Manual Testing

Foundation Level Manual Testing Concepts

Version 2012

ASAP D.D. (P) Ltd

ASAP D.D. (P) Ltd

Page 1

Manual Testing
LICENSING AND COPYRIGHT INFORMATION

Manual Testing user Guide, Published By ASAP D.D. (P) Ltd Flat No: 302, 4th floor, Siripuram Towers, Visakhapatnam 530003 India Phone: 0891-2795845 E-mail: hr@asapdd.com Web: www.asapdd.com.in

Copyright 2010 ASAP D.D. (P) Ltd, All rights reserved. This guide is confidential and proprietary to ASAP D.D. (P) Ltd. No part of this document may be photocopied, reproduced, stored in a retrieval system, or transmitted, in any form or by any means whether, electronic, mechanical, or otherwise without the prior written permission of ASAP D.D. (P) Ltd. The information provided in this document is intended as a guide only. Information in this document is subject to change without notice. ASAP D.D. (P) Ltd reserves the right to change or improve its products and to make changes in the content without obligation to notify any person or organization of such changes or improvements. Document Title: Manual Testing Guide

If you have any comments or suggestions regarding this document, please send them via e-mail to hr@asapdd.com

ASAP D.D. (P) Ltd

Page 2

Manual Testing

Document Control
Version 1.0 Date 01/10/2012 Author Raja Rao Kaduri Description Manual Testing Basic Concepts

ASAP D.D. (P) Ltd

Page 3

Manual Testing
Table of Contents Acknowledgement 7 Purpose of this Document 8 Level of Detail 8 1. Fundamentals of Testing 9 1.1. What is Testing? 9 1.2. Why is Testing Necessary? 10 1.2.1. Software Systems Context 10 1.2.2. Causes of Software Defects 10 1.2.3. Role of Testing in Software Development, Maintenance and Operations 10 1.2.4. Testing and Quality 11 1.2.5. How Much Testing is Enough? 11 1.3. Seven Testing Principles 11 1.4. Fundamental Test Process 12 1.4.1. Test Planning and Control 12 1.4.2. Test Analysis and Design 13 1.4.3. Test Implementation and Execution 13 1.4.4. Evaluating Exit Criteria and Report 14 1.4.5. Test Closure Activities 14 1.5. Psychology of Testing 14 2. Testing Throughout the Software Life Cycle 16 2.1. Software Development Models 16 2.1.1. Sequential (Waterfall and V Models) 16 2.1.2. Iterative Model 18 2.1.3. Evolutionary (Proto typing, Concurrent Dev, Spiral Model) 19 2.1.4. Agile Model 22 2.1.5. Testing Within a Life Cycle Model 23 2.2. Test Levels 23 2.2.1. Component Testing 24 2.2.2. Integration Testing 24 2.2.3. System Testing 25 2.2.4. Acceptance Testing 26 2.3. Test Types 28 2.3.1. Testing of Function (Functional Testing) 28 2.3.2. Testing of Non-functional Software Characteristics (Non-functional Testing) 28 2.3.3. Testing of Software Structure/Architecture (Structural Testing) 29 2.3.4. Testing Related to Changes: Re-testing and Regression Testing 29 2.4. Maintenance Testing 29 3. Static Techniques 31 3.1. Static Techniques and Test Process 31 3.2. Review Process 31 3.2.1. Activities of formal Review 32 3.2.2. Roles and Responsibilities 32 3.2.3. Types of Reviews 33 3.2.4. Success Factors for Reviews 34 3.3. Static Analysis by Tools 35

ASAP D.D. (P) Ltd

Page 4

Manual Testing
4. Test Design Techniques 4.1. The Test Development Process 4.2. Categories of Test Design Techniques 4.3. Specification based or Black-box Techniques 4.3.1. Equivalence Partitioning 4.3.2. Boundary Value Analysis 4.3.3. Decision Table Testing 4.3.4. State Transition Testing 4.3.5. Use Case Testing 4.4. Structure based or White-box Techniques 4.4.1. Statement Testing and Coverage 4.4.2. Decision Testing and Coverage 4.4.3. Other Structure-based Techniques 4.5. Experience based Techniques 4.6. Choosing Test Techniques Test Management 5.1. Test Organization 5.1.1. Test Organization and Independence 5.1.2. Tasks of the Test Leader and Testers 5.2. Test Planning and Estimation 5.2.1. Test Planning 5.2.2. Test Planning Activities 5.2.3. Entry Criteria 5.2.4. Exit Criteria 5.2.5. Test Estimation 5.2.6. Test Strategy, Test Approach 5.3. Test Progress Monitoring and Control 5.3.1. Test Progress Monitoring 5.3.2. Test Reporting 5.3.3. Test Control 5.4. Configuration Management 5.5. Risk and Testing 5.5.1. Project Risks 5.5.2. Product Risks 5.6. Incident Management Tool Support for Testing 6.1. Types of Test Tools 6.1.1. Understanding the Meaning and Purpose of Tool Support for Testing 6.1.2. Test Tool Classification 6.1.3. Tool Support for Management of Testing and Tests 6.1.4. Tool Support for Static Testing 6.1.5. Tool Support for Test Specification 6.1.6. Tool Support for Test Execution and Logging 6.1.7. Tool Support for Performance and Monitoring 6.1.8. Tool Support for Specific Testing Needs 36 36 37 38 38 38 38 39 40 40 40 41 42 42 43 44 44 44 44 46 46 46 46 47 47 47 48 48 48 49 49 50 50 50 51 53 53 53 53 54 54 55 55 56 56

5.

6.

ASAP D.D. (P) Ltd

Page 5

Manual Testing
6.2. Effective use of Tools: Potential Benefits and Risks 6.2.1. Potential Benefits and Risks of Tool Support for Testing (for all tools) 6.2.2. Special Considerations for Some Types of Tools 6.3. Introducing a Tool into an Organization 56 56 57 58

ASAP D.D. (P) Ltd

Page 6

Manual Testing
Acknowledgment
Many thanks to the contributors to this document: the Test Manager, the Process Manager, and other staff.

Portions of this manual were adapted from the following sources: ISTQB 2010 Foundation Level Manual CSTE Foundation Level Manual

ASAP D.D. (P) Ltd

Page 7

Manual Testing
Purpose of this Document
The Foundation Level qualification is aimed at anyone involved in software testing. This includes people in roles such as testers, test analysts, test engineers, test consultants, test managers, user acceptance testers and software developers. This Foundation Level qualification is also appropriate for anyone who wants a basic understanding of software testing, such as project managers, quality managers, software development managers, business analysts, IT directors and management consultants.

Level of Detail
The level of detail in this syllabus allows internationally consistent teaching and examination. In order to achieve this goal, the syllabus consists of: General instructional objectives describing the intention of the Foundation Level A list of information to teach, including a description, and references to additional sources if required Learning objectives for each knowledge area, describing the cognitive learning outcome and mindset to be achieved A list of terms that students must be able to recall and understand A description of the key concepts to teach, including sources such as accepted literature or standards The syllabus content is not a description of the entire knowledge area of software testing; it reflects the level of detail to be covered in Foundation Level training courses.

ASAP D.D. (P) Ltd

Page 8

Manual Testing
1. Fundamentals of Testing
1.1 What is Testing?
A common perception of testing is that it only consists of running tests, i.e. executing the software. This is part of testing, but not all of the testing activities. Test activities exist before and after test execution. These activities include planning and control, choosing test conditions, designing and executing test cases, checking results, evaluating exit criteria, reporting on the testing process and system under test, and finalizing or completing closure activities after a test phase has been completed. Testing also includes reviewing documents (including source code) and conducting static analysis. Testing software may be defined as operating the software under controlled conditions, 1. 2. 3. verify that it behaves as specified to detect errors, and to validate that what has been specified is what the user actually wanted.

Verification ensures the product is designed to deliver all functionality to the customer; it typically involves reviews and meetings to evaluate documents, plans, code, requirements and specifications; this can be done with checklists, issues lists, walkthroughs and inspection meetings. You CAN learn to do verification, with little or no outside help. Validation ensures that functionality, as defined in requirements, is the intended behaviour of the product; validation typically involves actual testing and takes place after verifications are completed. Error Detection: Testing should intentionally attempt to make things go wrong to determine if things happen when they shouldnt or things dont happen when they should. Both dynamic testing and static testing can be used as a means for achieving similar objectives, and will provide information that can be used to improve both the system being tested and the development and testing processes. Testing can have the following objectives: Finding defects Gaining confidence about the level of quality Providing information for decision-making Preventing defects The thought process and activities involved in designing tests early in the life cycle can help to prevent defects from being introduced into code e.g. Verifying test basis via test design, Requirements.

ASAP D.D. (P) Ltd

Page 9

Manual Testing
Different viewpoints in testing take different objectives into account. In development testing, the main objective may be to cause as many failures In acceptance testing, the main objective may be to confirm that the system works as expected, to gain confidence that it has met the requirements In some cases the main objective of testing may be to assess the quality of the software (with no intention of fixing defects), to give information to stakeholders of the risk of releasing the system at a given time Maintenance testing often includes testing that no new defects have been introduced during development of the changes Operational testing, the main objective may be to assess system characteristics such as reliability or availability

1.2 Why is Testing Necessary?

1.2.1 Software Systems Context Software systems are an integral part of life, from business applications (e.g. banking) to consumer products (e.g. cars). Most people have had an experience with software that did not work as expected. Software that does not work correctly can lead to many problems, including loss of money, time or business reputation, and could even cause injury or death. 1.2.2 Causes of Software Defects A human being can make an error (mistake), which produces a defect (fault, bug) in the program code, or in a document. If a defect in code is executed, the system may fail to do what it should do (or do something it shouldnt), causing a failure. Defects in software, systems or documents may result in failures, but not all defects do so. Defects occur because human beings are fallible and because there is time pressure, complex code, complexity of infrastructure, changing technologies, and/or many system interactions. Failures can be caused by environmental conditions as well. For example, radiation, magnetism, electronic fields, and pollution can cause faults in firmware or influence the execution of software by changing the hardware conditions. 1.2.3 Role of Testing in Software Development, Maintenance and Operations Rigorous testing of systems and documentation can help to reduce the risk of problems occurring during operation and contribute to the quality of the software system, if the defects found are corrected before the system is released for operational use. Software testing may also be required to meet contractual or legal requirements, or industry-specific standards.

