Category Archives: CS-443

Test Doubles

Test doubles are a very important tool in software testing. Test doubles allow for users to break off a portion of their code to test specific parts and functions. This helps because users can do this without depending on the other factors within their code. Test doubles are substitutes, they copy the behavior of real objects. This helps to make sure that the tests remain structured and efficient.

Overview of Test Doubles

For this blog post, I chose the Article “Test Doubles: Mocks, Stubs, and Fakes Explained” by Martin Fowler. The article talks a lot about the overview of the different types of test doubles, their roles, and how they can be used in testing.

Types of Test Doubles

1.) Dummy: A dummy object is required for the creation of another object required in the code. Dummy objects will never be used in the test, they are simply like place holders to satisfy the code and its requirements.

2.) Fake: A fake is an object that will always have the same return value. This object is useful for testing certain scenarios, like a user that is logged in or in a consistent database response. They are simple implementations that are not that suitable for production but are good for testing.

3.) Stub: A stub will provided predetermined responses to method calls. Stubs usually imitate the behavior of external components like databases or web services.

4.) Spy: A spy will record information about the interactions with the object being under tests. This helps verify interactions and make sure there is the correct behavior in method calls.

5.) Mock: A mock can be a more advanced test double that will allow for dynamic behavior based on the test scenario. They verify interactions and can change behavior based on conditions. They are useful for ensuring that certain methods are called with specific parameters during the test.

Benefits of Using a Test Double

1.) Early detection of errors/issues: Using Test Doubles will help the users to find any issues within the code. This helps with reducing the risk of defects in production

2.) Cost Efficiency: Using Test Doubles will significantly help to reduce the costs that will come with fixing the issues later in the development process.

Why I Picked this Resource

I chose this resource for the blog post because it provided an in depth overview of the various types of test doubles and their specific role within testing. This article’s contents had some similarities of what we discussed in the class, making it relevant and valuable.

Personal Reflection

This article not only increased my understanding on the topic of Test Doubles, but it also showed my how unique and important each one can be in regards to testing. I also learned the various benefits of these test doubles, so when I choose one in my future endeavors I will know which one will benefit me the most.

In my future endeavors, I plan on using what I have learned about these Test Doubles objects by implementing them on future projects. This new found knowledge will help me to make better decisions in the future and will also improve the quality of my work.

The full Article is here: https://ahmadgsufi.medium.com/test-doubles-understanding-the-different-types-and-their-role-in-testing-67cbf71ea252

From the blog CS@Worcester – In's and Out's of Software Testing by Jaylon Brodie and used with permission of the author. All other rights reserved by the author.

Security Testing

In software development security testing is very important to making sure applications are strong enough against cyber attacks. Security testing encompasses a variety of practices like, application security testing, and penetration testing.

Overview of Security testing

For this blog post, I chose the article ” Security Testing from Bright Security. The article provides a lot of insight on security testing, it’s goal, benefits of security testing, key principles, and the different types of security testing.

1.) Goals: The article showcases the main goals of security testing, which are realizing what assess needs protection, identifying the potential threats and vulnerabilities, evaluate the risks that come with the vulnerabilities.

2.) Key Principles: The article covers the main key principles of security testing, which are availability, integrity, authentication, and authorization. These principles make sure that important/sensitive information is accessed only by authorized users, and that it remains accurate and trustworthy.

3.) Different types of Security Testing:

. Penetration Testing: This security testing method replicates real world cyber attacks to test the effectiveness of already existing security measures.

. Application Security Testing: This security testing method finds and eliminates the vulnerabilities within software applications.

. Web Application Security Testing: This security testing methods test different techniques that gauges the vulnerability of web applications.

. Security Audits and risks Assessment: This is a test method that checks to make sure that everything is structured properly and in compliance with the rules/standards.

4.) Benefits of Security Testing:

. Early Detection of Vulnerabilities: Security testing allows for the early recognition of potential security issues, reducing the risk of exposure.

. Risk Management: When the vulnerabilities are identified, then we can create solutions to solve the risks of a cyber attack or data leak.

