Software Testing Phases

Contributed by Debajyoti Basu

IEEE standards are most accepted in the software testing industry. However, it is not mandatory that all software testing processes have to follow the standard. Software testing has many different phases but we cover the test planning, test specification, and test reporting phase in this article.

The test plan is the most important phase in the software testing process. It gets the process rolling and describes the scope of the testing assignment, the approach methodology, the resource requirement for testing and the project plan or time schedule. The test plan outlines the test items, system features testing, or checking out the functionality of the system, the testing tasks, responsibility matrix and the risks associated with the process.

The testing task is achieved by testing different types of test data. The steps that are followed in system testing are program testing, string testing, system testing, system documentation, and user acceptance testing. I will discuss about each of these in my next article "Software System Testing".

The test specification document helps in refining the test approach that has been planned for executing the test plan. It identifies the test cases, procedures, and the pass/fail criteria for the assignment.

The test case specification document outlines the actual values required as input parameters in the testing process and the expected outputs of the testing results. It also identifies the various constraints related to the test case. It is important to note that test cases are re-usable components and one test case can be used in various test designs. The test procedure outlines all the processes that are required to test the system and implement the test cases.

During the testing phase, all the activities that occur are documented. There are various reasons why clear documentation is required during testing. It helps the development team to understand the problems and fix them quickly. In case there is a change in the testing team, it will help the new team members to quickly understand the process and help in a quick transition. The overall summary report of the testing process helps the entire project team to understand the initial flaws in design and development and ensure that the same errors are not repeated again.

There are four types of testing documents:

• the transmittal report which specifies the testing events being transmitted from the development team to the testing team,

• the test log which is a very important document and used to document the events that happened during execution,

• the test incident report which has a list of testing events that requires further investigation

• the test summary report which summarizes the overall testing activities.

Many software testing companies follow the IEEE standard of software testing when executing their testing projects. Software application development companies may have their own testing templates which they use for their testing requirements. Outsourcing the testing requirements to a third party vendor helps in improving the quality of the software to a great extent. Also an unbiased view helps to find many different loopholes that are existent in the software system.

About the Author:

Debajyoti Basu is a management graduate from India who, along with a friend, has started a software testing and quality assurance service company. Their other line of business is SEO and SEM. At IntelligentQ, they have a vision of being a niche company focused on Software Quality Assurance, Testing, and web site marketing services. Their team consists of experienced professionals who believe in delivering quality services, first time, and every time. Working with clients across the globe, they have made an impact on the clients' businesses. Connect with IntelligentQ to feel the difference they can make to your software testing processes and Internet marketing initiatives. http://www.intelligent-q.com

For more information on Software Testing, visit http://www.qa-software-testing.com.

Loadrunner and Quicktest Pro

Loadrunner and Quicktest Pro
Highly Efficient Mercury Interactive Solutions for Load and Stress Testing

Contributed by Groshan Fabiola

Today's highly competitive business climate and very demanding markets require organizations to permanently look for ways to improve performance in order to achieve and maintain a competitive advantage. By reducing the time and costs of business process management and by substantially improving the performance of their business, organizations can accelerate their way to customer satisfaction and improve the bottom line. But before being able to improve performance, organizations need to have reliable, high-quality solutions that can help them conduct extensive tests and diagnostics of their applications, systems, tools, and processes.

Only after being provided with a complete package of data regarding the efficiency of their frequently used software products and applications, can businesses then identify problems and finally concentrate on correcting them. Fortunately, at present, there is a wide range of efficient test and performance-improvement solutions designed to help organizations rapidly increase the efficiency of their software tools and applications, thus being able to improve business performance.

Some of the most popular test solutions available today are Mercury Interactive products, renowned for their efficiency, reliability, and versatility. Mercury Interactive is a prominent name on the IT market, a name that has achieved a lot of exposure and a high reputation over the last few years. Mercury Interactive products corroborate the newest, state-of-the-art technologies with innovative solution design, thus delivering customers highly efficient services, adapted to their specific needs and requirements.

