Category Archives: CS-443

TDD

It’s certainly been a while since my last post. I’ve been slacking way too hard, especially with break, but now it’s time to lock in and focus on my work. 

For this blog post, I’ll be talking about Test Driven Development, or TDD for short. TDD is a “software development practice that focuses on creating unit test cases before developing the actual code.” It attempts to avoid or solve the issues that arise in “traditional testing.” TDD, rather than testing one big system, tests small chunks of code at a time. It also “follows an iterative process, where small chunks of code are developed, tested, and refined until they pass all tests.” This allows for errors to be found, debugged, and fixed as early as possible in the development process (BrowserStack).

In Kent Beck’s blogpost, “Canon TDD,” he lists the steps to properly adhering to TDD:

  1. Write a list of the test scenarios you want to cover
  2. Turn exactly one item on the list into an actual, concrete, runnable test
  3. Change the code to make the test (& all previous tests) pass (adding items to the list as you discover them)
  4. Optionally refactor to improve the implementation design
  5. Until the list is empty, go back to #2

Being introduced to a process that differs so much from the “norm” and is also quite efficient and thorough is both refreshing and exciting to learn about. When this topic was first introduced in class, I was very lost but I picked it up not long after; but then again, the example we followed was a very simple one. Once we moved onto a more advanced one to work on within our groups, I was lost again. I understand the concept of Test Driven Development but putting it into practice, at least for now, seems pretty hard. It also seems like a skill that is easy to pick up but hard to master as some tests can be more beneficial than others when it comes to coverage or time management. 

I feel as though there are little downsides to TDD and when it comes to those downsides, they mostly lie in the capability of the individual. Forgetting to run tests, writing too many tests, writing too much for a test, and writing tests that are impractical are just some of the issues that may arise when using this practice. 

Overall, Test Driven Development is a practice that individuals and teams may want to use to try something new or to test if it’s more effective than their current one. It‘s a very different approach to the development processes that I’m familiar with but that’s not always a bad thing; and in this case, TDD seems like a great practice.

Sources Used:

https://www.browserstack.com/guide/what-is-test-driven-development

https://tidyfirst.substack.com/p/canon-tdd

From the blog CS@Worcester – Kyler's Blog by kylerlai and used with permission of the author. All other rights reserved by the author.

Security Testing

For this week’s blog post, I decided to discuss the article “Security Testing: Types, Tools, and Best Practices” by Oliver Moradov. I chose this article because it compliments the security testing topic in the syllabus. This article discusses the main goals of security testing and the key principles behind security testing, and several examples of security testing and testing tools. In this blog post I will be discussing the section on the main goals of security testing

The first section of this article discusses security testing. The article defines security testing as a series of tests determining if the software is vulnerable to cyber-attacks. “Security testing checks whether the software is vulnerable to cyber-attacks and tests the impact of malicious or unexpected inputs on its operations. Security testing provides evidence that systems and information are safe and reliable and that they do not accept unauthorized inputs.” The article also describes security testing as a non-functional form of testing, which means that security testing does not focus on the software’s functionality. Security testing fits more into the category of non-functionality testing, meaning that security testing tests whether or not the application is designed or configured correctly. “Security testing is a type of non-functional testing. Unlike functional testing, which focuses on whether the software’s functions are working properly (“what” the software does), non-functional testing focuses on whether the application is designed and configured correctly (“how” it does it). “