. Trust and Cost Efficient: Early detection of risks and vulnerabilities will not only enhance the rust of customers but it will significantly reduce the cost of a data breach and various fines.

Why I picked this Resource

I picked this resource because it provided a comprehensive and detailed overview of Security Testing. This Article had a lot of similarities with the topics that we covered in our course. Also, the article makes it easier to understand the nature of security testing and various practices and principles associated with it.

Personal Reflection

Reading this article expanded my understanding of security testing beyond what we learned in class. I learned how important it is to just about everything related to technology. Identifying threats, risks, and vulnerabilities and how each of these things come together to reduce cyber attacks. One thing that I can takeaway from this is learning about the various types of Security Testing and each one does something different, but all have a similar goal.

In my future endeavors, I plan on using what I have learned about these Security Testing principles by implementing them on future projects. This new found knowledge will help me to make better decisions in the future.

The full Article is here:
https://brightsec.com/blog/security-testing/

From the blog CS@Worcester – In's and Out's of Software Testing by Jaylon Brodie and used with permission of the author. All other rights reserved by the author.

7 Steps to a Great Software Tester

Introduction: Enhancing your software testing skills requires a strategic approach encompassing organization, communication, clarity, and a positive mindset. In this guide, we’ll explore seven steps to elevate your testing capabilities and contribute effectively to your team’s success.

Step 1: Organize Everything

  • Organize your testing details to avoid missing important information.
  • Utilize a structured method to store communication and project details for easy access and reference.
  • Keeping all pertinent information in one place ensures clarity and helps in forming a cohesive testing strategy.

Step 2: Write Detailed Bug Reports

  • Craft clean and detailed bug reports to assist your team members and developers effectively.
  • Emphasize detail, clarity, and relevance in bug report writing.
  • Ensure bug reports are comprehensive yet concise, avoiding unnecessary information.

Step 3: Write Clear Test Cases

  • Clear and concise test cases are crucial for effective software testing.
  • Focus on clarity and simplicity in test case creation to facilitate efficient execution by your team members.
  • Optimal test cases typically range between 3-8 steps, minimizing the likelihood of errors during execution.

Step 4: Take Part and Communicate

  • Testing is a collaborative effort; involve all team members from the outset to enhance efficiency.
  • Keep the entire team informed and engaged to ensure a thorough understanding of project goals and requirements.
  • Early involvement and clear communication minimize risks, delays, and misunderstandings.

Step 5: Ask Yourself Questions

  • Testing involves decision-making and problem-solving; ask pertinent questions to guide your testing approach.
  • Clarify the objectives of your tests and select appropriate testing techniques to achieve desired results efficiently.
  • Refine your testing process by filtering out less relevant techniques and focusing on those that align with project goals.

Step 6: Maintain a Positive Mindset

  • A positive mindset significantly impacts testing outcomes; approach testing with optimism and determination.
  • Believe in your ability to uncover critical bugs and contribute positively to the project’s success.
  • Positivity is contagious and can inspire your team members to perform at their best, enhancing overall testing efficiency.

Step 7: Don’t Test Initially

  • Before diving into testing, take time to explore the application and understand its goals and features.
  • Familiarize yourself with the intricacies of the application to plan an efficient and effective testing strategy.
  • Align your testing goals with the objectives of the application to deliver impactful results.

Reflection: Each step emphasizes not only technical proficiency but also collaboration and strategic thinking. I’ve seen improvements in my testing approach, including clearer bug reports, more efficient test case creation, and enhanced teamwork. Moving forward, I intend to refer back to these seven steps before revieing or testing anything.

Conclusion: By following these seven steps, you can enhance your testing skills and make significant contributions to your team’s success. Embrace organization, communication, clarity, and a positive mindset to elevate your testing capabilities and achieve optimal results in your software testing endeavors.

Source – https://testlio.com/blog/how-to-be-an-efficient-software-tester/

From the blog CS@Worcester – CS: Start to Finish by mrjfatal and used with permission of the author. All other rights reserved by the author.