Mercury Interactive products such as LoadRunner and QuickTest Pro have rapidly become very popular among organizations of all types and sizes in search of efficient solutions for increasing the performance and quality of their own business.

Mercury Interactive LoadRunner

LoadRunner is an innovative tool which provides highly efficient load and stress testing services. By using LoadRunner, organizations can easily determine if their applications and systems can successfully meet the needs of the business, and detect application bottlenecks, in a timely fashion, which may result in slower response time or even downtime in production. Mercury Interactive LoadRunner is a powerful tool for preventing eventual performance problems in production by identifying bottlenecks before new systems or upgrades are deployed.

The product is a powerful and reliable solution for predicting system behavior and performance, and the only existing integrated solution that accounts for load testing, stress testing, diagnostics, and tuning at the same time. With the help of LoadRunner, organizations can rapidly obtain an accurate analysis of end-to-end system performance, verify if their new or upgraded applications meet the targeted performance requirements, as well as identify and eliminate performance bottlenecks during the software development lifecycle.

Mercury Interactive QuickTest Pro

QuickTest Pro is a versatile solution for functional test and regression test automation, being designed to address a wide range of software applications and environments. This highly advanced automated testing solution allows for keyword-controlled testing, dramatically simplifying test creation and maintenance. The advantages of using QuickTest Pro include:

• ability to create a variety of tests with minimal training;
• ensure proper functionality across all environments, data sets and business processes;
• possibility to document and even replicate existing system faults in order to accelerate the process of diagnosis.

Armed with remarkable testing solutions, such as Mercury Interactive LoadRunner and QuickTest Pro, organizations can rapidly and easily perform a complete process of software and application diagnosis, being able to timely detect and fix any emerging defects that may result in decreased performance and productivity. Versatile and easy-to-use, Mercury Interactive LoadRunner and QuickTest Pro are perfectly suitable for organizations that want to get the most out of their frequently used systems and applications.

If you want to find out more about QuickTest Pro or even about Business Availability Center, we recommend you clicking these links.

For more information on Software Testing, visit http://www.qa-software-testing.com.

IT Help Desk Software -- Testing Trial Versions

Contributed by Paul Jenkins

As the owner of a small online business, you may not have the requisite funds or resources to start and operate a full-fledged customer support center, but you need not worry too much because what you can still do is opt for an IT help desk software system. Such software systems are certainly your best bet because they will automate all of your existing customer support services, allowing you to provide the best possible help desk support services to your customers. The best part is that you do not have to worry about investing huge amounts because most of these software systems are available at affordable rates, well within your budget.

Once you install the software on your website, you do not have to wait long to avail of the associated benefits because positive results will start happening in just a week or two. The instant benefit that you are most likely to come across will be the drastic reduction in the number of customer generated queries and complaints that might have been clogging your mailbox till now. This benefit will, however, accrue only if you already have a well established online business. That, however, should not be a concern for start-ups because eventually their customer base will also increase with time. In effect, start-ups should also opt for the software. In today's highly competitive environment, it's always better to be prepared rather than wait for the eleventh hour to make the necessary changes to your online business.

Satisfying customer needs and expectations is quite a daunting task, but with an IT help desk software system you can certainly make things a lot easier. Since the software will automatically lead your customers to the exact answers or clarifications that they might be looking for, you will no longer be required to spend long hours replying to customer generated e-mails. Your customers will still be free to send you mail, but since most of them will get their answers automatically, it's highly unlikely that they will feel the need to send you mail until and unless they have something really important or urgent that might require your personal attention.

By installing an IT help desk software system, you can certainly achieve the desired level of customer satisfaction, but you still need to take a few precautions, obviously, because not all software systems available in the market can be deemed as worthy investments. So, if you do not want to be taken for a ride, just make sure that you do your homework before actually investing in an IT help desk software system. Reading user reviews, downloading and testing trial versions, and seeking help from family, friends, and associates are some of the things you can do to select the most cost-effective IT help desk software.

