software is vulnerable to cyber-attacks and tests the impact of malicious or unexpected inputs on its operations. Security testing provides evidence that systems and information are safe and reliable and that they do not accept unauthorized inputs.” The article also describes security testing as a non-functional form of testing, which means that security testing does not focus on the software’s functionality. Security testing fits more into the category of non-functionality testing, meaning that security testing tests whether or not the application is designed or configured correctly. “Security testing is a type of non-functional testing. Unlike functional testing, which focuses on whether the software’s functions are working properly (“what” the software does), non-functional testing focuses on whether the application is designed and configured correctly (“how” it does it). “

The main goals attributed to security testing mentioned in the article are: identify assets, identify threats and vulnerabilities, identify risk, and perform remediation. The article defines identify assets as: “things that need to be protected, such as software applications and computing infrastructure.” This is essentially what the name describes. It is about finding what needs to be protected. The article then defines identify threats and vulnerabilities as: “activities that can cause damage to an asset, or weaknesses in one or more assets that can be exploited by attackers.” Much like the prior goal mentioned, this one is also fairly self explanatory. It is about finding weaknesses within the software and possible threats that are present. The third main goal the article mentions, identify risk is defined as : “security testing aims to evaluate the risk that specific threats or vulnerabilities will cause a negative impact to the business. Risk is evaluated by identifying the severity of a threat or vulnerability, and the likelihood and impact of exploitation.” Unlike the prior main goals, which are more focused on finding specific instances of something, identify risk is about evaluating the risk being identified not finding it. The last main goal that the article discusses is perform remediation and it is defined as: “security testing is not just a passive evaluation of assets. It provides actionable guidance for remediating vulnerabilities discovered, and can verify that vulnerabilities were successfully fixed.” This main goal is also unique when compared to the prior goals because this goal is focused on finding a solution to a vulnerability.

From the blog CS@Worcester – P. McManus Worcester State CS Blog by patrickmcmanus1 and used with permission of the author. All other rights reserved by the author.

In this week’s blog post, I will be discussing the “The White Belt” pattern discussed in chapter 2 of “Apprenticeship Patterns: Guidance for the Aspiring Software Craftsman” by Dave Hoover and Adewale Oshineye. This week, I chose this topic for my blog post because I think being able to set aside what you have learned in order to learn more is a difficult but important skill.

A quote early into this section that I can personally relate to discusses how your confidence in what you have already learned can cause you to have a harder time learning more. “You are struggling to learn new things, and it seems somehow harder than it was before to acquire new skills. The pace of your self-education seems to be slowing down despite your best efforts. You fear that your personal development may have stalled.” I have been in this position myself more than once. One approach the chapter mentions is called the not knowing stance.

The not-knowing stance, as mentioned in the chapter, is an approach to understanding that you do not and can not currently understand the entirety of what you are trying to accomplish. “Part of the approach Dave took as a family therapist included maintaining a not-knowing stance. Families in difficult circumstances were experiencing a unique reality that, despite his training, Dave knew he could not fully appreciate. While he acknowledged his skills at facilitating constructive questions and conversations, Dave was taught to refrain from believing that he had any expert knowledge into the realities that these families experienced. While this may seem counterintuitive, in reality, it fosters an attitude of respect and curiosity that opens up unforeseen possibilities and solutions. Rather than pushing solutions down on the family, Dave’s not knowing stance helped him to collaborate with the family to find solutions as a team.” As shown in this quote, embracing the not-knowing stance, can help you have a more open mind in trying to solve problems, or learn new things in different ways. Embracing the not-knowing stance is not only incredibly helpful in being able to learn new things, but can also help interpersonally, as shown by the quote.

From the blog CS@Worcester – P. McManus Worcester State CS Blog by patrickmcmanus1 and used with permission of the author. All other rights reserved by the author.

For this week’s blog post, I chose the article “Code Review Best Practices – Lessons from the Trenches” by Drazen Zaric. I chose this article because its topic fits perfectly with the cove review segment in the syllabus. This article discusses why you should do code reviews, how code reviews act as quality assurance, how code reviews function as a team improvement tool, how to prepare a pull request for preview, and, of course, how to review code. In this article, I will be discussing why you should do code reviews and how they work as quality assurance.

Reviewing code is one of the most essential parts of the development process. “It should be obvious that the primary purpose of code review is to assess the quality of the changes being introduced. I mean, the dictionary definition of review says precisely that ‘review (noun) – a formal assessment of something with the intention of instituting change if necessary.’ Of course, code being code, there’s a lot of things that can be checked and tested automatically, so there’s nuance to what needs to be checked in an actual code review.” As mentioned in the article, there are many things that can be tested and should be tested. This leads to a need for many people to review your code, and you will need to review many other people’s code to make sure the best possible software is being developed. Quality assurance must be done well as a significant part of making sure your software is the best it can be.

