Key Points. Quality Assurance and Testing. Defect Process. Developer Practice



Similar documents
Quality Assurance: Early Work Items

FSW QA Testing Levels Definitions

Co-Presented by Mr. Bill Rinko-Gay and Dr. Constantin Stanca 9/28/2011

Introduction to Automated Testing

Getting Things Done: Practical Web/e-Commerce Application Stress Testing

Lecture 17: Testing Strategies" Developer Testing"

a new generation software test automation framework - CIVIM

Security Testing & Load Testing for Online Document Management system

CSE331: Introduction to Networks and Security. Lecture 32 Fall 2004

Fundamentals of Measurements

Software Testing. Knowledge Base. Rajat Kumar Bal. Introduction

Outline: Operating Systems

Client Overview. Engagement Situation. Key Requirements

Aspire's Approach to Test Automation

05.0 Application Development

TEST METRICS AND KPI S

Managing and Maintaining Windows Server 2008 Servers (6430) Course length: 5 days

Software Testing Lifecycle

M6430a Planning and Administering Windows Server 2008 Servers

Kentico CMS security facts

CSE331: Introduction to Networks and Security. Lecture 1 Fall 2004

Panorama NovaView. Load Balancing Installation Guide

Web Browsing Examples. How Web Browsing and HTTP Works

MCSE: server infrastructure Syllabus

Penetration Testing Service. By Comsec Information Security Consulting

Coverity White Paper. Effective Management of Static Analysis Vulnerabilities and Defects

ASSURING SOFTWARE QUALITY USING VISUAL STUDIO 2010

Planning and Administering Windows Server 2008 Servers

White Paper Monitoring Active Directory Using System Center Operations Manager 2007 R2

Levels of Software Testing. Functional Testing

Presentation: 1.1 Introduction to Software Testing

What is a life cycle model?

The Quality Assurance Centre of Excellence

Chapter 11: Integration- and System Testing

Attack Vector Detail Report Atlassian

Building Security into the Software Life Cycle

Applying Operational Profiles to Demonstrate Production Readiness Of an Oracle to SQL Server Database Port using Web Services.

Business Application Services Testing

PREPARED BY: AUDIT PROGRAM Author: Lance M. Turcato. APPROVED BY: Logical Security Operating Systems - Generic. Audit Date:

Basic Unix/Linux 1. Software Testing Interview Prep

Fuzzing in Microsoft and FuzzGuru framework

New Security Options in DB2 for z/os Release 9 and 10

Implementing HIPAA Compliance with ScriptLogic

DISTRIBUTED SYSTEMS [COMP9243] Lecture 9a: Cloud Computing WHAT IS CLOUD COMPUTING? 2

The Dangers of Use Cases Employed as Test Cases

Software Engineering I: Software Technology WS 2008/09. Integration Testing and System Testing

WINDOWS 2000 Training Division, NIC

NWEN405: Security Engineering

Quality Assurance Plan

Application Security Policy

Project Planning. COSC345 Lecture 3 Slides: Andrew Trotman Dramatic presentation: Richard O Keefe. Software Engineering 2013

POACHER TURNED GATEKEEPER: LESSONS LEARNED FROM EIGHT YEARS OF BREAKING HYPERVISORS. Rafal Wojtczuk

Software Process. Oliver Keeble SA3 EGEE-II final EU Review CERN EGEE and glite are registered trademarks

Industrial Network Security for SCADA, Automation, Process Control and PLC Systems. Contents. 1 An Introduction to Industrial Network Security 1

Test Data Management Best Practice

THE THREE ASPECTS OF SOFTWARE QUALITY: FUNCTIONAL, STRUCTURAL, AND PROCESS

Sample Exam Foundation Level Syllabus. Mobile Tester

Payment Card Industry (PCI) Data Security Standard

Exchange Mailbox Protection Whitepaper

Chap 1. Software Quality Management

Tonight s Speaker. Life of a Tester at Microsoft Urvashi Tyagi Software Test Manager, Microsoft

Software testing. Objectives

Virtualization System Security

A Brief Overview of Software Testing Techniques and Metrics

Best Practices, Process

WebArrow: System Overview and Architecture Namzak Labs White Paper,

Secure Messaging Server Console... 2

A Sumo Logic White Paper. Harnessing Continuous Intelligence to Enable the Modern DevOps Team

Taking the First Steps in. Web Load Testing. Telerik

Creating a New Domain Tree in the Forest

AdvOSS Value Proposition to Partners

CDC UNIFIED PROCESS JOB AID

Adjusting Prevention Policy Options Based on Prevention Events. Version 1.0 July 2006

Software Engineering Compiled By: Roshani Ghimire Page 1

Integrating Automated Tools Into a Secure Software Development Process

OSPF Version 2 (RFC 2328) Describes Autonomous Systems (AS) topology. Propagated by flooding: Link State Advertisements (LSAs).