If you need a powerful solution for your support make sure you check out the Premium Response IT Help Desk Software for more info.

For more information on Software Testing, visit http://www.qa-software-testing.com.

How to Become a Software QA Expert

Contributed by Craig Kohler

Quality Assurance (or QA) jobs (even in the a single industry like IT) can be more varied in scope and focus than many people realize. The task of a QA expert is not necessarily just to ensure that a product or service being provided is of a high quality, but also to assure the customers of that fact (so it can also be considered part public-relations job).

Further, in particular fields like software engineering, QA professionals may be called upon to engage in any or all levels of the process - from testing basic code to final products, and from rearranging to dismissing members of a software development team.

Virtually any QA job will require at least an associates (if not a bachelor's) degree in at least one related field. However, depending upon what specific kind of QA expert you wish to become, the requirements and skills needed can vary greatly.

If you are going to be involved more on the customer/client side of a company, good communication and marketing skills are a must and a degree in one of these could be the key. If you are instead on the software or product development side of the equation, you may be required to have special knowledge of the particular program languages being used, thus necessitating a degree in computer science.

Regardless of the specific nature of the QA job you are pursuing, however, you will need to have good people skills and the ability to multi-task - as a QA professional is usually more a generalist (as opposed to a specialist). Often QA personnel have to mediate between people in multiple disciplines as at various levels of the corporate hierarchy. So, no matter the specific QA job in question it is essential that you become at least somewhat versed in the various roles, responsibilities, skills and abilities of those you interact with. This will allow you to translate information across a spectrum of departments and disciplines within the company you are working for.

For more information on Software Testing, visit http://www.qa-software-testing.com

Mercury Automated Testing

Contributed by Tom Millichamp

Since the millennium bug there has been an explosion in test automation. The expansion of automated tools from vendors such as Mercury Interactive, IBM Rational, Segue and others has really delivered automated testing into the heart of just about every major organisation in the western world. And this can be seen to continue with new development methodologies such as eXtreme programming which has test automation at the heart of its design.

So Why Automate?

Well, the major benefits are:

Speed

Automated tests can run much faster than the manual equivalent, so more testing can be achieved in a smaller time frame. It is not unusual to see regression suites that take two weeks manually reduced to 24 hours with test tools!

Consistency/repeatability

Automated tests can be repeated over and over and will always perform the test exactly as recorded. Manual testers can easily make mistakes or perform the same test slightly differently when repeated.

Unattended -- reduce cost

Once developed, the automated testing can be executed unattended overnight, so repeating the testing requires very little resource or cost.

Audit trail

The tests are stored as automated scripts and the test results are stored for every execution of the tests providing a full audit trail of all testing performed.

Improved Test Coverage

As the test pack develops, more & more tests can be added and as the execution time is much faster than manual testing and less resource intensive, more testing can be completed, ensuring greater coverage of the application under test.

Free up testers to perform other tasks

If the structured testing is automated, testers will hopefully have more time to perform other types of testing (accessibility, usability, ad-hoc/random testing) which commonly get pushed aside.

Some testing may only be possible with automation

For example how do you manually simulate 5000 concurrent customers performing transactions on your on-line web site?

What types of tools are available?

Functional/regression automated tools

These tools capture user interaction with the application under test and can then be replayed. However they go beyond this and allow you to data-drive tests, to capture the state of your application whilst performing business processes and provide fully-featured development environments allowing you to manipulate applications in almost any kind of way. Tools such as Mercury's WinRunner or QuickTest Professional demonstrate the pinnacle of what these kinds of tools are capable of.

Load/Performance tools

These are used to emulate multiple (concurrent) users performing tasks against your application, for example if your business has an on-line banking system -- how many users can it support? What kind of performance will it deliver under load? Where are the bottlenecks? All of these kinds of questions can be answered using automated load testing tools such as Mercury's LoadRunner.

