net application testing by sam nasr august 24, 2004
TRANSCRIPT
.Net Application .Net Application TestingTesting
ByBy
Sam NasrSam NasrAugust 24, 2004August 24, 2004
Types Of TestingTypes Of Testing
Functionality TestingFunctionality Testing1. Unit1. Unit2. System Integration 2. System Integration 3. Regression3. Regression4. Performance4. Performance5. Customer Acceptance 5. Customer Acceptance
Security TestingSecurity Testing
Why Test?Why Test?
credibility, credibility, credibilitycredibility, credibility, credibility
For every 1,000 lines of code, 8 For every 1,000 lines of code, 8 bugs go undetected.bugs go undetected.
Improve customer relations.Improve customer relations.
Why Test?Why Test?
PhasePhase Cost of Error Cost of Error RemovalRemoval
DefinitionDefinition $1$1
High Level DesignHigh Level Design $2$2
Low Level DesignLow Level Design $5$5
CodeCode $10$10
Unit TestUnit Test $15$15
Integration TestIntegration Test $22$22
System TestSystem Test $50$50
Post-DeliveryPost-Delivery $100+$100+
Black Box TestingBlack Box Testing
The concept of testing where the The concept of testing where the tester knows nothing about the tester knows nothing about the process being tested.process being tested.
Unit TestingUnit Testing
Performed by the developer, prior Performed by the developer, prior to delivering code to testers.to delivering code to testers.
Using unit test cases targeting Using unit test cases targeting the new code.the new code.
System IntegrationSystem IntegrationTestingTesting
Used to determine how well code Used to determine how well code interfaces with other code in a interfaces with other code in a given system.given system.
Performed by testers, after unit Performed by testers, after unit testing.testing.
Regression TestingRegression Testing
Ensuring new code didn’t break Ensuring new code didn’t break existing functionality.existing functionality.
Performed by testers, after unit Performed by testers, after unit testing.testing.
Performance TestingPerformance Testing
Testing for adequate reponse time Testing for adequate reponse time under heavy traffic.under heavy traffic.
All system limitations must be All system limitations must be defined.defined.
Performed by testers, after unit Performed by testers, after unit testing.testing.
Customer Acceptance Customer Acceptance TestingTesting
Performed as a formal turnover to Performed as a formal turnover to a customer.a customer.
Can also be considered as post-Can also be considered as post-implementation testing.implementation testing.
Security TestingSecurity Testing
Ensuring data cannot be maliciously manipulated.Ensuring data cannot be maliciously manipulated.
Ensuring user cannot bypass critical sections of the Ensuring user cannot bypass critical sections of the application.application.
Test for parameter checking with browser JAVA Test for parameter checking with browser JAVA Script enabled Script enabled ANDAND disabled. disabled.
Test for safeguards against hacker attacks (i.e. SQL Test for safeguards against hacker attacks (i.e. SQL Injection, XSS, One-Click, etc.)Injection, XSS, One-Click, etc.)
Utilize services such as Utilize services such as HackerSafe.comHackerSafe.com
Creating Test PlansCreating Test Plans
Use Functional Requirements as a guide.Use Functional Requirements as a guide.
Test for all types of data: numeric, alpha, and Test for all types of data: numeric, alpha, and alpha-numericalpha-numeric
Test for all ranges: 0-9, negative, decimals, Test for all ranges: 0-9, negative, decimals, etc.etc.
If using date/time stamp, test for If using date/time stamp, test for mid-night/time-zone cross over.mid-night/time-zone cross over.
Take nothing for granted!Take nothing for granted!
Testing EnvironmentTesting Environment
Testing Environment should be identical to Testing Environment should be identical to the production environment in the production environment in everyevery way. way.
– Hardware (memory, CPU(s), etc.); CPUs are Hardware (memory, CPU(s), etc.); CPUs are especially important when testing a threaded especially important when testing a threaded process.process.
– Software (OS, SPs, drivers, IE/IIS versions).Software (OS, SPs, drivers, IE/IIS versions).
– Application (copy of production DB, data files, Application (copy of production DB, data files, etc.)etc.)
Testing TipsTesting Tips
Define Testing turnover procedures Define Testing turnover procedures (turnover schedule, file structure, (turnover schedule, file structure, registry layout, etc.)registry layout, etc.)
Define parties responsibe for Define parties responsibe for approving different types of testing.approving different types of testing.
Test for memory cleanup when Test for memory cleanup when process is completed or aborted.process is completed or aborted.
Testing TipsTesting Tips
Always test processes after implemented in Always test processes after implemented in production to ensure all files and settings are production to ensure all files and settings are implemented correctly.implemented correctly.
Create dummy data that will test the process Create dummy data that will test the process end-end, but not interfere with production end-end, but not interfere with production data.data.
Identify invalid part numbers, invoice Identify invalid part numbers, invoice numbers, etc and use them for testing.numbers, etc and use them for testing.
Testing TipsTesting Tips
Are error messages meaningful to a Are error messages meaningful to a developer and non-developer?developer and non-developer?
Are log files meaningful to a developer Are log files meaningful to a developer and non-developer?and non-developer?
Test for broken network connections, Test for broken network connections, DB disconnects, and File Not Found DB disconnects, and File Not Found conditionsconditions
Automated Test ToolsAutomated Test Tools
Mercury (Mercury (http://www.mercury.comhttp://www.mercury.com))
Empirix (Empirix (http://www.empirix.comhttp://www.empirix.com) )
Segue Software (Segue Software (http://www.segue.comhttp://www.segue.com))
Automated Test ToolsAutomated Test Tools
N-UnitN-Unit
Microsoft Application Center Test (ACT)Microsoft Application Center Test (ACT)
Custom Made Testing ToolsCustom Made Testing Tools
More Info…More Info…
Effective Software Testing Effective Software Testing
by Elfriede Dustinby Elfriede Dustin
How to Break SoftwareHow to Break Software
by James Whittakerby James Whittaker
Northern Ohio Software Quality Northern Ohio Software Quality Assusrance Association Assusrance Association (www.nosqaa.org)(www.nosqaa.org)