Category Archives: CS-443

Week 18B – C Testing

For this week, I wanted to look at how different languages handle test cases, and I’ll continue with one I’m not the most familiar with, C! I’ve worked in small amount of C in classes at Worcester State, but have little experience outside of that. I feel like this is a good topic to discuss as knowing how other programming languages handle unit testing would be a great way to expand my knowledge when it comes to furthering my understanding of it within Java.

If you haven’t already read my other blog post on Python testing, feel free to read it right here!

Week 18A – Python Testing

For learning about unit testing in C, I consulted this article on the subject: https://interrupt.memfault.com/blog/unit-testing-basics

It seems like unit testing in C is a lot more barebones compared to Java, which in my experience utilizing C, makes sense for the language. A lot of features primarily used in Java, like object-oriented structures aren’t available in C (to my understanding, could totally be wrong).

For one major aspect, there seems to be only one assertion command in C, just simply “assert”. Theres no assertTrue, assertFalse, assertThrows, or assertEquals, just simply “assert”. And from the example given below:

#include <assert.h>

// In my_sum.c
int my_sum(int a, int b) {
  return a + b;
}

// In test_my_sum.c
int main(int argc, char *argv[]) {
  assert(2 == my_sum(1, 1));
  assert(-2 == my_sum(-1, -1));
  assert(0 == my_sum(0, 0));
  // ...
  return(0);
}

It seems the “assert” function comes from the <assert.h> library, much like the JUnit librarys used in Java. But more importantly, it seems that “assert” is the equivalent of “assertEquals”.

It also seems like Unit Testing in C is best implemented with tools outside of a compiler for C. The ones mentioned in the article in specific were CppUTest, Unity, and Google Test. For the rest of the article, the use examples using CppUTest. It was interesting to hear one of the options being called Unity, which is the name of a game engine, which, while not written in C, is written in a mixture of C# and C++, which are both offshoots of C. Makes me wonder how testing in a gaming engine works, perhaps it’s something to look at in a future blog post, hint hint, wink wink.

CppUTest seems to implement the same SetUp() and Teardown() functions that JUnit can employ, which is really good, as these methods are important for testing multiple methods. It also seems to have more then just an Equals assertion, even though the example used is another equals example.

This gets me more interested in C, as I have been told understanding C allows you to understand other languages much more clearly. Perhaps I’ll take a deeper dive some day, who knows! Until next time, my readers~!

From the blog CS@Worcester – You're Telling Me A Shrimp Wrote This Code?! by tempurashrimple and used with permission of the author. All other rights reserved by the author.

Week 18A – Python Testing

For this week, I wanted to look at how different languages handle test cases, and I’ll begin with the one I’m the most familiar with, Python! I’ve worked with Python in small amounts in the past, and have an understanding a lot of it’s syntaxes are similar to java’s, albeit simpler. I feel like this is a good topic to discuss as knowing how other programming languages handle unit testing would be a great way to expand my knowledge when it comes to furthering my understanding of it within Java.

For this, I’ll be looking at the official page for unittest on Python’s website, here:

https://docs.python.org/3/library/unittest.html

Right off the bat, I’m really interested in the fact that unittest is actually based directly off of JUnit! Which means a lot of the syntax, formatting, and framework is quite similar, just modified to fit the mold of Python.

Looking at the snippet they gave as an example…

import unittest

class TestStringMethods(unittest.TestCase):

    def test_upper(self):
        self.assertEqual('foo'.upper(), 'FOO')

    def test_isupper(self):
        self.assertTrue('FOO'.isupper())
        self.assertFalse('Foo'.isupper())

    def test_split(self):
        s = 'hello world'
        self.assertEqual(s.split(), ['hello', 'world'])
        # check that s.split fails when the separator is not a string
        with self.assertRaises(TypeError):
            s.split(2)

if __name__ == '__main__':
    unittest.main()

In this, it seems the way you define test blocks is by having a class with (unittest.testcase) and then doing “def” to define each test case.

Even the assertions are the same and written near identically, as the first three use assertEqual, which is identical to javas assertEquals, minus the s, and assertTrue and assertFalse, which are also identical to their java counterparts. assertRaises, which is used in the third test, seems to be Python’s equivalent to assertThrows, however, it seems to be a bit different in comparison. assertRaises seems to identify a specific kind of exception being raised, whereas assertThrows would just identify any exception in general.

