Week 12

For my final blog I want to talk about a skill that I have learned is needed, when to give up. When having a deadline you must not only try and implement new interesting technologies, yet also provide a fluid user experience that is inline with the software requirements. While working on a school project I crammed learning many tools into a three week span to produce a product. Our product was a web based Hall pass. This was a simple application that would stress many concepts yet as an idea remained simple relative to many other ideas.

To name a few tools Chris Braley and I learned:

• gulp
• composer
• Laravel Framework
• Homestead using Vagrant
• Eloquent
• Elixr

These are just the main components of our web application. We worked very hard to learn and implement our ideas and Models in this new environment. We were successful yet we had to make some compromises on how we went about it. In order to preserve the development time we had we needed to skip learning the in’s and out’s of Laravel Homestead. This is a virtual machine vagrant setup that has everything you need to work with laravel, yet getting it to work properly for both of us was a challenge and we spent a great deal of time on this. Eventually we had to make the decision to throw in the towel to ensure we could produce the requirements at the quality we desired. Choosing to ignore this aspect and the advanced Roles management library allowed us to develop a system that could handle improper input from the user to avoid errors. We chose to step back and reevaluate the need of this aspect of laravel and we knew we could continue to develop without it. This ultimately led to our success of our final project.

From the blog CS443 – Triforce Code| Exploring and Learning by CS443 – Triforce Code| Exploring and Learning and used with permission of the author. All other rights reserved by the author.

Week 11

Penetration Testing and Vulnerability Scanning are two sides of vital testing that should be preformed on all production applications. But what are they? and what are their differences?

Lets start by defining each.

Penetration Testing is the act of brute forcing, and using common and known hacking techniques to exploit weaknesses of an application.

Vulnerability Testing/Scanning is the act of checking all software versions to ensure they are up to date with current security standards.

Will these prevent an attack, maybe…There will always be a possibility of being compromised but the more caution and thought you put into your design you can minimize this risk. Because just like physical crimes, criminals look for unlocked doors.

 As you can imagine both of these are vital to a systems analysis. Yet both have their time and place. These test should be ran when major software upgrades and even downgrades are needed to ensure software integrity. Tools like Kali and Appscan by IBM, are just an example of a penetration testing software suite and a vulnerability scanner.

The main difference is this:

Penetration testing looks for unknown vulnerabilities and scanning checks for known security issues in older dependencies.

Getting Started with Web Application Penetration Testing

From the blog CS443 – Triforce Code| Exploring and Learning by CS443 – Triforce Code| Exploring and Learning and used with permission of the author. All other rights reserved by the author.

Week 10

Backend testing sounds like a scary word. To be able to take out the intimidation from this idea we need to break it down into its components that usually make up a backend:

• Database(s)
• API’s
• Servers

Honestly that all! Now that we broke it down into terms that we have heard before it become easier to think about how we would go about testing each one of these components.

Databases:

How would you test a database? Well lets start with what does this component should provide.

• Lists of data
• Quick Responses
• Secure connections

Now there is a lot of room for error if your database is not properly configured. Security relies on both the UI restricting access, and security patches being up to date. Quick responses is something that should not be too hard, yet if you create complex queries without the hardware to handle the transactions in mass quantities, bottlenecking could occur. The same could be in the inverse. If you have a poor query and have multiple collections of data stored and variable you may use more time than thought to manipulate the data. This is why you want Entity relationships to be properly initialized to leverage the Databases design for relational queries that are cached and fast.

So how do we test this? well the answer is pretty simple. SQL! you want to create queries of equal complexity of your application and gather results and statistics on how your database handles the queries. By doing these tests a developer is able to leverage the optimal way of extracting data for their application.

API’s:

API’s are Application Program Interface’s that allow you to connect to a suite of public functions that are open for use. These are usually decided upon early on. So testing for these can begin early to allow for re-evaluation of the goal/implementation if problems arise. The trouble with many API’s is that they can be depreciated and this is common as many companies improve their software and databases. You can create custom tests and view the logs to see the output of the API call.