ASAP D.D. (P) Ltd

Page 10

Manual Testing
1.2.4 Testing and Quality With the help of testing, it is possible to measure the quality of software in terms of defects found, for both functional and non-functional software requirements and characteristics (e.g., reliability, usability, efficiency, maintainability and portability). Testing can give confidence in the quality of the software if it finds few or no defects. A properly designed test that passes reduces the overall level of risk in a system. When testing does find defects, the quality of the software system increases when those defects are fixed. Lessons should be learned from previous projects. By understanding the root causes of defects found in other projects, processes can be improved, which in turn should prevent those defects from reoccurring and, as a consequence, improve the quality of future systems. This is an aspect of quality assurance. Testing should be integrated as one of the quality assurance activities (i.e. alongside development standards, training and defect analysis). 1.2.5 How Much Testing is Enough? Deciding how much testing is enough should take account of the level of risk, including technical, safety, and business risks, and project constraints such as time and budget. Testing should provide sufficient information to stakeholders to make informed decisions about the release of the software or system being tested, for the next development step or handover to customers.

1.3 Seven Testing Principles

Principle 1 Testing shows presence of defects Testing can show that defects are present, but cannot prove that there are no defects. Testing reduces the probability of undiscovered defects remaining in the software but, even if no defects are found, it is not a proof of correctness. Principle 2 Exhaustive testing is impossible Testing everything (all combinations of inputs and preconditions) is not feasible except for trivial cases. Instead of exhaustive testing, risk analysis and priorities should be used to focus testing efforts. Principle 3 Early testing To find defects early, testing activities shall be started as early as possible in the software or system development life cycle, and shall be focused on defined objectives. Principle 4 Defect clustering Testing effort shall be focused proportionally to the expected and later observed defect density of modules. A small number of modules usually contains most of the defects discovered during pre-release testing, or is responsible for most of the operational failures.

ASAP D.D. (P) Ltd

Page 11

Manual Testing
Principle 5 Pesticide paradox If the same tests are repeated over and over again, eventually the same set of test cases will no longer find any new defects. To overcome this pesticide paradox, test cases need to be regularly reviewed and revised, and new and different tests need to be written to exercise different parts of the software or system to find potentially more defects. Principle 6 Testing is context dependent Testing is done differently in different contexts. For example, safety-critical software is tested differently from an e-commerce site. Principle 7 Absence-of-errors fallacy Finding and fixing defects does not help if the system built is unusable and does not fulfil the users needs and expectations.

1.4 Fundamental Test Process

The most visible part of testing is test execution. But to be effective and efficient, test plans should also include time to be spent on planning the tests, designing test cases, preparing for execution and evaluating results. The fundamental test process consists of the following main activities: Planning and control Analysis and design Implementation and execution Evaluating exit criteria and reporting Test closure activities Although logically sequential, the activities in the process may overlap or take place concurrently. Tailoring these main activities within the context of the system and the project is usually required. 1.4.1 Test Planning and Control Test planning is the activity of defining the objectives of testing and the specification of test activities in order to meet the objectives and mission. Test control is the ongoing activity of comparing actual progress against the plan, and reporting the status, including deviations from the plan. It involves taking actions necessary to meet the mission and objectives of the project. In order to control testing, the testing activities should be monitored throughout the project. Test planning takes into account the feedback from monitoring and control activities.

ASAP D.D. (P) Ltd

Page 12

Manual Testing
1.4.2 Test Analysis and Design Test analysis and design is the activity during which general testing objectives are transformed into tangible test conditions and test cases. The test analysis and design activity has the following major tasks: Reviewing the test basis (such as requirements, software integrity level1 (risk level), risk analysis reports, architecture, design, interface specifications) Evaluating testability of the test basis and test objects Identifying and prioritizing test conditions based on analysis of test items, the specification, behaviour and structure of the software Designing and prioritizing high level test cases Identifying necessary test data to support the test conditions and test cases Designing the test environment set-up and identifying any required infrastructure and tools Creating bi-directional traceability between test basis and test case 1.4.3 Test Implementation and Execution Test implementation and execution is the activity where test procedures or scripts are specified by combining the test cases in a particular order and including any other information needed for test execution, the environment is set up and the tests are run. Test implementation and execution has the following major tasks: Finalizing, implementing and prioritizing test cases (including the identification of test data) Developing and prioritizing test procedures, creating test data and, optionally, preparing test harnesses and writing automated test scripts Creating test suites from the test procedures for efficient test execution Verifying that the test environment has been set up correctly Verifying and updating bi-directional traceability between the test basis and test cases Executing test procedures either manually or by using test execution tools, according to the planned sequence Logging the outcome of test execution and recording the identities and versions of the software under test, test tools and testware Comparing actual results with expected results Reporting discrepancies as incidents and analyzing them in order to establish their cause (e.g., a defect in the code, in specified test data, in the test document, or a mistake in the way the test was executed) Repeating test activities as a result of action taken for each discrepancy, for example, re execution of a test that previously failed in order to confirm a fix (confirmation testing), execution of a corrected test and/or execution of tests in order to ensure that defects have not been introduced in unchanged areas of the software or that defect fixing did not uncover other defects (regression testing)

ASAP D.D. (P) Ltd

Page 13

Manual Testing
1.4.4 Evaluating Exit Criteria and Reporting Evaluating exit criteria is the activity where test execution is assessed against the defined objectives. This should be done for each test level. Evaluating exit criteria has the following major tasks: Checking test logs against the exit criteria specified in test planning Assessing if more tests are needed or if the exit criteria specified should be changed Writing a test summary report for stakeholders 1.4.5 Test Closure Activities Test closure activities collect data from completed test activities to consolidate experience, testware, facts and numbers. Test closure activities occur at project milestones such as when a software system is released, a test project is completed (or cancelled), a milestone has been achieved, or a maintenance release has been completed. Test closure activities include the following major tasks: Checking which planned deliverables have been delivered Closing incident reports or raising change records for any that remain open Documenting the acceptance of the system Finalizing and archiving testware, the test environment and the test infrastructure for later reuse Handing over the testware to the maintenance organization Analyzing lessons learned to determine changes needed for future releases and projects Using the information gathered to improve test maturity

1.5 Psychology of Testing

The mindset to be used while testing and reviewing is different from that used while developing software. With the right mindset developers are able to test their own code, but separation of this responsibility to a tester is typically done to help focus effort and provide additional benefits, such as an independent view by trained and professional testing resources. Independent testing may be carried out at any level of testing. A certain degree of independence (avoiding the author bias) often makes the tester more effective at finding defects and failures. Independence is not, however, a replacement for familiarity, and developers can efficiently find many defects in their own code. Several levels of independence can be defined as shown here from low to high: Tests designed by the person(s) who wrote the software under test (low level of independence) Tests designed by another person(s) (e.g., from the development team) Tests designed by a person(s) from a different organizational group (e.g., an independent test team) or test specialists (e.g., usability or performance test specialists)

ASAP D.D. (P) Ltd

Page 14

Manual Testing
Tests designed by a person(s) from a different organization or company (i.e. outsourcing or certification by an external body) People and projects are driven by objectives. People tend to align their plans with the objectives set by management and other stakeholders, for example, to find defects or to confirm that software meets its objectives. Therefore, it is important to clearly state the objectives of testing. Identifying failures during testing may be perceived as criticism against the product and against the author. As a result, testing is often seen as a destructive activity, even though it is very constructive in the management of product risks. Looking for failures in a system requires curiosity, professional pessimism, a critical eye, attention to detail, good communication with development peers, and experience on which to base error guessing. If errors, defects or failures are communicated in a constructive way, bad feelings between the testers and the analysts, designers and developers can be avoided. This applies to defects found during reviews as well as in testing. The tester and test leader need good interpersonal skills to communicate factual information about defects, progress and risks in a constructive way. For the author of the software or document, defect information can help them improve their skills. Defects found and fixed during testing will save time and money later, and reduce risks. Communication problems may occur, particularly if testers are seen only as messengers of unwanted news about defects. However, there are several ways to improve communication and relationships between testers and others: Start with collaboration rather than battles remind everyone of the common goal of better quality systems Communicate findings on the product in a neutral, fact-focused way without criticizing the person who created it, for example, write objective and factual incident reports and review findings Try to understand how the other person feels and why they react as they do Confirm that the other person has understood what you have said and vice versa

ASAP D.D. (P) Ltd

Page 15

Manual Testing
2. Testing Throughout the Software Life Cycle
2.1 Software Development Models
Testing does not exist in isolation; test activities are related to software development activities. Different development life cycle models need different approaches to testing. Software development model is a framework that is used to structure, plan and control the process of developing an information system. Below mentioned are the widely used models: Sequential (Waterfall & V Model etc) Iterative Evolutionary (Proto typing, Concurrent Dev, Spiral) Agile 2.1.1 Sequential Model A. Waterfall Model: Each phase must be completed in its entirely before the next phase can begin. At the end of each phase, a review takes place to determine if the project is on the right path and if they can continue or discard the project. Requirements

Design

Development

Testing

Implementation

Maintenance

ASAP D.D. (P) Ltd

Page 16

Manual Testing
Advantages: Most Common Simple to understand and use Easy to manage due to rigidity each phase has specific deliverables and a review Phases are processed and completed individually Works well for smaller projects, or where requirements are well understood Disadvantages: Adjusting scope during the lifecycle can end a project No working software is produced until late in the lifecycle High amounts of risk and uncertainty Poor model for complex or object-oriented projects Poor model for long or ongoing projects, or where requirements are likely to change B. V Model V-Model evolved from waterfall Model It is also called as verification and validation Model Instead of moving down in a linear way, the process steps are bent upwards after the coding phase, to form the typical V shape Testing is emphasized in this model more than in the waterfall model It is a structured approach to testing Brings high quality into the development of our products

ASAP D.D. (P) Ltd

Page 17

Manual Testing
Advantages: The errors occurred in any phase will be corrected in that phase itself Verification and validation will be done side by side Proactive defect tracking i.e., defects r found at early stages even may be in the development phase before application is tested Lower defect Resolution cost due to earlier detection Improved quality and reliability Reduction in the amount of Re-work Disadvantages: It is not proposed for short term projects as it require reviews at each stage It needs lot of resources and money It needs an established process to implement 2.1.2 Iterative Model An iterative lifecycle model does not attempt to start with a full specification of requirements. Instead, development begins by specifying and implementing just part of software, which can be then reviewed in order to identify further requirements. This process is then repeated, producing a new version of the software each cycle of the model. A Review phase, in which the software is evaluated, the current requirements are reviewed, and changes and additions to requirements proposed. For each cycle of the model, a decision has to be made as to whether the software produced by the cycle will be discarded, or kept as a starting point for the next cycle. Eventually a point will be reached where the requirements are complete and the software can be delivered, or it becomes impossible to enhance the software as required, and a fresh start has to be made.