The last line also is a block of code that allows an easy way to run all the tests, so when you run unittest.main() in a command line, it will automatically run all the tests and display the results.

There also seems to be a whole bunch of different command line options to display results and modify the ways in which its run. As an example, theres “-v”, which stands for verbosity, much like the bash command, which shows the results of each individual test being run, like below:

test_isupper (__main__.TestStringMethods.test_isupper) ... ok
test_split (__main__.TestStringMethods.test_split) ... ok
test_upper (__main__.TestStringMethods.test_upper) ... ok

----------------------------------------------------------------------
Ran 3 tests in 0.001s

OK

It seems extremely interesting and makes me want to learn more Python, which would definitely help me in my career in all sorts of ways! Next blog we will be looking at how unit testing works in C. Until then!

From the blog CS@Worcester – You're Telling Me A Shrimp Wrote This Code?! by tempurashrimple and used with permission of the author. All other rights reserved by the author.

Behavior Driven Development

Behavior Driven Development ( BDD ) is a test practice that makes sure there is good quality by automating test before or during system behavior specification. BDD test focuses on facing scenarios that describe the behavior of a story, feature, or capability from a user’s perspective. When the tests are automated they make sure that the system constantly meets the required behavior.

The Behavior Driven Development Process

The BDD process has three phases to it. The discovery phase, formulation phase, and the automation phase.

1.) Discover phase: This phase is where the user creates the initial acceptance agenda for the feature. This phase is usually done in a collaborative manor, each team member is contributing.

2.) Formulation phase: This phase is where the acceptance agenda sets into detailed acceptance tests, as the backlog item gets closer to implementation. This phase also incorporates specific examples of the behavior.

3.) Automation phase: This phase is where automation tests are automated to run constantly. This is to make sure that the new system supports the new behavior.

Benefits of Behavior Driven Development

1.) Early detection of errors / defects: When you automate tests in the early stages of development process, you can identify and address the issues. BDD allows for the early detection of defects.

2.) Faster Flow and Time: when using BDD, you can reduce the errors, rework, and replan. BDD accelerates the flow of the development process. Developers can produce features / products faster and more efficiently.

3.) Stronger Test Coverage: BDD allows for a more comprehensive test coverage that focuses on the user behavior and scenarios. Both common and edge cases are tested as well.

4.) Clear understanding: BDD can be plain and clear to understand, because specific scenarios are used to describe the behavior from a user’s point of view. This helps the development to fully understand the requirements and whats going on.

Why I chose this resource

I chose this article ” Behavior Driven Development” because it provided a detail look of a very important test method that goes in conjunction with the technical and business aspect of testing. Understanding BDD is important in today’s society of software development, for giving an efficient and more user friendly user products.

Personal Reflection

This article increased my understanding of BDD and the use of it in software development. I learned a lot about how BDD strengthens collaboration and communication between the business side of things and the technical side of things. This helps to ensure that user’s expectations and requirements are met. The new found knowledge will be extremely valuable in my future endeavors because I will incorporate this method in my future projects. This will help to improve the development process and product efficiency and quality. Also, by using BDD I can make sure that all requirements and specifications are met.

The full article is here: https://scaledagileframework.com/behavior-driven-development/

From the blog CS@Worcester – In's and Out's of Software Testing by Jaylon Brodie and used with permission of the author. All other rights reserved by the author.

Static Testing vs. Dynamic Testing

Testing in software development is important because it helps to deliver efficient and user friendly products to the end user. It also provides the developers with a chance to improve upon the product. Static and Dynamic testing are two important techniques used in software development.

Static Testing

Static Testing has various names like Verification Testing, Non-execution Testing, etc. This testing technique is used to identify defects in software without actually executing the code. This method usually includes manual and automated evaluation of the software and the code. Developers use this method usually in the beginning stages of the development process to catch issues early on, which will also lead to be easier and cheap to fix. This method focuses on reviewing the test cases, test scripts, test plans, and source code.

