Custom Search

Wednesday, January 7, 2009

Software testing questions and answers

As a team leader you are responsible for project planning, scheduling, communicating your project status to your manager and most important task of assigning and monitoring the project work. Your main responsibility is to build a team to achieve your project goals. You need to focus on handling the challenges in your project so that your team and project will grow and perform well.

As far as the standard testing process is considered, it’s depends on you - what procedure you want to establish. Yes some people might blame me for this point but I prefer to establish my own processes that work for me. I don’t stick to those old process definitions that are written and managed in some 90’s and most of which might not applicable nowadays.

Test lead is responsible for ensuring project plan changes are incorporated in test plan. You might write a test plan and test strategy (In some cases it might be written by senior test team member or even by project test manager) Ensure the work is going according to this test plan. Identify the risks and try to mitigate them. At the end of project testing life cycle ensure that all test objectives are accomplished and acceptance criteria is met.

More TL responsibilities includes: Test Case Review, Requirements Validation, Monitoring the execution of manual and automated test cases, Prepare test summary report and Communicate test status to seniors and prepare corresponding documents.

Soft Skill for testers: How to improve communication skill

Poor communication generally leads to disagreement and misunderstandings. Even in romantic relationship if you are poor at communication, chances are high that you will break up with your boy friend or girl friend.

Good communication skill is a must for software testers. You might have seen this line in every job requirements especially openings in QA and testing field. As testers require communicating with different project team members including clients, communication skill plays important role. If you want to win the arguments (I mean arguments that are right) and find the common solution for your problems with your subordinates then you should be able to express your views effectively.

As a part of ’soft skills for testers’ article series I am sharing detailed power point presentation on “How to improve communication skill”.

Keep in mind these simple rules for effective communication:

  • Listen carefully when others are clarifying their thoughts. Don’t interrupt others in-between.
  • Do not speak too fast. Slow down while speaking.
  • Speak clearly. Your pronunciation should be loud and clear.
  • Make eye contact with whom you are speaking. This increases chances of mutual agreement.
  • Read, read and read. For better communication and effective words in your speech your vocabulary should be very strong. Reading more and more will increase your vocabulary.

Besides these 5 golden rules for effective communication here is PPT presentation on improving your communication skill.

Main topics covered in this PPT:
1) What makes a good communicator?
2) Process of communication
3) Active listening
4) Using non-verbal communication effectively
5) Presentation skill while appearing for an interview.

How to crack the GD (Group Discussion). 10 simple ways with ppt on GD

Many companies and institutes are making group discussion as the first criteria for screening the candidates for face-to-face interviews. And there is reason too for giving huge importance for Group Discussion. First thing Group Discussion is used for mass elimination! And second thing group discussion selection criteria’s are based on actual company requirements.

Communication and Group Discussion skill are two relevant soft skills that are must for software testers.

Why group discussion should be the first criteria for selecting software testers?

Software tester requires communication with different people like team members, managers and customers. So interpersonal skill is very important for tester.

Yesterday one of our readers mailed me about her problem. She is very good at work but when it comes to taking credit for her work, someone else is taking the credit.

Why this is happening? She is lagging in interpersonal skills. Lagging in communication. She might be proficient in many skills, but what if she isn’t able to communicate her thoughts in front of her seniors or evaluators? Simply, she will lose the credits of her own work!

Making a good impression while speaking in meetings or interviews is the basic skill every professional should have. Let’s see how you can make this impression.

What skills are judged in group discussion?

  • How good you are at communication with others.
  • How you behave and interact with group.
  • How open minded are you.
  • Your listening skill.
  • How you put forward your views.
  • Your leadership and decision making skills.
  • Your analysis skill and subject knowledge.
  • Problem solving and critical thinking skill.
  • Your attitude and confidence.

Do’s and Don’ts of Group discussion:

1) Keep eye contact while speaking:
Do not look at the evaluators only. Keep eye contact with every team member while speaking.

2) Initiate the GD:
Initiating the GD is a big plus. But keep in mind - Initiate the group discussion only when you understood the GD topic clearly and have some topic knowledge. Speaking without proper subject knowledge is bad impression.

3) Allow others to speak:
Do not interrupt anyone in-between while speaking. Even if you don’t agree with his/her thoughts do not snatch their chance to speak. Instead make some notes and clear the points when it’s your turn.

4) Speak clearly:
Speak politely and clearly. Use simple and understandable words while speaking. Don’t be too aggressive if you are disagreeing with someone. Express your feelings calmly and politely.

5) Make sure to bring the discussion on track:
If by any means group is distracting from the topic or goal then simply take initiative to bring the discussion on the track. Make all group members aware that you all need to come to some conclusion at the end of the discussion. So stick to the topic.

6) Positive attitude:
Be confident. Do not try to dominate anyone. Keep positive body language. Show interest in discussion.

7) Speak sensibly:
Do not speak just to increase your speaking time. Don’t worry even if you speak less. Your thoughts should be sensible and relevant instead of irrelevant speech.

8 ) Listen carefully to others:
Speak less and listen more! Pay attention while others are speaking. This will make coherent discussion and you will get involved in the group positively. You will surely make people agree with you.

9) No need to go into much details:
Some basic subject analysis is sufficient. No need to mention exact figures while giving any reference. You have limited time so be precise and convey your thoughts in short and simple language.

10) Formal dressing:
Do not take it casually. No fancy and funny dressing. You should be comfortable while speaking in group. Positive gesture and body language will make your work easy.

Top Three Tips to Survive in this Recession - Economic Downtime

Here are my top three tips to survive in this recession:

1) Upgrade Your Skills - Make a Strong Profile

When I was young my teachers used to emphasis on specialized skills. Yes even in our testing world, hitherto specialization was getting much attention and my organization was able to charge differential rates to the clients for a performance architect or automation developer. Oflate, my requirements are coming differently. Clients need a test automation architect, who is good in QTP, LoadRunner, Perl, Unix, SQL, Java etc., etc., but as things emerge, you should be a jack of all arts in all testing arena.

Unless you are multi skilled, it is going to be difficult for us to survive in the emerging context. When you are out of a project, take that as a boon period to upgrade your skills. Be in testing released certifications like ISTQB, CSTE, CSQA or tools related certifications like AIS, ASE or domain related certifications in Insurance, Banking or telecom is going to help you to improve your profile.