Servers:

Now this is a topic which is hard get specific but say you have a server with a OS and tools that server the purpose needed then the steps you can take to test this just like any part of the database is benchmark softwares. This allows the tester to grade the performance and many other factors of software and other tools.

Working on a backend in a way may sound scary but remember this is not something we have not worked with before, it just could be on a larger scale :).

Resource:

How to Perform Backend Testing

From the blog CS443 – Triforce Code| Exploring and Learning by CS443 – Triforce Code| Exploring and Learning and used with permission of the author. All other rights reserved by the author.

Week 9

I have been enjoying the Software Testing Help Blog. The writer has a way with keeping me interested while making me think in a few different ways. When I saw this post I couldn’t help but read it. Sushma goes on to many points and explains both sides of the coin for Developers vs Tester. I love the start and it just makes sense, Developers think “how can I build this application” and Testers think “how can I break it”. She goes on to explain that this game of cat and mouse is like Tom and Jerry ( a Cartoon that makes up a large portion of my childhood so it rang with me) when they work together you get a beautiful end result. Although much of her article explains how testing at the end of an applications development cycle is just expensive and impractical. That testing is something that should and is commonly done throughout the development cycle.  The ending of her blog sums up some great ideals of both a Tester and Developer that really shows how they are designed to work together to achieve an end result. Throughout she explains how a tester needs to think about how an input form may react to different inputs based on the requirements. This to me only makes sense yet the whole time I was thinking the developer should be wise enough to put in place these error messages and handlings. She ended up wrapping this up in a nice description of what a developer’s goal is and what a tester’s goal is.

I could not write this portion any better and it made the whole blog meld together perfectly for me. It really sums up the job descriptions to see how they end up with the same goal in mind, a great piece of software/1=

Resource:

The Difference in Perspective of “Testers” and “Developers”

From the blog CS443 – Triforce Code| Exploring and Learning by CS443 – Triforce Code| Exploring and Learning and used with permission of the author. All other rights reserved by the author.

Week 8

Coding as we all know can have its challenges, yet sometimes you just get stuck and frustrated with seemingly no solution. Then you decide you need a walk or coffee break and you come back solve your problem almost immediately. Trust me it has happened to me more than I can count. Taking a break is not always just to get through a coding wall but also to allow yourself to think more clearly of your goals and the direction you choose to take.

Sometimes you can go on a coding marathon and at the end realize you have overcomplicated the solution and need to refactor. This is why we are seeing so many companies in the tech industry encourage their employees to stop and take a break from their work. Stress can be a motivator but also a hindrance to clear thought. The open environments that companies such as Google or Facebook have are not just to keep their employees happy but to make them feel less constricted and stressed, they can solve problems in an environment that encourages creativity as well as being human and playing a game or interacting with coworkers. Companies like Google have seen the power of leaving computer nerds with free time and plenty of passion (and an NDA that owns every cool Idea you have :P). Taking a break is not just for getting stuck but also can help us take a step back and realize the big picture and not just the piece you are working on.

Inspiring Resource Blog:

http://brianburridge.com/2007/07/08/increase-programming-efficiency-by-taking-breaks/

From the blog CS443 – Triforce Code| Exploring and Learning by CS443 – Triforce Code| Exploring and Learning and used with permission of the author. All other rights reserved by the author.

Week 7

What if there is just not enough time to test your software?

Well this is something that every company has to deal with and ultimately tough decisions must be made.  The company needs their product launched and the user needs something stable enough for them to keep coming back. As we learned early on in our Software Testing Quality and Assurance course is that your test cases can become exponential. And just down right impossible to test it all, as well as you can address many cases yet the test quality can be lacking making this process even more of a headache. So what do you do?

1. Prepare, and analyze what is important
2. Stand by your thoughts of what your software needs
3. Ensure no critical bugs are released.