Security Testing

Introduction: In today’s digital age, where cyber threats loom large, ensuring the security of software systems and applications is paramount. Security testing emerges as a crucial practice in safeguarding sensitive data and resources from potential intruders. As I delve into the realm of security testing, I aim to explore its multifaceted nature and understand its significance in the realm of software development.

Selected Resource: The selected resource, an article from GeeksforGeeks, provides a overview of security testing, covering its goals, principles, focus areas, types, advantages, and disadvantages.

Focus Areas in Security Testing:

  • Authentication and Authorization: Testing the system’s ability to properly authenticate and authorize users and devices.
  • Network and Infrastructure Security: Testing the security of the system’s network and infrastructure, including firewalls, routers, and other network devices.
  • Application Security: Testing the security of the system’s applications, including testing for cross-site scripting, injection attacks, and other vulnerabilities.
  • Data Security: Testing the security of the system’s data, including testing for data encryption, integrity, and leakage.
  • Compliance: Testing the system’s compliance with relevant security standards and regulations.

Types of Security Testing:

  • Vulnerability Scanning: Automated scanning to detect known vulnerability patterns.
  • Security Scanning: Identification of network and system weaknesses, followed by solutions for risk reduction.
  • Penetration Testing: Simulation of attacks from malicious hackers to identify potential vulnerabilities.
  • Risk Assessment: Analysis of security risks in the organization, classifying them into low, medium, and high categories.
  • Security Auditing: Internal inspection of applications and operating systems for security defects.
  • Ethical Hacking: Exposing security flaws in the organization’s system through controlled hacking attempts.
  • Posture Assessment: Combining security scanning, ethical hacking, and risk assessments to provide an overall security posture.

Vulnerability in Security Testing:

  • Vulnerabilities are weaknesses in a system that could be exploited by attackers to compromise its security.
  • Identification of vulnerabilities is a crucial aspect of security testing to prevent potential breaches.
  • Types of vulnerabilities include SQL injection, cross-site scripting, misconfigurations, and weak authentication mechanisms.

Advantages and Disadvantages:

  • Advantages:
    • Identifying vulnerabilities
    • Improving system security
    • Ensuring compliance
    • Reducing risk
    • Improving incident response
  • Disadvantages:
    • Resource-intensive nature
    • Complexity
    • Limited testing scope
    • False positives and negatives
    • Time-consuming

Reflection and Future Application: Reflecting on the content of the resource, I gained a deeper understanding of the intricate layers involved in security testing, particularly in identifying vulnerabilities. In my future practice, I envision applying the knowledge gleaned from this resource to bolster security measures in software development projects. By integrating robust security testing protocols and leveraging advanced tools and techniques, I aim to enhance the resilience of systems and applications against potential vulnerabilities and threats.

Conclusion: In conclusion, security testing emerges as a cornerstone in ensuring the integrity, confidentiality, and availability of software systems and applications. By embracing a comprehensive approach to security assessment and staying abreast of emerging threats and technologies, we can fortify defenses and navigate the evolving landscape of cybersecurity with confidence and resilience.

Source – https://www.geeksforgeeks.org/security-testing/

From the blog CS@Worcester – CS: Start to Finish by mrjfatal and used with permission of the author. All other rights reserved by the author.

System Testing

System testing is a form of black box testing that assesses the complete functionality and performance of a fully integrated software system. This type of testing is the last stage before the software is released to the end users. The black box testing technique focuses on the system’s overall functionality. By this testing, you can identify any defects or errors in the system and fix them before the software is released. This testing can help improve the software’s quality by identifying and fixing defects and errors. This can help to prevent problems and improve the user experience. You can save time and money by identifying and fixing defects and errors early in development. This is because fixing defects early on is less expensive than fixing them after the software has been released. The purpose of system testing is to ensure that the system meets all requirements and behaves as expected by the end users. Some specific tasks typically performed during this testing include verifying that the system meets all functional requirements, testing the system’s performance under different load conditions, testing the system’s scalability to handle increasing numbers of users, and testing the system’s security against unauthorized access.