2) Learn to Manage Stress

One more critical skill, which we need to learn, is stress management. As we move on, we will get more work related pressure. I know already several of our colleagues never see the sun light during the project execution days and this will “improve” further due to the cost cutting and operating margin pressure on the IT companies.

All of us know that a young girl committed suicide recently due to the pressure from her managers. We need to learn to live with these pressures in life. A class on Yoga or meditation will help to stabilize your mind.

3) Be Always Ready to Face Challenges

Every other day, you can see news of IT firms downsizing employees. This is hard reality in countries like India where job security is associated with the work life. It is not the question of you being a performer or non-performer, but the question of available business and required resources.

One should not get de-motivated or depressed by these events in life. In western countries, job hoping is a regular feature in life cycle but in India we are yet to get accosted to this. If you happen to face this, take it bravely and face the challenges. Cross skill will help you during this time. One of my earlier delivery managers in insurance vertical is now CEO in a hospitality company. Life gives you enough opportunity if you are ready to take challenges and use every opportunity to upgrade your skills.

As we grow, not only our skills should grow with us, but also the certifications and membership which will give an enhanced look to your profile. Also, our confidence to face the challenges should also improve. Long back, I had a supervisor, who will become uneasy, if he did not have any problem to solve. We used to yell at him at that time and now I realize that he is my mentor in facing multi dimensional issues and problems in life.

This is right time for all of us to introspect ourselves on the current skills and move forward. Nothing is impossible if you have the determination to WIN.

How to keep good testers in testing positions?

What are the effects of high attrition rate on company?

  • May lose projects in hand - as clients are not happy with high attrition rate
  • Financial burden on company
  • Cost to recruit new employees
  • Cost of new employee training
  • Time for ramp-up in new projects
  • Workload on existing employees
  • Low employee productivity due to unstable work and overtime

These are few important drawbacks of high attrition rate.

How to reduce attrition rate?

First let’s go to root cause of “why employee leave the company?”
The main reason is “lack of appreciation for their hard work”. I mean if company is not caring about employees then why would they stay in such company?

Keep in mind ‘more money’ is not always the solution! Nowadays employees are more concerned about quality of life and their family needs.

Here are some solutions on high attrition rate:

  • Hire the right people in right positions
  • Understand the employee needs and provide it to them
  • Respect them
  • Always appreciate good work
  • Regularly ask for employee input and take appropriate action
  • Offer training opportunities to gain advanced knowledge
  • Better to become employee oriented
  • Pleasant working atmosphere
  • Career growth opportunities
  • Value employee creativity
  • Job security

Last one is very important. Your employees should feel secure about their jobs. If you can’t provide job security or at least feeling of job security in employees mind then your company deserve for high attrition rate.

These are some one liner solution. Let’s take some practical solutions.

Motivation:
Any software team should consist of highly motivated and skilled people. Good motivation comes from good leadership. Good leadership provided by team leaders and managers can bring down the attrition rate. In my career I observe employees leave the company just because of their boss. Some unrealistic demands or lack of motivation and leadership can make employees think over their position and career.

So leaders should motivate and energize colleagues when they lost all hopes.

More Money:
Give them a good compensation and benefit package.

Fun at work:
As I said money is not always the solution, fun at work is also important. Only more money can’t motivate the team if you don’t have fun culture in your company. I believe in “Work hard, Play hard” culture, so plan some sporting activities, outdoor trips, different competitions between different teams etc etc… There can be so many such activities, which can act as refreshment for employees.

Help to settle employee life:
What I mean from this is to help employees providing stability in their life. I know this is not going to be a simple task but company can help employees by providing medical insurance, medical facilities to employees. Housing is the first priority of most of the employees. So help them getting good accommodation.

How to ask for promotion and salary raise in this appraisal

It’s appraisal time! Many companies conduct periodic reviews to give feedback on performance to their employees and to assist employees in developing their career. This appraisal period may be of six months or one year depending on company policies. Performance appraisal is the right time to ask for your promotion as well as salary raise.

Why performance appraisal?

To reward employees for their good work. Appraisal will assist employees to develop in their career and enable them to reach their full potential. Performance appraisal process involves discussion on the previous year employee achievements and identifying area for improvement. This will help employees to develop clear performance objectives for the next review period.

In this article I will concentrate more on “QA performance appraisal”. What are skills and parameters used to judge and rate the QA performance?

This article will help you in following ways:

  • If you are a fresher and yet not faced any appraisal, you will get exact idea of what is performance review and how to face it.
  • If you are an experienced quality assurance engineer then you will know “How to ask for promotion and salary hike in your performance review”.
  • How to effectively summaries your hard work and responsibilities into a good impression in front of management.

In companies having yearly appraisal system, performance appraisal process begins a month before end of each financial year. Performance review forms gets distributed to every eligible employee with instructions on how to fill the form and to whom you need to send these filled forms. After that face-to-face review meetings are scheduled with reviewers.

Following major activities get discussed in review meeting:

  • Project you did in previous year
  • Employees overall performance
  • Comments on performance ratings given by employee and reviewer
  • Employee feedback
  • Areas for improvements
  • Performance planning for the next year.

What are the criteria’s to rate the employee performance?

We are specifically speaking about QA performance appraisal, so here are the main parameters considered while rating software testers/QA persons.

Software testing skills:

1. Ability to find bugs.
2. Bug reporting skills.
3. Ability to automate work.
4. Test Cases Design Ability.
5. Testing Completeness and coverage.

Management skills:

  1. Effective role model
  2. Team motivation skill
  3. Estimation and scheduling ability
  4. Ability to anticipate and address issues
  5. Mentoring ability
  6. Planning and time management skill

Personal skills:

  1. Can work independently?
  2. Team player
  3. Self learning
  4. Discipline?
  5. Willing to learn?
  6. Takes initiative
  7. Admit mistakes?
  8. Grasping skill

    Here are some key points you need to study before asking for promotion and pay rise:

    1) What are your previous year’s top achievements?
    You should be ready with list of key projects you did in past year. How was the overall quality of work in this period? Note down some examples, which will illustrate your contribution to company growth.

    2) Positive attitude:
    Management like employees with positive attitude. Management will think about your leadership qualities before promoting you.

    3) Your relationship with your boss and co-workers:
    This is a crucial point. Make sure you don’t have any disputes between you and your boss or co-workers. You should be a fair team player.

