During the time I’ve spent in my software development concentration in my computer science studies (and even in general), we’ve mostly been concerned with the software development life cycle, where we focus mostly on getting a finished product as efficiently as possible that matches specifications, and build it up better and better over time. There is an interesting counterpart to this in the software testing life cycle, which is technically a part of the software development life cycle, but has it’s own specific steps.

In this post, I will be referencing this blog post from Testim on the STLC.

The point of STLC is similar to the point of SDLC at its core, getting a functional testing suitebased on specifications. The end goal has to do with finding problems and reporting them, however, rather than having a functional piece of software, which makes sense considering that testing is a step toward that piece of software.

The software testing life cycle is split up into 6 phases:

1. Requirement Analysis: Understand what the product should do, prioritize issues and brainstorm potential solutions (and whether they can be automated) with the team.
2. Test Planning: This is where the scope, tools and objectives are set for the following phases. It’s similar to a sprint planning meeting where tasks are assigned, time is estimated and issues are weighted.
3. Test Case Designing and Development: This is where the tests are, well, designed and created based on the specifications and priorities set up from previous phases.
4. Test Environment Setup: Software is ran on different configurations and setups to determine levels of performance and minimum requirements. We want to make sure our software works well on all possible configurations where it would be used, making a smoother experience for the end-user.
5. Test Execution: The tests are actually run all together, and the results are logged with details, and rerun with any changes to the main project as needed. Automated testing tools are preferred, as it makes this process significantly more refined.
6. Test Closure: Evaluate the testing result, taking into account things like test coverage, quality, and review the testing process. This is analogous to a sprint review, where the team comes together to review the results.

In an agile environment, these phases should all be covered in every sprint. All things considered, this is a necessary step in having working, quality software, as without a good testing environment your software could behave unexpectedly, and bugs will be more obfuscated.

From the blog CS@Worcester – V's CompSCi Blog by V and used with permission of the author. All other rights reserved by the author.

This post I will cover integration testing and why we use it today. Integration testing is a critical phase in the software development lifecycle, focusing on the integration of individual components into a cohesive system. It ensures that various modules or subsystems work together as intended. One of the primary challenges in integration testing is ensuring comprehensive coverage of interactions between different components. Identifying the right integration points and scenarios to test can be complex, especially in large-scale projects with numerous dependencies.

Selecting appropriate test cases to validate integration points is crucial. It requires understanding how components interact and designing tests to simulate these interactions effectively. Failure to cover all integration scenarios may lead to undetected defects, impacting the reliability and functionality of the software.

Moreover, integration testing often involves testing across different environments and platforms, adding to the complexity. Ensuring compatibility and consistency across various configurations is essential for delivering a robust product. One of the primary hurdles is achieving comprehensive test coverage across all integration points. Prioritizing critical integration points and designing effective test scenarios are essential to address this challenge.

Another challenge is managing the dependencies and external services during integration testing. Mocking or simulating external dependencies may be necessary to isolate various parts for testing, but it can also introduce its own set of challenges, such as maintaining realistic testing environments.

Furthermore, integration testing requires coordination among development teams working on different modules or services. Synchronizing changes and ensuring compatibility between components can be challenging, particularly in agile or distributed development environments.

Frameworks like Selenium are helpful for automating web browser interactions to test integrations between web components. For broader integration testing needs, companies might choose tools like Katalon Studio, which offers a comprehensive suite for web, mobile, desktop, and API testing. Additionally, some companies leverage enterprise-grade solutions like IBM Rational Integration Tester that provide robust features for complex integrations and compliance requirements. Ultimately, the choice of tool depends on the specific needs of the project and the company’s development environment.

Integration testing verifies the interactions between software modules, ensuring they function seamlessly as a unified system. Unlike unit testing, which examines individual components in isolation, integration testing focuses on how these components integrate and communicate with each other. It plays a crucial role in detecting issues arising from the integration of diverse elements, such as incompatible interfaces or conflicting behaviors. By identifying and addressing these issues early in the development process, integration testing helps prevent costly errors from surfacing in production. It’s step towards delivering reliable, high-quality software that meets user expectations and business requirements.

Blog Post: https://www.opkey.com/blog/integration-testing-a-comprehensive-guide-with-best-practices and https://www.testlearning.net/en/posts/integration-testing

From the blog CS@Worcester – Computer Science Through a Junior by Winston Luu and used with permission of the author. All other rights reserved by the author.