Test Management

Tools such as Mercury's TestDirector or Quality Center offer Test Management facilities; a central repository to store test requirements, test scripts, execution results and defect tracking, integrating seamlessly with the automated tools such as WinRunner, LoadRunner and QuickTest Pro.

So what are the pitfalls to test automation?

Difficult to Learn

It is easy for these tools to become 'shelfware' as purchasers do not consider the complexity and power of some of these tools. They all share a steep learning curve, so some time and money need to be invested into getting your team up to scratch with the tools.

Necessities for good automation implementation

Technical Testers

Ensure your testers have a reasonable grasp of technology, some programming experience would be ideal.

Training, Training, Training

Good training programs are offered for these tools and are well worth the investment. The trainers usually have good project background experience and can demonstrate how the tools should be used and explain the pitfalls.

Hand-holding for the basic infrastructure

Following the training, it is well worth getting a consultant in for a few days or weeks to build the basic automated infrastructure, provide on-site training against your application and to develop templates for your team to expand the test automation out from. They can achieve in weeks what could take you months to learn.

Conclusion

Tools such as LoadRunner, WinRunner, QuickTest Pro, TestDirector, Quality Center can provide a great return on investment in the longer term, but to make them effective do invest in training and assistance at the beginning.

About the Author:

Tom Millichamp is director of Edgewords Training, a leading Mercury Training Company.

For more information on Software Testing, visit http://www.qa-software-testing.com

How To Get Video Game Testing Jobs

Contributed by Kismet

What are video game testing jobs, I hear you ask? Well, it is not for everybody. Most people would think that game tester jobs would be a very glamorous job playing all the latest games and having a lot of fun. The reality is that it can be much more involved than you first expect. For example, you have to test and re-test the same level of one game over and over again until you finally tease out and report any bugs that might be in there. If you have an eye for detail and you have a lot of patience, and, of course, a love for playing these games, then perhaps video game testing jobs might be for you.

After all, they get to play all the newest games available often months or years before the general public even gets to see them. You also get to see what is happening in the industry and get to know about all the new and latest releases that are coming up. So the area is very competitive. Many people who start video game testing jobs go on to become software developers, or other related positions. For example, Tommy Torrino, one of the composers of the sound track for the incredibly popular game "Halo", started in the industry as a video games tester! Being able to advance in this type of industry means that you need to know the right people and starting game testing jobs will definitely put you in front of all the right people!

You can get video game testing jobs for any level of experience; however, the senior positions that command a higher salary require a few years experience in the industry and/or a major in a degree with a gaming related theme. Salary for this industry can vary widely, too. If you have just got started you could perhaps expect to earn $10-$20 per hour and this can go right up to $100 per hour and more if you have all the right qualifications and experience.

Probably one of the best ways to get started to see if you would like the industry is from home. You may not get paid as highly for these jobs, but you apply for video beta game testing jobs and this will give you the opportunity to play brand new but unreleased games from the comfort of your own home. The manufacturers are looking to iron out any bugs or challenges with the game before it goes on sale to the general public.

Getting into the game testing jobs isn't easy. You will need guidance from experienced gamers who have done it before and now offer their help. For an unbiased review of the top 3 games job guides, go here.

For more information on Software Testing visit http://www.qa-software-testing.com

Making The Decision To Automate Your Software Testing

contributed by Danna Henderson

Not every software testing project can or should be automated. Before your department accepts a new test automation project, you should establish a process by which projects are reviewed and either accepted or rejected. This can be done with a simple Test Automation Acceptance Checklist.

Repeatable Test Cases with Static Data

The true cost benefit of test automation is achieved only when the same scripts are executed multiple times. The first execution is very expensive because it includes the one-time cost of the automation tools and 100% of the Test Automation engineer's time. When the scripts are executed again, the cost of test automation declines sharply. The tool has already been purchased and the scripts have already been coded. If there have been changes in the application, the scripts may require maintenance before being executed. Maintenance on minor software updates should be minimal.