The main goals attributed to security testing mentioned in the article are: identify assets, identify threats and vulnerabilities, identify risk, and perform remediation. The article defines identify assets as: “things that need to be protected, such as software applications and computing infrastructure.” This is essentially what the name describes. It is about finding what needs to be protected. The article then defines identify threats and vulnerabilities as: “activities that can cause damage to an asset, or weaknesses in one or more assets that can be exploited by attackers.” Much like the prior goal mentioned, this one is also fairly self explanatory. It is about finding weaknesses within the software and possible threats that are present. The third main goal the article mentions, identify risk is defined as : “security testing aims to evaluate the risk that specific threats or vulnerabilities will cause a negative impact to the business. Risk is evaluated by identifying the severity of a threat or vulnerability, and the likelihood and impact of exploitation.” Unlike the prior main goals, which are more focused on finding specific instances of something, identify risk is about evaluating the risk being identified not finding it. The last main goal that the article discusses is perform remediation and it is defined as: “security testing is not just a passive evaluation of assets. It provides actionable guidance for remediating vulnerabilities discovered, and can verify that vulnerabilities were successfully fixed.” This main goal is also unique when compared to the prior goals because this goal is focused on finding a solution to a vulnerability.

From the blog CS@Worcester – P. McManus Worcester State CS Blog by patrickmcmanus1 and used with permission of the author. All other rights reserved by the author.

Test Driven Development

The blog “Test Driven Development: The Best Thing That Has Happened to Software Design” explains the benefits of using Test Driven Development  in software development. It describes the focus on writing tests before writing the code, it emphasizes on how this approach will enhance software design, increase code quality, and allow for easier maintainability. The post highlights Test Driven Development’s ability to shift focus towards desired software behavior. I chose this blog post due to its relevance to the recently covered topics in class as well as how it can apply in writing better code. Test Driven Development is a topic that we just covered in class and I found it very interesting to see its uses and benefits.. Additionally, I am using this style of code in my CS-497 class which allowed me to further get hands-on experience with how Test Driven Development works.

After reading the blog post, I agreed with many of the points raised by the author of the blog. I found the idea of writing the tests first as a foundation of code construction seems like a great idea as when you are writing code you know how you want it to work which is how you will write the tests to make it pass. Once you have the tests you can write the code that will allow the tests that you have already created to pass. The idea of problem-solving to make the tests pass rather than troubleshooting seems like an efficient way of coding. The author highlighted an aspect of Test Driven Development that I found very beneficial as it can highly increase efficiency is how creating the tests first gives you better insight on how your code is not working properly. If you are getting the wrong output making your test fail you will know how to fix it better than without having that test in place.

This blog post allowed me to consider different aspects of solutions for coding because different styles have different benefits while developing  software. In addition, it reinforced the importance of writing clean, concise code and underscored the significance of thorough testing which are also key aspects of this class.Moving forward, I would like to and plan to incorporate the style of Test Driven Development more into my coding practices. By focusing first on test creation and then writing the code to make the tests pass, I can aim to enhance the efficiency and quality of my code. In conclusion, I believe that using Test Driven Development will increase my workflow and coding skills that will be beneficial not only in this class but potentially for the rest of my career.

https://www.thoughtworks.com/en-us/insights/blog/test-driven-development-best-thing-has-happened-software-design

From the blog CS@Worcester – Giovanni Casiano – Software Development by Giovanni Casiano and used with permission of the author. All other rights reserved by the author.

Understanding and Prevention


Common Defects in Software Development

In the fast-paced world of software development, the creation of bug-free software remains a significant challenge. Despite advancements in technology and methodology, software defects or bugs continue to impede the smooth functioning of applications. Understanding the reasons behind these defects is crucial for developing more reliable and efficient software systems.

1. Human Error: A Prime Culprit

Human error remains one of the primary sources of software defects. This can range from simple typos in the code to more complex errors in logic or algorithm design. Programmers, regardless of their experience level, are susceptible to making mistakes, especially when working under pressure or tight deadlines. To mitigate this, implementing a robust review process, including peer reviews and pair programming, can help in identifying and rectifying errors early in the development cycle.

2. The Complexity Conundrum

As software systems grow in complexity, the likelihood of defects increases exponentially. Complex systems require a deep understanding and meticulous handling to ensure all parts work seamlessly together. Breaking down the software into smaller, more manageable modules can aid in reducing complexity and making the system more understandable and less prone to errors.