    4) Any major work issue in previous year?
    You should be aware of project issues created by you. If these issues are major then think twice before asking for promotion or pay raise. If the issues are minor and you were not directly responsible for those issues then you can have explanation of these issues, if management raised these negative points in your appraisal meeting. Make sure you don’t blame any of your co-workers for any issue.

    5) Explain why you deserve promotion:
    You need solid work portfolio to explain this. Put forward your contribution to company and how this helped to improve the company.

    6) Are you prepared to handle challenges of senior level positions?
    Senior level position means more responsibilities. You need to have both technical as well as management skills to handle such positions. Explain how you are a best fit for the new position.

    7) Be prepared to present exact amount to be raised in your salary:
    If management is ready to promote you then you might get this question: How much pay rise you expect? So do a little study of current market salary range for your new position. Come to some exact figures by doing analysis of your current salary, company’s previous salary hike records and your accomplishments for the appraisal period.

    8 ) Know the exact time for getting pay rise:
    If you got promotion in last performance appraisal then ask for promotion in current appraisal only if you did some outstanding work. If company is in some financial problems then wait till company get out of this situation


How to build a successful QA team?

What do we mean by a great software testing team?

“A team with a star player is a good team, but a team without one is a great
team.” - Author unknown.

The above quote from Author leads us to discussion on great teams and its characteristics. The article stems from experience gained while working for different teams, observation of team members behavior under time pressure coupled with complex nature of project.This holds good for Software Testing team which finds prominence place in a project activities and requires right mix of people for performing these activities.

Why does some software testing team fails and others succeed? Is there any solution for this problem.The answer is “Yes”/”No” – depends on how the team member aligns himself towards common goal of the team not at the cost of suppressing his team members interest but working together with common understanding of problem at hand.
The success also depends on leadership attributes possessed by Test Leads –“Captain of ship”.

The objective of this article is to help software test engineers or any person who believes in team work,to understand characteristics of high performance team and how to cultivate them in their own teams.

Success of team in long run doesn’t depend on individual who is considered “STAR” but does depends on all who form clusters of stars that makes great team.

Characteristics of Great Software Testing Team

Initial stage - Ask yourself following question:

Does your new team member knows the reason he has been selected for the team?

New members of the team are often puzzled about their presence in team.Although you may argue that he/she need not know purpose and just work on task assigned to him/her.This is assumption made by many higher management people.By clearing defining the roles and responsibilities helps individuals to understand the project in bigger context.That includes the relevance of his/her job,skills of individuals that could be contributed towards the projects,share common team goal which was defined earlier.This does bring great commitment towards the work and hence contributes towards its quality.

Ownership:

When project complexity increases in terms of tasks and team size, it would not be possible to keep track of individuals tasks by single leader.Hence the solution to this would be assigning Ownership to individuals. However this virtual leadership often act as a impediment rather than solution if not considered appropriately. Mere appointment of individual as Owner without considering a serious thought of whether he/she could manage their team would not bring desired result.

Individuals acting as owners should have mindset which matches leaders mindset and the pride on their part to act as future leaders. These are people who could make difference by carrying along with them their team members and the same people by showing Indifferent attitudes towards their team will disintegrate the team. The task of owners is not merely restricted to assigning task to team members but to understand task at hand, situation at much broader perspective and bringing common level of understanding among their team members. Support their team member at the time of difficulty of handling task,word of encouragement,correcting their mistakes by not acting as lead but as a peer,acting up on ideas or taking advice for appropriate situation from experienced members would certainly benefit towards shared goal. Collaboration and a solid sense of interdependency in a team will defuse blaming behavior and stimulate opportunities for learning and improvement.

Knowledge of seasoned players in the team

The term-seasoned players indicates the person who has spent considerable amount of time in same project or similar kind of work. They are resources who have vast knowledge about project. By channeling their knowledge in proper way,the entire team could be benefited.These individual should show an act of diligence towards others work rather than arrogance.It is commonly said “Past success breeds arrogance”. They are higher performers who’s absence could be felt in a team but it should be not sole criteria as there are equal chance for others who has similar caliber to act at this position.

Motivation – Key Factor

Motivation is not all about giving speech when members of team are assembled but rather every effort should be made to tailor these speech to address each individual. This means each of team member has unique qualities and unique working style. This task is rather complex than said for Test Lead since it will bring effort on leaders part to sense the team member’s feeling not only to task assigned to members but also on project as whole. Positive attitude of lead will energies team – This is quoted from experience working for one of great test team.If the leader complains about long working hours or insisting the team members to work at schedule which is impossible to meet, your team will reflect your attitude. He/She is true leader who inspite of unreasonable schedule instills the confidence among team members to believe in their abilities and at the same time working at the background on his part to justify his team members effort working on unreasonable schedule but bring an extension to these schedule to make his team members job simple.

Recognition

Everyone likes to be recognized for his/her work.When an individual is awarded for his/her work,the responsibility of team lead should bring reason for individual recognition in front of others. The team lead decision for these kind of task should be impartial.This does bring great respect for the awarded individual by members in the team. They would be acting on similar grounds and ultimately team benefits from their collective response. Very often that members working for virtual leader often are not recognized since due to zero visibility to the leader of team. It is virtual leader who has to bring on table the accomplishment,contribution done by team member towards their task.This indicates that virtual leader is future leader who does take care of members of his team and well received by members of his team to whom they always wanted to be associated in future.

One-One basis Meeting

It is often seen that roles and responsibilities for the members are defined and assessment is done at the end of project.Agreed that it is formal process.But informal talk like One – One basis adds to this formal process as well. These informal meeting should address issues at present whom members wont feel like conveying during group meeting, future opportunities for members, identifying future leaders/owners of the team and equally acting on issues at hand after feedback from team members.Timely and appropriately delivered feedback can make the difference between a team that hides mistakes and a team that sees mistakes as opportunities. The responsibility for poor performance is usually a function of the team structure rather than individual incompetence; yet, it is individuals who are sent to training programs for fixing. If team members feel like they are pitted against one another to compete for rewards and recognition, they will withhold information that might be useful to the greater team. When a team has problems, the effective team leader will focus on the team’s structure before focusing on individuals.