ASAP D.D. (P) Ltd

Page 18

Manual Testing
Advantages: The key to successful use of an iterative software development lifecycle is rigorous validation of requirements, and verification (including testing) of each version of the software against those requirements within each cycle of the model highly accurate and specific Disadvantages: Simple early designs may be inadequate When using the iterative model people working on the project can get stuck in a loop (Always finding problems than having to go back and design a fix, implement it) 2.1.3 Evolutionary Model Allows the software to evolve as need grows or become better understood, or become defined Each delivery becomes more complex, with addition of new features/functions Goal of evolutionary models is extensibility Some Evolutionary Models are: o o o Prototyping Model Concurrent Development Model Spiral Model

A. Prototyping Model It is recommendable for the projects when Short amount of time for product Needs revisions done after release Requirements are fuzzy Developer is unsure of o o o Advantages: Delivers a working system early & cheaply Avoids Building systems to bad requirements Fits top-down implementation and testing strategies The efficiency of an algorithm The adaptability of OS User interface is not well defined

ASAP D.D. (P) Ltd

Page 19

Manual Testing
Proto typing

Initial Req

Design

Customer Evaluation

Customer Satisfied

Review & Update

Maintain Disadvantages: User may become frustrated Constant system volatility Often unreliable system B. Concurrent Development Model

Test

Development

Developer write requirements, design, code, test, and integrate tests all at the same time Any of the activities of a project may be in a particular state at any one time o o o o Advantages: Product can be turned over fairly and quickly Disadvantages: Possible miscommunication between different developing parties C. Spiral Model First Proposed by Boehm in 1987 It is an evolutionary software process model that couples the iterative nature of prototyping with the controlled and systematic aspects of the linear sequential model Before commencing each phase attempt is made to control or resolve risks If it proves to be impossible to resolve all the significant risk, then the project is terminated immediately Recommended for the development of large scale system and software Under development Awaiting changes Under revision Under review, etc

It is commonly recommended for Client/Server applications.

ASAP D.D. (P) Ltd

Page 20

Manual Testing

Framework activities: Customer Communication: tasks required to establish effective communication Planning: tasks required to define resources, timelines and other project related information Risk Analysis: tasks required to assess the technical and management risks Engineering: tasks required to build one or more representation of the application Construction & Release: tasks required to construct, test and support (e.g. Documentation & Training) Customer evaluation: tasks required to obtain periodic customer feedback Advantages: Emphasis risk which is often ignored Emphasis risk reduction techniques Provides Check points for project cancellation Constant Customer involvement and validation Disadvantages: Full analysis requires training, skill, and considerable expense So, it may only be appropriate for large projects run by large companies

ASAP D.D. (P) Ltd

Page 21

Manual Testing
2.1.4 Agile Model The Agile development method is characterized as being able to adapt quickly to changing realities. It incorporates planning, requirements analysis, and design, coding, testing, and documenting tasks to release mini-increments of new functionality. Promises Allows for adaptive planning Project risk is minimized by developing software in short iterations where each iteration is a small project on its own Allows for just-in-time requirements and the ability to adapt to constantly changing requirements Less time is wasted on written documentation. The emphasis is on real-time communication, preferably face-to-face, over written documents Progress is measured by producing crude and executable systems presented to stakeholders and continually improving them There is continuous client communication the project is very close to the user and relies heavily on client interaction to build the best system that meets the user's needs Deliverables are short-win, business-focused releases, released typically every couple of weeks or months until the entire project is completed

ASAP D.D. (P) Ltd

Page 22

Manual Testing
Realities: Can result in cowboy coding; that is the absence of a defined development method and team members have the freedom to do whatever they feel is right There is often insufficient structure and the necessary documentation to maintain and enhance the application on a going-forward basis Only works well with senior-level, highly experienced developers Often incorporates insufficient software architecture and design for complex applications Business partners are often nervous and confused about what they will receive as a final package. They resist iterative requirements work and are not prepared for iterative testing Output may be surprising. Due to the incremental nature of adaptive planning, the overall result may differ substantially from the original intent. This may be a better result but perceived as a chaotic process Requires a lot of cultural change for an organization to adopt (if this doesn't already exist) Many tools for development (e.g. project management, requirements management, development tools) were based on the Waterfall approach and require extra work to be effective in an Agile methodology An Agile methodology is best suited for development projects that are evolving and continuously facing changing conditions. 2.1.5 Testing within a Life Cycle Model In any life cycle model, there are several characteristics of good testing: For every development activity there is a corresponding testing activity Each test level has test objectives specific to that level The analysis and design of tests for a given test level should begin during the corresponding development activity Testers should be involved in reviewing documents as soon as drafts are available in the development life cycle Test levels can be combined or reorganized depending on the nature of the project or the system architecture. For example, for the integration of a Commercial Off-The-Shelf (COTS) software product into a system, the purchaser may perform integration testing at the system level (e.g., integration to the infrastructure and other systems, or system deployment) and acceptance testing (functional and/or nonfunctional, and user and/or operational testing).

2.2 Test Levels

The system is tested in steps, in line with the planned build and release strategies, from individual units of code through integrated subsystems to the deployed releases and to the final system. Testing proceeds through various physical levels of the application development lifecycle. Each completed level represents a milestone on the project plan and each stage represents a known level of physical integration and quality. These stages of integration are known as test levels.

ASAP D.D. (P) Ltd

Page 23

Manual Testing
Component Testing Integration Testing System Testing Acceptance Testing 2.2.1 Component Testing Test basis: Component requirements Detailed design Code Typical test objects: Components Programs Data conversion / migration programs Component testing (also known as unit, module or program testing) searches for defects in, and verifies the functioning of, software modules, programs, objects, classes, etc., that are separately testable. It may be done in isolation from the rest of the system, depending on the context of the development life cycle and the system. Component testing may include testing of functionality and specific non-functional characteristics, such as resource-behavior (e.g., searching for memory leaks) or robustness testing, as well as structural testing (e.g., decision coverage). Test cases are derived from work products such as a specification of the component, the software design or the data model. Typically, component testing occurs with access to the code being tested and with the support of a development environment, such as a unit test framework or debugging tool. In practice, component testing usually involves the programmer who wrote the code. Defects are typically fixed as soon as they are found, without formally managing these defects. One approach to component testing is to prepare and automate test cases before coding. This is called a test-first approach or test-driven development. This approach is highly iterative and is based on cycles of developing test cases, then building and integrating small pieces of code, and executing the component tests correcting any issues and iterating until they pass. 2.2.2 Integration Testing Test basis: Software and system design Architecture Workflows Use cases

ASAP D.D. (P) Ltd

Page 24

Manual Testing
Typical test objects: Sub-systems database implementation Infrastructure Interfaces System configuration Configuration data Integration testing tests interfaces between components, interactions with different parts of a system, such as the operating system, file system and hardware, and interfaces between systems. There may be more than one level of integration testing and it may be carried out on test objects of varying size as follows: 1. 2. Component integration testing tests the interactions between software components and is done after component testing System integration testing tests the interactions between different systems or between hardware and software and may be done after system testing. In this case, the developing organization may control only one side of the interface. This might be considered as a risk. Business processes implemented as workflows may involve a series of systems. Cross platform issues may be significant.

The greater the scope of integration, the more difficult it becomes to isolate failures to a specific component or system, which may lead to increased risk and additional time for troubleshooting. At each stage of integration, testers concentrate solely on the integration itself. For example, if they are integrating module A with module B they are interested in testing the communication between the modules, not the functionality of the individual module as that was done during component testing. Both functional and structural approaches may be used. Ideally, testers should understand the architecture and influence integration planning. If integration tests are planned before components or systems are built, those components can be built in the order required for most efficient testing. 2.2.3 System Testing Test basis: System and software requirement specification Use cases Functional specification Risk analysis reports

ASAP D.D. (P) Ltd

Page 25

Manual Testing
Typical test objects: System, user and operation manuals System configuration System testing is concerned with the behavior of a whole system/product. The testing scope shall be clearly addressed in the Master and/or Level Test Plan for that test level. In system testing, the test environment should correspond to the final target or production environment as much as possible in order to minimize the risk of environment-specific failures not being found in testing. System testing may include tests based on risks and/or on requirements specifications, business processes, use cases, or other high level text descriptions or models of system behavior, interactions with the operating system, and system resources. System testing should investigate functional and non-functional requirements of the system, and data quality characteristics. Testers also need to deal with incomplete or undocumented requirements. System testing of functional requirements starts by using the most appropriate specification-based (black-box) techniques for the aspect of the system to be tested. For example, a decision table may be created for combinations of effects described in business rules. Structure based techniques (white-box) may then be used to assess the thoroughness of the testing with respect to a structural element, such as menu structure or web page navigation. An independent test team often carries out system testing. 2.2.4 Acceptance Testing Test basis: User requirements System requirements Use cases Business processes Risk analysis reports Typical test objects: Business processes on fully integrated system Operational and maintenance processes User procedures Forms Reports Acceptance testing is often the responsibility of the customers or users of a system; other stakeholders may be involved as well.