3. The Testing Trap

A common pitfall in software development is insufficient testing. Skipping comprehensive testing phases or having inadequate test coverage can lead to defects slipping into the production environment. Adopting a continuous testing approach and utilizing automated testing tools can help ensure thorough examination and identification of potential issues before deployment.

4. Documentation Dilemmas

Inadequate or outdated documentation can significantly contribute to software defects. Proper documentation ensures that developers have a clear understanding of the software’s design and functionality, facilitating easier debugging and maintenance. Investing time in maintaining detailed and up-to-date documentation can save considerable time and effort in the long run.

5. Tool Troubles

The choice and use of software development tools can also impact the quality of the final product. Using outdated or unsuitable tools can introduce bugs into the system. It is essential to select the right tools that align with the project’s needs and ensure they are correctly integrated and used effectively.

Prevention is Better than Cure

Addressing these common causes of software defects begins with acknowledging their presence and potential impact. By taking proactive steps such as enhancing the development process, enforcing coding standards, conducting regular code reviews, and ensuring comprehensive testing, developers can significantly reduce the occurrence of defects.

Furthermore, fostering a culture that values quality and attention to detail can encourage developers to take the necessary time and care to produce higher-quality code. Investing in training and continuous learning can also equip developers with the skills and knowledge needed to avoid common pitfalls.

The link to the blog I chose : https://www.devstringx.com/why-bugs-or-defects-in-your-software

From the blog CS@Worcester – Coding by asejdi and used with permission of the author. All other rights reserved by the author.

Week 10 Blog Post

Searching for an article this week I looked for something relating to mocking. Considering last week I did the negatives on mocking I think it’s valuable to have various perspectives. Seeing multiple ideas with mocking can give us an idea of how to implement them in the future. The writer of this article is a reliable source being a Java script developer. Getting information from someone in the industry can give a perspective inside the workforce and how people inside see different ideas. Not everyone may agree with using the same coding language but seeing how developers see different concepts can give an idea of the drawbacks to stuff and where in our own experiences can we improve. Overall this article is a great way to see how mocking is seen inside the workforce by an experienced professional.   

In this article, Eric Elliot focuses on the drawbacks of excessive mocking. He points out how brittle tests and how they can be easily broken. There broken simply just from the change of implementation even though the behavior stays the same. Another point is a false sense of security because of there lack of accuracy that occurs from not using accurate real behavior. This is a fault in the test because the test will pass even if it isn’t supposed to. Third, he focuses on complexity overload which is just adding too much complexity can make the code harder to understand and maintain. Elliot still believes in mocking but a more balanced approach can overall help the program. Mocking should be used sparingly and when there actual weight for its use. All together Elliott wants the audience to create a strategy that will have confidence in their code correctness while also minimizing any negatives of excessive mocking. 

Reading this article at first I thought it would be more of a pro mocking but it’s more in between. It says its flaws while still sharing the positives. After reading this article I understand that mocking can cut time but it can bring flaws to testing. The best time to utilize mocking is when time is scarce and later it can updated with time. It still isn’t the ultimate be-all to testing but with a balance, it will work. Understanding these flaws can foresee issues that may come up when mocking. Mocking should never bring up complexities that can complicate the code and should always have a priority in simple to understand and easy maintenance.

View at Medium.com
https://medium.com/javascript-scene/mocking-is-a-code-smell-944a70c90a6a

From the blog CS@Worcester – DCO by dcastillo360 and used with permission of the author. All other rights reserved by the author.

Unveiling Behavior-Driven Development: A Fresh Perspective (Week-10)

In the fast-paced realm of software development, Behavior-Driven Development (BDD) emerges as a transformative approach, promoting communication and precision in building software that aligns with user expectations and business objectives. Unlike traditional development methodologies, BDD emphasizes the behaviors of software under various conditions, prioritizing user needs and ensuring a shared understanding among all stakeholders.