“Don’t tell people how to do things, tell them what to do and let them surprise you with their results.” - George Patton

Conclusion

There are plenty of things to be considered while building successful team.The key words – Unity,Trust,Respect for others opinion and acting without fear are ingredients for great test team,in general for any successful team. After reading this article look at your team and question yourself “Are you working in great test team” or “ Will you make every effort to build great test team”.Then don’t wait,try next second to build “Great Software Testing Team”.

“Coming together is a beginning, Keeping together is progress, Working together is success”. - Henry Ford

How to keep motivation alive in software testers?

B Eric Jacobson - a software tester, to keep motivation alive in his testing team. Eric found interesting idea to reward good testers. The idea of holding a bug contest. And decided to award the ‘Mercury’ cap to the tester who could log the most bugs in a given week.

A small tweak I would rather suggest to make this technique more effective is to award the testers who will find the quality bug, may be called as “Bug of the week”. This way quality bugs will be the main focus of software testers rather than running behind the quantity. Obviously you should not ignore those small UI bugs also :-)

I am really fan of awarding testers for their good work. It may be any kind of appreciation. May be a small gift or just few kind words of appreciation from the lead or manager. This will keep the spirit alive in testers to find new and quality bugs.

If you are a team leader, manager or even a team member, what do you think is the best way to keep motivation alive in software testers?

Money making, software testing career and secrets of a richest tester

These days a lot of people who pass out of engineering and science colleges are interested about software testing as a career. When I passed out at a time when the IT had started to boom back in India, most of the fresh graduates with whom I interacted didn’t even know there existed jobs or careers like software testing.

I was offered a job as a tester in a start up for 7440 rupees a month compared to fresh developers (who were picked from better institutes from where I graduated) being paid 34,500 rupees a month.

Today there isn’t such a huge difference between what testers and developers get paid and I consider this generation to be luckier than my generation without ignoring the idea that my generation might have been luckier than its previous generation.

When I started my career as a software tester, I didn’t find any training centre, which could coach me on software testing, and I lacked guidance. I didn’t know about Google and its power of search.

In the organization I worked for, there existed a senior software tester, not by designation or for the technical competence but just that he joined that organization 6 months before I did. He happened to coach me. I blindly believed all that he said about testing. I believed him and never questioned him.

By believing whatever he said I think I was becoming dumb. I looked for someone who could coach me and found two great people, one a developer and other a software architect in the organization whose ideas were much impressive than the senior software tester.

The duos were more open to questions from me as compared to the so-called senior software tester. When I questioned all things that I heard from the so-called senior software tester, I found that most of what the senior tester said was highly idiotic.

I realized that my quest in life was to see myself doing good or great testing in future. To do that, I must learn, I must learn, I must learn, I must practice, I must practice, I must practice…

What do I learn? What do I practice?

When I asked for information about software testing, some of my friends sent me material that was nothing more than, - types of testing, techniques of testing, different types of documentation, process of testing and development.


How to prepare for software testing interview

What you need to know about software testing?
First basic thing - Testing Concepts: One needs to be very good at this especially the manual testing methodologies. But only knowing different testing concepts is half work done. The next - most important thing is to know which type/technique/concept of testing can be applied at what stage of SDLC.

“What should I test and when” is very important. There might be some concepts, which are not applicable to what we, professional test in our company, but it’s always better to have an idea of all testing practices.

Many freshers and working testing professionals have might not worked on various testing domains like localization testing, time Zone testing etc. But knowing more than what you have worked on will help you better answering the different questions from the interviewer. I always try to keep my testing knowledge updated besides my current project work. This helped me a lot while switching my job some years ago. What if an interviewer asks you question on topic, which you have never worked on? For example you don’t have any experience on web based projects or client server testing and interviewer asks you to test “Yahoo mail application”. Will you be able to answer this question? You can. Even you have not worked on this type of projects. How? Your curiosity to learn the things you never done before will help you in this case. So broaden your thinking area, be curious in every work and every query you face in your daily work routine.

Knowing more is harmless and will definitely help you at least to give your thoughts on the questions asked by interviewer.

If you don’t know any testing concept, e.g. “Localization testing”, then try to learn the concepts first. Like - what would be localization testing? It’s simple; Test if the application looks local for you while using. Then go on exploring. See for used colors, content, images, culture etc, Different countries, locales have it in different way. Consider a web site that reads from right to left, is it accepted in countries other than Middle East? Obviously NO. Or can you display the same geo specific content in India what you can display in US? Again NO. This is just a simple example how you can learn unknown testing concepts.

The very essential part of a test engineer is “Thinking out of box”. If you are not capable of thinking out of box, believe me testing is not for you. What do you mean by thinking out of box? Don’t just follow the traditional methods. Implement new things in testing. Try to summarize, automate the routine testing work. Think from user perspective. Think how user will use your application. What common mistakes he can make or which tasks he can perform on your application? This way you will get insight of any application and will also help to answer the questions in depth.

Besides from “curiosity to learn” you should upgrade your skill in following areas:
- Some hands-on on basic database/SQL queries and concepts
- Any basic scripting language (For automation testing)
- Networking and system administration concepts will help you in system domain projects.

Do not just write the UI test cases, check what is happening inside the application. For application having database connection check for data updation, retrieving and in any case there should not be loss of data.

Get hold on project. Know the application under test before starting to test it. Instead of looking in the requirement document, look into the architecture doc, design doc, sequence diagram and activity flow diagram.

Most importantly you need to be perfect in what you mention in your CV. All the questions interviewer asks will be based on what you are specifying in your CV. So do not mention the skills you have not worked on, just for the sake of decorating the CV with multiple skills.

The key point in interview is, You should make interviewer feel that it was a complex application you were testing and had lot many challenges in it for a tester!

And one last thing - If you don’t know answer for a question, say so. Don’t fool around and get into trouble.

An approach for Security Testing of Web Applications

Introduction

As more and more vital data is stored in web applications and the number of transactions on the web increases, proper security testing of web applications is becoming very important. Security testing is the process that determines that confidential data stays confidential (i.e. it is not exposed to individuals/ entities for which it is not meant) and users can perform only those tasks that they are authorized to perform (e.g. a user should not be able to deny the functionality of the web site to other users, a user should not be able to change the functionality of the web application in an unintended way etc.).

Some key terms used in security testing

Before we go further, it will be useful to be aware of a few terms that are frequently used in web application security testing:

What is “Vulnerability”?
This is a weakness in the web application. The cause of such a “weakness” can be bugs in the application, an injection (SQL/ script code) or the presence of viruses.