It’s also important to know some basic requirements of system testing. Some include functional requirements where the system must meet all its functional requirements, performing all of the tasks that it is intended to perform. The system must be tested in a realistic environment. It must be tested in an environment like the environment in which it will be used which ensures the system works correctly in the real world. The system must be tested thoroughly. The system must be tested properly to ensure that all potential problems are found and fixed. A variety of users must test the system to confirm that it is usable by everyone who need it. Below are some steps to do system testing manually. Analyze the requirements, create a test plan, write test cases, execute the test cases, log the defects, retest the defects and finally generate the test report. Some examples of system testing techniques include functional testing. Under this testing, we have black box testing which focuses on the inputs and outputs without knowing the internal code. White box testing which helps in validating the flow of data and control within the system. I chose this resource because it goes in depth about system testing, why it is used and important, and different types of testing methods.

References.

https://testsigma.com/guides/system-testing/

From the blog CS@Worcester – Site Title by lynnnsubuga and used with permission of the author. All other rights reserved by the author.

Security Testing

Security testing is a combination of the testing techniques used to test the application for security problems. It is mainly used to test the security of the data and functionalities of the application. These vulnerabilities are primarily found in web applications, cloud infrastructure, and blockchain applications. Security testing is a process that evaluates the security of a system and determines its potential vulnerabilities and threats to its security. Security testing is an essential phase in the SDLC and is used to find the security issues in the system to prevent attacks in the real world. This type of testing is not just about the testing the application by breaking into it, but security testing is also about identifying weaknesses in applications that attackers may exploit. Security testing can be done manually or with the help of software tools known as automated security testing tools. Security testing is based on the assessment of potential security threats in the system. It is a process in which the system’s security is tested by performing both positive and negative tests to find the potential security threats in the system.

The main goal of security testing is to identify the threats in the system and measure its potential vulnerabilities so that the threats can be encountered, and the system does not stop functioning or cannot be exploited. There are 5 types of security testing. Vulnerability scanning which identifies vulnerabilities present in software systems or network. Penetration testing which is a testing method in which testers find security weaknesses, usually to determine the risk of damage from possible attackers. Risk assessment which is the process of identifying and prioritizing the risks and threats that may be faced by an organization. Security auditing reviews and assesses an application or network to verify its compliance with standards, regulations and company policy. And finally, source code review verifies that the code complies with the specifications.

Some of the pros of security testing include identifying vulnerabilities early, protecting sensitive data, mitigating security risks, enhancing customer trust and confidence, and finally cost-effective risk management. By incorporating security testing into the software development lifecycle, organizations can proactively safeguard their digital assets and mitigate the risks associated with cyber threats in an increasingly interconnected world. I chose this resource because it explains security testing in depth and why it is important for organizations. We didn’t get a chance to get more practice about security testing in the course but reading about it has given me more knowledge about it.

References.

What is Security Testing and Why is it important?

From the blog CS@Worcester – Site Title by lynnnsubuga and used with permission of the author. All other rights reserved by the author.

Elevating Code Reviews: Practical Tips for better Collaboration

Code reviews are a vital part of the software development process, serving as a checkpoint to ensure quality, foster knowledge sharing, and mitigate future issues. Drawing on practical advice from a stack overflow blog article (found here) this post explores how to elevate the practice of code reviews, enhancing their effectiveness and the collaborative environment they create.

Summary

The article from stack Overflow provided insightful tips on improving code reviews, emphasizing the importance of constructive communication and efficient processes. It suggest setting clear goals for reviews, such as catching bugs, ensuring consistency, and mentoring junior developers. Techniques like keeping comments clear and actionable, prioritizing empathy and understanding, and maintaining a balance between criticism and praise are highlighted as crucial for productive reviews.

Reason for selection

I chose this article because effective code reviews are essential for any development team aiming to produce high-quality software. As our coursework often involves collaborative projects and peer reviews, applying these enhanced practices can significantly benefit our collective learning and project outcomes.