This may seem difficult but like I explained in my last blog about web application testing it is about tying up loose ends and ensuring the functionality required is up to par. First ensure your data integrity is bullet proof and that all of your CRUD functions properly. You do not want loose ends in your database because this could become a immediate problem when a field is deleted and makes your application crash. What also is important is input validation!!! I can not stress this enough, if you ensure that your input is valid every time you will reduce the possible causes of your bugs and this can reduce the cost to you and your company down the line.  After reading a couple blogs about this topic it is clear that some social skills is useful when describing what issues could lie in your software and what the risks associated with these potential bugs are. Interface bugs that are just aesthetic is not a priority over your relationships and functionality being hindered. Using Mutation Testing and code coverage tools can give you a better feel for what areas need to be addressed and what other places you need to move on from. This topic of what to do in this crisis is very open ended because it comes down to per situation and requirements for the client. So there is no one cut and dry approach to this yet with many more applications being released yearly we can grow as a community of developers educating each other on what worked best for you and your team.

I really enjoyed the first link I have below because not only does it talk about how to prioritize, but also how to deal with others who may have a different perspective on the product you are producing. Social skills go a long way in these situations and how you present your potential issues is vital to having the situation controlled and keeping your credibility.

Related Reads I used:

http://www.softwaretestinghelp.com/what-if-there-isnt-enough-time-for-thorough-testing/

You can’t test it all

From the blog CS443 – Triforce Code| Exploring and Learning by CS443 – Triforce Code| Exploring and Learning and used with permission of the author. All other rights reserved by the author.

Week 6

As I described earlier web frameworks can be amazing, but regardless if you are using one or building a website or web app from scratch. There are a few places to start. After reading a few websites the options are pretty obvious, and from experience designing and building many websites these obvious points will still come to haunt you if you are not thorough. Trust me its the little things!

Lets start from the Obvious to less so:

• Website routes/links
  • Ensure they all work properly and no dead links exist
•  Input form testing
  • Valid input
  • Invalid input and validation handling
  • Ensure your CRUD functions properly
• Secure/Authenticated Route 
  • Ensure you can not access routes that require login
  • Ensure users can not manipulate the url to gain access to other information than what they are give
  • This can include cookie testing for logged in sessions
• Cookie testing
  • It is important to ensure your cookies are properly encrypted
    • This can contain data that the user or yourself as a developer would not want exposed
• In Depth Interface testing
  • This can include anything from usability to the look and feel
  • Is it intuitive? Could a user use this without prior knowledge? Too complex or want a feature Explain it to your user!
    • Many apps now have neat and sleek introduction walkthroughs to guide a user through the new interface
• Web compatibility!
  • Honestly this one should be first! I can not stress enough how unsightly it is to use a unsupported browser and to have a completely different user experience or just have some functionality not work.
  • Image Links in chrome do not show borders, underlines, or history color changes, yet IE does?
    • I know what you are thinking IE is just horrible. YES that it is but you need to ensure your site not only preforms properly but looks great

Website  links may seem like a given yet it could be easy to forget a simple link that could cost you. For example for a friends business venture I for the first week forgot to have the logo redirect you to the home page, yet this is an almost expected feature at this point yet if you are a sole developer its easy to miss.

Input testing is a must, time and time again developers talk about elegant and flexible applications. Allowing invalid input is just unacceptable and should be handled properly for any production application. Not only should you prevent this you must inform the user of what is allowed or why the input was not accepted and what should they change it to. Using a framework such as laravel makes validation a breeze and really leaves no excuse for anything less. The next main point for input forms is your CRUD functionality, does your database handle when a user is connected to many aspects of your design and deletes themselves,  this is when you need to ask yourself is this data important for others or can I cascade on delete. And more importantly does it properly cascade throughout your relationships? This is something that could become a big headache for both you and your users.

Authentication is something I will briefly mention, it should be known that a user should not have access to data they are not associated with or have the ability to access pages without being a validated user.

Cookies are a resource to not be taken lightly, some users don’t allow them and therefore does this make them unable to use important aspects of your application? It shouldn’t. Cookies can hold vital data such as remember tokens that store login sessions and if in the wrong hands can compromise your users data or more.

Testing your interface is important not only for debugging but it can and will also expose cumbersome tasks that could be minimized or eliminated by adding a interface feature.

I don’t think I should need to say much about Web compatibility. A clunky and inconsistent application is not intuitive for users and can be confusing or just ugly. With web design ensuring your web interface looks and feels great or at minimum the same will carry a lot of weight for you and your users.

Now get out there and start perfecting that application your work so hard on!