ASAP D.D. (P) Ltd

Page 26

Manual Testing
The goal in acceptance testing is to establish confidence in the system, parts of the system or specific nonfunctional characteristics of the system. Finding defects is not the main focus in acceptance testing. Acceptance testing may assess the systems readiness for deployment and use, although it is not necessarily the final level of testing. For example, a large-scale system integration test may come after the acceptance test for a system. Acceptance testing may occur at various times in the life cycle, for example: A COTS software product may be acceptance tested when it is installed or integrated Acceptance testing of the usability of a component may be done during component testing Acceptance testing of a new functional enhancement may come before system testing Typical forms of acceptance testing include the following: User acceptance testing: Typically verifies the fitness for use of the system by business users. Operational (acceptance) testing The acceptance of the system by the system administrators, including: Testing of backup/restore Disaster recovery User management Maintenance tasks Data load and migration tasks Periodic checks of security vulnerabilities Contract and regulation acceptance testing Contract acceptance testing is performed against a contracts acceptance criteria for producing customdeveloped software. Acceptance criteria should be defined when the parties agree to the contract. Regulation acceptance testing is performed against any regulations that must be adhered to, such as government, legal or safety regulations. Alpha and beta (or field) testing Developers of market, or COTS, software often want to get feedback from potential or existing customers in their market before the software product is put up for sale commercially. Alpha testing is performed at the developing organizations site but not by the developing team. Beta testing, or field-testing, is performed by customers or potential customers at their own locations. Organizations may use other terms as well, such as factory acceptance testing and site acceptance testing for systems that are tested before and after being moved to a customers site.

ASAP D.D. (P) Ltd

Page 27

Manual Testing
2.3 Test Types
A group of test activities can be aimed at verifying the software system (or a part of a system) based on a specific reason or target for testing. A test type is focused on a particular test objective, which could be any of the following: A function to be performed by the software A non-functional quality characteristic, such as reliability or usability The structure or architecture of the software or system Change related, i.e. confirming that defects have been fixed (confirmation testing) and looking for unintended changes (regression testing) 2.3.1 Testing of Function (Functional Testing) The functions that a system, subsystem or component are to perform may be described in work products such as a requirements specification, use cases, or a functional specification, or they may be undocumented. The functions are what the system does. Functional tests are based on functions and features (described in documents or understood by the testers) and their interoperability with specific systems, and may be performed at all test levels (e.g., tests for components may be based on a component specification). Specification-based techniques may be used to derive test conditions and test cases from the functionality of the software or system. Functional testing considers the external behavior of the software (black-box testing). A type of functional testing, security testing, investigates the functions (e.g., a firewall) relating to detection of threats, such as viruses, from malicious outsiders. Another type of functional testing, interoperability testing, evaluates the capability of the software product to interact with one or more specified components or systems. 2.3.2 Testing of Non-functional Software Characteristics (Non-functional Testing) Non-functional testing includes, but is not limited to, performance testing, load testing, stress testing, usability testing, maintainability testing, reliability testing and portability testing. It is the testing of how the system works. Non-functional testing may be performed at all test levels. The term non-functional testing describes the tests required to measure characteristics of systems and software that can be quantified on a varying scale, such as response times for performance testing. These tests can be referenced to a quality model such as the one defined in Software Engineering Software Product Quality. Non-functional testing considers the external behavior of the software and in most cases uses black-box test design techniques to accomplish that.

ASAP D.D. (P) Ltd

Page 28

Manual Testing
2.3.3 Testing of Software Structure/Architecture (Structural Testing) Structural (white-box) testing may be performed at all test levels. Structural techniques are best used after specification-based techniques, in order to help measure the thoroughness of testing through assessment of coverage of a type of structure. Coverage is the extent that a structure has been exercised by a test suite, expressed as a percentage of the items being covered. If coverage is not 100%, then more tests may be designed to test those items that were missed to increase coverage. At all test levels, but especially in component testing and component integration testing, tools can be used to measure the code coverage of elements, such as statements or decisions. Structural testing may be based on the architecture of the system, such as a calling hierarchy. Structural testing approaches can also be applied at system, system integration or acceptance testing levels (e.g., to business models or menu structures). 2.3.4 Testing Related to Changes: Re-testing and Regression Testing After a defect is detected and fixed, the software should be re-tested to confirm that the original defect has been successfully removed. This is called confirmation. Debugging (defect fixing) is a development activity, not a testing activity. Regression testing is the repeated testing of an already tested program, after modification, to discover any defects introduced or uncovered as a result of the change(s). These defects may be either in the software being tested, or in another related or unrelated software component. It is performed when the software, or its environment, is changed. The extent of regression testing is based on the risk of not finding defects in software that was working previously. Tests should be repeatable if they are to be used for confirmation testing and to assist regression testing. Regression testing may be performed at all test levels, and includes functional, non-functional and structural testing. Regression test suites are run many times and generally evolve slowly, so regression testing is a strong candidate for automation.

2.4 Maintenance Testing

Once deployed, a software system is often in service for years or decades. During this time the system, its configuration data, or its environment are often corrected, changed or extended. The planning of releases in advance is crucial for successful maintenance testing. A distinction has to be made between planned releases and hot fixes. Maintenance testing is done on an existing operational system, and is triggered by modifications, migration, or retirement of the software or system. Modifications include planned enhancement changes (e.g., release-based), corrective and emergency changes, and changes of environment, such as planned operating system or database upgrades, planned

ASAP D.D. (P) Ltd

Page 29

Manual Testing
upgrade of Commercial-Off-The-Shelf software, or patches to correct newly exposed or discovered vulnerabilities of the operating system. Maintenance testing for migration (e.g., from one platform to another) should include operational tests of the new environment as well as of the changed software. Migration testing (conversion testing) is also needed when data from another application will be migrated into the system being maintained. Maintenance testing for the retirement of a system may include the testing of data migration or archiving if long data-retention periods are required. In addition to testing what has been changed, maintenance testing includes extensive regression testing to parts of the system that have not been changed. The scope of maintenance testing is related to the risk of the change, the size of the existing system and to the size of the change. Depending on the changes, maintenance testing may be done at any or all test levels and for any or all test types. Determining how the existing system may be affected by changes is called impact analysis, and is used to help decide how much regression testing to do. The impact analysis may be used to determine the regression test suite. Maintenance testing can be difficult if specifications are out of date or missing, or testers with domain knowledge are not available.

ASAP D.D. (P) Ltd

Page 30

Manual Testing
3. Static Techniques
3.1 Static Techniques and the Test Process
Unlike dynamic testing, which requires the execution of software; static testing techniques rely on the manual examination (reviews) and automated analysis (static analysis) of the code or other project documentation without the execution of the code. Reviews are a way of testing software work products (including code) and can be performed well before dynamic test execution. Defects detected during reviews early in the life cycle (e.g., defects found in requirements) are often much cheaper to remove than those detected by running tests on the executing code. A review could be done entirely as a manual activity, but there is also tool support. The main manual activity is to examine a work product and make comments about it. Any software work product can be reviewed, including requirements specifications, design specifications, code, test plans, test specifications, test cases, test scripts, user guides or web pages. Benefits of reviews include early defect detection and correction, development productivity improvements, reduced development timescales, reduced testing cost and time, lifetime cost reductions, fewer defects and improved communication. Reviews can find omissions, for example, in requirements, which are unlikely to be found in dynamic testing. Reviews, static analysis and dynamic testing have the same objective identifying defects. They are complementary; the different techniques can find different types of defects effectively and efficiently. Compared to dynamic testing, static techniques find causes of failures (defects) rather than the failures themselves. Typical defects that are easier to find in reviews than in dynamic testing include: deviations from standards, requirement defects, design defects, insufficient maintainability and incorrect interface specifications.

3.2 Review Process

The different types of reviews vary from informal, characterized by no written instructions for reviewers, to systematic, characterized by including team participation, documented results of the review, and documented procedures for conducting the review. The formality of a review process is related to factors such as the maturity of the development process, any legal or regulatory requirements or the need for an audit trail. The way a review is carried out depends on the agreed objectives of the review (e.g., find defects, gain understanding, educate testers and new team members, or discussion and decision by consensus).

ASAP D.D. (P) Ltd

Page 31

Manual Testing
3.2.1 Activities of a Formal Review 1. Planning: Defining the review criteria Selecting the personnel Allocating roles 2. Defining the entry and exit criteria for more formal review types (e.g., inspections) Selecting which parts of documents to review 3. Kick-off: Distributing documents Explaining the objectives, process and documents to the participants 4. Checking entry criteria (for more formal review types) 5. Individual preparation Preparing for the review meeting by reviewing the document(s) 6. Noting potential defects, questions and comments 7. Examination/evaluation/recording of results (review meeting): Discussing or logging, with documented results or minutes (for more formal review types) Noting defects, making recommendations regarding handling the defects, making decisions about the defects 8. Examining/evaluating and recording during any physical meetings or tracking any group electronic communications 9. Rework: 10. Fixing defects found (typically done by the author) Recording updated status of defects (in formal reviews) 11. Follow-up: Checking that defects have been addressed Gathering metrics 12. Checking on exit criteria (for more formal review types) 3.2.2 Roles and Responsibilities A typical formal review will include the roles below: Manager: decides on the execution of reviews, allocates time in project schedules and determines if the review objectives have been met Moderator: the person who leads the review of the document or set of documents, including planning the review, running the meeting, and following-up after the meeting. If necessary, the moderator may mediate between the various points of view and is often the person upon whom the success of the review rests Author: the writer or person with chief responsibility for the document(s) to be reviewed Reviewers: individuals with a specific technical or business background (also called checkers or inspectors) who, after the necessary preparation, identify and describe findings (e.g., defects) in