Adding to the reasons for selecting this article, another compelling aspect is its relevance to the ongoing discussions in our software development courses about maintaining high standards in coding practices. As someone who has been part of several projects and observed firsthand the impact of well-conducted code reviews, I recognize the value in learning and sharing effective review techniques. This article not only enhances our understanding of best practices but also equips us with the tools to implement them effectively in our work, making it an invaluable resource for any aspiring software developer eager to improve their craft and contribute positively to team projects.

Personal reflection

Reflecting on the article, I appreciated the emphasis on empathy and clarity in communication. In past group projects, I’ve seen how negative feedback can demotivate peers, whereas constructive and positive communication can enhance team dynamics and improve code quality. This article reinforced the idea that code reviews are not just about finding errors but also about building a supportive team culture.

Application in future practice

Armed with these enhanced practices, I plan to apply the article’s recommendations in upcoming projects, particularly those involving teamwork. Emphasizing clear, empathetic feedback and leveraging tools for automating mundane aspects of code review will allow me and my peers to focus on more complex issues, thus improving our efficiency and the quality of our work.

Conclusion

Effective code reviews are more than just a quality assurance step; they are a cornerstone of a collaborative and learning-focused development environment. The tips provided by the Stack Overflow article offer valuable guidance on making good code reviews even better, ensuring that they contribute positively to both project outcomes and team dynamics. As we continue to engage in more collaborative projects, these practices will be essential in shaping how we approach code reviews and interact as a development team.

resources

https://stackoverflow.blog/2019/09/30/how-to-make-good-code-reviews-better/

From the blog CS@Worcester – Josies Notes by josielrivas and used with permission of the author. All other rights reserved by the author.

The Deadly Sins of Mobile Testing

To round out my semester, before beginning my summer research opportunity, I looked into extraneous material for my classes as I finish up. In looking for a blog for the final week of finals, I went with something more akin to basic general information regarding testing. I selected an article based around the common mistakes or sins in mobile testing. This connected with my most recent final project for another class regarding mobile development. I struggled to test my project for this class, and I am sure I committed many of these sins. The article’s title is Five Sins of Mobile Testing by Josh Galde

This article is quite dated, and Galde begins with describing the demand for mobile devices, which has since skyrocketed. Companies at the time aimed to expand their web presence to mobile platforms, but often overlooked the constraints, leading to rushed development and potential errors. This is something I experienced in my own project, having trouble with the visual aspect of app development. The necessity to develop multiple versions of the same app to accommodate different devices and configurations. Is something of an issue outlined by Galde, and one I experienced when switching between different size devices. This is similar to a non-responsive website in web development. Glade explains that to create successful, user-friendly, and reliable mobile apps, we should follow the best practices and avoid common mistakes, or “sins,”. The first sin is relying solely on emulation software, as problematic because emulators can’t fully replicate real device behavior, especially with carrier networks.This is something I experienced through only emulator testing. The second sin is using jail broken devices, which can alter their functionality, leading to inaccurate testing results. The third sin is not utilizing automation. Automated testing can save time and reduce errors by efficiently handling the repetitive testing process across multiple devices and platforms, which might be tedious to do individually. The fourth sin is ignoring the need to support internal apps. This can be a dangerous error for applications developed for businesses, as it ignores the possibility of employees or members utilizing their own devices for organization apps. And one of the most egregious, and fifth sin is skipping testing on real devices. This is a common but risky practice, rushing app development without thorough testing. This can lead to catastrophic failures in the app. Proper testing is critical to ensure app reliability and success.

At the end of the semester, reflecting on my learning is paramount to actually achieve a change in how I think. My final project presentation just ended a week ago, and already I reflect on mistakes and poor practices to improve going forward. These sins are many I have committed and will now avoid going forward to improve as a programmer.

Source:https://www.stickyminds.com/article/five-sins-mobile-testing

From the blog CS@Worcester – WSU CS Blog: Ben Gelineau by Ben Gelineau and used with permission of the author. All other rights reserved by the author.