Static Testing Techniques

1.) Informal Reviews: Developers review each of the documents and give feedback

2.) Walkthroughs: Someone presents the product to the team and someone else takes notes.

3.) Technical Reviews / Code Reviews: review the technical specifications and the source code to make sure everything meets the requirements and standards.

4.) Inspection: Check for defects. Developers usually review the process with a checklist to help identify and record for defects.

Dynamic Testing

Dynamic Testing is a technique that analyzes the dynamic behavior of the code by actually executing it. This method makes sure to check that the software functions correctly and that there are no underlying issues / conditions. Sometimes developers use this method in conjunction with black box or white box testing to provide more realistic results.

Dynamic Testing Techniques

1.) White Box Testing: Examines the internal code structure. You need to actually have the internal code (source code)

2.) Black Box Testing: Checks the functionality without the actual internal code (source code) .

Benefits of both Static Testing and Dynamic Testing

1.) Early detection of defects

2.) Cost efficient

3.) Showcases runtime errors

4.) Reliability

Why I picked this Resource

I chose the article “Static Testing vs. Dynamic Testing” because this article gave me a more detailed and in depth look between two very important testing methods that are currently being used in todays society. It is very important to understand these two testing methods in the software development process because they can deliver efficient and user friendly products to the end user. This article also aligns with what we have learned in the course, making it relevant to talk about and to understand.

Personal Reflection

This article deepened my understanding of static and dynamic testing. I was able to learn a lot about these two testing methods that I did not know, even the many benefits that each method has. Knowing how crucial these two methods are in the software development process and what I know now, this knowledge will help me on my future endeavors when approaching new projects in regards to testing .

The full article is here: https://www.geeksforgeeks.org/difference-between-static-and-dynamic-testing/

From the blog CS@Worcester – In's and Out's of Software Testing by Jaylon Brodie and used with permission of the author. All other rights reserved by the author.

Test Doubles

Test doubles are a very important tool in software testing. Test doubles allow for users to break off a portion of their code to test specific parts and functions. This helps because users can do this without depending on the other factors within their code. Test doubles are substitutes, they copy the behavior of real objects. This helps to make sure that the tests remain structured and efficient.

Overview of Test Doubles

For this blog post, I chose the Article “Test Doubles: Mocks, Stubs, and Fakes Explained” by Martin Fowler. The article talks a lot about the overview of the different types of test doubles, their roles, and how they can be used in testing.

Types of Test Doubles

1.) Dummy: A dummy object is required for the creation of another object required in the code. Dummy objects will never be used in the test, they are simply like place holders to satisfy the code and its requirements.

2.) Fake: A fake is an object that will always have the same return value. This object is useful for testing certain scenarios, like a user that is logged in or in a consistent database response. They are simple implementations that are not that suitable for production but are good for testing.

3.) Stub: A stub will provided predetermined responses to method calls. Stubs usually imitate the behavior of external components like databases or web services.

4.) Spy: A spy will record information about the interactions with the object being under tests. This helps verify interactions and make sure there is the correct behavior in method calls.

5.) Mock: A mock can be a more advanced test double that will allow for dynamic behavior based on the test scenario. They verify interactions and can change behavior based on conditions. They are useful for ensuring that certain methods are called with specific parameters during the test.

Benefits of Using a Test Double

1.) Early detection of errors/issues: Using Test Doubles will help the users to find any issues within the code. This helps with reducing the risk of defects in production

2.) Cost Efficiency: Using Test Doubles will significantly help to reduce the costs that will come with fixing the issues later in the development process.

Why I Picked this Resource

I chose this resource for the blog post because it provided an in depth overview of the various types of test doubles and their specific role within testing. This article’s contents had some similarities of what we discussed in the class, making it relevant and valuable.

Personal Reflection

This article not only increased my understanding on the topic of Test Doubles, but it also showed my how unique and important each one can be in regards to testing. I also learned the various benefits of these test doubles, so when I choose one in my future endeavors I will know which one will benefit me the most.

In my future endeavors, I plan on using what I have learned about these Test Doubles objects by implementing them on future projects. This new found knowledge will help me to make better decisions in the future and will also improve the quality of my work.