When I was in the process of learning how to build a PC as well as planning out what parts to choose, I had to weigh my options on the scales of price and performance. Some time after building it and using it almost daily, I was confident that my shiny new PC could handle nearly everything that I was using it for. I have yet to run into any major performance issues despite how my last sentence sounded but the fear of that still lingers in my mind when I try or want to try pushing my machine a bit. To prevent these worries, performance testing is done on software applications. 

Performance testing “is a type of software testing that ensures software applications perform properly under their expected workload.” It is meant to test and measure a system’s performance “in terms of sensitivity, reactivity, and stability,” using metrics such as response time, scalability, and resource usage (GeeksforGeeks). Doing so ensures that a system can handle the expected workload efficiently and effectively. 

Performance testing can be done on multiple levels such as on the application itself, the system running the application, and other levels that go a bit out of my knowledge.

There are many types of performance testing but the three that seemed most common and simple were load testing, stress testing, and endurance testing. Load testing involves testing the product’s performance under expected loads. This could include simulating user experiences through testing with different tiers of hardware, using the application for a certain amount of time, and doing things that a user may do. This ensures that the application is accessible to as many people as possible as hardware limits and mild activity will not do anything to the application nor the system. Stress testing involves putting the application under extreme loads, pushing to and even beyond its limits. This helps to identify the point in which the product breaks or affects the system, and gives an idea of what to optimize or fix in order to avoid breaking as much as possible. Endurance testing involves putting the application under stress for extended periods of time. Simply running the application over the course of a few hours, days, and possible weeks helps to identify memory leaks and how it handles a different type of load. 

Performance testing is really interesting to me as, on my PC building journey, I was very much interested in the performance of computers and how some applications require better and faster components to enjoy it at its true maximum. I, though not on the level of actual performance testing, have tested my own machine to see its limits, how it handles the maximum of certain applications, and how well it handles my use. Luckily, I’ve had very few crashing of applications, freezing, or other issues. 

https://www.geeksforgeeks.org/performance-testing-software-testing

From the blog CS@Worcester – Kyler's Blog by kylerlai and used with permission of the author. All other rights reserved by the author.

Security testing is a form of testing which is rapidly growing with consumers’ needs for security on the internet. As the article states, cybersecurity is becoming very important when you are online not only for personal reasons but also for business purposes. Many companies now use multiple online resources just to run their business day to day which may include payment systems, payroll, database management or any other range of services which are offered to companies through different platforms in order to help business owners run their business as efficiently as possible. These platforms have to be trusted so that consumers continue to use them and recommend them to friends, family, etc. Some examples provided of security issues within an  application are a student management system being insecure if the admission branch of the system can edit the exam branch, online shopping malls or any online storefront is not secure if the details from users credit cards or other payment methods is not encrypted as this opens up the users to credit card fraud, and even custom software can have security issues which is highlighted by the articles example of an SQL query retrieving the actual passwords associated with users accounts. Two tools recommended in this article for security testing are Invicti which is a web application that is used to scan both legacy and modern applications and Indusface which includes scanners for web, mobile and API applications. There are also different techniques involved with security testing some of these being access to application which involves going through the different roles in a system one by one ensuring they all only have access to what they should, data protection which similarly to access to application is meant to ensure that a specific user/role cannot see an aspect or menu of the application they are not supposed to and error handling which ensures detailed error messages cannot be used to aid in hacking.

Security testing while not being something we directly worked on during the semester it would have been interesting to work with as the many different types of security testing and the many different risks associated with application security. This type of testing seems to be much more manual in many aspects versus directly writing test cases as we did in most cases but being able to test for access or test the permissions of a role in a system would be very interesting to work with.

From the blog CS@Worcester – Dylan Brown Computer Science by dylanbrowncs and used with permission of the author. All other rights reserved by the author.

https://www.opentext.com/what-is/performance-testing#:~:text=Performance%20testing%20is%20a%20non,up%20under%20a%20given%20workload.