At its core, BDD focuses on defining expected software behaviors through readable and understandable scenarios. This collaborative process involves all stakeholders, including developers, testers, and non-technical personnel, facilitating a common language and shared vision for the project. These scenarios, structured in a Given-When-Then format, not only guide the development and testing processes but also serve as living documentation and a source of truth throughout the project lifecycle.

The integration of BDD into a development process begins with the identification of user stories, which describe the needs and goals of the end user. These stories are further broken down into specific scenarios, outlining how the software should behave in different situations. This meticulous approach ensures that every feature developed is directly tied to user requirements, reducing unnecessary work and focusing efforts on delivering value.

BDD’s strength lies in its ability to bridge the communication gap between technical and non-technical team members. By translating technical specifications into a language accessible to all, BDD ensures that everyone has a clear understanding of what is being built and why. This alignment leads to more accurate product outcomes and a smoother development process.

Furthermore, BDD enhances the quality of the final product. Automated tests derived from behavior scenarios ensure that all functionalities meet the predefined criteria, reducing the likelihood of bugs and regressions. This continuous validation not only boosts product reliability but also instills confidence among the team and stakeholders.

However, the transition to BDD requires a cultural shift within the organization. It demands active participation from all parties involved and a commitment to ongoing collaboration and communication. While this can be challenging, the long-term benefits of improved clarity, better product quality, and increased stakeholder satisfaction are invaluable.

In conclusion, Behavior-Driven Development offers a systematic and collaborative approach to software development, centered around clear communication and a deep understanding of user needs. By adopting BDD, teams can build software that not only meets but exceeds user expectations, fostering a more efficient and effective development process. As the digital landscape continues to evolve, methodologies like BDD will play a crucial role in shaping the future of software development, ensuring products are not only functional but also truly aligned with the needs and goals of the users they serve.

Additionally, Lambdatest offers insights into the intricacies of BDD, discussing its limitations and providing best practices. This resource parallels BDD to planning a perfect party, emphasizing the importance of teamwork, early error detection, and ensuring every part of the product is right.
https://www.lambdatest.com/learning-hub/behavior-driven-development

From the blog CS@Worcester – Kadriu's Blog by Arber Kadriu and used with permission of the author. All other rights reserved by the author.

Understanding Software Test Doubles

Dummies, Stubs, Spies, Fakes, and Mocks

Software testing is a crucial component of the software development lifecycle, ensuring that your application functions correctly and meets user expectations. One of the key concepts in unit testing is the use of test doubles, which help isolate the system under test (SUT) by replacing its dependencies. This isolation is essential for creating effective and reliable unit tests. In this blog, we will delve into the different types of test doubles: Dummy, Stub, Spy, Fake, and Mock, and explain their roles and usage with examples.

Dummy Objects

A Dummy object is the simplest form of a test double. Its sole purpose is to fill parameter lists without actually being used in the test itself. Typically, a Dummy can be a null object or an instance with no real logic, used just to satisfy method signature requirements. For instance, when testing a method that requires an interface which the test doesn’t interact with, you could pass a Dummy implementation of this interface. However, a Dummy should never affect the test outcome.

Example:

In this example, dummyBoard is a Dummy since the test does not interact with it beyond instantiation.

Fake Objects

Fakes are more sophisticated than Dummies. They have working implementations, but usually take shortcuts and are simplified versions of production code. Fakes are particularly useful when testing interactions with external resources, like databases. Instead of connecting to a real database, you can use a Fake object that simulates database operations.

Example:

Stubs

Stubs provide canned answers to calls made during the test, usually not responding to anything outside what’s programmed in for the test. They are used to supply the SUT with indirect input to test specific scenarios.

Example:

Mock Objects

Mocks are used to verify interactions between the SUT and its dependencies. They can assert that objects interact with each other in the right way, making them a powerful tool for behavior verification.