ASAP D.D. (P) Ltd

Page 32

Manual Testing
the product under review. Reviewers should be chosen to represent different perspectives and roles in the review process, and should take part in any review meetings Scribe (or recorder): documents all the issues, problems and open points that were identified during the meeting Looking at software products or related work products from different perspectives and using checklists can make reviews more effective and efficient. For example, a checklist based on various perspectives such as user, maintainer, tester or operations, or a checklist of typical requirements problems may help to uncover previously undetected issues. 3.2.3 Types of Reviews A single software product or related work product may be the subject of more than one review. If more than one type of review is used, the order may vary. For example, an informal review may be carried out before a technical review, or an inspection may be carried out on a requirements specification before a walkthrough with customers. The main characteristics, options and purposes of common review types are: Informal Review: No formal process May take the form of pair programming or a technical lead reviewing designs and code Results may be documented Varies in usefulness depending on the reviewers Main purpose: inexpensive way to get some benefit Walkthrough: Meeting led by author May take the form of scenarios, dry runs, peer group participation Open-ended sessions o o Optional pre-meeting preparation of reviewers Optional preparation of a review report including list of findings

Optional scribe (who is not the author) May vary in practice from quite informal to very formal Main purposes: learning, gaining understanding, finding defects Technical Review: Documented, defined defect-detection process that includes peers and technical experts with optional management participation May be performed as a peer review without management participation Ideally led by trained moderator (not the author) Pre-meeting preparation by reviewers Optional use of checklists

ASAP D.D. (P) Ltd

Page 33

Manual Testing
Preparation of a review report which includes the list of findings, the verdict whether the software product meets its requirements and, where appropriate, recommendations related to findings May vary in practice from quite informal to very formal Main purposes: discussing, making decisions, evaluating alternatives, finding defects, solving technical problems and checking conformance to specifications, plans, regulations, and standards Inspection: Led by trained moderator (not the author) Usually conducted as a peer examination Defined roles Includes metrics gathering Formal process based on rules and checklists Specified entry and exit criteria for acceptance of the software product Pre-meeting preparation Inspection report including list of findings Formal follow-up process Optional process improvement components Optional reader Main purpose: finding defects Walkthroughs, technical reviews and inspections can be performed within a peer group, i.e. colleagues at the same organizational level. This type of review is called a peer review. 3.2.4 Success Factors for Reviews Success factors for reviews include: Each review has clear predefined objectives The right people for the review objectives are involved Testers are valued reviewers who contribute to the review and also learn about the product which enables them to prepare tests earlier Defects found are welcomed and expressed objectively People issues and psychological aspects are dealt with (e.g., making it a positive experience for the author) The review is conducted in an atmosphere of trust; the outcome will not be used for the evaluation of the participants Review techniques are applied that are suitable to achieve the objectives and to the type and level of software work products and reviewers Checklists or roles are used if appropriate to increase effectiveness of defect identification Training is given in review techniques, especially the more formal techniques such as inspection Management supports a good review process (e.g., by incorporating adequate time for review activities in project schedules) There is an emphasis on learning and process improvement

ASAP D.D. (P) Ltd

Page 34

Manual Testing
3.3 Static Analysis by Tools
The objective of static analysis is to find defects in software source code and software models. Static analysis is performed without actually executing the software being examined by the tool; dynamic testing does execute the software code. Static analysis can locate defects that are hard to find in dynamic testing. As with reviews, static analysis finds defects rather than failures. Static analysis tools analyze program code (e.g., control flow and data flow), as well as generated output such as HTML and XML. The value of static analysis is: Early detection of defects prior to test execution Early warning about suspicious aspects of the code or design by the calculation of metrics, such as a high complexity measure Identification of defects not easily found by dynamic testing Detecting dependencies and inconsistencies in software models such as links Improved maintainability of code and design Prevention of defects, if lessons are learned in development Typical defects discovered by static analysis tools include: Referencing a variable with an undefined value Inconsistent interfaces between modules and components Variables that are not used or are improperly declared Unreachable (dead) code Missing and erroneous logic (potentially infinite loops) Overly complicated constructs Programming standards violations Security vulnerabilities Syntax violations of code and software models Static analysis tools are typically used by developers (checking against predefined rules or programming standards) before and during component and integration testing or when checking-in code to configuration management tools, and by designers during software modelling. Static analysis tools may produce a large number of warning messages, which need to be well-managed to allow the most effective use of the tool. Compilers may offer some support for static analysis, including the calculation of metrics.

ASAP D.D. (P) Ltd

Page 35

Manual Testing
4. Test Design Techniques
4.1 The Test Development Process
The test development process described in this section can be done in different ways, from very informal with little or no documentation, to very formal (as it is described below). The level of formality depends on the context of the testing, including the maturity of testing and development processes, time constraints, safety or regulatory requirements, and the people involved. During test analysis, the test basis documentation is analyzed in order to determine what to test, i.e. to identify the test conditions. A test condition is defined as an item or event that could be verified by one or more test cases (e.g., a function, transaction, quality characteristic or structural element). Establishing traceability from test conditions back to the specifications and requirements enables both effective impact analysis when requirements change, and determining requirements coverage for a set of tests. During test analysis the detailed test approach is implemented to select the test design techniques to use based on, among other considerations, the identified risks. During test design the test cases and test data are created and specified. A test case consists of a set of input values, execution preconditions, expected results and execution post conditions, developed to cover a certain test objective(s) or test condition(s). The Standard for Software Test Documentation (IEEE STD 829-1998) describes the content of test design specifications (containing test conditions) and test case specifications. Expected results should be produced as part of the specification of a test case and include outputs, changes to data and states, and any other consequences of the test. If expected results have not been defined, then a plausible, but erroneous, result may be interpreted as the correct one. Expected results should ideally be defined prior to test execution. During test implementation the test cases are developed, implemented, prioritized and organized in the test procedure specification. The test procedure specifies the sequence of actions for the execution of a test. If tests are run using a test execution tool, the sequence of actions is specified in a test script (which is an automated test procedure). The various test procedures and automated test scripts are subsequently formed into a test execution schedule that defines the order in which the various test procedures, and possibly automated test scripts, are executed. The test execution schedule will take into account such factors as regression tests, prioritization, and technical and logical dependencies.

ASAP D.D. (P) Ltd

Page 36

Manual Testing
4.2 Categories of Test Design Techniques
The purpose of a test design technique is to identify test conditions, test cases, and test data. It is a classic distinction to denote test techniques as black-box or white-box. Black-box test design techniques (also called specification-based techniques) are a way to derive and select test conditions, test cases, or test data based on an analysis of the test basis documentation. This includes both functional and non-functional testing. Black-box testing, by definition, does not use any information regarding the internal structure of the component or system to be tested. White-box test design techniques (also called structural or structure-based techniques) are based on an analysis of the structure of the component or system. Black-box and white-box testing may also draw upon the experience of developers, testers and users to determine what should be tested. Some techniques fall clearly into a single category; others have elements of more than one category. This syllabus refers to specification-based test design techniques as black-box techniques and structurebased test design techniques as white-box techniques. In addition experience-based test design techniques are covered. Common characteristics of specification-based test design techniques include: Models, either formal or informal, are used for the specification of the problem to be solved, the software or its components Test cases can be derived systematically from these models Common characteristics of structure-based test design techniques include: Information about how the software is constructed is used to derive the test cases (e.g., code and detailed design information) The extent of coverage of the software can be measured for existing test cases, and further test cases can be derived systematically to increase coverage Common characteristics of experience-based test design techniques include: The knowledge and experience of people are used to derive the test cases The knowledge of testers, developers, users and other stakeholders about the software, its usage and its environment is one source of information Knowledge about likely defects and their distribution is another source of information

ASAP D.D. (P) Ltd

Page 37

Manual Testing
4.3 Specification based or Black-box Techniques
4.3.1 Equivalence Partitioning In this method the input domain data is divided into different equivalence data classes. This method is typically used to reduce the total number of test cases to a finite set of testable test cases, still covering maximum requirements. In short it is the process of taking all possible test cases and placing them into classes. One test value is picked from each class while testing. Equivalence partitioning can be used to achieve input and output coverage goals. It can be applied to human input, input via interfaces to a system, or interface parameters in integration testing. 4.3.2 Boundary Value Analysis Its widely recognized that input values at the extreme ends of input domain cause more errors in system. More application errors occur at the boundaries of input domain. Boundary value analysis testing technique is used to identify errors at boundaries rather than finding those exist in centre of input domain. Boundary value analysis is a next part of Equivalence partitioning for designing test cases where test cases are selected at the edges of the equivalence classes. Boundary value analysis is often called as a part of stress and negative testing. Boundary value analysis can be applied at all test levels. It is relatively easy to apply and its defect finding capability is high. Detailed specifications are helpful in determining the interesting boundaries. 4.3.3 Decision Table Testing Decision table is one of the most commonly used testing techniques. Decision tables are used to record complex business rules or scenario and break down into simpler tabular format called decision tables. Consider a real time example: A Particular website has 3 different level of user access: Users who are not registered to the site Users who are registered Premium users or paid members who have access to all actions in the site

ASAP D.D. (P) Ltd

Page 38

Manual Testing
Advantages: A decision table provides a framework for a complete and accurate statement of processing or decision logic Helps to identify the test scenarios faster because of tabular representation Easy to understand Easy to maintain and update decision table if there is change in requirement It is possible to check that all test combinations have been considered The strength of decision table testing is that it creates combinations of conditions that otherwise might not have been exercised during testing. It may be applied to all situations when the action of the software depends on several logical decisions. 4.3.4 State Transition Testing State transition testing is used for systems where some aspect of the software system can be described in 'finite state machine'. This means that the system can be in a finite number of different states, and the transitions from one state to another are determined by the rules of the 'machine. This is the model on which the system and the tests are based. Any system where you get a different output for the same input, depending on what has happened before, is a finite state System. State transition testing is much used within the embedded software industry and technical automation in general. However, the technique is also suitable for modelling a business object having specific states or testing screen-dialogue flows (e.g., for Internet applications or business scenarios). For e.g. suppose you want to withdraw Rs. 500 from a bank ATM, you may be given cash. After some time you again try to withdraw Rs. 500 but you may be refused the money (because your account balance is insufficient). This refusal is because your bank account state has changed from having sufficient funds to cover withdrawal to having insufficient funds. The transaction that caused your account to change its state was probably the earlier withdrawal. A state transition model has four basic parts: The states that the software may occupy (funded/insufficient funds) The transitions from one state to another (all transitions are not allowed) The events that cause a transition (like withdrawing money) The actions that result from a transition (an error message or being given your cash) In any given state, one event can cause only one action, but that the same event from a different state may cause a different action and a different end state.