What is “URL manipulation”?
Some web applications communicate additional information between the client (browser) and the server in the URL. Changing some information in the URL may sometimes lead to unintended behavior by the server.

What is “SQL injection”?
This is the process of inserting SQL statements through the web application user interface into some query that is then executed by the server.

What is “XSS (Cross Site Scripting)”?
When a user inserts HTML/ client-side script in the user interface of a web application and this insertion is visible to other users, it is called XSS.

What is “Spoofing”?
The creation of hoax look-alike websites or emails is called spoofing.
Security testing approach:

In order to perform a useful security test of a web application, the security tester should have good knowledge of the HTTP protocol. It is important to have an understanding of how the client (browser) and the server communicate using HTTP. Additionally, the tester should at least know the basics of SQL injection and XSS. Hopefully, the number of security defects present in the web application will not be high. However, being able to accurately describe the security defects with all the required details to all concerned will definitely help.

1. Password cracking:

The security testing on a web application can be kicked off by “password cracking”. In order to log in to the private areas of the application, one can either guess a username/ password or use some password cracker tool for the same. Lists of common usernames and passwords are available along with open source password crackers. If the web application does not enforce a complex password (e.g. with alphabets, number and special characters, with at least a required number of characters), it may not take very long to crack the username and password.

If username or password is stored in cookies without encrypting, attacker can use different methods to steal the cookies and then information stored in the cookies like username and password.

For more details see article on “Website Cookie Testing”.

2. URL manipulation through HTTP GET methods:

The tester should check if the application passes important information in the querystring. This happens when the application uses the HTTP GET method to pass information between the client and the server. The information is passed in parameters in the querystring. The tester can modify a parameter value in the querystring to check if the server accepts it.

Via HTTP GET request user information is passed to server for authentication or fetching data. Attacker can manipulate every input variable passed from this GET request to server in order to get the required information or to corrupt the data. In such conditions any unusual behavior by application or web server is the doorway for the attacker to get into the application.

3. SQL Injection:

The next thing that should be checked is SQL injection. Entering a single quote (‘) in any textbox should be rejected by the application. Instead, if the tester encounters a database error, it means that the user input is inserted in some query which is then executed by the application. In such a case, the application is vulnerable to SQL injection.

SQL injection attacks are very critical as attacker can get vital information from server database. To check SQL injection entry points into your web application, find out code from your code base where direct MySQL queries are executed on database by accepting some user inputs.

If user input data is crafted in SQL queries to query the database, attacker can inject SQL statements or part of SQL statements as user inputs to extract vital information from database. Even if attacker is successful to crash the application, from the SQL query error shown on browser, attacker can get the information they are looking for. Special characters from user inputs should be handled/escaped properly in such cases.

4. Cross Site Scripting (XSS):

The tester should additionally check the web application for XSS (Cross site scripting). Any HTML e.g. or any script e.g.

Smoke testing and sanity testing - Quick and simple differences

Despite of hundreds of web articles on Smoke and sanity testing, many people still have confusion between these terms and keep on asking to me. Here is a simple and understandable difference that can clear your confusion between smoke testing and sanity testing.

Here are the differences you can see:

SMOKE TESTING:

  • Smoke testing originated in the hardware testing practice of turning on a new piece of hardware for the first time and considering it a success if it does not catch fire and smoke. In software industry, smoke testing is a shallow and wide approach whereby all areas of the application without getting into too deep, is tested.
  • A smoke test is scripted, either using a written set of tests or an automated test
  • A Smoke test is designed to touch every part of the application in a cursory way. It’s shallow and wide.
  • Smoke testing is conducted to ensure whether the most crucial functions of a program are working, but not bothering with finer details. (Such as build verification).
  • Smoke testing is normal health check up to a build of an application before taking it to testing in depth.

SANITY TESTING:

  • A sanity test is a narrow regression test that focuses on one or a few areas of functionality. Sanity testing is usually narrow and deep.
  • A sanity test is usually unscripted.
  • A Sanity test is used to determine a small section of the application is still working after a minor change.
  • Sanity testing is a cursory testing, it is performed whenever a cursory testing is sufficient to prove the application is functioning according to specifications. This level of testing is a subset of regression testing.
  • Sanity testing is to verify whether requirements are met or not, checking all features breadth-first.

Manual and Automation testing Challenges

Software Testing has lot of challenges both in manual as well as in automation. Generally in manual testing scenario developers through the build to test team assuming the responsible test team or tester will pick the build and will come to ask what the build is about? This is the case in organizations not following so-called ‘processes’. Tester is the middleman between developing team and the customers, handling the pressure from both the sides. And I assume most of our readers are smart enough to handle this pressure. Aren’t you?

This is not the case always. Some times testers may add complications in testing process due to their unskilled way of working. In this post I have added most of the testing challenges created due to testing staff, developing staff, testing processes and wrong management decisions.

So here we go with the top challenges:

1) Testing the complete application:
Is it possible? I think impossible. There are millions of test combinations. It’s not possible to test each and every combination both in manual as well as in automation testing. If you try all these combinations you will never ship the product ;-)

2) Misunderstanding of company processes:
Some times you just don’t pay proper attention what the company-defined processes are and these are for what purposes. There are some myths in testers that they should only go with company processes even these processes are not applicable for their current testing scenario. This results in incomplete and inappropriate application testing.

3) Relationship with developers:
Big challenge. Requires very skilled tester to handle this relation positively and even by completing the work in testers way. There are simply hundreds of excuses developers or testers can make when they are not agree with some points. For this tester also requires good communication and analyzing skill.

4) Regression Testing :
When project goes on expanding the regression testing work simply becomes uncontrolled. Pressure to handle the current functionality changes, previous working functionality checks and bug tracking.

5) Lack of Skilled Testers :
I will call this as ‘wrong management decision’ while selecting or training testers for their project task in hand. These unskilled fellows may add more chaos than simplifying the testing work. This results into incomplete, insufficient and ad-hoc testing throughout testing life cycles.

6) Testing Always under Time Constraint :
Hey tester, we want to ship this product by this weekend, are you ready for completion? When this order comes from boss, tester simply focuses on task completion and not on the test coverage and quality of work. There is huge list of tasks that you need to complete within specified time. This includes writing, executing, automating and reviewing the test cases.