. Resources:

http://www.softwaretestinghelp.com/web-application-testing/

https://www.tutorialspoint.com/software_testing_dictionary/web_application_testing.htm

From the blog CS443 – Triforce Code| Exploring and Learning by CS443 – Triforce Code| Exploring and Learning and used with permission of the author. All other rights reserved by the author.

This is my final post, at least for the foreseeable future, and it is based on Martin Fowler’s article Mocks Aren’t Stubs.  In unit testing, the ability to test a unit is sometimes dependent on other units, which may not have been created yet.  Mocks can be used in this case.  Fowler point out that “the vocabulary for talking about this soon gets messy – all sorts of words are used: stub, mock, fake, dummy.”  So for clarification, here is a quick vocabulary lesson:

• Test Double: A generic term for any kind of pretend object used in place of a real object for testing purposes
• Dummy: An object that is passed around but never actually used. Usually used to fill parameter lists.
• Fake: An object actually have working implementations, but usually take some shortcut which makes it not suitable for production
• Stub: Something that provides a canned answer to calls made during the test, usually not responding at all to anything outside what’s programmed in for the test. A stub may also record information about calls
• Mock: An object pre-programmed with expectations which form a specification of the calls it is expected to receive

From the blog cs443 – TayNock's Blog by taynock and used with permission of the author. All other rights reserved by the author.

Week 5

This idea of Mocks are not Stubs is something that in class we have discussed and in a way has kept my head spinning. So today I have setout to answer this question in a simple and concise way. Many site give lengthy explanations with examples of code. I am going to just stick with the ideas here and try and rationalize the difference for my reader and myself.

Lets start simple, what are Mocks and Stubs?

• They are testing dummies or doppelgangers for unit and integration testing
  •  Mocks are supposed to mimic object behavior
    • They have set expectations before the test, and this is how you can set what behavior you are looking for.
  • Stubs are supposed to be predetermined/hard coded objects that are placeholders for unit testing.
    • Martin Fowler referred to this as canned responses. State verification

For me to wrap my mind around this concept I had to cut them down the middle and say Mocks have a expectations that are supposed to reflect the desired behavior. Where Stubs are hard coded methods and objects to ensure you can just test a unit without having a object dependency being dynamically generated. This can add a layer to the tests that take away from the unit test, so having placeholders can make your tests more defined and narrowed in on a specific portion of your design.  Many sites use these words to signify placeholders for dependencies and this is true but in reality these two ideas are two very different approaches to this placeholder need.

I read the following to better understand this concept:

http://martinfowler.com/articles/mocksArentStubs.html

http://www.g9labs.com/2014/06/21/mocks-arent-stubs/

Why not to mock tooo much : -Very cool read!

https://www.thoughtworks.com/insights/blog/mockists-are-dead-long-live-classicists

From the blog CS443 – Triforce Code| Exploring and Learning by CS443 – Triforce Code| Exploring and Learning and used with permission of the author. All other rights reserved by the author.

This blogpost is focused on Sushma S’s article Understanding The Difference Between Unit, Integration and Functional Testing.  The focus of this article, as one could infer from the title, is to differentiate between Unit Testing, Integration Testing, and Functional Testing.

Unit Testing:

• Unit testing tests the smallest part of the application that is testable
• Unit testing is done before Integration testing by software developers using white box testing techniques.
• Unit testing does not only check the positive behavior, but also the failures that occur with invalid input.
• Finding issues/bugs at an early stage is very useful and it reduces the overall project costs.  Issues found at this stage can be resolved very easily and their impact is minute.
• A unit test tests small pieces of code or individual functions so the issues/errors found in these test cases are independent and do not impact the other test cases.

Integration Testing:

• Integration testing tests the integration of two units in the application
• The aim of integration testing is to check functionality, reliability, and performance of the system
• Integration testing determines whether the the combination of units provides the desired output or not

Functional Testing:

• Functional testing is a black box testing technique, where the functionality of the application is tested to generate desired output by providing certain input
• Functional testing is based on the requirements provided

From the blog cs443 – TayNock's Blog by taynock and used with permission of the author. All other rights reserved by the author.