ASAP D.D. (P) Ltd

Page 39

Manual Testing
Tests can be designed to cover a typical sequence of states, to cover every state, to exercise every transition, to exercise specific sequences of transitions or to test invalid transitions. State transition testing is much used within the embedded software industry and technical automation in general. However, the technique is also suitable for modelling a business object having specific states or testing screen-dialogue flows (e.g., for Internet applications or business scenarios). 4.3.5 Use Case Testing Use Case: A use case is a description of a systems behavior as it responds to a request that originates from outside of that system (the user). In other words, a use case describes who can do what with the system in question. The use cases describe the system from the users point of view. Use case testing is a technique that helps us identify test cases that exercise the whole system on a transaction by transaction basis from start to finish. Use cases are defined in terms of the end user and not the system, use case describe what the user does and what the user sees rather than what inputs the software system expects and what the system outputs. Use cases use the business language rather than technical terms. Use cases are very useful for designing acceptance tests with customer/user participation

4.4 Structure-based or White-box Techniques

Structure-based or white-box testing is based on an identified structure of the software or the system, as seen in the following examples: Component level: the structure of a software component, i.e. statements, decisions, branches or even distinct paths Integration level: the structure may be a call tree (a diagram in which modules call other modules) System level: the structure may be a menu structure, business process or web page structure 4.4.1 Statement Testing and Coverage: Statement coverage is the assessment of the percentage of executable statements that have been exercised by a test case suite. It does not ensure coverage of all functionality.

ASAP D.D. (P) Ltd

Page 40

Manual Testing
The objective if the statement testing is to show that the executable statements within a program have been executed at least once. An executable statement can be described as a line of program source code that will carry out some type of action. The aim is to achieve the maximum amount of statement coverage with the minimum number of test cases. Example 1:

3 Test Conditions are required to cover all the above mentioned statements Example 2:

Only 1 test condition is required to cover all the above mentioned statements 4.4.2 Decision Testing and Coverage Decision coverage, related to branch testing, is the assessment of the percentage of decision outcomes (e.g., the True and False options of an IF statement) that have been exercised by a test case suite. The decision testing technique derives test cases to execute specific decision outcomes.

The objective of decision coverage testing is to show all the decisions within a component have been executed at least once. A decision can be described as a line of source code that asks a question. Example 1:

2 Test Conditions are required to cover all statements and to make any decision.

ASAP D.D. (P) Ltd

Page 41

Manual Testing
Example 2:

3 Test Conditions are required to cover all statements and to make any decision. Decision coverage is stronger than statement coverage. 100% decision coverage for a component is achieved by exercising all decision outcomes in the component. 100% decision coverage guarantees 100% statement coverage, but not vice versa. 4.4.3 Other Structure-based Techniques There are stronger levels of structural coverage beyond decision coverage, for example, condition coverage and multiple condition coverage. The concept of coverage can also be applied at other test levels For example, at the integration level the percentage of modules, components or classes that have been exercised by a test case suite could be expressed as module, component or class coverage. Tool support is useful for the structural testing of code.

4.5 Experience Based Techniques

Experienced-based testing is where tests are derived from the testers skill and intuition and their experience with similar applications and technologies. When used to augment systematic techniques, these techniques can be useful in identifying special tests not easily captured by formal techniques, especially when applied after more formal approaches. However, this technique may yield widely varying degrees of effectiveness, depending on the testers experience. A commonly used experienced-based technique is error guessing. Generally testers anticipate defects based on experience. A structured approach to the error guessing technique is to enumerate a list of possible defects and to design tests that attack these defects. This systematic approach is called fault attack. These defect and failure lists can be built based on experience, available defect and failure data, and from common knowledge about why software fails. Exploratory testing is concurrent test design, test execution, test logging and learning, based on a test charter containing test objectives, and carried out within time-boxes. It is an approach that is most useful where there are few or inadequate specifications and severe time pressure, or in order to augment or complement other, more formal testing. It can serve as a check on the test process, to help ensure that the most serious defects are found.

ASAP D.D. (P) Ltd

Page 42

Manual Testing
4.6 Choosing Test Techniques
The choice of which test techniques to use depends on a number of factors: the type of system regulatory standards customer or contractual requirements level of risk type of risk test objective documentation available knowledge of the testers time and budget development life cycle use case models previous experience with types of defects found Some techniques are more applicable to certain situations and test levels; others are applicable to all test levels. When creating test cases, testers generally use a combination of test techniques including process, rule and data-driven techniques to ensure adequate coverage of the object under test.

ASAP D.D. (P) Ltd

Page 43

Manual Testing
5. Test Management
5.1 Test Organization
5.1.1 Test Organization and Independence The effectiveness of finding defects by testing and reviews can be improved by using independent testers. Options for independence include the following: No independent testers; developers test their own code Independent testers within the development teams Independent test team or group within the organization, reporting to project management or executive management Independent testers from the business organization or user community Independent test specialists for specific test types such as usability testers, security testers or certification testers (who certify a software product against standards and regulations) Independent testers outsourced or external to the organization For large, complex or safety critical projects, it is usually best to have multiple levels of testing, with some or all of the levels done by independent testers. Development staff may participate in testing, especially at the lower levels, but their lack of objectivity often limits their effectiveness. The independent testers may have the authority to require and define test processes and rules, but testers should take on such processrelated roles only in the presence of a clear management mandate to do so. The benefits of independence include: Independent testers see other and different defects, and are unbiased An independent tester can verify assumptions people made during specification and implementation of the system Drawbacks include: Isolation from the development team (if treated as totally independent) Developers may lose a sense of responsibility for quality Independent testers may be seen as a bottleneck or blamed for delays in release Testing tasks may be done by people in a specific testing role, or may be done by someone in another role, such as a project manager, quality manager, developer, business and domain expert, infrastructure or IT operations. 5.1.2 Tasks of the Test Leader and Testers In this syllabus two test positions are covered, test leader and tester. The activities and tasks performed by people in these two roles depend on the project and product context, the people in the roles, and the organization.

ASAP D.D. (P) Ltd

Page 44

Manual Testing
Sometimes the test leader is called a test manager or test coordinator. The role of the test leader may be performed by a project manager, a development manager, a quality assurance manager or the manager of a test group. In larger projects two positions may exist: test leader and test manager. Typically the test leader plans, monitors and controls the testing activities. Typical test leader tasks may include: Coordinate the test strategy and plan with project managers and others Write or review a test strategy for the project, and test policy for the organization Contribute the testing perspective to other project activities, such as integration planning Plan the tests considering the context and understanding the test objectives and risks including selecting test approaches, estimating the time, effort and cost of testing, acquiring resources, defining test levels, cycles, and planning incident management Initiate the specification, preparation, implementation and execution of tests, monitor the test results and check the exit criteria Adapt planning based on test results and progress (sometimes documented in status reports) and take any action necessary to compensate for problems Set up adequate configuration management of testware for traceability Introduce suitable metrics for measuring test progress and evaluating the quality of the testing and the product Decide what should be automated, to what degree, and how Select tools to support testing and organize any training in tool use for testers Decide about the implementation of the test environment Write test summary reports based on the information gathered during testing Typical tester tasks may include: Review and contribute to test plans Analyze, review and assess user requirements, specifications and models for testability Create test specifications Set up the test environment (often coordinating with system administration and network management) Prepare and acquire test data Implement tests on all test levels, execute and log the tests, evaluate the results and document the deviations from expected results Use test administration or management tools and test monitoring tools as required Automate tests (may be supported by a developer or a test automation expert) Measure performance of components and systems (if applicable) Review tests developed by others People who work on test analysis, test design, specific test types or test automation may be specialists in these roles. Depending on the test level and the risks related to the product and the project, different

ASAP D.D. (P) Ltd

Page 45

Manual Testing
people may take over the role of tester, keeping some degree of independence. Typically testers at the component and integration level would be developers, testers at the acceptance test level would be business experts and users, and testers for operational acceptance testing would be operators.