Week-18 Post

My second post this week will recover the three elements of unit testing: Boundary Value Testing, Equivalence Class Testing, and Decision Table-Based Testing. Each play a crucial role in validating software behavior and functionality. Boundary Value Testing focuses on the edges of input ranges. This technique identifies defects at the boundaries of input domains, where errors are most likely to occur. By testing the minimum, maximum, and edge values, testers can catch issues that might arise from off-by-one errors or other boundary-related bugs. This method is particularly effective because boundary conditions are common sources of defects in software applications. To utilize boundary value testing, first determine the minimum and maximum values for each input field, and second create test cases that include the boundary values (e.g., minimum, maximum, just inside, and just outside the boundaries).

Equivalence Class Testing divides input data into equivalent partitions, or classes, where test cases are expected to produce similar results. Instead of testing every possible input, testers select representative values from each class, significantly reducing the number of test cases needed. This method ensures that different inputs within the same class are treated equally by the software, helping identify any inconsistencies or unexpected behaviors across various input ranges. To utilize equivalence class testing, first group input values that are treated similarly by the system into classes, and second choose one representative value from each class for testing.

Decision Table-Based Testing involves creating a table that maps different input conditions to their corresponding actions or outputs. This technique is especially useful for testing complex business logic and decision-making processes. By systematically covering all possible combinations of inputs and their respective outcomes, decision tables help ensure that all scenarios are accounted for and validated. This method enhances the thoroughness of testing by providing a clear and structured approach to handling diverse input conditions. To utilize decision table-based testing, first list all possible conditions (inputs) and actions (outputs), and second create a table with all possible combinations of conditions and their corresponding actions.

Boundary Value Testing, Equivalence Class Testing, and Decision Table-Based Testing are powerful techniques that enhance the effectiveness and efficiency of software testing. These testing techniques help ensure that software applications are robust, reliable, and capable of handling various input scenarios effectively. By incorporating these methods into your testing strategy, you can enhance test coverage, identify potential issues early, and deliver high-quality software that meets user expectations and business requirements.

Blog Post: https://celestialsys.com/blogs/software-testing-boundary-value-analysis-equivalence-partitioning/

From the blog CS@Worcester – Computer Science Through a Junior by Winston Luu and used with permission of the author. All other rights reserved by the author.

Shift Left Approach


 For my last blog post for this class, I found an article online that
talks about the practice of shifting-left in software quality assurance.
This approach more or less emphasizes the importance of introducing quality
assurance to earlier phases in the development process. Testing from the
initial phase of development is supposed to prevent the amount of defects
and issues from piling up at the end of development. Having testing done
throughout the development phases can also lessen the workload for the
quality assurance team.

https://hackernoon.com/embracing-the-shift-left-approach-revolutionizing-quality-assurance-in-software-development

According to the article, the cost of testing and post-production vastly
outweighs the cost of development and planning. It posits that testing
earlier and more frequently catches bugs earlier on, and reduces the overall
cost of development. This goes very hand in hand with the agile software
development methodology we learned about last semester. The world of
software development has become much more fast paced, and the current
landscape pushes for finished products with minimal defects at
launch. 

I  have seen online the mentality that a product that ships with any
problems is often ostracized. Consumers want minimal issues and problems
when interacting with any kind of software, and that goes doubly for large
companies. Having software testers involved since the start of development
would allow teams a more seamless development experience.

One model for development that the article proposes has each stage of
development separated by a quality check gate, in which test cases are
implemented. When all defects are found and fixed, only then can the
development team move on to the next stage of the process. I think this a
very good system that could fit well within the agile sprint methodology.
Leave time at the end of the sprint, but before the sprint retrospective,
for the quality assurance team to check the code, then at the retrospective
they can sign off on the state of the project. If there are any bugs that
could not be fixed within this sprint, the testers can assign it as an issue
for the next one. 

During the Development Capstone project, this could be used to manage the
teams next semester. Have team members focus on quality assurance near the
end of the sprint, and then collect their feedback at the sprint
retrospective. Another way would be to have one or two teams act as quality
assurance throughout the whole semester. Either way it could save a bit of
headaches for everyone.

From the blog CS@Worcester Alejandro Professional Blog by amontesdeoca and used with permission of the author. All other rights reserved by the author.