Because test automation is only successful when the scripts can be executed multiple times, only application which require the same test cases to be executed with the same data are good candidates for automation. For example, a mortgage application that needs to be regression tested on a weekly basis could be a good candidate for test automation. Script maintenance is minimal and the scripts can enter a mortgage application using the same group of test data in a fraction of the time it would take a manual tester to test the same functionality.

On the other hand, a mortgage origination system, which cannot use the same test data for each iteration would not be a good automation candidate. Due to the nature of mortgage systems, data could be staged in various states of approval or rejection, based on the current data and the departments who have already processed their part of the mortgage application. If the script cannot easily figure out what data to enter in the software, it is not a good automation candidate.

Another problem with automating this type of complex system is that the test environment often contains a sampling of production data that is refreshed on a periodic basis. Sometimes this can be overcome by rebuilding the test data when the test environment is refreshed. The feasibility of rebuilding test data on a regular basis depends on the complexity of the application. You will have to make that decision on a case-by-case basis.

Application or Environmental Stability

Environmental stability is crucial to a successfully automating a software testing project. Scripts cannot be coded in a timely manner if the application environment is unavailable, experiences frequent down-times, or excessive defects and errors.

Little or No Application or Environment Downtime

It takes longer to write scripts than it does to manually test the same functionality. Most automation tools are watered down version of C or Visual Basic, which means that writing automated scripts is essentially programming and takes adequate time and specialized skills. Unlike manual test cases, which can sometimes be written based off requirements and mock-ups, automated tools require the actual application. When a test environment is unavailable, automation engineers cannot create scripts, which prolongs the project and ends up costing more.

Excessive downtime can consist of any of the following:

• Unstable Environment
• Lack of Infrastructure Support
• Frequent Application Updates
• Buggy Code
• Effects of Environment Instability on Script Development and Execution
  

When an application or environment is unstable, scripting progress is dramatically slowed or stopped altogether. In some cases, it's possible to continue scripting, but this may causes more work at a later date. For example, if you are scripting in buggy code, you may have to script around error messages and the scripts will have to be revised at a later date. Or, you may only be able to create scripts to a certain point and finish them at a later date. To help avoid and decrease environment instability, read the chapter on Service Level Agreements.

Timely Defect Fixes

Application defects do not have to be detrimental to an automated software testing project. When defects are fixed in a timely manner, scripting can continue without significant downtime. When estimating an automated testing project, it's always best to add some buffer time that will accommodate for defect reporting and revisions.

When defect fixes take an excessive amount of time to resolve and are causing the automated software testing project to be delayed, it's time to pull together a meeting. Invite all the major players and discuss the root of the problem and what everyone can to improve the situation. Maybe development is spending too much time trying to reproduce the problem and having your automation team enter better description would help them turn the defect fixes around faster. Maybe you can work together to classify defects and establish reasonable fix times for each classification. For example, a Critical defect needs to be fixed that day while a High defect needs to be fixed with in 24 hours.

Responsive Contact Person

When your team takes on a new automated testing project, you will need a contact person. This person is responsible for making sure you have the business requirements and answering questions about how the application works. This will not be his or her main job, so you will need to make sure he or she is responsive. If you cannot get adequate business requirements, test data, or questions answered, your automation project will not be successful.

About The Author

Danna Henderson has created complex, robust WinRunner scripts for many web-based applications. For more information about successful automated testing with WinRunner, visit WinRunner Consultants.

For more information on Software Testing visit http://www.qa-software-testing.com

The Cost of User Testing a Website

contributed by Jakob Nielsen

It takes 39 hours to usability test a website the first time you try. This time estimate includes planning the test, defining test tasks, recruiting test users, conducting a test with five users, analyzing the results, and writing the report. With experience, Web user tests can be completed in two work days.

In a recent project at the Technical University of Denmark, Rolf Molich and Christian Gram collected data from 50 teams of students who conducted usability tests of commercial websites as part of a user interface design class. The average time spent by each team was 39 hours. Furthermore, the students had sat through 15 hours of lectures on user test methodology. These numbers are an upper estimate of the time investment the first time you decide to user test your site.