5.2 Test Planning and Estimation

5.2.1 Test Planning Test planning is a continuous activity and is performed in all life cycle processes and activities. Planning is influenced by Test policy of the organization Scope of testing Objectives Risks Constraints Criticality Testability Availability of resources 5.2.2 Test Planning Activities Test planning activities for an entire system or part of a system may include: Determining the scope and risks and identifying the objectives of testing Defining the overall approach of testing, including the definition of the test levels and entry and exit criteria Integrating and coordinating the testing activities into the software life cycle activities (acquisition, supply, development, operation and maintenance) Making decisions about what to test, what roles will perform the test activities, how the test activities should be done, and how the test results will be evaluated Scheduling test analysis and design activities Scheduling test implementation, execution and evaluation Assigning resources for the different activities defined Defining the amount, level of detail, structure and templates for the test documentation Selecting metrics for monitoring and controlling test preparation and execution, defect resolution and risk issues Setting the level of detail for test procedures in order to provide enough information to support reproducible test preparation and execution 5.2.3 Entry Criteria Entry criteria define when to start testing such as at the beginning of a test level or when a set of tests is ready for execution. Typically entry criteria may cover the following: Test environment availability and readiness Test tool readiness in the test environment

ASAP D.D. (P) Ltd

Page 46

Manual Testing
Testable code availability Test data availability 5.2.4 Exit Criteria Exit criteria define when to stop testing such as at the end of a test level or when a set of tests has achieved specific goal. Typically exit criteria may cover the following: Thoroughness measures, such as coverage of code, functionality or risk Estimates of defect density or reliability measures Cost Residual risks, such as defects not fixed or lack of test coverage in certain areas Schedules such as those based on time to market 5.2.5 Test Estimation Two approaches for the estimation of test effort are: The metrics-based approach: estimating the testing effort based on metrics of former or similar projects or based on typical values The expert-based approach: estimating the tasks based on estimates made by the owner of the tasks or by experts Once the test effort is estimated, resources can be identified and a schedule can be drawn up. The testing effort may depend on a number of factors, including: Characteristics of the product: the quality of the specification and other information used for test models (i.e. the test basis), the size of the product, the complexity of the problem domain, the requirements for reliability and security, and the requirements for documentation Characteristics of the development process: the stability of the organization, tools used, test process, skills of the people involved, and time pressure The outcome of testing: the number of defects and the amount of rework required 5.2.6 Test Strategy, Test Approach The test approach is the implementation of the test strategy for a specific project. The test approach is defined and refined in the test plans and test designs. It typically includes the decisions made based on the (test) projects goal and risk assessment. It is the starting point for planning the test process, for selecting the test design techniques and test types to be applied, and for defining the entry and exit criteria. The selected approach depends on context and may consider risks hazards and safety available resources and skills

ASAP D.D. (P) Ltd

Page 47

Manual Testing
the technology the nature of the system test objectives regulations Typical approaches include: Analytical approaches, such as risk-based testing where testing is directed to areas of greatest risk Model-based approaches, such as stochastic testing using statistical information about failure rates (such as reliability growth models) or usage (such as operational profiles) Methodical approaches, such as failure-based (including error guessing and fault-attacks), experienced-based, checklist-based, and quality characteristic-based Process- or standard-compliant approaches, such as those specified by industry-specific standards or the various agile methodologies Dynamic and heuristic approaches, such as exploratory testing where testing is more reactive to events than pre-planned, and where execution and evaluation are concurrent tasks Consultative approaches, such as those in which test coverage is driven primarily by the advice and guidance of technology and/or business domain experts outside the test team Regression-averse approaches, such as those that include reuse of existing test material, extensive automation of functional regression tests, and standard test suites

5.3 Test Progress Monitoring and Control

5.3.1 Test Progress Monitoring The purpose of test monitoring is to provide feedback and visibility about test activities. Information to be monitored may be collected manually or automatically and may be used to measure exit criteria, such as coverage. Metrics may also be used to assess progress against the planned schedule and budget. Common test metrics include: Percentage of work done in test case preparation (or percentage of planned test cases prepared) Percentage of work done in test environment preparation Test case execution (e.g., number of test cases run/not run, and test cases passed/failed) Defect information (e.g., defect density, defects found and fixed, failure rate, and re-test results) Test coverage of requirements, risks or code Subjective confidence of testers in the product Dates of test milestones Testing costs, including the cost compared to the benefit of finding the next defect or to run the next test 5.3.2 Test Reporting Test reporting is concerned with summarizing information about the testing endeavor, including: What happened during a period of testing, such as dates when exit criteria were met

ASAP D.D. (P) Ltd

Page 48

Manual Testing
Analyzed information and metrics to support recommendations and decisions about future actions, such as an assessment of defects remaining, the economic benefit of continued testing, outstanding risks, and the level of confidence in the tested software Metrics should be collected during and at the end of a test level in order to assess: The adequacy of the test objectives for that test level The adequacy of the test approaches taken The effectiveness of the testing with respect to the objectives 5.3.3 Test Control Test control describes any guiding or corrective actions taken as a result of information and metrics gathered and reported. Actions may cover any test activity and may affect any other software life cycle activity or task. Examples of test control actions include: Making decisions based on information from test monitoring Re-prioritizing tests when an identified risk occurs (e.g., software delivered late) Changing the test schedule due to availability or unavailability of a test environment Setting an entry criterion requiring fixes to have been re-tested (confirmation tested) by a developer before accepting them into a build

5.4 Configuration Management

The purpose of configuration management is to establish and maintain the integrity of the products (components, data and documentation) of the software or system through the project and product life cycle. For testing, configuration management may involve ensuring the following: All items of testware are identified, version controlled, tracked for changes, related to each other and related to development items (test objects) so that traceability can be maintained throughout the test process All identified documents and software items are referenced unambiguously in test documentation For the tester, configuration management helps to uniquely identify (and to reproduce) the tested item, test documents, the tests and the test harness(es). During test planning, the configuration management procedures and infrastructure (tools) should be chosen, documented and implemented.

ASAP D.D. (P) Ltd

Page 49

Manual Testing
5.5 Risk and Testing
Risk can be defined as the chance of an event, hazard, threat or situation occurring and resulting in undesirable consequences or a potential problem. The level of risk will be determined by the likelihood of an adverse event happening and the impact (the harm resulting from that event). 5.5.1 Project Risks Project risks are the risks that surround the projects capability to deliver its objectives, such as: Organizational factors: o o o Skill, training and staff shortages Personnel issues Political issues, such as: o Problems with testers communicating their needs and test results Failure by the team to follow up on information found in testing and reviews(e.g., not improving development and testing practices)

Improper attitude toward or expectations of testing (e.g., not appreciating the value of finding defects during testing) Problems in defining the right requirements The extent to which requirements cannot be met given existing constraints Test environment not ready on time Late data conversion, migration planning and development and testing data conversion/migration tools Low quality of the design, code, configuration data, test data and tests Failure of a third party Contractual issues

Technical issues: o o o o o o o

Supplier issues:

5.5.2 Product Risks Potential failure areas (adverse future events or hazards) in the software or system are known as product risks, as they are a risk to the quality of the product. These include: Failure-prone software delivered The potential that the software/hardware could cause harm to an individual or company Poor software characteristics (e.g., functionality, reliability, usability and performance) Poor data integrity and quality (e.g., data migration issues, data conversion problems, data transport problems, violation of data standards) Software that does not perform its intended functions Risks are used to decide where to start testing and where to test more; testing is used to reduce the risk of an adverse effect occurring, or to reduce the impact of an adverse effect.

ASAP D.D. (P) Ltd

Page 50

Manual Testing
Product risks are a special type of risk to the success of a project. Testing as a risk-control activity provides feedback about the residual risk by measuring the effectiveness of critical defect removal and of contingency plans. A risk-based approach to testing provides proactive opportunities to reduce the levels of product risk, starting in the initial stages of a project. It involves the identification of product risks and their use in guiding test planning and control, specification, preparation and execution of tests. In a risk based approach the risks identified may be used to: Determine the test techniques to be employed Determine the extent of testing to be carried out Prioritize testing in an attempt to find the critical defects as early as possible Determine whether any non-testing activities could be employed to reduce risk (e.g., providing training to inexperienced designers) Risk-based testing draws on the collective knowledge and insight of the project stakeholders to determine the risks and the levels of testing required to address those risks. To ensure that the chance of a product failure is minimized, risk management activities provide a disciplined approach to: Assess (and reassess on a regular basis) what can go wrong (risks) Determine what risks are important to deal with Implement actions to deal with those risks In addition, testing may support the identification of new risks, may help to determine what risks should be reduced, and may lower uncertainty about risks.

5.6 Incident Management

Since one of the objectives of testing is to find defects, the discrepancies between actual and expected outcomes need to be logged as incidents. An incident shall be investigated and may turn out to be a defect. Appropriate actions to dispose incidents and defects shall be defined. Incidents and defects shall be tracked from discovery and classification to correction and confirmation of the solution. In order to manage all incidents to completion, an organization should establish an incident management process and rules for classification. Incidents may be raised during development, review, testing or use of a software product. They may be raised for issues in code or the working system, or in any type of documentation including requirements, development documents, test documents, and user information such as Help or installation guides. Incident reports have the following objectives: Provide developers and other parties with feedback about the problem to enable identification, isolation and correction as necessary

ASAP D.D. (P) Ltd

Page 51

Manual Testing
Provide test leaders a means of tracking the quality of the system under test and the progress of the testing Provide ideas for test process improvement Details of the incident report may include: Date of issue, issuing organization, and author Expected and actual results Identification of the test item (configuration item) and environment Software or system life cycle process in which the incident was observed Description of the incident to enable reproduction and resolution, including logs, database dumps or screenshots Scope or degree of impact on stakeholder(s) interests Severity of the impact on the system Urgency/priority to fix Status of the incident (e.g., open, deferred, duplicate, waiting to be fixed, fixed awaiting re-test, closed) Conclusions, recommendations and approvals Global issues, such as other areas that may be affected by a change resulting from the incident Change history, such as the sequence of actions taken by project team members with respect to the incident to isolate, repair, and confirm it as fixed References, including the identity of the test case specification that revealed the problem

ASAP D.D. (P) Ltd

Page 52

Manual Testing
6. Tool Support for Testing
6.1 Types of Test Tools
6.1.1 Understanding the Meaning and Purpose of Tool Support for Testing Test tools can be used for one or more activities that support testing. These include: 1. 2. 3. 4. Tools that are directly used in testing such as test execution tools, test data generation tools and result comparison tools Tools that help in managing the testing process such as those used to manage tests, test results, data, requirements, incidents, defects, etc., and for reporting and monitoring test execution Tools that are used in reconnaissance, or, in simple terms: exploration (e.g., tools that monitor file activity for an application) Any tool that aids in testing (a spreadsheet is also a test tool in this meaning)

Tool support for testing can have one or more of the following purposes depending on the context: Improve the efficiency of test activities by automating repetitive tasks or supporting manual test activities like test planning, test design, test reporting and monitoring Automate activities that require significant resources when done manually (e.g., static testing) Automate activities that can not be executed manually (e.g., large scale performance testing of client-server applications) Increase reliability of testing (e.g., by automating large data comparisons or simulating behavior) The term test frameworks is also frequently used in the industry, in at least three meanings: Reusable and extensible testing libraries that can be used to build testing tools (called test harnesses as well) A type of design of test automation (e.g., data-driven, keyword-driven) Overall process of execution of testing 6.1.2 Test Tool Classification There are a number of tools that support different aspects of testing. Tools can be classified based on several criteria such as purpose, commercial / free / open-source / shareware, technology used and so forth. Tools are classified in this syllabus according to the testing activities that they support. Some tools clearly support one activity; others may support more than one activity, but are classified under the activity with which they are most closely associated. Tools from a single provider, especially those that have been designed to work together, may be bundled into one package. Some types of test tool can be intrusive, which means that they can affect the actual outcome of the test. For example, the actual timing may be different due to the extra instructions that are executed by the tool, or you may get a different measure of code coverage. The consequence of intrusive tools is called the probe effect.

