static testing: we know it works, so why don’t we use it?
TRANSCRIPT
W14
Test Techniques
5/6/2015 3:00:00 PM
Static Testing: We Know It
Works, So Why Don’t We Use It?
Presented by:
Meenakshi Muthukumaran
Tata Consultancy Services
Brought to you by:
340 Corporate Way, Suite 300, Orange Park, FL 32073 888-268-8770 ∙ 904-278-0524 ∙ [email protected] ∙ www.sqe.com
Meenakshi Muthukumaran
Tata Consultancy Services
Meenakshi Muthukumaran is a test automation strategist and consultant with Assurance
Services Unit of Tata Consultancy Services. Meena advises customers on product selection,
deployment, and effective use of static testing tools, and leads the professional research team
that evaluates and grades different static testing tools. She started her career as a software
developer and worked in the United States for several years in technology and management
roles. With more than ten years of experience in the IT industry, Meena works with customers
across geographies and industries to build high-quality software by addressing their challenges
related to code quality and post-production defects.
1Copyright © 2014 Tata Consultancy Services Limited
Static Testing: We Know It Works, Why
Don’t We Use It?
May 2015
2
With You Today…
Meena has 10+ years of overall experience in IT
industry and has been with TCS for past 4 years.
She is a Masters in IT and after engineering, she
started her career as a software developer.
Thereafter she has worked in multiple domains
spanning both technology as well as management
Meenakshi Muthukumaran
SQG Consultant, Assurance Services,
Tata Consultancy Services (TCS)
Meena has worked with multiple Fortune 500 customers across geographies and
industries in addressing their business objective by certifying and assuring high-
quality software
3
Agenda
Business
Drivers
The
Quality
Assurance
LensWhy
Static Testing ?
Putting
Static Testing
to work
Static Testing:
Delivered
results
4
Businesses today need to address…
Complexity
Digital
customers
New age
competitionSecurity
concerns
First time
right
5
Else will lead to…
Delays in time
to market
Increased
ops cost
Reduced
revenues
Dissatisfied
customer
6
Incomprehensive QA can erode your business…
SEC fines more than $40 million
compensations claims.
Reputational damage
Stocks declined 72% in 6 months
More than 500 death months
Lost $440 million in 30 minutes;
Loss of 75% in stock value in 2
business days
7
Having a holistic perspective…
WHAT YOU KNOW
WHAT SOME
MIGHT KNOW
WHAT YOU REALLY
SHOULD KNOW
T E
S T
RE
VIE
W
Correctness
Efficiency
Reliability
Maintenance Cost
Program
Structure
Coding
Practices
Coupling
Complexity
Readability
Flexibility
Reusability
Maintainability
Testability
10
Static Analysis: Effective way of Static Testing
Code baseStatic code
analyzerDefects/Violation
Automating
Code Inspections
Analyzing the code without executing
Making effective
• Tracks suggestions
• Allows follow-up tasks
• Aids comparing before/after changes
• Integrates source code repositories
11
Although research shows Static analysis is effective…
Static Analysis has comparatively higher defect removal efficiency
Source: Caper Jones: SOFTWARE QUALITY IN 2013: A SURVEY OF THE STATE OF THE ART
15
With a 7 Point Strategy for Tool Selection…
Deployment Strategy
Technology Coverage
Supporting Environment
Product Update
Triage & Remediation Support
Reporting Capabilities
Enterprise Level Support
16
Will Deliver Certainty
Early defect detection
Faster time to Market
Reduction in TCO
Progressive improvement in Quality
17
Success story: Leading Oilfield Services Company
Challenges
• Performance: Slow response rates. Irritated users
• Stability: Systems hang during key transactions
• Increased # of problem tickets/ issues to be resolved
Solution
• Analysis of the base code
• Identification of exact elements causing issues
• In-depth analysis of the code post fixing issues
Results
• Improvement in overall application health with respect to Performance, Robustness and Security
• Actual performance of the application improved by up to 50% on some transactions.
Maintainability 3%
Reliability 10%
Efficiency 13%
Security 22%
18
Success story: Leading Oilfield Services Company
0
0.5
1
1.5
2
2.5
3
3.5
Maintainability Reliability Efficiency Security
3.092.91
2.822.71
3.19 3.21 3.2 3.31
Quality Evolution
Before After
Maintainability 3%
Reliability 10%
Efficiency 13%
Security 22%
19
Some useful directions and …
Inefficient error
handling
expensive
loops performance problems
Select *
null pointer
dereferences
database
connection
leaks
SQL
injection
Cross-site
Scripting
Hardcoded
Credentials
Insecure File
Upload
Insufficient
Session Expiration
Poor
Memory/
Network
Mgmt
Improper SQL and
Data Handling
Dynamic
Instantiation
20
And Best practices from the engagement
Create
Awareness
Measure
QualityEmbed in
lifecycle
Integrate with
existing tools
Mandate it
Improve &
Control
21
Prevention is better than cure
Quality cannot be monitored or tracked unless
measured
Quality should not be a practice – rather be the WAY
of life.
A quick recap
Thank You
IT Services
Business Solutions
Consulting
Please visit us at Booth# 17
or write to us at: [email protected]