Regression Testing

Compatibility Testing

Usability Testing

Acceptance Testing

System Testing

Integration Testing

Unit Testing

Automation Testing

Manual Testing

Grey Box Testing

White Box Testing

Black Box Testing

Differences Between Smoke and Sanity Testing:

Differences Between Smoke and Sanity Testing:

SMOKE TESTING:
•
Smoke testing originated in the hardware testing practice of turning on a new piece of hardware for the first time and considering it a success if it does not catch fire and smoke.
•
In software industry, smoke testing is a shallow and wide approach whereby all areas of the application without getting into too deep, is tested.
•
Smoke checks the application build
•
A smoke test is scripted, either using a written set of tests or an automated test
•
A Smoke test is designed to touch every part of the application in a cursory way. It’s shallow and wide.
•
Smoke testing is conducted to ensure whether the most crucial functions of a program are working, but not bothering with finer details. (Such as build verification).
•
Smoke testing is normal health check up to a build of an application before taking it to testing in depth.

SANITY TESTING:
•
A sanity test is a narrow regression test that focuses on one or a few areas of functionality. Sanity testing is usually narrow and deep.
•
A sanity test is usually unscripted.
•
A Sanity test is used to determine a small section of the application is still working after a minor change.
•
Sanity testing is a cursory testing, it is performed whenever a cursory testing is sufficient to prove the application is functioning according to specifications. This level of testing is a subset of regression testing.
•
Sanity checks the build functionality at higher level
•
Sanity testing is to verify whether requirements are met or not, checking all features breadth-first.

Accessibility Testing

                                                       Accessibility Testing

Accessibility Testing is very new concept in the field of software testing.However from the name itself it is clear that Software accessibility will be tested.This kind of testing is quite abstract, i.e. different from traditional or conevntional approach.

Definition: Accessibility implies the degree to which a product, device, service, or environment is available to as many people as possible.

•“Ability to access“.

•Accessibility is also to focus on people with disabilities or special needs and their right of access to entities.

•Accessibility is often used to focus on people with disabilities or special needs and their right of access to entities, often through use of assistive technology.

•Accessibility Testing is an approach to measure a product's ability to be easily customized or modified for the benefit of users with disabilities.

What is the purpose of Accessibility Testing?

The purpose of accessibility testing is to pinpoint problems within web sites and products, which may otherwise prevent users with disabilities from accessing the information they are searching for.

The needs that Web accessibility aims to address include:

Visual impairments - Such as blindness, low or restricted vision, or color blindness. User with visual impairments uses assistive technology software that reads content loud. User with weak vision can also make text larger with browser setting or magnificent setting of operating system.

Motor skills - Such as the inability to use a keyboard or mouse, or to make fine movements.

Hearing impairments - Such as reduced or total loss of hearing 

Cognitive abilities - Such as reading difficulties, dyslexia or memory loss

Speech Disorder/Vocal Disability

Persons not able to speak clearly

A speech disorder interferes with the ability to produce clearly understandable speech.

There can be many different causes, such as nerve degeneration, muscle degeneration, stroke, and vocal cord injury.

Speech synthesizer was developed to over come throat vibrator which was used to produce speech.

Speech-Language PathologyPhonology

Ø    Morphology

Ø    Semantics

Ø    Pragmatics

Type of Disabilities:

•                 Speech Disorder.
•                 Vocal Disability.
•                 Hearing Impairment.
•                 Visual Impairment.
•        Physically challenged

Speech Synthesizer

                Speech synthesis is the artificial production of human speech.

                Text-to-speech (TTS) system converts normal language text into speech.

                Text-to-speech program allows people with visual impairments or reading disabilities to listen to written works on a home computer.

   Stephen Hawking is using speech synthesis to communicate.

                 

Hearing Impairment

                An individual satisfies the definition of hearing disabled when hearing loss is about 30dB for a single frequency, but they are not handicap.

                Telecommunication Device for the Deaf (TDD) became available in the form of the teletype (TTY).Telecommunications device for the deaf.

1.Telecommunications device for the deaf

2.Teleprinter

  1.Telecommunications device for the deaf

                An electronic device for text communication over a telephone for person with hearing and speech difficulties.

                Size of a typewriter or laptop computer with a QWERTY keyboard and small screen that uses LEDs or an LCD screen to display typed text electronicall

Text is transmitted live, via a telephone line, to a compatible device, i.e. one that uses a similar communication protocol

2.Teleprinter

                Communicate typed messages from point to point and point to multipoint over a variety of communication channels that range from a simple electrical connection.