ASAP D.D. (P) Ltd

Page 53

Manual Testing
6.1.3 Tool Support for Management of Testing and Tests Management tools apply to all test activities over the entire software life cycle. Test Management Tools These tools provide interfaces for executing tests, tracking defects and managing requirements, along with support for quantitative analysis and reporting of the test objects. They also support tracing the test objects to requirement specifications and might have an independent version control capability or an interface to an external one. Requirements Management Tools These tools store requirement statements, store the attributes for the requirements (including priority), provide unique identifiers and support tracing the requirements to individual tests. These tools may also help with identifying inconsistent or missing requirements. Incident Management Tools (Defect Tracking Tools) These tools store and manage incident reports, i.e. defects, failures, change requests or perceived problems and anomalies, and help in managing the life cycle of incidents, optionally with support for statistical analysis. Configuration Management Tools Although not strictly test tools, these are necessary for storage and version management of testware and related software especially when configuring more than one hardware/software environment in terms of operating system versions, compilers, browsers, etc. 6.1.4 Tool Support for Static Testing Static testing tools provide a cost effective way of finding more defects at an earlier stage in the development process. Review Tools These tools assist with review processes, checklists, review guidelines and are used to store and communicate review comments, reports on defects and effort. They can be of further help by providing aid for online reviews for large or geographically dispersed teams. Static Analysis Tools These tools help developers and testers find defects prior to dynamic testing by providing support for enforcing coding standards (including secure coding), analysis of structures and dependencies. They can also help in planning or risk analysis by providing metrics for the code (e.g., complexity). Modeling Tools These tools are used to validate software models (e.g., physical data model (PDM) for a relational database), by enumerating inconsistencies and finding defects. These tools can often aid in generating some test cases based on the model.

ASAP D.D. (P) Ltd

Page 54

Manual Testing
6.1.5 Tool Support for Test Specification Test Design Tools These tools are used to generate test inputs or executable tests and/or test oracles from requirements, graphical user interfaces, design models (state, data or object) or code. Test Data Preparation Tools Test data preparation tools manipulate databases, files or data transmissions to set up test data to be used during the execution of tests to ensure security through data anonymity. 6.1.6 Tool Support for Test Execution and Logging Test Execution Tools These tools enable tests to be executed automatically, or semi-automatically, using stored inputs and expected outcomes, through the use of a scripting language and usually provide a test log for each test run. They can also be used to record tests, and usually support scripting language or GUI based configuration for parameterization of data and other customization in the tests. Test Harness/Unit Test Framework Tools A unit test harness or framework facilitates the testing of components or parts of a system by simulating the environment in which that test object will run, through the provision of mock objects as stubs or drivers. Test Comparators Test comparators determine differences between files, databases or test results. Test execution tools typically include dynamic comparators, but post-execution comparison may be done by a separate comparison tool. A test comparator may use a test oracle, especially if it is automated. Coverage Measurement Tools These tools, through intrusive or non-intrusive means, measure the percentage of specific types of code structures that have been exercised (e.g., statements, branches or decisions, and module or function calls) by a set of tests. Security Testing Tools These tools are used to evaluate the security characteristics of software. This includes evaluating the ability of the software to protect data confidentiality, integrity, authentication, authorization, availability, and non-repudiation. Security tools are mostly focused on a particular technology, platform, and purpose.

ASAP D.D. (P) Ltd

Page 55

Manual Testing
6.1.7 Tool Support for Performance and Monitoring Dynamic Analysis Tools Dynamic analysis tools find defects that are evident only when software is executing, such as time dependencies or memory leaks. They are typically used in component and component integration testing, and when testing middleware. Performance Testing/Load Testing/Stress Testing Tools Performance testing tools monitor and report on how a system behaves under a variety of simulated usage conditions in terms of number of concurrent users, their ramp-up pattern, frequency and relative percentage of transactions. The simulation of load is achieved by means of creating virtual users carrying out a selected set of transactions, spread across various test machines commonly known as load generators. Monitoring Tools Monitoring tools continuously analyze, verify and report on usage of specific system resources, and give warnings of possible service problems. 6.1.8 Tool Support for Specific Testing Needs Data Quality Assessment Data is at the center of some projects such as data conversion/migration projects and applications like data warehouses and its attributes can vary in terms of criticality and volume. In such contexts, tools need to be employed for data quality assessment to review and verify the data conversion and migration rules to ensure that the processed data is correct, complete and complies to a pre-define context-specific standard. Other testing tools exist for usability testing.

6.2 Effective Use of Tools: Potential Benefits and Risks

6.2.1 Potential Benefits and Risks of Tool Support for Testing (for all tools) Simply purchasing or leasing a tool does not guarantee success with that tool. Each type of tool may require additional effort to achieve real and lasting benefits. There are potential benefits and opportunities with the use of tools in testing, but there are also risks. Potential benefits of using tools include: Repetitive work is reduced (e.g., running regression tests, re-entering the same test data, and checking against coding standards) Greater consistency and repeatability (e.g., tests executed by a tool in the same order with the same frequency, and tests derived from requirements) Objective assessment (e.g., static measures, coverage) Ease of access to information about tests or testing (e.g., statistics and graphs about test progress, incident rates and performance)

ASAP D.D. (P) Ltd

Page 56

Manual Testing
Risks of using tools include: Unrealistic expectations for the tool (including functionality and ease of use) Underestimating the time, cost and effort for the initial introduction of a tool (including training and external expertise) Underestimating the time and effort needed to achieve significant and continuing benefits from the tool (including the need for changes in the testing process and continuous improvement of the way the tool is used) Underestimating the effort required to maintain the test assets generated by the tool Over-reliance on the tool (replacement for test design or use of automated testing where manual testing would be better) Neglecting version control of test assets within the tool Neglecting relationships and interoperability issues between critical tools, such as requirements management tools, version control tools, incident management tools, defect tracking tools and tools from multiple vendors Risk of tool vendor going out of business, retiring the tool, or selling the tool to a different vendor Poor response from vendor for support, upgrades, and defect fixes Risk of suspension of open-source / free tool project Unforeseen, such as the inability to support a new platform 6.2.2 Special Considerations for Some Types of Tools Test Execution Tools Test execution tools execute test objects using automated test scripts. This type of tool often requires significant effort in order to achieve significant benefits. Capturing tests by recording the actions of a manual tester seems attractive, but this approach does not scale to large numbers of automated test scripts. A captured script is a linear representation with specific data and actions as part of each script. This type of script may be unstable when unexpected events occur. A data-driven testing approach separates out the test inputs (the data), usually into a spreadsheet, and uses a more generic test script that can read the input data and execute the same test script with different data. Testers who are not familiar with the scripting language can then create the test data for these predefined scripts. There are other techniques employed in data-driven techniques, where instead of hard-coded data combinations placed in a spreadsheet, data is generated using algorithms based on configurable parameters at run time and supplied to the application. For example, a tool may use an algorithm, which generates a random user-ID, and for repeatability in pattern, a seed is employed for controlling randomness.

ASAP D.D. (P) Ltd

Page 57

Manual Testing
In a keyword-driven testing approach, the spreadsheet contains keywords describing the actions to be taken (also called action words), and test data. Testers (even if they are not familiar with the scripting language) can then define tests using the keywords, which can be tailored to the application being tested. Technical expertise in the scripting language is needed for all approaches (either by testers or by specialists in test automation). Regardless of the scripting technique used, the expected results for each test need to be stored for later comparison. Static Analysis Tools Static analysis tools applied to source code can enforce coding standards, but if applied to existing code may generate a large quantity of messages. Warning messages do not stop the code from being translated into an executable program, but ideally should be addressed so that maintenance of the code is easier in the future. A gradual implementation of the analysis tool with initial filters to exclude some messages is an effective approach. Test Management Tools Test management tools need to interface with other tools or spreadsheets in order to produce useful information in a format that fits the needs of the organization.

6.3 Introducing a Tool into an Organization

The main considerations in selecting a tool for an organization include: Assessment of organizational maturity, strengths and weaknesses and identification of opportunities for an improved test process supported by tools Evaluation against clear requirements and objective criteria A proof-of-concept, by using a test tool during the evaluation phase to establish whether it performs effectively with the software under test and within the current infrastructure or to identify changes needed to that infrastructure to effectively use the tool Evaluation of the vendor (including training, support and commercial aspects) or service support suppliers in case of non-commercial tools Identification of internal requirements for coaching and mentoring in the use of the tool Evaluation of training needs considering the current test teams test automation skills Estimation of a cost-benefit ratio based on a concrete business case Introducing the selected tool into an organization starts with a pilot project, which has the following objectives: Learn more detail about the tool Evaluate how the tool fits with existing processes and practices, and determine what would need to change

ASAP D.D. (P) Ltd

Page 58

Manual Testing
Decide on standard ways of using, managing, storing and maintaining the tool and the test assets (e.g., deciding on naming conventions for files and tests, creating libraries and defining the modularity of test suites) Assess whether the benefits will be achieved at reasonable cost Success factors for the deployment of the tool within an organization include: Rolling out the tool to the rest of the organization incrementally Adapting and improving processes to fit with the use of the tool Providing training and coaching/mentoring for new users Defining usage guidelines Implementing a way to gather usage information from the actual use Monitoring tool use and benefits Providing support for the test team for a given tool Gathering lessons learned from all teams

ASAP D.D. (P) Ltd

Page 59