Example:

In this case, mock is used to ensure that the Module correctly logs messages when an exception is thrown.

Spy Objects

Spies are similar to Mocks but are used for recording information about how they were called. They can be used for more complex scenarios where you need to assert that certain methods were called a specific number of times or with certain parameters.

Example:

Here, spyLogger acts as a Spy, recording the number of times Log was called.

Understanding the differences between Dummies, Fakes, Stubs, Mocks, and Spies and when to use each can significantly enhance your unit testing strategy, leading to more maintainable and robust code. While these tools offer great flexibility, remember that the ultimate goal is to write clear, concise, and reliable unit tests that effectively cover your code’s functionality.

https://dipakgawade.medium.com/mocking-for-unit-tests-understand-the-concept-221b44f91cd

From the blog CS@Worcester – Coding by asejdi and used with permission of the author. All other rights reserved by the author.

Mocks and Stubs

Testing is an important part of coding, and software development. Sometimes though, testing can be tedious work, and creating tests that work properly according to your code can be difficult. This should be the case anyways, as testing is a key aspect to software development, but what if you could do this process a bit more quickly. Creating mocks and stubs can be a good alternative, especially if multiple people are working on different parts of the same project or software. 

In this blog post, June Jung touches upon mock and stub testing. They describe mock testing as “creating a fake version of an external or internal service that can stand in for the real one,” and stub testing as “creating a stand-in, but a stub only mocks the behavior, but not the entire object.” The whole idea of mocks and stubs is to create a fake or a stand-in that does not do anything. This may seem strange, having completely useless methods and functions, but the thing we want to test for is the interactions between the methods and functions. Seeing whether or not they return the correct return values, call the correct methods, etc. This will reduce the amount of time needed to test the functions, compared to testing full, complete functions and methods. Jung says that by using mocks and stubs, you can “reproduce more complex scenarios more easily. For instance, it is much easier to test the many error responses you might get from the filesystem than to actually create the condition.” Jung says this specifically for unit + component testing, but this principle can apply for any kind of testing. In fact, they touch upon multiple cases where mocks and stubs can be used, such as internal functions, integration testing, and contract-based testing. They also provide code examples, and graphs to help you visualize the concept, which can be helpful.

Jung says that as your code grows, your tests should as well, meaning you shouldn’t continue to use the same tests as you continue to write more code, losing the mocks and the stubs. That being said, they’re good to help start, providing a base to continue with. Jung’s blog post is a good resource, as they also have linked another post that goes into the difference between mocks and stubs. It also appears that their blog post is part of multiple posts, which may be worth looking at for more information.

From the blog CS@Worcester – Cao's Thoughts by antcao and used with permission of the author. All other rights reserved by the author.

Mastering Object-Oriented Testing: Ensuring Robust OO Software Design (Week-10)

Object-oriented testing (OOT) plays a critical role in verifying the functionality and robustness of object-oriented software systems. This form of testing addresses the unique challenges introduced by OO principles such as encapsulation, inheritance, and polymorphism. In this guide, we delve into the essential phases of OOT, including class testing, integration testing, system testing, and the utilization of Unified Modeling Language (UML) diagrams, to ensure the development of reliable OO applications.

Class Testing: The Cornerstone of OOT

Class testing is the first step in the OOT process, akin to unit testing in procedural programming. This stage focuses on the smallest units of OO design – the classes. It involves:

  1. State-based Testing: Assessing objects in different states to ensure they behave correctly under various scenarios.
  2. Method Testing: Verifying the functionality of each method within a class, considering diverse input combinations and their effects.
  3. Attribute Testing: Ensuring that class attributes maintain valid states throughout the object’s lifecycle.

Thorough class testing is fundamental, as it lays a solid foundation for more complex stages of testing, facilitating early detection and correction of defects.