7) Which tests to execute first?
If you are facing the challenge stated in point no 6, then how will you take decision which test cases should be executed and with what priority? Which tests are important over others? This requires good experience to work under pressure.

8 ) Understanding the requirements:
Some times testers are responsible for communicating with customers for understanding the requirements. What if tester fails to understand the requirements? Will he be able to test the application properly? Definitely No! Testers require good listening and understanding capabilities.

9) Automation Testing :
Many sub challenges - Should automate the testing work? Till what level automation should be done? Do you have sufficient and skilled resources for automation? Is time permissible for automating the test cases? Decision of automation or manual testing will need to address the pros and cons of each process.

10) Decision to stop the testing:
When to stop testing? Very difficult decision. Requires core judgment of testing processes and importance of each process. Also requires ‘on the fly’ decision ability.

11) One test team under multiple projects:
Challenging to keep track of each task. Communication challenges. Many times results in failure of one or both the projects.

12) Reuse of Test scripts:
Application development methods are changing rapidly, making it difficult to manage the test tools and test scripts. Test script migration or reuse is very essential but difficult task.

13) Testers focusing on finding easy bugs:
If organization is rewarding testers based on number of bugs (very bad approach to judge testers performance) then some testers only concentrate on finding easy bugs those don’t require deep understanding and testing. A hard or subtle bug remains unnoticed in such testing approach.

14) To cope with attrition:
Increasing salaries and benefits making many employees leave the company at very short career intervals. Managements are facing hard problems to cope with attrition rate. Challenges - New testers require project training from the beginning, complex projects are difficult to understand, delay in shipping date!

Tips to design test data before executing your test cases

I have mentioned importance of proper test data in many of my previous articles. Tester should check and update the test data before execution of any test case. In this article I will provide tips on how to prepare test environment so that any important test case will not be missed by improper test data and incomplete test environment setup.

What do I mean by test data?

If you are writing test case then you need input data for any kind of test. Tester may provide this input data at the time of executing the test cases or application may pick the required input data from the predefined data locations. The test data may be any kind of input to application, any kind of file that is loaded by the application or entries read from the database tables. It may be in any format like xml test data, system test data, SQL test data or stress test data.

Preparing proper test data is part of the test setup. Generally testers call it as testbed preparation. In testbed all software and hardware requirements are set using the predefined data values.

If you don’t have the systematic approach for building test data while writing and executing test cases then there are chances of missing some important test cases. Tester can’t justify any bug saying that test data was not available or was incomplete. It’s every testers responsibility to create his/her own test data according to testing needs. Don’t even rely on the test data created by other tester or standard production test data, which might not have been updated for months! Always create fresh set of your own test data according to your test needs.

Sometime it’s not possible to create complete new set of test data for each and every build. In such cases you can use standard production data. But remember to add/insert your own data sets in this available database. One good way to design test data is use the existing sample test data or testbed and append your new test case data each time you get same module for testing. This way you can build comprehensive data set.

How to keep your data intact for any test environment?

Many times more than one tester is responsible for testing some builds. In this case more than one tester will be having access to common test data and each tester will try to manipulate that common data according to his/her own needs. Best way to keep your valuable input data collection intact is to keep personal copies of the same data. It may be of any format like inputs to be provided to the application, input files such as word file, excel file or other photo files.

Check if your data is not corrupted:
Filing a bug without proper troubleshooting is bad a practice. Before executing any test case on existing data make sure that data is not corrupted and application can read the data source.

How to prepare data considering performance test cases?

Performance tests require very large data set. Particularly if application fetching or updating data from DB tables then large data volume play important role while testing such application for performance. Sometimes creating data manually will not detect some subtle bugs that may only be caught by actual data created by application under test. If you want real time data, which is impossible to create manually, then ask your manager to make it available from live environment.

I generally ask to my manager if he can make live environment data available for testing. This data will be useful to ensure smooth functioning of application for all valid inputs.

Take example of my search engine project ‘statistics testing’. To check history of user searches and clicks on advertiser campaigns large data was processed for several years which was practically impossible to manipulate manually for several dates spread over many years. So there is no other option than using live server data backup for testing. (But first make sure your client is allowing you to use this data)

What is the ideal test data?

Test data can be said to be ideal if for the minimum size of data set all the application errors get identified. Try to prepare test data that will incorporate all application functionality, but not exceeding cost and time constraint for preparing test data and running tests.

How to prepare test data that will ensure complete test coverage?

Design your test data considering following categories:
Test data set examples:
1) No data: Run your test cases on blank or default data. See if proper error messages are generated.

2) Valid data set: Create it to check if application is functioning as per requirements and valid input data is properly saved in database or files.

3) Invalid data set: Prepare invalid data set to check application behavior for negative values, alphanumeric string inputs.

4) Illegal data format: Make one data set of illegal data format. System should not accept data in invalid or illegal format. Also check proper error messages are generated.

5) Boundary Condition data set: Data set containing out of range data. Identify application boundary cases and prepare data set that will cover lower as well as upper boundary conditions.

6) Data set for performance, load and stress testing: This data set should be large in volume.

This way creating separate data sets for each test condition will ensure complete test coverage.

Conclusion:

Preparing proper test data is a core part of “project test environment setup”. Tester cannot pass the bug responsibility saying that complete data was not available for testing. Tester should create his/her own test data additional to the existing standard production data. Your test data set should be ideal in terms of cost and time. Use the tips provided in this article to categorize test data to ensure complete functional test cases coverage.

Be creative, use your own skill and judgments to create different data sets instead of relying on standard production data while testing.

Developers are not good testers. Isn't it?

This can be a big debate. Developers testing their own code - what will be the testing output? All happy endings! Yes, the person who develops the code generally sees only happy paths of the product and don’t want to go in much details.

The main concern of developer testing is - misunderstanding of requirements. If requirements are misunderstood by developer then no matter at what depth developer test the application, he will never find the error. The first place where the bug gets introduced will remain till end, as developer will see it as functionality.

Optimistic developers - Yes, I wrote the code and I am confident it’s working properly. No need to test this path, no need to test that path, as I know it’s working properly. And right here developers skip the bugs.

Developer Vs Tester : Developer always wants to see his code working properly. So he will test it to check if it’s working correctly. But you know why tester will test the application? To make it fail in any way, and tester surely will test how application is not working correctly. This is the main difference in developer testing and tester testing.

Should developers test their own work?