In this section of the blog post, I will discuss how the article mentions how code review is incredibly useful in quality assurance. “There are many ways in which code reviews help maintain the quality bar for the codebase and the product. In the end, it comes down to catching mistakes at a level that can hardly be automatically tested, such as architectural inconsistencies. Also, the code for automated tests should be reviewed, so there’s a meta-level at which reviews help with QA.” As mentioned, code review’s main boon to quality assurance is finding issues that can’t, or often need to be caught, through traditional testing methods, like automated testing. The article also mentions using checklists for storing what needs to be checked and how and what the results of said checks should be. “You can have your own checklist or make it a shared list for the team or a project. There’s a ton of material written on the usefulness of checklists. In Getting Things Done, David Allen puts forward a simple idea – our minds are great at processing information but terrible at storing and recalling it. That’s why checklists are a great way of externally storing and breaking down a planned or repetitive task.” Having a method of keeping track of what is done, what needs to be done, and what is incomplete is essential in working on any large project, let alone on a software development project.

From the blog CS@Worcester – P. McManus Worcester State CS Blog by patrickmcmanus1 and used with permission of the author. All other rights reserved by the author.

In this week’s blog post, I will be discussing the “Long Road” pattern discussed in chapter 3 of “Apprenticeship Patterns: Guidance for the Aspiring Software Craftsman” by Dave Hoover and Adewale Oshineye. This week, I chose this topic for my blog post because I often worry about not being able to learn or grow more in my field, becoming stagnant because there is nothing else I can learn. Thankfully, this pattern dissuaded those fears of mine and inspired great confidence in my future endeavors.

The quote that this pattern opens with immediately puts much of my concerns about the limits of what I would be able to learn to rest. “‘How long will it take to master aikido?’ a prospective student asks. ‘How long do you expect to live?’ is the only respectable response.” In comparing computer science to Aikido, it implies that no one can possibly learn all that there is to know in computer science. Another quote from this section that makes me even more excited to be a part of this field mentions that for every step you make, the finish line is two steps further away. “For every step you take toward mastery, your destination moves two steps further away. Embrace mastery as a lifelong endeavor. Learn to love the journey.” While this may seem like a disappointing aspect of our field for many, the limitless opportunity for me to grow is why I love this field of knowledge.

I did not think it was possible, but further reading in this section made me even more excited and proud to be in computer science. “Close your eyes and imagine the strangest possible role you could be playing in 10 years’ time. Have fun thinking of the wackiest possible future for yourself. Then think about 20, 30, and 40 years from now. What kinds of experiences do you want to have tried? Imagine that 40 years from now, you are asked to write a short description of your professional history and the biggest influences on your path. Use the output from that thought experiment to help you plan your future career choices.” This quote had me thinking about incredible and outlandish possibilities in this field, which made me even more eager and excited to be in this field than I thought possible.

From the blog CS@Worcester – P. McManus Worcester State CS Blog by patrickmcmanus1 and used with permission of the author. All other rights reserved by the author.

For this week’s blog post, I chose the article “Behavior Testing | What it is, Why & How to Automate?” from testsigma.com. I selected this article because it fits within the Behavioral testing section in the course topics section of the syllabus. This article goes into great detail about behavioral testing, from discussing what it is to explain how AI could be used in its implementation. For this blog post, however, I will discuss the sections on what behavioral testing is and a couple of methods that can be used to catch errors with behavioral testing.

The article describes behavioral testing as a form of functional testing designed to test the external functionality of a system. “Behavior testing or behavioral testing is a type of testing that focuses on testing the external behavior of a software application. It is a type of functional testing. It helps ensure that software systems meet the expectations and requirements of end-users, making it a valuable part of the software development and testing process. Behavior testing is also known as black-box testing.” As described by the article, behavioral testing is essential to ensure that the systems or products you are designing work well enough so your customers can use them efficiently. There are many different methods when using behavioral testing to find errors, such as equivalence partitioning.

According to the article, one method that can be used with behavioral testing that is good at finding errors is Equivalence Partitioning. “The equivalence partitioning testing technique involves dividing the input data into different classes or partitions, such as valid and invalid data, assuming the system will behave the same for both inputs. Example – For a login form, if the password requires at least eight characters, you might test one case with a 6-character password (invalid) and another with a 10-character password (valid).” When using equivalence partitioning, because you are dividing inputs into separate groups, in a way, you can do two things at once. One is that the system functions as it should with valid inputs, and the other can catch invalid inputs. Another way behavioral testing can be implemented is through boundary value analysis.

According to the article, boundary value analysis is a form of behavioral testing focusing on the possible range of inputs, specifically numerical inputs. “It focuses on testing the boundaries of input ranges, as errors often occur at the edges of these ranges. Test cases are designed for values at the lower and upper boundaries and just above and below. Example – If an input field accepts values from 1 to 100, the test data can be 0, 1, 2, 99, 100, and 101.” This kind of testing can be very helpful in making sure that you have accounted for the possible range of inputs that a user may enter, both valid and invalid.

Article: https://testsigma.com/guides/behavior-testing/

From the blog CS@Worcester – P. McManus Worcester State CS Blog by patrickmcmanus1 and used with permission of the author. All other rights reserved by the author.