Performance testing is a form of testing in software development which is called non functional testing. Non functional testing means that the software’s function is not directly tested during this type of testing and in turn this makes a large majority of people view performance testing to be an afterthought or unimportant compared to other types of testing. Performance testing is specifically responsible for testing how a system or software may perform under a heavy amount of traffic or stress provided by many requests or users concurrently using the system. Some of the reasons that an organization may choose to undertake performance testing are to ensure a specific amount of users can be handles (for example 1000 concurrent users), to locate bottlenecks within an application which hinder performance or result in errors, to ensure that software is performing up to the standard that was given by the softwares vendor and to measure general stability as traffic goes up and down. Performance testing can require many different steps depending on the type of application being tested, the tester must make sure to look at the environment they wish to use for testing as well reading documentation on the environment or systems hardware in order to ensure the proper environment is used as performance testing may or may not involve testing within the production environment. The tester must also decide what is deemed acceptable performance wise which may involve meetings with the product owner or production team in order to set the correct standards for your tests and then you must also plan and design your original tests for performance. These tests may be all that you need, but if you require further testing due to necessary changes in a system if the system is originally unable to meet the requirements you will have to redesign and re-run your tests.

I feel as though performance testing is a lot more important than some people may think, especially to very large companies or social media platforms as they need to be able to accommodate a certain number of users not only everyday but also a certain number of users concurrently. Companies like amazon, microsoft, facebook, etc have to deal with thousands of customers or users at once and they can even reach millions of concurrent users which means they must do thorough performance testing in order to maintain the stability of their platforms and keep consumers happy.

From the blog CS@Worcester – Dylan Brown Computer Science by dylanbrowncs and used with permission of the author. All other rights reserved by the author.

Security Testing

Security testing is an important part of software development and testing. Security testing focuses on identifying security vulnerabilities such as malicious attacks, unauthorized access, and data breaches. Testing is done by verifying the system is compliant with security standards, evaluating security features and mechanisms, and conducting penetration tests to find weaknesses.

Security testing plays a critical role in software testing for numerous reasons. Some of these include the protection of sensitive data, meets compliance requirements, and most importantly maintains trust. An application with strong security helps build trust among clients and end users because strong security makes users feel that they can use the application without their information being at risk to be compromised. Organizations are held to security standards that are used to regulate the minimum level of security in an application. Security testing can be used to identify security vulnerabilities and ensure the application meets the set standards.

Main types of security testing

There are many types of security testing based what the intended use is. For example there is security testing for software applications, web based applications, APIs, and more.

Application security testing tests the security of a software application. The process includes a combination of automated and manual testing techniques such as code analysis, penetration testing, and security scanning.

As the name suggests, web based application security testing focuses on identifying vulnerabilities in web based applications. Testing also involves a commination of manual and automated testing; however, what is actually tested differs from application security testing. This is because testing web based applications involves methods such as SQL injection testing, and cross site scripting testing.

API testing evaluates the security of an application’s APIs and the systems that the APIs interact with. When testing APIs, various types of malicious requests are sent to the APIs and their responses are analyzed to find potential vulnerabilities. APIs are susceptible to specific threats such as denial of service attacks, API injection, and man in the middle attacks. Man in the middle attacks are where an attacker intercepts the API communication to steal sensitive information. Therefore the goal of API security is to ensure that they are secure from attacks and sensitive information is protected.

Conclusion

This article was chosen because it clearly explained what security testing is, why it is important, and the different types of security testing. This was important to me because I have a very little knowledge/experience with security testing. I enjoyed learning about security testing as it plays an essential role in software development because no one wants to use an application where their information could be compromised. In the future I intend to look further into standard security measures, and how to test them.

Resources:

https://www.hackerone.com/knowledge-center/what-security-testing#:~:text=Security%20testing%20is%20an%20important,unauthorized%20access%2C%20and%20data%20breaches.

From the blog CS@Worcester – Zack's CS Blog by ztram1 and used with permission of the author. All other rights reserved by the author.

Behavior-driven development is a shift in software development practices, aiming to minimize feedback loops and better efficiency. This article explores BDD and its changes from usual waterfall models to feedback-driven methods. It emphasizes the connections between analysis, testing, coding, and design within a loop of continuous feedback, leading to more effective software development. As a student, understanding cutting-edge methods like BDD is crucial. I chose this resource to go more into the details of behavior-driven development, its principles, implementation strategies, and the benefits it offers in terms of efficiency and quality assurance. Behavior-driven development focuses on behavior, collaboration, and continuous improvement that follows my class’s ideas to develop great working software solutions. The source’s discussion on behavioral-driven development’s misconceptions, especially regarding its association with UI testing, was interesting. Looking ahead, I aim to use behavioral-driven development principles in my development workflow. By adopting a test-driven analysis approach, I want to gain a deeper understanding of system behavior, prioritize features effectively, and deliver value-driven software solutions. 