The full Article is here: https://ahmadgsufi.medium.com/test-doubles-understanding-the-different-types-and-their-role-in-testing-67cbf71ea252

From the blog CS@Worcester – In's and Out's of Software Testing by Jaylon Brodie and used with permission of the author. All other rights reserved by the author.

Security Testing

In software development security testing is very important to making sure applications are strong enough against cyber attacks. Security testing encompasses a variety of practices like, application security testing, and penetration testing.

Overview of Security testing

For this blog post, I chose the article ” Security Testing from Bright Security. The article provides a lot of insight on security testing, it’s goal, benefits of security testing, key principles, and the different types of security testing.

1.) Goals: The article showcases the main goals of security testing, which are realizing what assess needs protection, identifying the potential threats and vulnerabilities, evaluate the risks that come with the vulnerabilities.

2.) Key Principles: The article covers the main key principles of security testing, which are availability, integrity, authentication, and authorization. These principles make sure that important/sensitive information is accessed only by authorized users, and that it remains accurate and trustworthy.

3.) Different types of Security Testing:

. Penetration Testing: This security testing method replicates real world cyber attacks to test the effectiveness of already existing security measures.

. Application Security Testing: This security testing method finds and eliminates the vulnerabilities within software applications.

. Web Application Security Testing: This security testing methods test different techniques that gauges the vulnerability of web applications.

. Security Audits and risks Assessment: This is a test method that checks to make sure that everything is structured properly and in compliance with the rules/standards.

4.) Benefits of Security Testing:

. Early Detection of Vulnerabilities: Security testing allows for the early recognition of potential security issues, reducing the risk of exposure.

. Risk Management: When the vulnerabilities are identified, then we can create solutions to solve the risks of a cyber attack or data leak.

. Trust and Cost Efficient: Early detection of risks and vulnerabilities will not only enhance the rust of customers but it will significantly reduce the cost of a data breach and various fines.

Why I picked this Resource

I picked this resource because it provided a comprehensive and detailed overview of Security Testing. This Article had a lot of similarities with the topics that we covered in our course. Also, the article makes it easier to understand the nature of security testing and various practices and principles associated with it.

Personal Reflection

Reading this article expanded my understanding of security testing beyond what we learned in class. I learned how important it is to just about everything related to technology. Identifying threats, risks, and vulnerabilities and how each of these things come together to reduce cyber attacks. One thing that I can takeaway from this is learning about the various types of Security Testing and each one does something different, but all have a similar goal.

In my future endeavors, I plan on using what I have learned about these Security Testing principles by implementing them on future projects. This new found knowledge will help me to make better decisions in the future.

The full Article is here:
https://brightsec.com/blog/security-testing/

From the blog CS@Worcester – In's and Out's of Software Testing by Jaylon Brodie and used with permission of the author. All other rights reserved by the author.

7 Steps to a Great Software Tester

Introduction: Enhancing your software testing skills requires a strategic approach encompassing organization, communication, clarity, and a positive mindset. In this guide, we’ll explore seven steps to elevate your testing capabilities and contribute effectively to your team’s success.

Step 1: Organize Everything

Organize your testing details to avoid missing important information.
Utilize a structured method to store communication and project details for easy access and reference.
Keeping all pertinent information in one place ensures clarity and helps in forming a cohesive testing strategy.

Step 2: Write Detailed Bug Reports

Craft clean and detailed bug reports to assist your team members and developers effectively.
Emphasize detail, clarity, and relevance in bug report writing.
Ensure bug reports are comprehensive yet concise, avoiding unnecessary information.

Step 3: Write Clear Test Cases

Clear and concise test cases are crucial for effective software testing.
Focus on clarity and simplicity in test case creation to facilitate efficient execution by your team members.
Optimal test cases typically range between 3-8 steps, minimizing the likelihood of errors during execution.

Step 4: Take Part and Communicate

Testing is a collaborative effort; involve all team members from the outset to enhance efficiency.
Keep the entire team informed and engaged to ensure a thorough understanding of project goals and requirements.
Early involvement and clear communication minimize risks, delays, and misunderstandings.

Step 5: Ask Yourself Questions

Testing involves decision-making and problem-solving; ask pertinent questions to guide your testing approach.
Clarify the objectives of your tests and select appropriate testing techniques to achieve desired results efficiently.
Refine your testing process by filtering out less relevant techniques and focusing on those that align with project goals.