They can serve mainframe computers and mini computers sending typed data to the computer with or without printed output, and printing the response from the computer

Visual Impairment

                Visual impairment can be one of the most difficult kinds of handicap.

                A wide range of technology products are available

                This includes screen magnification for monitors, mouse-over speech synthesis browsing, Braille displays, Braille printers, Braille cameras, voice operated phones and tablet

• Touch Sight Camera.
•                Refreshable Braille display.
•                 Speech synthesizer.
• Opera Voice Browsing

Touch Sight Camera

                Designed specifically for those with impaired vision, the revolutionary camera allows it's user to take 'pictures' of whatever they like.

                It immediately displays the image, not on an LCD screen, but on a raised Braille display sheet on the back of the camera.

                Three second audio clip the moment you press the shutter button, so that the user can then use the sound as a point of reference reviewing all their photos in their own time.

Refreshable Braille display

           

     Braille Terminal

       Electro-mechanical device for displaying Braille

           Especially for blind computer users who cannot read the normal computer text.

VoiceOver

           

     VoiceOver is the first screen reader to provide true plug-and-play support for braille displays.

      Supports more than one braille device at a time upto 32 braille displays connected simultaneously to the same computer

       Build in functionality in OS and pre installed.

        Makes it possible for those who are blind or have low vision to control their computer.

                More compactable than simply a text-to-speech tool.

Features of VoiceOver

                The Alex voice

Alex uses advanced Apple technologies to deliver natural intonation in English even at extraordinarily fast speaking rates. Alex is so natural he even breathes between long passages.

                International voices :Voices that speak 22 languages.

                 

                Braille 

• Supports wireless braille displays.
•       Unique feature called braille mirroring.

               Applications

VoiceOver already works with a wide range of applications.

                 

                Talking Alerts

Talking Alerts automatically speak the contents of dialogs and alerts.

                 

                Talking Calculator

Calculator that speaks each button you press and the results of the calculation.

                It has three modes: a simple calculator, a scientific calculator, and a programmer’s calculator.

                 

             Talking Clock

If you’d like the time of day spoken to you, you can instruct your Mac to speak it automatically Or you can use a voice command to have your Mac speak the time of day whenever you like.

                 

Physically challenged

                Missing arms and fingers

                This can be one of the most devastating types of handicap.

                Software's used to overcome:Speech recognition

                Dragon naturally Speaking

                Opera Voice Browsing

                Apple Accessibility

                 

Speech recognition

             

   Speech recognition (also known as automatic speech recognition, computer speech recognition, speech to text, or just STT) converts spoken words to text.

                The term "voice recognition" is sometimes used to refer to recognition systems that must be trained to a particular speaker—as is the case for most desktop recognition software.

            Recognizing the speaker can simplify the task of translating speech.

Dragon Naturally Speaking

        

        Dragon NaturallySpeaking is a speech recognition software package developed and sold by Nuance Communications for Windows Personal Computers.

                Dragon Dictate is for Mac Operating System

                 

Opera Voice Browsing

         

       Opera with voice lets you control the browser by talking to it, and generates speech from text in web pages.

       Available for the English language and the Windows platform

                 

Apple Accessibility

               

Speak able items, located in the Speech pane of System Preferences, lets you control the computer using your voice instead of the keyboard.

                Need not train Mac to use it.

                MacSpeech called dictate.

 Testing Approaches

•                 For accessibility testing to succeed, test team should plan a separate cycle for accessibility testing..
•                 Typical test cases for accessibility might look similar to the following examples.
•                 Make sure that all functions are available via keyboard only (do not use mouse).
•                 Make sure that information is visible when display setting is changed to High Contrast modes.
•                 Make sure that screen reading tools can read all the text available and every picture/Image have corresponding alternate text associated with it.
•      Make sure that product defined keyboard actions do not affect accessibility keyboard shortcuts.
•                 Development team can make sure that their product is partially accessibility compliant by code inspection and Unit testing.

•        Test team needs to certify that product is accessibility compliant during the functional testing phase. In most cases, accessibility checklist is used to certify the accessibility compliance. This checklist can have information on what should be tested, how it should be tested and status of product for different access related problems.
  
  

Smoke Testing

Smoke Testing

In simple terms Smoke test refers to a kind of general health check up of our software or system under test.It is the first test made after repairs or first assembly to provide some assurance that the system under test will not catastrophically fail. Smoke testing is conducted to ensure whether the most crucial functions of a program are working, but not bothering with finer details. (Such as build verification).