With experience, it is possible to conduct much more rapid user tests of a site. Good test tasks can be written in one or two hours, recruiting can be outsourced to a recruiting firm (at a cost of less than $1,000 for five users), the actual test can be done in a day, and the results can be analyzed in a few hours. If you are a member of the design team, then there is no reason to write an extensive report which nobody will read, so reporting can be done in a one-hour meeting supplemented by a summary that takes 2-3 hours to write. In total, a discount usability study takes only two work days once you know what you are doing.

Even though experts can do the work more efficiently (and usually with better results), it is encouraging that utter beginners could complete a full Web usability project in less than one week. This truly proves that "limited budget" and "lack of time" are not valid excuses for inflicting difficult sites on your users.

The students tested nine large Danish sites: seven sites from major Danish corporations as well as the University's own site and the university library's site.

After rating the usability problems for severity, the study found that each site had an average of

• 11 usability catastrophes
• 20 serious usability problems
• 29 cosmetic problems

In this study, a "catastrophe" was defined as a usability problem that prevented the user from completing a task. A "serious" problem was one that slowed down users significantly but did allow them to complete their task. A "cosmetic" problem delayed users slightly or annoyed the users as indicated by their verbal comments.

I am not at all surprised that major commercial sites contain this many usability problems. In fact, Molich and Gram note that the sites probably had even more problems that were not found in the study since the students only tested a small part of each site (though presumably they focused on the most important parts).

Most of the usability problems found by the Danish students were similar to problems we have seen in studies of English-language sites over the last five years. This similarity is due to the fact that the study addressed domestic usability (Danish users accessing Danish sites) and not international usability (Danish users accessing, say, American sites). A few problems related to international usability were observed since some sites contained a combination of Danish and English content. Some sites switched language without warning when an unsuspecting user followed certain links. Multilingual search also caused problems since it was not clear to users whether an English-language search page would include the Danish pages in its search scope. Some other issues in multilingual search were discussed in my August 1996 Alertbox on international usability but it is striking how little is known about this topic.

In a study of 15 large commercial sites in the U.S., Jared Spool and colleagues found that users were only successful 42% of the time when asked to find specific information. When asked to rate "overall ease of use", people scored these sites 4.9 on a 1-7 scale (7 best); somewhat better than the neutral rating. This latter result highlights why it is not sufficient to simply ask people whether they like your site: people tend to be polite and give relatively high ratings even when the site is unusable.

These statistics form an interesting baseline for your own usability studies:

• the average site has 11 usability catastrophes (design elements that prevent users from completing test tasks)
• on average, users are only able to complete 42% of the test tasks
• users' average subjective rating of websites is 4.9 on a 1-7 scale

If you did not use any systematic usability engineering methods in the development of your site, your score will probably be along the lines in this list; often worse. Test Coverage Web usability problems fall into two categories:

• Site-level usability: home page; information architecture, navigation, and search; linking strategy; internally vs. externally focused design; overall writing style; page templates, layout, and site-wide design standards; graphical language and commonly used icons

• Page-level usability: specific issues related to the individual pages: understandability of headlines, links, and explanations; intuitiveness of forms and error messages; inclusion or exclusion of specific information; individual graphics and icons

A usability test with 5 users will typically uncover 80% of the site-level usability problems plus about half of the page-level usability problems on those pages that users happen to visit during the test. The reason for the lower coverage of page-level problems is that different users will visit different pages, so most pages will be tested by less than the 5 users it takes to find 80% of the problems in a design. A test with 2 users typically finds half of the usability problems in a design, so that is my estimate of the proportion of page-level problems found.

Of course, on a large site, most individual pages will not be visited by any of the test users. Thus, the main goal of user testing a site should be to find the site-level problems. You should obviously take note of the page-level problems so that they can be fixed on those pages that the users happened to visit. The most important outcome of finding page-level usability problems is a better understanding of the extent of page-level problems on your site. Also, the specific set of problems can serve as a starting point for developing a list of typical page-level design pitfalls that need special attention in the design of future pages.