Step 6: Maintain a Positive Mindset

A positive mindset significantly impacts testing outcomes; approach testing with optimism and determination.
Believe in your ability to uncover critical bugs and contribute positively to the project’s success.
Positivity is contagious and can inspire your team members to perform at their best, enhancing overall testing efficiency.

Step 7: Don’t Test Initially

Before diving into testing, take time to explore the application and understand its goals and features.
Familiarize yourself with the intricacies of the application to plan an efficient and effective testing strategy.
Align your testing goals with the objectives of the application to deliver impactful results.

Reflection: Each step emphasizes not only technical proficiency but also collaboration and strategic thinking. I’ve seen improvements in my testing approach, including clearer bug reports, more efficient test case creation, and enhanced teamwork. Moving forward, I intend to refer back to these seven steps before revieing or testing anything.

Conclusion: By following these seven steps, you can enhance your testing skills and make significant contributions to your team’s success. Embrace organization, communication, clarity, and a positive mindset to elevate your testing capabilities and achieve optimal results in your software testing endeavors.

Source – https://testlio.com/blog/how-to-be-an-efficient-software-tester/

From the blog CS@Worcester – CS: Start to Finish by mrjfatal and used with permission of the author. All other rights reserved by the author.

Security Testing

Introduction: In today’s digital age, where cyber threats loom large, ensuring the security of software systems and applications is paramount. Security testing emerges as a crucial practice in safeguarding sensitive data and resources from potential intruders. As I delve into the realm of security testing, I aim to explore its multifaceted nature and understand its significance in the realm of software development.

Selected Resource: The selected resource, an article from GeeksforGeeks, provides a overview of security testing, covering its goals, principles, focus areas, types, advantages, and disadvantages.

Focus Areas in Security Testing:

Authentication and Authorization: Testing the system’s ability to properly authenticate and authorize users and devices.
Network and Infrastructure Security: Testing the security of the system’s network and infrastructure, including firewalls, routers, and other network devices.
Application Security: Testing the security of the system’s applications, including testing for cross-site scripting, injection attacks, and other vulnerabilities.
Data Security: Testing the security of the system’s data, including testing for data encryption, integrity, and leakage.
Compliance: Testing the system’s compliance with relevant security standards and regulations.

Types of Security Testing:

Vulnerability Scanning: Automated scanning to detect known vulnerability patterns.
Security Scanning: Identification of network and system weaknesses, followed by solutions for risk reduction.
Penetration Testing: Simulation of attacks from malicious hackers to identify potential vulnerabilities.
Risk Assessment: Analysis of security risks in the organization, classifying them into low, medium, and high categories.
Security Auditing: Internal inspection of applications and operating systems for security defects.
Ethical Hacking: Exposing security flaws in the organization’s system through controlled hacking attempts.
Posture Assessment: Combining security scanning, ethical hacking, and risk assessments to provide an overall security posture.

Vulnerability in Security Testing:

Vulnerabilities are weaknesses in a system that could be exploited by attackers to compromise its security.
Identification of vulnerabilities is a crucial aspect of security testing to prevent potential breaches.
Types of vulnerabilities include SQL injection, cross-site scripting, misconfigurations, and weak authentication mechanisms.

Advantages and Disadvantages:

Advantages:
- Identifying vulnerabilities
- Improving system security
- Ensuring compliance
- Reducing risk
- Improving incident response
Disadvantages:
- Resource-intensive nature
- Complexity
- Limited testing scope
- False positives and negatives
- Time-consuming

Reflection and Future Application: Reflecting on the content of the resource, I gained a deeper understanding of the intricate layers involved in security testing, particularly in identifying vulnerabilities. In my future practice, I envision applying the knowledge gleaned from this resource to bolster security measures in software development projects. By integrating robust security testing protocols and leveraging advanced tools and techniques, I aim to enhance the resilience of systems and applications against potential vulnerabilities and threats.

Conclusion: In conclusion, security testing emerges as a cornerstone in ensuring the integrity, confidentiality, and availability of software systems and applications. By embracing a comprehensive approach to security assessment and staying abreast of emerging threats and technologies, we can fortify defenses and navigate the evolving landscape of cybersecurity with confidence and resilience.