Network and Host-based Vulnerability Assessment

Course Syllabus. Planning and Administering Windows Server 2008 Servers. Key Data. Audience. At Course Completion. Prerequisites. Recommended Courses

LOCKSS on LINUX. CentOS6 Installation Manual 08/22/2013

Test Management and Techniques

DocAve 4.1 SharePoint Disaster Recovery High Availability (SPDR HA) User Guide

How to Backup XenServer VM with VirtualIQ

Release Notes for Epilog for Windows Release Notes for Epilog for Windows v1.7/v1.8

Use service virtualization to remove testing bottlenecks

Microsoft Services Premier Support. Security Services Catalogue

FILE ARCHIVING FROM NETAPP TO EMC DATA DOMAIN WITH EMC FILE MANAGEMENT APPLIANCE

FILE ARCHIVING FROM EMC CELERRA TO DATA DOMAIN WITH EMC FILE MANAGEMENT APPLIANCE

Company & Solution Profile

Release Notes for SIP Enablement Services Release Service Pack 2

Smarter Balanced Assessment Consortium. Recommendation

SECTION 4 TESTING & QUALITY CONTROL

State of Oregon. State of Oregon 1

CA and SSL Certificates

Common Testing Problems: Pitfalls to Prevent and Mitigate

Getting Started with the iscan Online Data Breach Risk Intelligence Platform

Setting up Active Directory Domain Services

Software Engineering Introduction & Background. Complaints. General Problems. Department of Computer Science Kent State University

Contents Introduction... 3 Introduction to Active Directory Services... 4 Installing and Configuring Active Directory Services...

Security Testing. Vulnerability Assessment vs Penetration Testing. Gabriel Mihai Tanase, Director KPMG Romania. 29 October 2014

CSTE Mock Test - Part III Questions Along with Answers

Transcription:

Key Points Quality Assurance and Testing CSE 403 Lecture 22 Many different characteristics of quality Importance of having independent quality assurance from development The deliverable of QA is information Write it down QA is not free Slides derived from a talk by Ian King QA Good Practices Build Process Source control Undo the oops Centralized build Be sure everyone is testing the same bits Avoid platform dependencies How often are new builds generated? Periodic Event-Driven Configuration management Developer Practice Buddy builds Code review Code analysis tools Unit testing Defect Process Why are defects tracked? How are defects tracked? What is the lifecycle of a bug? How are defects prioritized? Controlled check-ins/triage process Defect analysis: Defect source analysis Root cause analysis 1

Measuring quality Is it possible to quantify software quality? Costs of quality assurance Programmer Productivity 8-20 LOC / day Building QA into the schedule Elements of Test Strategy Quality Assurance: Test Development & Execution Developing Test Strategy Test specification Test plan Test harness/architecture Test case generation Test schedule Slides derived from a talk by Ian King Where is your focus? Schedule and budget Requirements feed into test design What factors are important to the customer? Reliability vs. security Reliability vs. performance Features vs. reliability Cost vs.? What are the customer s expectations? How will the customer use the software? 2

Test Specifications What questions do I want to answer about this code? Think of this as experiment design In what dimensions will I ask these questions? Functionality Security Reliability Performance Scalability Manageability Test specification: example Should return valid, unique handle for initial open for appropriate resource subsequent calls for shareable resource for files, should create file if it doesn t exist Should return NULL handle and set error indicator if resource is nonexistent device inappropriate for open action in use and not shareable unavailable because of error condition (e.g. no disk space) Must recognize valid forms of resource name Filename, device,? Test Plans How will I ask my questions? Think of this as the Methods section Understand domain and range Establish equivalence classes Address domain classes Invalid cases Boundary conditions Error conditions Fault tolerance/stress/performance Test plan: goals Enables development of tests Proof of testability if you can t design it, you can t do it Review: what did you miss? Test plan: example execute for each resource supporting open action opening existing device opening existing file opening (creating) nonexistent file execute for each such resource that supports sharing multiple method calls in separate threads/processes multiple method calls in single thread/process Invalid cases nonexistent device file path does not exist in use and not shareable Error cases insufficient disk space invalid form of name permissions violation Boundary cases e.g. execute to/past system limit on open device handles device name at/past name length limit (MAXPATH) Fault tolerance execute on failed/corrupted filesystem execute on failed but present device Performance testing Test for performance behavior Does it meet requirements? Customer requirements Definitional requirements (e.g. Ethernet) Test for resource utilization Understand resource requirements Test performance early Avoid costly redesign to meet performance requirements 3

Security Testing Is data/access safe from those who should not have it? Is data/access available to those who should have it? How is privilege granted/revoked? Is the system safe from unauthorized control? Example: denial of service Collateral data that compromises security Example: network topology Stress testing Working stress: sustained operation at or near maximum capability Goal: resource leak detection Breaking stress: operation beyond expected maximum capability Goal: understand failure scenario(s) Failing safe vs. unrecoverable failure or data loss Globalization Localization UI in the customer s language German overruns the buffers Japanese tests extended character sets Globalization Data in the customer s language Non-US values ($ vs. Euro, ips vs. cgs) Mars Global Surveyor: mixed metric and SAE Test Cases Actual how to for individual tests Expected results One level deeper than the Test Plan Automated or manual? Environmental/platform variables Test case: example English open existing disk file with arbitrary name and full path, file permissions allowing access create directory c:\foo copy file bar to directory c:\foo from test server; permissions are Everyone: full access execute CreateFile( c:foo\bar, etc.) expected: non-null handle returned Test Harness/Architecture Test automation is nearly always worth the time and expense How to automate? Commercial harnesses Roll-your-own Record/replay tools Scripted harness Logging/Evaluation 4

Test Schedule Phases of testing Unit testing (may be done by developers) Component testing Integration testing System testing Dependencies when are features ready? Use of stubs and harnesses When are tests ready? Automation requires lead time The long pole how long does a test pass take? Where The Wild Things Are: Challenges and Pitfalls Everyone knows hallway design We won t know until we get there I don t have time to write docs Feature creep/design bugs Dependency on external groups 5

2024 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information