It is possible to run specialized user tests of particularly important pages to increase coverage of their page-level usability problems. For example, it is often a good idea to test registration pages and the pages where users actually buy products or download software. It is possible to substantially increase the number of users who are able to complete their transactions.

For most other pages it is necessary to increase page-level usability through other methods like heuristic evaluation and by training content developers in principles of good Web usability. One good way of increasing the page-level staff's understanding of Web usability is to invite them to observe a few user tests. Even when other people's pages are being tested, one can still learn a lot about how users interact with Web pages from simply observing one or two tests.

http://www.useit.com/alertbox/980503.html

For more information on Software Testing visit http://www.qa-software-testing.com

Benefits of Automating Software Processes

Contributed by Marcus Tettmar

Perhaps the most obvious reason for automating software is to speed up a process and remove mundane, repetitive manual tasks. Software automation therefore saves time and resources, which equates to cost savings. Examples of this abound. But in this article I'd like to talk about some other good reasons for automating software, beyond the obvious benefits of saving time and money.

One consequence of software automation is an improved understanding of the software's interface. One of the best ways to learn to use a software product fully is to try to automate it. Testers and automation engineers have to learn the software's interface really well, possibly better than the people who wrote it. The developers may well know the algorithms better than anyone else, but it is the person automating it who knows the ins and outs, pitfalls, and quirks of the interface.

We all know how badly designed some Windows programs are. And in these days of fancy hi-res graphics and snazzy toolbar buttons, it's easy for the designers to forget about shortcut keys and keyboard navigation. The most productive way to use a PC is to forget the mouse and learn the keyboard shortcuts. You can get things done much more quickly. Yet even the most experienced Windows users don't know half the keyboard shortcuts that exist in Windows. For tips on keyboard navigation in Windows, click here.

Knowing these shortcuts makes automation so much easier and more reliable. Automating an application by sending mouse events and mouse clicks is unreliable and depends on the screen resolution never changing. Although you can use relative mouse coordinates, sooner or later something is going to change and the button you want to click is not in the place it was when the script was created.

The automation/test engineer is the one who figures out the keyboard shortcuts and finds the simplest, most reliable way of navigating an application. People who automate applications regularly have a good understanding of the different ways to move around Windows and Windows applications. Automated Software Testing can help find issues in the interface just from the process of building the automated test, even before the test script has been run. Building an automation routine for an application will help you find those missing or duplicated shortcut keys and other objects that can't be driven by the keyboard.

Automation script developers spend so much time fiddling with the software's interface that they will often become more knowledgeable than the "power-users". Testers also have the great advantage of being allowed to try unusual scenarios that developers never think about or are too busy to try. They are allowed to break things!

So it goes both ways. Find out the Windows keyboard shortcuts and the hot-keys for the application you're scripting and you can create a better script. Build an application with good keyboard support and your application can be automated more easily. If it can be automated easily it will be easy to use!

Software automation can also lead to improved documentation. Automation scripts are the ultimate way to document a process. A script that automates a process describes how to carry it out properly. Businesses need to document all their manual processes so that other people can carry out the task. By scripting the process, it is being described at the same time. As well as saving time by automating it, it is also now easy for someone else to see how the process is carried out.

Finally, an important benefit of software automation is in contingency planning. Contingency goes hand in hand with documentation. If only one person in the organisation knows how to carry out a task, there will be problems if and when that person is sick, on vacation, or leaves the company. Not all absences are planned. By documenting a process, the business is ensuring that someone else can carry it out should the usual task owner be unavailable.

Automation takes that one stage further. If the process is scripted and automated, it is easy for someone else to take on ownership of the task in the future. The task will continue to run and the script itself describes how the task works.