Smoke Test vs Sanity Test

Smoke testing is a preliminary to further testing, intended to reveal simple failures severe enough to reject a prospective software release. Smoke testing performed on a particular build is also known as a build verification test.

Why, Smoke Testing?

The main objective behind smoke testing is to know whether the essential functions of the applications are working or not. In case they are found to be not working, additional modifications and changes are introduced before the application can proceed to other tests.

Such modifications may need to continue until a time when all essential functions go through the smoke test. Smoke test can be an invaluable tool that helps you conserve precious time, energy and money; if any of the software features fails smoke test, then the developers need to think of additional modifications to the application.

When, Smoke Testing?

It acts as a prerequisite test before conducting any other tests. Using smoke testing at the first stage of the software development will help you reveal the errors and possible failures on the software. A big failure or breakdown will help the developers decide whether they need to discard the project or not.

Smoke tests are good for verifying proper deployment or other non-invasive changes. They are also useful for verifying a build is ready to send to test.

How,Smoke testing?

Smoke Testing is performed after software build to ascertain that the critical functionalities of the program is working fine. It is executed before any detailed functional or regression tests are executed on the software build. The purpose is to reject a badly broken application, so that the QA team does not waste time installing and testing the software application.

In Smoke testing, the test cases chosen cover the most important functionality or component of the system. It does not perform exhaustive testing, but to verify that the critical functionalities of the system are working.

For example, in a typical smoke testing, the test case would be – “Verify that the application launches successfully”, “Check that the GUI is responsive”, “Check user able to navigate from one window to other” etc. 

Types of Smoke testing

Basically there are two types of Smoke testing.

1.                         Functional Test
2.                         Unit Test

FFunctional Test

Functional tests exercise the complete program with various inputs.

Unit Test

Unit tests exercise individual functions, subroutines, or object methods.

Both functional testing tools and unit testing tools tend to be third-party products that are not part of the compiler suite. Functional tests may be a scripted series of program inputs, possibly even with an automated mechanism for controlling mouse movements. Unit tests may be separate functions within the code itself, or driver layer that links to the code without altering the code being tested.

Advantages

Smoke testing does provide lot of benefits to the software development team. First, it can expel all those software applications that lack the potential to reach the market. In this way, software engineers can easily reject those software projects that are still in their early stages of development. If they find some errors in such projects, they can either modify it or reject the whole project.

Sanity Testing

Sanity Testing

In simple terms sanity test is a kind of specialized helth check up of software or the system under test.In software development, the sanity test a form of software testing which offers quick, broad, and shallow testing determines whether it is reasonable to proceed with further testing or not.

Brief test of major functional elements of a piece of software to determine if its basically operational or not.

Why,Sanity Testing?

The main objective behind sanity testing is to know whether the new functionality bugs have been fixed or not. Sanity checks the build functionality at higher level.It is done to verify the rationality of system to proceed with more rigorous testing

When, Sanity Testing?

It may or may not be always a prerequisite to perform a sanity,depending on the project.Since it is not documented it may be skipped in various cases(totally conditional)

How, Sanity testing?

Sanity Testing is performed after bug fixes  to ascertain that a particualr component of system or software is  working fine end to end. It is executed before any detailed functional or regression tests are executed on the software build. The purpose is to reject that particular component of system before going ahead for more rigorous testing efforts.

Shakedown Testing

Shakedown Testing?

Testing levels or Test Phases constitute an important part of STLC Component
testing/Unit Testing, Component Integration testing, System Testing, System Integration testing are different testing levels. Each level has its own well defined test objectives. To successfully meet the test objectives, various test monitoring activities are employed. One major success factor which contributes to the testing success is availability of a stable & working Test Environment. There are many ways to certify the readiness or usability of a Test Environment, of which the most common is Shakedown Testing.

Why, Shakedown Testing?

Shakedown testing one of the most important entry criteria to kick off testing activities, irrespective of the test level. In many cases, it has been observed that once the test team is officially into a particular test level, numerous environment related defects are logged, some of them showstopper defects which forces the test team to suspend testing. This problem is more prevalent in the higher stages of testing, especially System Integration Testing & End-to-End testing. This

leads to wastage of effort and delayed test schedule and impacts project budget too. Valuable Test Cycle time is wasted. To avoid this situation, test teams include Shakedown testing as part of their project effort

schedule.

When Shakedown Testing?

Shakedown testing is usually performed duirng System Integration Testing & End-to-End testing.

The shakedown testing schedule depends on many project factors like complexity of the project,number of participating applications, the number and type of basic minimum functionalities to work to proceed/start with the official test level or phase and so on

How Shakedown testing ?