Behavior-driven development offers strong communication, a shorter learning curve, and high visibility. With the shared language it’s easier for everyone to have an understanding of the project development and BDD can reach a bigger audience. Since BDD is taught in a simple language it makes learning shorter and easier. This source has sparked a curiosity to explore behavior-driven development frameworks like Cucumber and Gherkin to articulate behavior-driven tests effectively. While dealing with behavior-driven development there are a ton of rules used to guide those principles. BDD is a little tough but with a lot of practice, this principle will allow people to master this skill. The journey through BDD’s principles, misconceptions, and real-world applications has been very interesting. I enjoyed reading about behavioral-driven development and how it works in software development. It has given me a deeper understanding of iterative development, collaboration, and user-centric design. Using a behavior-driven development approach to software development, I look forward to using its power to drive efficiency, quality, and customer satisfaction in my future projects. BDD isn’t just a method, it’s an idea that focuses on continuous learning, improvement, and innovation in software development.

https://semaphoreci.com/community/tutorials/behavior-driven-development

From the blog CS@Worcester – Kaylene Noel's Blog by Kaylene Noel and used with permission of the author. All other rights reserved by the author.

This blog post explores the growing influence of Artificial Intelligence (AI) in software testing, drawing inspiration from the podcast “AB Testing: All We Talk About is AI” (Episode 187: All We Talk About is AI).

The Rise of AI in Software Development

AI is transforming various aspects of software development, and testing is no exception. AI-powered tools are being utilized in several ways, including:

• Automating Repetitive Tasks: AI can automate repetitive testing tasks, such as regression testing, freeing up human testers to focus on more complex scenarios and exploratory testing.
• Generating Test Cases: AI can analyze user behavior and system data to automatically generate comprehensive test cases, ensuring thorough test coverage.
• Defect Detection: Machine learning algorithms can be trained to identify bugs and defects in code with greater accuracy and efficiency than traditional methods.
• Performance Optimization: AI can analyze performance data and suggest improvements to optimize software speed and responsiveness.

Impact on QA Professionals

While AI might seem like a potential replacement for human testers, it’s more likely to become a valuable tool in the QA toolbox. Here’s how:

• Increased Efficiency: Automation of repetitive tasks allows QA testers to focus on higher-level testing strategies and leverage their expertise for more critical thinking and problem-solving.
• Improved Accuracy: AI-powered tools can assist in catching bugs and defects that might be missed with manual testing alone, leading to higher quality software releases.
• Faster Time to Market: By automating repetitive tasks and enhancing testing efficiency, AI can contribute to faster software release cycles.

The Future of QA with AI

The future of software testing is likely to see a deeper integration of AI, potentially leading to:

• Self-Learning Testing: Imagine AI that can learn from its testing experiences and continually improve its strategies over time.
• Context-Aware Testing: AI could analyze the context of a software application, such as its target audience or intended use, and tailor its testing approach accordingly.
• Proactive Bug Prevention: AI might be able to predict potential issues before they even occur, allowing developers to address them early in the development cycle.

Challenges and Considerations

While AI offers significant benefits, it’s important to acknowledge the challenges as well:

• Over-reliance on Automation: Overdependence on AI for all testing aspects should be avoided. Human expertise remains crucial for strategic thinking and creative test case design.
• Explainability and Bias: AI algorithms can be complex, making it challenging to understand how they arrive at their conclusions. It’s vital to be aware of potential biases in AI models to ensure fair and unbiased testing practices.
• The Human Element: The human touch will always be essential in QA. AI cannot replace the critical thinking, communication, and collaboration skills that are vital for successful software testing.

Conclusion

The rise of AI presents both challenges and opportunities for software testing professionals. By embracing AI as a valuable tool and continuously developing our skill sets, QA professionals can ensure they remain a critical function in the ever-evolving world of technology.

Take a look at the podcast: https://podcasters.spotify.com/pod/show/abtesting/episodes/Episode-187-All-we-talk-about-is-AI-e2a1sk4/a-aae4uv8

From the blog CS@Worcester – Site Title by Iman Kondakciu and used with permission of the author. All other rights reserved by the author.

Welcome back, fellow coders! Today, I’m going back to a technique called path testing. 

Why is Path Testing Important?

Software development thrives on creating programs that function flawlessly, regardless of user interaction. Traditional testing methods might miss certain sections of code depending on user choices. Path testing, however, takes a different approach. It systematically executes every possible path a program can take, significantly increasing the likelihood of encountering and eliminating potential errors.