Therefore, software process automation not only allows businesses to save considerable time and human resource, but it can also improve documentation and contingency; aid in software development and testing; and help build better user interfaces.

About the Author:

Marcus Tettmar is founder and CEO of MJT Net Ltd, specialists in windows automation and publishers of Macro Scheduler, the leading automation tool for Microsoft Windows; and WebRecorder for Web Application Automation.

For more information on Software Testing visit http://www.qa-software-testing.com

Basics of Web Security Testing

Exposing systems to the internet increases the risk that
security weaknesses in those systems will be leveraged
to compromise the system or the underlying data. It is
therefore necessary to examine the actual business risks
this brings, understand the basic difficulties in implementing
"secure systems", and adequately test internet applications
for security, as well as functionality and load performance,
before they are exposed to the net.

Introduction

Most organizations now have some of their corporate IT
infrastructure connected to the internet. This may vary
from allowing users to surf the web and receive email,
to fully functional internet banking systems. For some
organizations, compromise or failure of these systems
would have significant business impact.

Software testing is becoming an accepted part of the
development and maintenance cycle. Internet solutions
are often required to be implemented extremely quickly.
Functional, usability and load testing are all as appropriate
for internet as conventional client-server solutions, however
the requirement to test security is more emphatic for
the internet, due to the much wider connectivity -- to the
incompetent, nosy or malicious -- the Internet brings.

The Risks

Why should an organization care about compromise of their systems?

Direct Financial Loss

If a payments system is being operated, the contracts with
the banks and the credit card organizations will specify
significant financial penalties and charges that will be
levied in cases of continuing fraud. In addition, the cost
of shipped goods for which payment will not be recovered
needs to be taken into account.

Loss of Reputation

Many hackers do it for the public recognition and therefore
will publicize the compromise of a site. Security news
sites are also very quick to learn of compromises. The
UK consumer is still nervous about transmitting payments
information across the web -- gaining a reputation as an
insecure site will affect Internet business growth.

Legal Repercussions

The Data Protection Act places a legal responsibility on
organizations to keep person-identifiable data secure. The
Data Protection Registrar may take legal action against
organizations that breach this obligation, in addition to civil
damages suits from affected individuals. Also, exposure
of commercially sensitive data acquired under contract or
privilege may lead to damages suits from affected parties.

Testing as Part of a Solution

Security testing of internet solutions provides two
fundamental services:

It allows cost-effective selection of security controls at all
stages of the project cycle, allowing proper integration
of security measures (procedural and technical) into the
final solution;

Management are given firm evidence of the level
of security provided, showing that, in the event of a
security breach, "due diligence" was exercised, which
may limit damages claims or criminal liability.

Testing a system will involve a number of separate
checks:

• All software involved should be examined for known security flaws;
• The infrastructure design should be implemented to allow secure operation;
• Site functionality should be examined to ensure that access to sensitive information and administrative functions is protected appropriately. This applies to operating system and server level functions, as well as application level;
• Only services necessary for the business process should be running on web-facing servers (the more different systems, the greater the likelihood of a serious flaw);
  
• Network traffic should be monitored to check for plain text transmission of user names and passwords (whether related to site users or to back-office functions such as databases).

If flaws are found, detailed analysis should follow, which will
attempt to identify software patches, replacement service
daemons or applications, or additional technical issues.

Summary

Since web-facing systems provide numerous opportunities
for unauthorized access to areas of a computer network,
security testing is a critical activity. This paper highlights
the need to "design in" and "test out" security from the
beginning of a project lifecycle.

Taking this approach, costs are reduced by:

• Undertaking the work as an integral part of the design, development and testing, thereby reducing the need for additional staff to undertake separate sub-projects;
• Reducing rework on security design so often highlighted by extensive penetration testing at the later stages of a project.

AppLabs has considerable experience of security testing in
web-facing systems and can increase the success of your
project through early involvement in the planning process,
and a rigorous implementation of these methods.

Source: AppLabs.com

For more information on Software Testing visit http://www.qa-software-testing.com