I personally don’t mind developers testing their own code. After all it’s there baby ;-) They know their code very well. They know what are the traps in their codes. Where it can fail, where to concentrate more, which is important path of the application. Developer can do unit testing very well and can effectively identify boundary cases.

This is all applicable to a developer who is a Good Tester. But most of the developers consider testing as painful job, even they know the system well, due to their negligence they tend to skip many testing paths, as it’s a very painful experience for them. If developers find any errors in their code in unit testing then it’s comparatively easier to fix, as the code is fresh to them, rather than getting the bug from testers after two-three days. But this only possible if the developer is interested in doing that much testing.

It’s testers responsibility to make sure each and every path is tested or not. Testers should ideally give importance to all small possible details to verify application is not breaking anywhere.

Developers, please don’t review your own code. Generally you will overlook the issues in your code. So give it to others for review.

Everyone is having specialization in particular subject. Developers generally think how to develop the application on the other hand testers think how the end user is going to use the application.

Learning basics of QTP automation tool and preparation of QTP interview questions

This post is in continuation with QTP interview questions series. Following questions will help for preparing interview as well as learning the QTP basics.

Quick Test Professional: Interview Questions and answers.

1. What are the features and benefits of Quick Test Pro(QTP)?

1. Key word driven testing
2. Suitable for both client server and web based application
3. VB script as the script language
4. Better error handling mechanism
5. Excellent data driven testing features

2. How to handle the exceptions using recovery scenario manager in QTP?

You can instruct QTP to recover unexpected events or errors that occurred in your testing environment during test run. Recovery scenario manager provides a wizard that guides you through the defining recovery scenario. Recovery scenario has three steps
1. Triggered Events
2. Recovery steps
3. Post Recovery Test-Run

3. What is the use of Text output value in QTP?

Output values enable to view the values that the application talks during run time. When parameterized, the values change for each iteration. Thus by creating output values, we can capture the values that the application takes for each run and output them to the data table.

4. How to use the Object spy in QTP 8.0 version?

There are two ways to Spy the objects in QTP
1) Thru file toolbar: In the File ToolBar click on the last toolbar button (an icon showing a person with hat).
2) Thru Object repository Dialog: In Objectrepository dialog click on the button “object spy…” In the Object spy Dialog click on the button showing hand symbol. The pointer now changes in to a hand symbol and we have to point out the object to spy the state of the object. If at all the object is not visible or window is minimized then hold the Ctrl button and activate the required window to and release the Ctrl button.

5. What is the file extension of the code file and object repository file in QTP?
File extension of
Per test object rep: filename.mtr
Shared Object rep: filename.tsr
Code file extension id: script.mts

6. Explain the concept of object repository and how QTP recognizes objects?

Object Repository: displays a tree of all objects in the current component or in the current action or entire test( depending on the object repository mode you selected).
we can view or modify the test object description of any test object in the repository or to add new objects to the repository.
Quicktest learns the default property values and determines in which test object class it fits. If it is not enough it adds assistive properties, one by one to the description until it has compiled the unique description. If no assistive properties are available, then it adds a special Ordianl identifier such as objects location on the page or in the source code.

7. What are the properties you would use for identifying a browser and page when using descriptive programming?

“name” would be another property apart from “title” that we can use. OR
We can also use the property “micClass”.
ex: Browser(”micClass:=browser”).page(”micClass:=page”)

8. What are the different scripting languages you could use when working with QTP?

You can write scripts using following languages:
Visual Basic (VB), XML, JavaScript, Java, HTML

9. Tell some commonly used Excel VBA functions.

Common functions are:
Coloring the cell, Auto fit cell, setting navigation from link in one cell to other saving

10. Explain the keyword createobject with an example.

Creates and returns a reference to an Automation object
syntax: CreateObject(servername.typename [, location])
Arguments
servername:Required. The name of the application providing the object.
typename : Required. The type or class of the object to create.
location : Optional. The name of the network server where the object is to be created.

11. Explain in brief about the QTP Automation Object Model.

Essentially all configuration and run functionality provided via the QuickTest interface is in some way represented in the QuickTest automation object model via objects, methods, and properties. Although a one-on-one comparison cannot always be made, most dialog boxes in QuickTest have a corresponding automation object, most options in dialog boxes can be set and/or retrieved using the corresponding object property, and most menu commands and other operations have corresponding automation methods. You can use the objects, methods, and properties exposed by the QuickTest automation object model, along with standard programming elements such as loops and conditional statements to design your program.

12. How to handle dynamic objects in QTP?

QTP has a unique feature called Smart Object Identification/recognition. QTP generally identifies an object by matching its test object and run time object properties. QTP may fail to recognize the dynamic objects whose properties change during run time. Hence it has an option of enabling Smart Identification, wherein it can identify the objects even if their properties changes during run time.
Check out this:
If QuickTest is unable to find any object that matches the recorded object description, or if it finds more than one object that fits the description, then QuickTest ignores the recorded description, and uses the Smart Identification mechanism to try to identify the object.
While the Smart Identification mechanism is more complex, it is more flexible, and thus, if configured logically, a Smart Identification definition can probably help QuickTest identify an object, if it is present, even when the recorded description fails.

The Smart Identification mechanism uses two types of properties:
Base filter properties - The most fundamental properties of a particular test object class; those whose values cannot be changed without changing the essence of the original object. For example, if a Web link’s tag was changed from to any other value, you could no longer call it the same object. Optional filter properties - Other properties that can help identify objects of a particular class as they are unlikely to change on a regular basis, but which can be ignored if they are no longer applicable.

13. What is a Run-Time Data Table? Where can I find and view this table?

In QTP, there is data table used, which is used at runtime.
-In QTP, select the option View->Data table.
-This is basically an excel file, which is stored in the folder of the test created, its name is Default.xls by default.

14. How does Parameterization and Data-Driving relate to each other in QTP?

To data driven we have to parameterize. i.e. we have to make the constant value as parameter, so that in each interaction(cycle) it takes a value that is supplied in run-time data table. Through parameterization only we can drive a transaction (action) with different sets of data. You know running the script with the same set of data several times is not suggested, and it’s also of no use.

15. What is the difference between Call to Action and Copy Action.?

Call to Action: The changes made in Call to Action, will be reflected in the original action (from where the script is called). But where as in Copy Action , the changes made in the script ,will not effect the original script(Action)

16. Explain the concept of how QTP identifies object.

During recording qtp looks at the object and stores it as test object. For each test object QT learns a set of default properties called mandatory properties, and look at the rest of the objects to check whether this properties are enough to uniquely identify the object. During test run, QTP searches for the run time objects that matches with the test object it learned while recording.