Here’s how path testing elevates your software development game:

• Enhanced Bug Detection: Think of bugs like sneaky goblins hiding in the castle’s shadows. Path testing, by meticulously traversing every path, shines a light on these goblins, exposing them before they can cause problems for users.
• Improved Software Quality: Just like a well-maintained castle provides a secure and comfortable environment, path testing leads to the creation of high-quality software. Identifying and rectifying errors early on ensures a more robust and reliable program.
• Increased Confidence in Functionality: Having meticulously explored every potential path within the program, testers gain a heightened sense of assurance. They know, with greater confidence, that the program will perform as intended, leading to a more predictable and stable user experience.

Exploring the Different Levels of Path Testing

Path testing isn’t a one-size-fits-all approach. There are various levels of coverage, each focusing on a specific aspect of the program’s execution paths:

• Statement Coverage: This foundational level resembles meticulously walking across every single floorboard within the castle. It ensures that every single line of code within the program is executed at least once during testing.
• Decision Coverage: Taking things a step further, decision coverage is like exploring every hallway and doorway, ensuring you’ve taken both the left and right turns at every intersection. It guarantees that each decision point within the program (such as if statements and loops) is evaluated with both possible outcomes – true and false.
• Condition Coverage: This is the most rigorous level, akin to meticulously checking every wall and secret passage within the castle. It ensures that each individual condition within a decision (e.g., the expression in an if statement) is evaluated to be both true and false at least once.

The Path to High-Quality Software

By incorporating path testing into the software development lifecycle, developers gain a valuable tool for creating exceptional applications. This structured approach ensures comprehensive coverage of potential execution paths, leading to the identification and rectification of errors before they manifest as real-world problems.

Inspired by: Path Testing: The Coverage

From the blog CS@Worcester – Site Title by Iman Kondakciu and used with permission of the author. All other rights reserved by the author.

This week,I am revisiting some fundamental test case design techniques: equivalence partitioning and boundary value analysis. While these terms might sound complex, they offer a structured and efficient approach to software testing, particularly for numerical inputs or situations with defined input ranges.

Equivalence Partitioning: Dividing the Input Landscape Strategically

Imagine a program that validates user age for login purposes. Traditionally, one might be tempted to test every single possible age value from 0 to 120 (or whatever the defined limit may be). This brute-force approach, however, quickly becomes impractical and inefficient as the number of possible inputs grows. Equivalence partitioning offers a more strategic solution.

Equivalence partitioning involves dividing the entire set of possible input values (the input domain) into distinct classes where the program is expected to behave similarly for all values within a class. These classes are called equivalence partitions. In the age validation example, we could define the following equivalence partitions:

• Valid Ages: This partition encompasses all ages that fall within the expected range for a user (e.g., 0 to 120).
• Invalid Ages: This partition includes all values outside the valid range, such as negative numbers or values exceeding the limit (e.g., negative numbers or ages greater than 120).
• Empty or Null Values: This partition considers scenarios where the user leaves the age field blank or enters an invalid value that evaluates to null.

By identifying these partitions, we can significantly reduce the number of test cases needed for comprehensive testing. Instead of testing every single age within the valid range, we can select representative test cases from each partition. For example, we could test valid ages with values at the beginning, middle, and end of the range (e.g., 0, 30, and 120). Similarly, we could test invalid ages with a negative number and a value exceeding the limit.

Boundary Value Analysis: Sharpening Our Focus on Critical Areas

Equivalence partitioning provides a solid foundation for test case design. However, it’s important to pay close attention to the boundaries or edges of each partition. This is where boundary value analysis comes into play. Boundary value analysis focuses on testing the specific values that lie at the borders of each equivalence partition. This includes:

• Minimum and Maximum Valid Values: In the age validation example, this would involve testing the program’s behavior with values at the beginning (0) and end (120) of the valid age range.
• Values Just Above and Below the Valid Range: This involves testing one value above the maximum valid age (e.g., 121) and one value below the minimum valid age (e.g., -1).

The rationale behind testing these boundary values is that programs are often more susceptible to errors at the edges of their input domains. By testing these specific values, we can identify potential issues that might be missed by random testing within the valid range.

Conclusion

Equivalence partitioning and boundary value analysis are valuable tools for software testers. They promote efficient test case design, improve test coverage, and ultimately contribute to the development of high-quality software.

From the blog CS@Worcester – Site Title by Iman Kondakciu and used with permission of the author. All other rights reserved by the author.