Integration Testing: Bridging the Classes

Integration testing in OOT checks class interactions, vital for managing OO systems’ complex dependencies. Key approaches include:

  1. Collaboration Testing: Checks the data exchange and cooperation between objects to confirm correct combined operations.
  2. Sequence Testing: Focuses on the order of method calls and message passing among objects, ensuring they align with the desired workflows.
  3. Subsystem Testing: Involves testing groups of related classes, or subsystems, to identify any integration mishaps early on.

Effective integration testing ensures that individual classes operate harmoniously within the larger system context.

System Testing: Validating the Entire Application

System testing evaluates the complete OO software against specified requirements to ensure it meets its intended purposes. This encompasses:

  1. Use Case Testing: Derives test cases from use cases, ensuring the system fulfills user expectations and business needs.
  2. Scenario Testing: Simulates real-world scenarios to uncover any unexpected system behaviors or failures.
  3. State Transition Testing: Assesses the system’s responses during various state changes, guaranteeing consistency and reliability.

This holistic approach verifies the system’s overall functionality and user readiness.

Utilizing UML Diagrams for Insightful Testing

UML diagrams are invaluable in OOT for visualizing the structure and dynamics of OO systems. They aid testers and developers by providing a clear representation of classes, interactions, and system states, facilitating the creation of targeted and effective test cases.

Conclusion: Elevating Software Quality with Object-Oriented Testing

Object-oriented testing is indispensable for crafting high-quality OO software. By systematically conducting class testing, integration testing, and system testing, and leveraging UML diagrams for enhanced insight, developers can address the complexities of OO systems effectively. A recommended resource for those seeking to deepen their understanding of OOT practices is “Testing Object-Oriented Systems: Models, Patterns, and Tools” by Robert V. Binder. Implementing these strategies ensures the delivery of robust, user-centric OO applications that stand the test of time.

From the blog CS@Worcester – Kadriu's Blog by Arber Kadriu and used with permission of the author. All other rights reserved by the author.

Week 9 Blog Post

Choosing a topic for this week I tried to find something we had recently touched upon. Last week we went over mocking and expanding my knowledge of this topic can benefit me and the class. Searching for articles about mocking I stumbled upon one that shares the negatives of using mocking data. To counter-attack the ideas we learned in class it is always great to know both sides to using a concept. 

This article doesn’t fully dispose of mocking but gives ideas when it’s good to use. It gives a variety of examples including “Isolating the unit under test from other components or dependencies that are not relevant to the test, Speeding up the test execution by avoiding network calls or database queries that can be slow or unreliable, and Controlling the test input and output by creating predictable and consistent data that can be easily verified”. These ideas are then counterposed to the negatives such as “Introducing errors or inconsistencies between the mock data and the real data, which can lead to false positives or false negatives in the test results, Reducing the coverage and confidence of the test, by not testing the actual behavior and logic of the external source or the interaction with it, and Increasing the maintenance and complexity of the test, by requiring extra code and logic to create and manage the mock data”. The flaws of mocking data are mainly it does not use real data making it much more different from the real data creating disparities between the two. These tests ignore scenarios with much more complexity and these error and bugs can go unseen. The author assures the reader to use a data source to improve the tests.

After reading this article it gave me insight into the negatives of using mocking. The week prior activities made the use of mocking reduce time in creating classes but it’s good to know when it should be used and when it shouldn’t. I wish there was a perfect solution for every test but to find bugs in your code you must expand your horizon. Reading this article made me see that a variety of tests testing different things can overall benefit you. You never have to completely ignore a type of test but being able to see the positives and negatives can save you in the long run. Plus it will allow you to have a broader knowledge knowing that this may have flaws but there are things I can add to have a satisfactory end product.       

View at Medium.com
https://medium.com/@queenskisivuli/why-mocking-data-is-a-bad-practice-for-testing-a20d2d7104aa
View at Medium.com
View at Medium.com

From the blog CS@Worcester – DCO by dcastillo360 and used with permission of the author. All other rights reserved by the author.