17. Differentiate the two Object Repository Types of QTP.

Object repository is used to store all the objects in the application being tested.
Types of object repository: Per action and shared repository.
In shared repository only one centralized repository for all the tests. where as in per action for each test a separate per action repository is created.

18. What the differences are and best practical application of Object Repository?

Per Action: For Each Action, one Object Repository is created.
Shared: One Object Repository is used by entire application

19. Explain what the difference between Shared Repository and Per Action Repository

Shared Repository: Entire application uses one Object Repository , that similar to Global GUI Map file in WinRunner
Per Action: For each Action, one Object Repository is created, like GUI map file per test in WinRunner

20. Have you ever written a compiled module? If yes tell me about some of the functions that you wrote.

Sample answer (You can tell about modules you worked on. If your answer is Yes then You should expect more questions and should be able to explain those modules in later questions): I Used the functions for Capturing the dynamic data during runtime. Function used for Capturing Desktop, browser and pages.

21. Can you do more than just capture and playback?

Sample answer (Say Yes only if you worked on): I have done Dynamically capturing the objects during runtime in which no recording, no playback and no use of repository is done AT ALL.
-It was done by the windows scripting using the DOM(Document Object Model) of the windows.

22. How to do the scripting. Are there any inbuilt functions in QTP? What is the difference between them? How to handle script issues?

Yes, there’s an in-built functionality called “Step Generator” in Insert->Step->Step Generator -F7, which will generate the scripts as you enter the appropriate steps.

23. What is the difference between check point and output value?

An output value is a value captured during the test run and entered in the run-time but to a specified location.
EX:-Location in Data Table[Global sheet / local sheet]

24. How many types of Actions are there in QTP?

There are three kinds of actions:
Non-reusable action - An action that can be called only in the test with which it is stored, and can be called only once.
Reusable action - An action that can be called multiple times by the test with which it is stored (the local test) as well as by other tests.
External action - A reusable action stored with another test. External actions are read-only in the calling test, but you can choose to use a local, editable copy of the Data Table information for the external action.

25. I want to open a Notepad window without recording a test and I do not want to use System utility Run command as well. How do I do this?

You can still make the notepad open without using the record or System utility script, just by mentioning the path of the notepad “( i.e. where the notepad.exe is stored in the system) in the “Windows Applications Tab” of the “Record and Run Settings window.

How to test software requirements specification (SRS)?

Do you know “Most of the bugs in software are due to incomplete or inaccurate functional requirements?” The software code, doesn’t matter how well it’s written, can’t do anything if there are ambiguities in requirements.

It’s better to catch the requirement ambiguities and fix them in early development life cycle. Cost of fixing the bug after completion of development or product release is too high. So it’s important to have requirement analysis and catch these incorrect requirements before design specifications and project implementation phases of SDLC.

How to measure functional software requirement specification (SRS) documents?
Well, we need to define some standard tests to measure the requirements. Once each requirement is passed through these tests you can evaluate and freeze the functional requirements.

Let’s take an example. You are working on a web based application. Requirement is as follows:
“Web application should be able to serve the user queries as early as possible”

How will you freeze the requirement in this case?
What will be your requirement satisfaction criteria? To get the answer, ask this question to stakeholders: How much response time is ok for you?
If they say, we will accept the response if it’s within 2 seconds, then this is your requirement measure. Freeze this requirement and carry the same procedure for next requirement.

We just learned how to measure the requirements and freeze those in design, implementation and testing phases.

Now let’s take other example. I was working on a web based project. Client (stakeholders) specified the project requirements for initial phase of the project development. My manager circulated all the requirements in the team for review. When we started discussion on these requirements, we were just shocked! Everyone was having his or her own conception about the requirements. We found lot of ambiguities in the ‘terms’ specified in requirement documents, which later on sent to client for review/clarification.

Client used many ambiguous terms, which were having many different meanings, making it difficult to analyze the exact meaning. The next version of the requirement doc from client was clear enough to freeze for design phase.

From this example we learned “Requirements should be clear and consistent”

Next criteria for testing the requirements specification is “Discover missing requirements”

Many times project designers don’t get clear idea about specific modules and they simply assume some requirements while design phase. Any requirement should not be based on assumptions. Requirements should be complete, covering each and every aspect of the system under development.

Specifications should state both type of requirements i.e. what system should do and what should not.

Generally I use my own method to uncover the unspecified requirements. When I read the software requirements specification document (SRS), I note down my own understanding of the requirements that are specified, plus other requirements SRS document should supposed to cover. This helps me to ask the questions about unspecified requirements making it clearer.

For checking the requirements completeness, divide requirements in three sections, ‘Must implement’ requirements, requirements those are not specified but are ‘assumed’ and third type is ‘imagination’ type of requirements. Check if all type of requirements are addressed before software design phase.

Check if the requirements are related to the project goal.
Some times stakeholders have their own expertise, which they expect to come in system under development. They don’t think if that requirement is relevant to project in hand. Make sure to identify such requirements. Try to avoid the irrelevant requirements in first phase of the project development cycle. If not possible ask the questions to stakeholders: why you want to implement this specific requirement? This will describe the particular requirement in detail making it easier for designing the system considering the future scope.

But how to decide the requirements are relevant or not?
Simple answer: Set the project goal and ask this question: If not implementing this requirement will cause any problem achieving our specified goal? If not, then this is irrelevant requirement. Ask the stakeholders if they really want to implement these types of requirements.

In short requirements specification (SRS) doc should address following:
Project functionality (What should be done and what should not)
Software, Hardware interfaces and user interface
System Correctness, Security and performance criteria
Implementation issues (risks) if any

Conclusion:
I have covered all aspects of requirement measurement. To be specific about requirements, I will summarize requirement testing in one sentence:
“Requirements should be clear and specific with no uncertainty, requirements should be measurable in terms of specific values, requirements should be testable having some evaluation criteria for each requirement, and requirements should be complete, without any contradictions”

Testing should start at requirement phase to avoid further requirement related bugs. Communicate more and more with your stakeholder to clarify all the requirements before starting project design and implementation.

Do you have any experience testing software requirements?