Software Testing Blog

Our guest blogger this month is Valerie Dale – one of the first (and finest) testers to join our global community. In this post, Valerie will address the importance of writing clear and effective test cases for specific audiences.

Despite all evidence to the contrary, test case design is often seen as work with no real value – a remedial task with no significant ROI. This is puzzling on a number of levels. One would think that with the added pressures to launch a quality product on schedule, test case design and planning would be a top priority. It’s not. At best, there is minimal attention paid to the practice. At worst, it’s non-existent.

But test case design is an important part of the tester’s, or test designer’s job. Without some type of design or planning, it is possible (likely, in fact) that critical requirements and defects will be missed. In actuality, test case planning/design can be the single greatest factor in the success of a release.

Most people define test case design by considering which tests to execute for boundary conditions, error handling, data types, data validation, etc. While these items are the meat of the test cases, there are many other things to consider, as test case planning/design is comprised of several thought processes and each plays a part in determining whether or not the test cases will be successful.

Read more…

Our guest blogger this month is Brad Sellick, a recent Bug Battle winner with expertise in mobile testing (see his full bio below). In this post, Brad examines the shortfalls of simulation tools in testing mobile applications.

There’s a challenge in developing and testing applications that is as old as the personal computer itself. The challenge being that the design, development, and testing of applications often takes place in an environment much different from “the real world” where users run and interact with those applications.

With the rise of mobile platform devices like the Blackberry and iPhone, I believe that challenge is greater now than at any time in the past. We now find ourselves producing applications in an environment (a desktop or laptop computer) that is completely different from the device the application will run on.

This challenge is compounded by the fact that development platforms have a very convenient method of testing a mobile application on the desktop via a simulator tool.

My own experience with iPhone development was a major eye-opener. I spent a lot of time building and testing applications on my Mac desktop and the simulator application. However, when I finally loaded an application onto an iPhone for the first time, it was a completely different experience.

Read more…

Our guest blogger this month is Joseph Ours, a recent Bug Battle winner with more than 12 years of IT experience, including software testing and quality assurance. In this post, Joseph advises testers to re-examine the way they report defects in software applications.

Testers and testing are viewed as a cost center in many organizations. If you look at the roles of other “main” players, you quickly see that testers face what I call an issue of intangibles. Here’s what I mean:

• Project managers – They are task masters driving a product to completion. Businesses absolutely want products created on time and under budget – which is why they are (correctly) viewed as an absolute necessity.

• Analysts – These guys get the great job of descriptively conceptualizing the idea. This is akin to a paper prototype, and gives the business the first real glimpse of how it might look and work.

• Developers – They are the cream of the crop. They get to create an actual product that businesses can see and feel.

• Testers – Well, we say if it works or not.

Read more…

In the second part of his blog post “Security Testing Tips From a Bug Battle Winner”, uTester Bernard Lelchuk takes a closer look at some of the more effective tools to use when performing security testing.

There are quite a few attacking testing tools which can make security testing easier and more productive for both novice and veteran testing engineers alike. I will not list all of them here,  but rather cover the most essential, common and interesting FREE tools. So here they are, in no particular order:

Wireshark
A comprehensive yet easy-to-use protocol analyzer (sniffer) which will allow you to view, filter and analyze all network transmissions. (http://www.wireshark.org/)

Paros Proxy
Acts as a proxy which allows the tester to intercept and modify all HTTP/S data between server and client, including cookies and form fields. (http://www.parosproxy.org/index.shtml)

Burp Suite (Man-In-The-Middle)
Integrated platform for attacking web applications which contains several interfaces for handling HTTP requests, persistence, authentication, downstream proxies, logging, alerting and extensibility. Acts as a man-in-the-middle between client and server, thus allowing the tester to intercept and modify all HTTP requests between both parties. (http://portswigger.net/suite/)

Read more…

In the second installment of our guest blogger series,  Bug Battle winner and expert tester Bernard Lelchuk examines the basics of security testing:

Although it’s a broad term, security testing can be broken down into six basic concepts:  Availability, Authentication, Authorization, Confidentiality, Integrity and Non-repudiation. I’ll define each concept briefly, however, I encourage you to research each concept for a better understanding.

• Availability: Assuring that information & communications services are available and maintained for authorized persons when needed.
• Authentication: Assuring the validity of any type of originator, transmission or message.  This also gives confidence that information is received by a known and validated source.
• Authorization: Assuring that an individual can allow/deny access to a system/service/operation (e.g. Access control).
• Confidentiality: Ensuring information is accessible only for those with authorized access and to prevent information disclosure to any party other than the intended recipients. Often ensured by encoding information using algorithms (cryptography).
• Integrity: Ensuring received information is preserved successfully with no alteration.
• Non-repudiation: Ensuring action/communication cannot later be denied (usually used by form of authentication and time stamping). Read more…

In this post, Lucía Maldonado – one of our top testers and two-time Bug Battle winner -  takes an in-depth look at user accessibility standards:

When designing a building, architects usually adhere to Universal Design Principles in order to make buildings accessible for everybody. For example, a ramp will not only benefit people with disabilities, but also women with trolleys and elderly people who may have walking difficulties.

When designing software or a website, we should consider that users may also have special needs, and therefore provide them with these resources in a digital environment. As with architecture, when web pages and software are designed to be accessible to individuals with a wide-range of disabilities, they are more usable by others too. For example, having the option to change the font type and size can benefit people with seeing impairments, mental disabilities as well as small children.

How can we handle such a broad spectrum of special needs?  We cannot find one solution for everybody, that’s for sure, but finding multiple ways of representing and showing the information can be a good start. Including accessibility standards in software products will allow everybody to gain access to the wonderful digital world.

Here are some basic tips to consider while testing based on accessibility standards: Read more…