A selected number of test cases are identified for this purpose, which are tested for the

following objectives:

1. Validate the connectivity between all participating applications / systems in terms of data flow between different interfaces, channels, middleware & backend databases – basically the end-to-end business processes
2. Validate that the applications are pointed to the correct Test Environment. For example, if a transaction is triggered from say SIT1 environment but the backend application in SIT2 gets updated,it is an environment set up defect.
3. Validate that the correct build / configuration files are deployed.
4. Validate that all the necessary servers and queues are set up and working correctly.
5. Validate that the basic minimum functionalities are working in order to start testing. For example, if the login screen itself fails to work, further functionalities cannot be tested.
6. The term ‘basic minimum functionalities’ is specific to each project /application and should be identified accordingly

The test environment handed over by the development team to the testing team is accepted only if the above validations are successful. Else environment defects are raised with appropriate severity levels.

Penetration Testing

Penetration Testing:

A penetration test (pen-test) is a controlled process in which a trusted third party performs security verification by using methods, tools and styles that would be performed by persons with malicious intent. Since more and more companies have heavily integrated Information Technology into their businesses, there is an increased threat of attack from people intent on stealing that information.

This type of approved attempts at testing your company’s security measures is sometimes known as Ethical Hacking. It is ethical because you have given the Penetration Testing company permission to attempt to ‘hack’ your security systems.

Penetration Testing is an ethical way of assessing the potential vulnerabilities in your information security structure. The purpose of a Penetration Test is to determine these vulnerabilities so that you can better defend against all forms of attack. A pen test can be used to test an organization's security policy compliance, its employees' security awareness and the organization's ability to identify and respond to security incidents

Elements of the Pen-Test

Target - a resource which will be targeted for attack during the pen-test. The target can be a single item (server, router, safe) or a set of resources with some common denominator (server farm, network segment, offices).

Trophy - a resource that the testers are tasked with extracting or destroying. Malicious attackers usually stand to gain benefit from the attack, and if the valuable resource is identified, it can be tagged as a 'trophy' to be won by the pen-testers. Bear in mind that sometimes the trophy may not be a physical item, but a loss of functionality or service that can tarnish the reputation of the company.

Test vector - the attack channel or set of channels that the pen-testers will use during the test.

Test type - which type of test will the pen-tester perform.

                Black box - the pen-tester performs the attack with no prior knowledge of the infrastructure, defense mechanisms and communication channels of the target organization. Black box test is a simulation of an unsystematic attack by weekend or wannabe hackers (script kiddies).

                Gray box - the pen-tester performs the attack with limited knowledge of the infrastructure, defense mechanisms and communication channels of the target organization. Gray box test is a simulation of a systematic attack by well prepared outside attackers or insiders with limited access and privileges.

                White box - the pen-tester performs the attack with full knowledge of the infrastructure, defense mechanisms and communication channels of the target organization. White box test is a simulation of a systematic attack by well prepared outside attackers with insider contacts or insiders with largely unlimited access and privileges 

Phases of Penetration Testing:

Phases of Penetration Testing

Planning Phase:

The planning phase is where the scope for the assignment is defined. Management

approvals, documents and agreements like NDA (Non Disclosure Agreement), etc., are

signed. The penetration testing team prepares a definite strategy for the assignment.

Existing security policies, industry standards, best practices, etc. will be some of the inputs

towards defining the scope for the test. This phase usually consists of all the activities that

are needed to be performed prior to commencement of the actual penetration test

Discovery Phase:

The discovery phase is where the actual testing starts; it can be regarded as an information gathering phase. This phase can be further categorized as follows:

• Footprinting phase

• Scanning and Enumeration phase

• Vulnerability Analysis phase

Strategies involved in Pen-Test

Footprinting:

The process of footprinting is a completely non‐intrusive activity performed in order to get the maximum possible information available about the target organization and its systems using various means, both technical as well as non‐technical. This involves searching the internet, querying various public repositories (whois databases, domain registrars, Usenet groups, mailing lists, etc

A penetration tester must utilize this phase as much as possible and be creative enough in identifying various loopholes and try to explore every possible aspect that could lead to relevant information leakage about the target organization in the shortest time possible.

Scanning and Enumeration:

The scanning and enumeration phase will usually comprise of identifying live systems,

open / filtered ports found, services running on these ports, mapping router / firewall rules, identifying the operating system details, network path discovery, etc.

This phase involves a lot of active probing of the target systems. A penetration tester must be careful and use the tools for these activities sensibly and not overwhelm the target systems with excessive traffic.

Vulnerability Analysis:

After successfully identifying the target systems and gathering the required details from

the above phases, a penetration tester should try to find any possible vulnerabilities

existing in each target system. During this phase a penetration tester may use automated tools to scan the target systems for known vulnerabilities. These tools will usually have their own databases consisting of latest vulnerabilities and their details.

It is important for any penetration tester to be up to date with the latest security related activities. More often than not this phase solely depends on the experience of the penetration tester

Strategies involved in Pen-Test

Based on specific objectives to be achieved, the different penetration testing strategies include:

External testing strategy:

External testing refers to attacks on the organization's network perimeter using procedures performed from outside the organization's systems, that is, from the Internet or Extranet. This test may be performed with non-or full disclosure of the environment in question. The test typically begins with publicly accessible information about the client, followed by network enumeration, targeting the company's externally visible servers or devices, such as the domain name server (DNS), e-mail server, Web server or firewall.

Internal testing strategy:

Internal testing is performed from within the organization's technology environment. This test mimics an attack on the internal network by a disgruntled employee or an authorized visitor having standard access privileges. The focus is to understand what could happen if the network perimeter were successfully penetrated or what an authorized user could do to penetrate specific information resources within the organization's network. The techniques employed are similar in both types of testing although the results can vary greatly.

Blind testing strategy:

A blind testing strategy aims at simulating the actions and procedures of a real hacker. Just like a real hacking attempt, the testing team is provided with only limited or no information concerning the organization, prior to conducting the test. The penetration testing team uses publicly available information (such as corporate Web site, domain name registry, Internet discussion board, USENET and other places of information) to gather information about the target and conduct its penetration tests. Though blind testing can provide a lot of information about the organization (so called inside information) that may have been otherwise unknown -- for example, a blind penetration may uncover such issues as additional Internet access points, directly connected networks, publicly available confidential/proprietary information, etc. But it is more time consuming and expensive because of the effort required by the testing team to research the target.

Double blind testing strategy:

A double-blind test is an extension of the blind testing strategy. In this exercise, the organization's IT and security staff are not notified or informed beforehand and are "blind" to the planned testing activities. Double-blind testing is an important component of testing, as it can test the organization's security monitoring and incident identification, escalation and response procedures. As clear from the objective of this test, only a few people within the organization are made aware of the testing. Normally it's only the project manager who carefully watches the whole exercise to ensure that the testing procedures and the organization's incident response procedures can be terminated when the objectives of the test have been achieved.

Targeted testing strategy:

Targeted testing or the lights-turned-on approach as it is often referred to, involves both the organization's IT team and the penetration testing team to carry out the test. There is a clear understanding of the testing activities and information concerning the target and the network design. A targeted testing approach may be more efficient and cost-effective when the objective of the test is focused more on the technical setting, or on the design of the network, than on the organization's incident response and other operational procedures. Unlike blind testing, a targeted test can be executed in less time and effort, the only difference being that it may not provide as complete a picture of an organization's security vulnerabilities and response capabilities.

Pen-Test Types

Denial of Service (DoS) Testing:

Denial of service testing involves attempting to exploit specific weaknesses on a system by exhausting the target's resources that will cause it to stop responding to legitimate requests. This testing can be performed using automated tools or manually. The different types of DoS can be broadly classified into software exploits and flooding attacks. Decisions regarding the extent of Denial of Service testing to be incorporated into a penetration testing exercise depend on the relative importance of ongoing, continued availability of the information systems and related processing activities. 

Denial of service can take a number of formats; those that are important to test for are listed below:

1. Resource overload – these attacks intend to overload the resources (i.e. memory) of a target so that it no longer responds.
2. Flood attacks – this involves sending a large amount of network requests with the intention of overloading the target. This can be performed via:ICMP (Internet Control Message Protocol), known as "smurf" attacks UDP (User Datagram Protocol), known as "fraggle" attacks.
3. Half open SYN attack - this involves partially opening numerous TCP connections on the target, so that legitimate connections could not be started.

Out of Bound Attacks:

These attempt to crash targets by breaking IP header standards:

Oversized packets (ping of death) – the packet header indicates that there is more data in the packet than there actually is.

•

Fragmentation (teardrop attack) – sends overlapping fragmented packets (pieces of packets) which are under length.

•

IP source address spoofing (land attack) – causes a computer to create a TCP connection to itself.

•

Malformed UDP packet header (UDP bomb) – UDP headers indicate an incorrect length.