Source – https://www.geeksforgeeks.org/security-testing/

From the blog CS@Worcester – CS: Start to Finish by mrjfatal and used with permission of the author. All other rights reserved by the author.

System Testing

System testing is a form of black box testing that assesses the complete functionality and performance of a fully integrated software system. This type of testing is the last stage before the software is released to the end users. The black box testing technique focuses on the system’s overall functionality. By this testing, you can identify any defects or errors in the system and fix them before the software is released. This testing can help improve the software’s quality by identifying and fixing defects and errors. This can help to prevent problems and improve the user experience. You can save time and money by identifying and fixing defects and errors early in development. This is because fixing defects early on is less expensive than fixing them after the software has been released. The purpose of system testing is to ensure that the system meets all requirements and behaves as expected by the end users. Some specific tasks typically performed during this testing include verifying that the system meets all functional requirements, testing the system’s performance under different load conditions, testing the system’s scalability to handle increasing numbers of users, and testing the system’s security against unauthorized access.

It’s also important to know some basic requirements of system testing. Some include functional requirements where the system must meet all its functional requirements, performing all of the tasks that it is intended to perform. The system must be tested in a realistic environment. It must be tested in an environment like the environment in which it will be used which ensures the system works correctly in the real world. The system must be tested thoroughly. The system must be tested properly to ensure that all potential problems are found and fixed. A variety of users must test the system to confirm that it is usable by everyone who need it. Below are some steps to do system testing manually. Analyze the requirements, create a test plan, write test cases, execute the test cases, log the defects, retest the defects and finally generate the test report. Some examples of system testing techniques include functional testing. Under this testing, we have black box testing which focuses on the inputs and outputs without knowing the internal code. White box testing which helps in validating the flow of data and control within the system. I chose this resource because it goes in depth about system testing, why it is used and important, and different types of testing methods.

References.

https://testsigma.com/guides/system-testing/

From the blog CS@Worcester – Site Title by lynnnsubuga and used with permission of the author. All other rights reserved by the author.

Security Testing

Security testing is a combination of the testing techniques used to test the application for security problems. It is mainly used to test the security of the data and functionalities of the application. These vulnerabilities are primarily found in web applications, cloud infrastructure, and blockchain applications. Security testing is a process that evaluates the security of a system and determines its potential vulnerabilities and threats to its security. Security testing is an essential phase in the SDLC and is used to find the security issues in the system to prevent attacks in the real world. This type of testing is not just about the testing the application by breaking into it, but security testing is also about identifying weaknesses in applications that attackers may exploit. Security testing can be done manually or with the help of software tools known as automated security testing tools. Security testing is based on the assessment of potential security threats in the system. It is a process in which the system’s security is tested by performing both positive and negative tests to find the potential security threats in the system.

The main goal of security testing is to identify the threats in the system and measure its potential vulnerabilities so that the threats can be encountered, and the system does not stop functioning or cannot be exploited. There are 5 types of security testing. Vulnerability scanning which identifies vulnerabilities present in software systems or network. Penetration testing which is a testing method in which testers find security weaknesses, usually to determine the risk of damage from possible attackers. Risk assessment which is the process of identifying and prioritizing the risks and threats that may be faced by an organization. Security auditing reviews and assesses an application or network to verify its compliance with standards, regulations and company policy. And finally, source code review verifies that the code complies with the specifications.

Some of the pros of security testing include identifying vulnerabilities early, protecting sensitive data, mitigating security risks, enhancing customer trust and confidence, and finally cost-effective risk management. By incorporating security testing into the software development lifecycle, organizations can proactively safeguard their digital assets and mitigate the risks associated with cyber threats in an increasingly interconnected world. I chose this resource because it explains security testing in depth and why it is important for organizations. We didn’t get a chance to get more practice about security testing in the course but reading about it has given me more knowledge about it.

References.

What is Security Testing and Why is it important?

From the blog CS@Worcester – Site Title by lynnnsubuga and used with permission of the author. All other rights reserved by the author.

Share this:

Share this:

Share this:

Share this:

Share this:

Share this:

Share this:

Share this:

Share this:

Share this: