Testbytes Software

Meltdown and Spectre: 2 CPU Security Bugs You Need to Know About

Posted on January 5, 2018 by tbsupadminnxtbackendacc

Being a cyber security term, vulnerability refers to the flaws seen in a system which further make ways for hackers and malware. At the beginning of 2018, the IT industry is already scrambling to patch up with the major security vulnerabilities that have affected almost all computers in the world.

The two flaws naming- Spectre & Meltdown was found by the security researchers at the Project Zero at Google. The vulnerabilities could allow leaking of information from mis-speculated execution which further leads to arbitrary virtual memory across various local security boundaries. Vulnerabilities in this particular issue are affecting numerous modern processors including AMD, ARM, Intel, and Apple.

Meltdown and Spectre- Security Bugs

According to the researchers Meltdown (CVE-2017-5754) is considered to be one of the worst CPU bug found till date. This bug is primarily thought to affect Intel processors manufactures since 1995. Meltdown allows the hacker to get through the hardware barrier seen between the users and the core memory of the PC.

Features:

Discovered by Jann Horn, a security analyst at the Google Project Zero
Allows low privileged processes to gain access to high privileged kernal processes to steal system memory
In modern processors, it used the side channel informations
Till now, has only affected the Intel processors
Makes fundamental processes fundamentally unreliable

In the case of Spectre, the vulnerability is more widespread and seen affecting modern processors from AMD, Intel and even the ARM chips on mobile devices. This is considered to be more likely a much serious issue as it requires redesign of the processors to fix the problem in future hardware generations.

Features:

Discovered by Mr. Horn and Mr. Kocher, in coordination with Mike Hamburg, Mr. Lipp and Yuval Yarom at Google
Hardware vulnerability with speculative execution that affect modern processors
Much deeper and is hard to patch
Consist of 2 common ID’s- CVE-2017-5753, CVE-2017-5715
It centres on Brand prediction which is a part of speculative execution
It is more generalized as it does not rely on a single processors memory management

Both these vulnerabilities can be used by attackers to steal and spy on secure data like encryption keys, passwords etc. which are seen on the cache memory and also can access the recently processed data in the system.

Part of Computer That is at Risk

The issues related to Meltdown and Spectre exist within the CPU of Windows, Android, Linux, iOS, macOS, Chromebooks and several other operating systems. A computer generally consist of huge amount of data and the core part of a computer’s operating system known as the kernel, handles the data synchronising process.
When data is in the cache, it is managed by the processor and, it is at this point that new vulnerabilities come into effect. Meltdown grabs information by simply snooping to the memory used by the kernel. And in the case of Spectre, it makes programs to perform unwanted operations which in-turn leaks data, that needs to stay confidential.
Both attacks exploit “speculative execution”, which prepares the results of a set of instructions to a chip. These results are then placed in one of the fastest bits of memory on the PC chip. Unfortunately, this can further manipulate the system bit by bit, therefore allowing the hacker to retrieve confidential data from a computer’s memory.
How is a Computer Targeted?
A hacker tries some kind of codes on a user’s computer in order to try exploit using Meltdown & Spectre. This can be avoided by the following steps:

Blocking ads, browser scripts and page trackers
Use Chrome’s ‘site isolation feature

Steps Issued Against the Major CPU Flaw:

Practically every computing devices including laptops, smart phones and even cloud computing systems are affected by these two CPU bugs. Every major technology companies have started working against Meltdown and Spectre to protect themselves and their customers.

Apple points out that it is already affected by these two CPU bugs and the company advised customers to update their device’s operating system and to only download apps from the App Store
Microsoft has released updates and installing the new patches can protect devices from the vulnerabilities
Intel has rolled out security patches and firmware updates to protect against Meltdown and Spectre. ARM is working with AMD AND
Microsoft, Mozilla and Google have issued patches for these browsers as the first step to defence
Google says that it will roll out a patch for Chrome 64
Chrome OS devices are patched with Kernel Page Table Isolation in Chrome OS 63 and above
The service provider Amazon is working to patch the servers used in their data centres

On the whole, companies and individuals should apply available security updates before the problem gets worse.
Conclusion
There is not much that can be done to resolve this issue but it can be avoided in future by redesigning processors so that attacks becomes impossible. Processors, devices, drives, operating system and numerous other have evolved optimizations for security security risks. As the security problems rise in IT industry, the choices needs to be reconsidered and in many cases new implementations are necessary.

What You Need to Know About Localization Testing

Posted on January 3, 2018 by tbsupadminnxtbackendacc

Localization testing is a software customization process in which a product or application that was earlier designed for a particular market can be made available to foreign markets. Its all about quality checking the localized version of a product. Principles of this method are concerned to check if your product is in line with the locale settings that are governed by the culture of the geographical location that will be native to your product.

Localization testing, as you have just understood will require the translation of all native language strings into the targeted languages. Along with the target language requirement, your product should also look into Graphical User Interface (GUI).
Content and GUI are the two parameters that come under the umbrella of localization testing with efforts directed to match your product with the innate requirements of your target market. In a nutshell, localization testing is mainly concerned about quality checking the parameters linked to linguistics, content or UI, culture and all those that are dictated by the geographical placement of your product.
A Testing Concept That Surpasses All Language Barriers
A tester who has the source code commonly written in English will perform the same set of test cases on both the localized and source codes; simultaneously.
Say for example, you are launching a Chinese product and wish to test it as part of your localization activities. You don’t need a tester who is proficient in speaking the official Chinese language of Mandarin Chinese or Standard Mandarin.
You can assign the testing job to a tester who can test your Chinese product with the code written in English and execute a set of test scripts on it; without any hassles. He will ensure that the localized product will behave exactly the way in which the English version was designed.
The Requirements of a Localization Tester
You should understand the fact that localization testing is conducted once functional testing is completed. Localization testing is conducted by testers who do not follow any of the testing languages. Such testers who are tech-savvy simply add the native language of the locale to your product mix. They are also concerned about all the parameters that will impact the usability and functionality of localized platforms.
Localization testers thus ensure that the local version looks, feels, behaves and functions exactly the same as the source version. The only difference is that your product mirrors the native language linked to the locale in which it is launched and operates.
A Localization Tester should:

Demonstrate some technical expertise
Understand and identify issues that fundamentally come along with the software during localization
A skill to holistically identify key differences in languages so that he/she can spot a number of issues that emerge due to localization

Scope of Localization Testing
You may have the opinion that functional, linguistic and localization testing procedures are entwined. But, it is not the case. They are distinct procedures that need different types of testing resources. Hence it is important that you have a clear and precise understanding of each and every testing procedure, with specific reference to Localization testing which is now the topic of discussion.
Below are the various issues that can be tackled by Localization Testing.

Defects in the user-interface and layout including redundant or missing controls, overlap of content and issues concerning alignment
All the non-functional features of your product
Since the content of a localized product is assembled dynamically, Localized Testing procedures will identify the presence of jumbled dialog boxes and scrambled web pages
Bugs in concatenated strings and strings which are composed using placeholders, can be unveiled
You can also address the issues concerning text expansion, namely text bleeding and truncations with Localization Testing procedures
When you experience a problem with all the extended characters in accepting a tested system
Any issue concerning the “search and replace” functionality
You can rectify incorrect formats of calendar along with date and time that should match your geographical locale
When you encounter and have to manage files with extended characters featuring in their file name or directory path
Localization testing allows you to sort issues concerning the language and grammar of your target market
You can effortlessly rectify the bugs in converting from different currencies to your home currency along with the inclusion of the monetary symbol of your country or area in which your product operates
You can check for consistency in messages along with online help that is offered to your customers
Printed documentation and command key sequences can be also checked
Scenarios concerning Windows applications mirroring redundant or missing hot keys can be tackled
When your product is battling incorrect metric conversions with unmatched numeric formats, negatives and separators
Input, display and system requirements can be checked against the demands your environment comes up with along with confirming their adherence
While you can unveil and fix typographical errors, you can also check the usability of the UI
Localization testing procedures handhold you to assess your product to check whether it is matching the cultural requirements of your target market
To identify and address scenarios which have omitted politically sensitive content; the significant part of your product
Along with checking for the appropriateness of video content, you can also ensure the adherence to basic parameters like keyboard, mouse, operating system, audio interface language and accent

The Importance of Localization Testing To Your Global Business Model
The premise behind localization testing is to introduce a product that delivers functionalities in accordance with the demands of the target language. Calling digital marketers across the globe to spend time and money on localization, localization testing should only come as a revenue-saver.

If your product is released with a number of language-centric bugs, it does not do you any good except showing your product in a bad light to global customers. Hence, the onus is on localization testing to ensure that your product is error-free so that customers across the globe will embrace and patronize it.
You should also be wary of the fact that you can expect bugs even after you have localized your product. Which means localization testing is the only instrument that helps you steer clear of the issues that can cost you a fortune if they are remain undetected. This way, localization testing procedures ensure quick and budget-friendly means to fix issues and come up with a localized product that is user-friendly in more ways than one.
Final Thoughts
All in an attempt to come up with a holistically interpreted product that matches the cultural and geographical needs of your target market, you should strive towards the implementation of appropriate business processes.
You should also be watchful of governmental and regulatory requirements that are innate to every geographical area. Thus, it is a big task to localize your business logic so that consumers across the globe patronize your product and bestow you with a good return on investment.

15 Popular Testbytes Software Testing Blogs of 2017

Posted on January 2, 2018 by tbsupadminnxtbackendacc

As the year progresses, software development industry showcases new changes which is adopted by the software testing companies. To keep up with the pace, its important to know everything about the technology and here we have listed the 15 top blogs from Testbytes in 2017 that will help you in some or the other way in issues related to software testing.

13 Major Bug Tracking Software Tools 2018
To deliver quality software its essential to track bugs or issues. And for this a bug tracking software can help you report, capture and manage bugs. With many software tracking tools related blogs, this one will manage to stand out with a strong emphasis on the top 13 bug tracking tools.
10 Websites that Every Tester Needs to Go Through in 2018
Being a software tester or someone working in software development, its important that you are well versed with all the technicalities that are happening in the field. As the year ends, we have shared a list of top 10 websites that every software tester must visit and go through in 2018.
6 Trends Currently Reshaping the Software Testing Industry in 2017
As technology keep rising day by day, the skills of software testers are challenged making it hard for them to continue with the pace. This blog show cases the top trends that can reshape the methods in a software testing industry.
How to Create Test Cases in Android Application
Test case is believed to be a condition or a variable that is checked by a tester to ensure that the test under work satisfies all the specified requirements. And this blogs deals with the crucial steps that one needs to perform to create test cases for an Android application.
Top 13 Myths Surrounding Software Testing
As the process of software testing involves several testing procedures it is also surrounded by a number of myths which may or may not impact the process of software testing. But its important to debunk these myths, and this blog will help you on that note.
5 Major Benefits of Using a Bug Tracking System
Any incorrect issue, be it in the design, specifications, coding requirements or anything related to the software program is known to be a bug. Over the years, the number of bug tracking tools has increased and this blog explains the major benefits of using a bug tracking system.
What are Alpha, Beta, and Gamma Testing [Pros and Cons Included]
Every software release lifecycle consists of different stages-alpha, beta & gamma, that in turn describes the stability of the software. This blog from our list this year will let users understand the aspect of each phase of software testing.
5 Major Types of Test Automation Frameworks
As the major benefit of test automation frameworks is that it is dependent on the app and according to the application changes can be made to the framework. And this blog gives the major five types of test automation frameworks that you need to know.
Top 11 Open Source Security Testing Tools for Web Applications
Hacking of a website or an application is a common thing seen around these days and to stay away from this its definite that you need to put in some effort. And this can be made practical by using open source security tools and the top 11 has been listed in this blog.
5 Types of Regression Testing Methods You Should Know
Bringing changes to your systems and products by time is a usual factor. Regression testing, is one such testing method that checks whether the system functionalities works the same along with the driven modifications. This blog portrays the general regression testing methods and benefits that one should know.
11 Steps to Configure Email Notifications Using Jenkins
Email and email notifications are an important aspect in every businesses. And these days you have several plug-ins available as free and paid which helps you to configure email notifications. The main objective of this particular blog is to showcase the steps in email configuration.
How to Find Bugs in Game Testing
As any other application, its important to test a game from the very starting stage to avoid issues in future. This blog goes through the different methods to find bug in games thus, creating a hassle-free user experience.

6 Types of Software Testing Models
In an entire software development lifecycle, testing is a crucial step to be performed. In this, you have various testing models where each one of them have different benefits. And this blog goes through various testing models with their advantages and disadvantages highlighted.
9 Different Types of Game Testing Techniques
Game testing is the final step in a game development process and it is in this step its determined that the game you created is working properly. So, do you want to know about the types of game testing methods? This blog contains details on some of the main game testing techniques that can be implemented in a software.
11 Emerging Trends in Software Testing 2018
From the past few years, software testing methods have grown drastically with the emergence of latest technologies. As technology grows, there is an increased demand in specialized skills among testers. So, this blog will certainly help you to watch out for the emerging trends in 2018.
The technological advancements in software testing run on a high pace and thus the organizations and testers are forced to increase their skills and product quality rhythmically. We, at Testbytes will keep you updated through our blogs with all the forthcoming changes this year…
Stay tuned to testbytes to have more details on technological aspects in software testing!

Roles & Responsibilities in a Software Testing Team

Posted on December 26, 2017 by tbsupadminnxtbackendacc

Software testing is an essential part of the software development life cycle (SDLC). Playing a significant role in defining the success rate of a particular product, owing to the same reason the software testing team plays a crucial role even after the product’s development is completed
Therefore, it is important to ensure that this software testing team includes a perfect mix of talented as well as capable professionals who are also domain experts.
Being experts in the problem domain make it easier for them to create such test scripts that make it easier to identify the problem in the product.

While every company follows a different structure of the testing team, there are a few members who are common in every structure and fulfill the expectations of the team. This includes:
1. QA Leader:
QA Leader is the most important member of the testing team. While it is extremely crucial for him/her to have a clear understanding of the testing process or methodology. It is also essential for him/her to be familiar with the varied test-program concerns such as test environment and data management, trouble reporting and resolution, etc.

The Main Roles and Responsibilities handled by the QA leader are:

Acts as a point of contact for inter and intra departmental interaction
Represents the software testing team as well as enables customer relationship
Deciding the test budget and schedule
Identifying the testing activities for other team members like testers or test engineers
Planning the entire testing process
Checking the availability of the resources to execute testing activities
Identifying if the process of testing is going in sync with the software development
Preparing the status report of testing activities
Sharing updates on testing with the project manager
Planning pre and post-test meetings

Salary of A QA leads leading IT booming countries

India – Rs. 659000 – 1230000 / year
USA – $50,000 – $ 104,000 / year
Singapore – S$ 3000- S$ 6,000
Canada – CA$65,000 – CA$97,000
Hong Kong – HK$58,000

2. Test Lead
With a clear understanding about the applications business area and its requirements, a test lead is a person who is also familiar with the varied test-program issues such as test data management, test design, and test development.
His/her expertise in numerous technical skills such as programming languages, database technologies, and computer operating systems also enable him/her to deliver the best at his/her job.
The Major Role and Responsibilities of a Test Lead include the following:

Technical expertise related to the test program and approach.
Provides support for customer interface, staff planning, and supervision, as well as progress status reporting.
Validating the quality of the testing requirements such as testability, test design, and script, test automation, etc.
Staying updated about the latest test approaches and tools
Assisting the software testing team to be aware of the latest trends in the world of software testing.
Arranging walk-through for test design and procedure.
Implementing the test process.
Ensuring that test-product documentation is complete.

Salary of Test leads in IT booming countries

India – Rs. 549,000 – Rs. 1525,000
USA – $73,000 – $92000
Singapore – S$103,000
Canada – CA$42,000- CA$105,000

3. Test Engineer
The role of a test engineer is to determine the best way to create a process that can enable one to test a particular product in the best possible manner.
Test engineers can have different expertise based on which they are assigned a role in a company.
Some of the common test engineers working in an organization are as mentioned below:

Know More: 21 Best Programming Movies Software Testers must watch

a) Usability Test Engineer
These engineers are highly proficient in designing test suites as well as have a clear understanding of the usability issues. With excellent interpersonal skills, they are also skilled in test facilitation. Some of their common job roles include:

Designing the usability testing scenarios
Administering the process of usability testing
Developing test-product documentation
Participating in test-procedure walk-through

b) Manual Test Engineer
With a clear understanding of the Graphical User Interface (GUI) design and its standards, manual test engineers are highly proficient in designing test suites and various testing techniques. Some of the major responsibilities of these engineers include:

Using associated test data to design and develop test procedures and cases
Manually executing the test procedures
Attending test-procedure walk-through
Following the required set standards

c) Automated Test Engineer
Also known as Automater/developer, these engineers also have a good understanding of the GUI design and software testing. They can also be relied upon for designing the effective test suites as well as efficiently working with test tools. Some of the common roles handled by them are:

Designing and developing test procedures on the basis of requirements
Following rest-design standards
Attending test procedure walk-throughs
Executing the tests and preparing reports for the same.

Salary of Test Engineers in IT Booming Countries

India – Rs. 284,000 – Rs. 799,000
USA – $ 71,000 – $ 107,000
Singapore – S$46,000 – S$75,000
Canada – CA$49,000 – CA$85,000

4. Network Test Engineer
With a high level of proficiency and expertise in a variety of technical skills such as programming languages, database technologies, and computer operating systems, network test engineers are good at product evaluation and integration skills.
Their Major Roles at an Organization include:

Performing network, database, and middle-ware testing
Developing load and stress test designs, cases and procedures
Implementing the performance monitoring tools on an ongoing basis
Conducting load and stress test procedures

Salary of Network Test Engineers in IT booming countries

India – Rs. 477,000 – Rs. 946,000
USA – $56,000 – $91,000
Singapore – S$39,000 – S$52,000
Canada – CA$58,000

5. Test Library and Configuration Specialist:
This job role requires one to have a network, database, and system administration skills along with expertise in technical skills including programming languages, database technologies, and computer operating systems. Their major job roles include the following:

Managing the test-script change
Maintaining test-script version control
Upholding test-script reuse library
Creating test builds, wherever required

6. Tester
Having a sound knowledge about various concepts involved in test designing and execution methodologies, a software tester is the one who is able to interact efficiently with the development team. His/her major roles as a part of software testing team includes:

Designing the testing scenarios for usability testing
Analyzing the testing results and submitting the report to the development team
Creating test designs, processes, cases and test-product documentation
Conducting testing as per the set standards and procedures
Ensure that the testing is carried out as per the defined standards and procedures

Salary of Testers in IT booming countries

India – RS. 184,000 – Rs. 782,000
USA – $39,000 – $87,000
Singapore – S$31,000 – S$69,000
Canada – CA$36,000 – CA$81,000

Conclusion
While it is crucial for every member of the testing team to fulfill his/her job responsibilities diligently, it is also important to ensure that the software testing team is properly structured and has well-defined responsibilities. Making testing a fun task instead of a serious job responsibility.

Penetration Testing Tutorial: Stages, Types, Methods & Tools

Posted on December 20, 2017 by tbsupadminnxtbackendacc

Penetration testing or also known as pen testing is the process of simulating real attacks on systems or networks to access the risks associated with potential security breaches. During pen test, testers not only discover vulnerabilities but also exploit them.

Pen testing is mainly attempting to breach any application systems, protocol interface etc. to uncover vulnerabilities, such as codes that are susceptible to attacks. Penetration testing which is generally ethical hacking is a necessary in-demand skill for testing an organization’s defense systems.
Why do we need to perform Pen Testing:

To uncover the critical vulnerabilities within your network systems
It can provide an overview of an organization’s exploitable vulnerabilities and include recommendations on how you can optimize the protection levels
Reveal problems that were not known
Prevent business interruptions, loss and protect brand image
Find both known and unknown hardware/software flaws which can be identified and fixed using automated tools
Assess and validate the efficacy of an organization’s defensive mechanisms

Stages of Penetration Testing:
As penetration testing is very much technical and complicated, it needs to be split into different stages. Lets take a brief look:
1) Planning & Setting your Goal: In this phase, you define the scope and goal of the test to be carried out including, addressing the system on which the test is performed and finalising the steps for the test. You need to also understand and gain knowledge about the network, domains and the server to identify how the target works on potential vulnerabilities.

2) Scanning Phase: During this phase, it becomes clear to the tester that how the target app will respond to the intrusion attempts. This is basically done in 2 ways:

Static Analysis: Inspect an app’s code to see how it performs in a running state
Dynamic Analysis: Provides a real-time view of how an app performs

3) Selection of Proper Pen-testing tools: Choosing the right tool, requires mere intelligence, a little bit of luck and lot of patience. Rather than just going for quality and checking whether it fits to your job, its essential to note that it doesn’t contain any sort of malware or codes that could in-turn hack the tester.
There are plenty of tools available online for free but note to double check as most of them may contain malware and mostly undocumented back doors. But the best pen testers always go for their own written codes and tools as they don’t trust on free sources.
Eg: Nmap, Aircrack-ng, Wifiphisher, Burp Suite, OWASP ZAP etc.
4) Gaining Access: This stage is basically about using web apps like SQL injections, cross-site scripting, back doors etc. to uncover the target vulnerabilities. Once the vulnerabilities are found, testers try to solve them by intercepting traffic, escalating privileges or by stealing data.
5) Maintaining the Access: In this stage, the pen tester tests whether the vulnerability can be used to achieve a persistent presence in the exploited system. This is done to imitate the advanced persistent threats that remain for months or even years in a system to steal the most sensitive data from an organization.
6) Analysing the System: The results like the number of vulnerabilities exploited, the intensity of the sensitive data that could have been accessed and the total time the pen tester could spend within a network system without being detected is checked and documented.
Types of Penetration Testing
The type of penetration testing generally depends upon the scope of the goal to be attained or the testing is simulated against the employee, internal resources or external sources. On the basis of this, penetration testing is mainly of 3 types:

Black Box Testing: In this case, the tester needs to collect all information regarding the system before he/she starts working
White Box Testing: Here, the pen tester is provided with almost all details regarding the system such as IP addresses, source codes, OS details etc.
Grey Box Testing: In this, the tester is provided with partial knowledge about the system

Penetration Testing Methods
By analysing different methods of attacks that might affect an organization, there might be different methods of penetration testing:
1) External Testing: This targets the assets of an organization that is visible on the internet. So the main aim is to gain access and also extra valuable data.
2) Internal Testing: Here, the tester with the access to an app behind its firewall is simulated by an attack by the malicious insider.
3) Blind Testing: In this case, the pen tester is only given the name of the organization, so that the system security personal gets a real-time look at how actual app assault happens.
4) Double Blind Testing: In this type of attack, the security personal within the organization would have no idea regarding the assault same as like it happens in real attempted breaches.
5) Targeted Testing: In this testing, the pen tester and the security personal both work together regarding the vulnerabilities. This is quite a valuable method as it offers instant suggestions from the hackers point of view.
Penetration Testing Tools
Penetration testing is the process which is undertaken by testers to find vulnerabilities in your systems before the attackers intrude in. The different pen test tools can be broken down into major categories like:
1) Port Scanners: Tools in this category typically gather information and personal data about a specific target from a remote environment.
2) Vulnerability Scanner: These tools are used to find if there is any known vulnerabilities in the targeted system. This is again subdivided to:

Host-based
Network based

3) Application Scanner: These type of tools checks in for any type of weakness within the web-application (eg: Ecommerce apps)
Below we have listed a few tools that can be used for simple assessments or even complex tasks in which some are got for free and some require licence payments.
1) Aircrack-ng: This is a full suite of wireless assessment tool that covers attacking(cracking WAP & WEP) and packet capture.
2) SQLmap: This is an automated SQL injection and database tool common and widely used in platforms -MSSQL, MySQL, Access, PostgreSQL, SQLite etc.
3) THC-Hydra: It is generally known to be a network login cracker that supports several services and it isn’t very complex to handle.
4) Metaspoilt: One of the most popular and advanced framework that is based on the concept of ‘exploit’ that is you pass on a code that cause breaches and enter the system.
5) Nessus vulnerability scanner: This is one of the most commonly used pen tool worldwide to identify vulnerabilities, malware that attackers use against your system and even policy violating configurations.
6) WireShark: Also known as Ethereal, this is a network analysis tool that captures packet in real time and displays the results in human readable format codes.

Conclusion
As high-profile data breaches continue to dominate the headlines, the attitude of enterprises towards cyber security have also started shifting. As a result, there is an increased focus on detection and remediation strategies today. But, sophisticated security strategies only work out if the process, technology and people put in their inputs together to test and identify whether there is any weaknesses left open.

Top 13 Myths Surrounding Software Testing

Posted on December 11, 2017 by tbsupadminnxtbackendacc

Software testing is a process of executing a program to identify/detect bugs in a software program. The process involves testing a program to verify that it meets the set business standards and requirements. While it is true that software testing forms to be the most crucial step in ensuring the delivery of superb quality product, the process is also surrounded by a number of myths.

Although these myths may not directly impact the process of software testing, it is important to debunk these myths so that each member of a particular software development team is aware about its benefits and importance.
Read on as we debunk the 13 common myths that are associated with the process of software testing:
Myth #1: Testing is an expensive process
Reality: This holds true only in situations when it is tried that the cost of a particular product is reduced by avoiding this process. But, it is important to understand that saving the cost in such an inappropriate way can lead to higher cost later due to high maintenance or rectification costs. Moreover, it can also lead to the development of an improper product design, poor product performance, etc.
Myth #2: It is a time-consuming process
Reality: Testing a product during its development phase is never a time-consuming process. It rather, saves the time of entire team by early diagnosis and fixing the errors at earlier stages of development.
Myth #3: Testing is possible only on completely developed products
Reality: While this holds true that the process of testing depends on the product’s source code, but the testing team can always review its requirements as well as develop the test cases even without the developed code. Moreover, breaking the entire development cycle of a large product (iterative approach) can help in reducing the dependency of testing of the final product.
Myth #4: Complete Testing is Possible
Reality: Thinking that complete testing of a product is possible is a common misconception. This is because the testing team can test numerous paths during the software development life cycle but there can still remain certain aspects that can only be tested once the project is completed and deployed.
Myth #5: There are no bugs in a tested product.
Reality: There can never be a surety or guarantee that a particular software product is free from errors or bugs. This is because a software product is always at a risk of having some or the other form of errors even if it has been tested by an experienced tester with excellent testing skills.
Myth #6: Testers are to be blamed for missing bugs.
Reality: Even though it’s is true that an inappropriate testing strategy may result in missing out on bugs, it is unfair to put the entire blame on the testing team. Such mistakes commonly occur due to uncertain changes in time, cost and requirements of the team.
Myth #7: Quality of the product is the testing team’s responsibility
Reality: Ensuring optimum quality of the product is not entirely the testing team’s responsibility. The role of testers is to detect bugs and let the stakeholders know about them. It is, then, their responsibility to get those rectified and ensure that the product is not released in the market without fixing these errors.
Myth #8: Using test automation wherever possible helps reduce the testing time
Reality: It is undoubtedly true that test automation saves time but saying that it can be used at any stage of SDLC is incorrect. Test automation should be started only when the product has been tested manually and is stable. Using it even when the requirements keep on changing is not correct.
Myth #9: Testing a software product does not require expertise
Reality: While the professionals in the IT sector are well-aware about the intricacies involved in software testing, there are many others who believe testing to be an easy job. They believe that testing does not require any specialized skills and can be conducted even by a layman. It is important for them to think about the criticality of the situation when a software crashes and there is a need to identify bugs.
Myth #10: Testers only responsibility is to find bugs
Reality: Identifying the bugs is not the only responsibility of testers. As compared to the developers who are specific component experts, testers are the one who are aware about the overall functioning of the software, the way in which one module is dependent on the other, etc.

Myth #11: Developers do not test a product
Reality: It is untrue to say that developers are only responsible for writing the code. Testing the product is the testing team’s responsibility. As contrary to this belief, developers are the one who conduct unit and integration testing on the product and ensure that the product is able to deliver optimum performance before it is handed over to the testing team for thorough testing.
Myth #12: Software testing is a mundane job
Reality: This statement holds true only if a tester is performing his/her job incorrectly. In reality, software testing is an information gathering job that is done to find answers to such questions about the software that no one has ever asked. And to find the answers, software testers need to study, explore, observe and analyze the product thoroughly which, in turn, makes it an interesting job.
Myth #13: Software testing implies clicking randomly
Reality: Considering testing to be a job that involves clicking randomly on the UI and tracking the results generated in a document is not appropriate. This is because testing is actually a well-defined approach that is followed to identify all possible bugs in the program. And clicking randomly cannot identify the bugs and errors appropriately.
Conclusion
The method of software testing has moved on and we all live in an era of frequently changing technology. Rather than avoiding the process of testing, we should focus on the increasing complexity of the apps which can further generate errors within a software.

What is V-model and W-model in Software Testing

Posted on December 8, 2017 by tbsupadminnxtbackendacc

V model and W model are two of the most important models that are followed in the process of software testing. V Model, also known as Verification and Validation Model, is similar to waterfall model that follows a sequential path of execution of processes. Waterfall model is a linear sequential design approach in which the progress flows in one direction.
On the other hand, W model is a sequential approach to test a product and can be done only once the development of the product is complete with no modifications required to be done in between.
This type of testing is most suitable for short-term projects as medical applications.

There are a number of other ways in which the two models are different from each other. Read on to know and understand the difference between the two models in detail.

V-Model

Devised by the late Paul Rook in 1980s, V-model was developed with an aim to improve the efficiency and effectiveness of software development. The model was accepted both in Europe and Asia as an alternative to waterfall model.

V-model is a step-by-step process in which the next phase begins only after the completion of the present phase. The steps in this process do not move in a linear way. Instead, the steps in this process are bent upwards. When this model is compared with the waterfall model, there are larger chances of emphasizing on products testing.
If this model is used to test a product, there is an assurance that the final product developed will be of high quality.

Phases of V-Model

The phases of V-model includes verification, coding, and validation that are further divided into different stages.

1) Verification phase:

The verification phase of V-model includes business requirement analysis, system design, architectural design, and module design.

Business requirement analysis is the stage of having a detailed communication with the customer so that it gets easier to understand and comprehend his/her exact requirements. It is beneficial to complete acceptance test design planning at this stage.
System design stage involves understanding and detailing out the entire hardware and communication setup for the product being developed. System test design can also be planned at this stage.
Architectural design stage involves understanding the technical and financial feasibility of the product before it is actually developed. The focus is to understand the data transfer that will take place between internal and external modules.
Module design stage focuses on designing a detailed plan for the internal modules of the system. Also known as low-level design (LLD), it is important to ensure that the design is compatible with other modules in system architecture and other external systems.

2) Coding Phase:

During this phase, the actual coding of the system modules is taken up. On the basis of system and architectural requirements of the program, the best suitable programming language is selected using which the coding is done at par with the coding guidelines and standards. The code is then reviewed and optimized to ensure the delivery of best performing product.

3) Validation phase:

During this phase, the product undergoes various forms of testing.

Unit testing is conducted at an early stage so that the bugs are eliminated at the starting stages of product development.
Integration testing is done to check whether there is a valid and proper communication within the internal modules of the system.
System testing enables the testing of the entire system and to ensure if the internal modules communicate effectively with the external systems.
Acceptance testing is done to test a product in the user’s environment and to check if it’s compatible with the other systems available in the environment.

Advantages and Disadvantages of V model

Advantages of the V model

Simple and easy
Systematic
East to track
Testing starts from requirement phase itself
All the Functional Areas can be covered
Instructions and recommendations included
Detailed explanations of problems
Defects can be found at an early stage
Works well for small projects

Disadvantages of the V model

Not flexible
Regular updates required if changes in the project are required
Can’t be used in complex projects
No scope for risk management and mitigation
One the project is over its end

When to use the V model?

Mostly used in the smaller level project with budget constraints
Can be used when the testing time is less
When you have enough senior and experienced testers
Optimum for projects which will not have any changes in between the project

W-Model

Introduced by Paul Herzlich, W-model signifies the one-to-one relationship that exists between the documents and test activities.

Using this model helps in ensuring that the testing of the product begins from the very first day of the product’s development.
This model is known to deal with the problems that could not be resolved using V-model.

Phases of W-Model

Using W-model helps in ensuring that each phase of the product development is verified and validated. W-model can be divided into a number of stages that includes:

Building test plan and test strategy to ensure that the product delivered is tested rigorously before delivery.
Identifying the scenario for the product.
Preparing the test cases using specification and design documents.
Reviewing the test cases and sharing an update on the basis of review comments.
The product is then sent for testing using various testing methodologies such as unit testing, integration testing and specification-based testing, etc.
Once the product is tested rigorously, it, then, undergoes regression test cycles and user acceptance testing.

Know More: 11 Differences between verification and validation in Software Testing

Advantages and Disadvantages of V model

Advantages of the W model

Testing can run in parallel with development process
No division between constructive and destructive tasks
Often Developer is responsible for removing defects

Disadvantages of the W model

Complex to implement
Resource allocation might not be sufficient in most of the cases
Testing have equal weightage as many activities in the development process

When to use the W model?

When there are much more activities to do
Performed when the V model is not enough
Can be implemented Technical design, architecture and functionality comes to the picture

Conclusion

While it is true that the V model is an effective way to test and reveal results for dynamic test cycles, W models are more effective and help one get a broader view of testing.

The connection that exists between various stages of testing is much clear with W Model.
One must choose wisely as the game is not about choosing a v model and w model but delivering an optimum quality product.

Explain the Heuristic Test Strategy Model

Posted on December 6, 2017 by tbsupadminnxtbackendacc

Heuristic test strategy model is the set of patterns that are used to design a test strategy for a particular product. To be used predominantly by professional testers with an aim of self learning, a heuristic model particularly includes a project environment with numerous testing techniques that help in identifying the product’s quality criteria and product elements.

Some of the key areas of heuristic model are as mentioned below:

Project environment is a set of resources and limitations related to the project that may impact the entire process of testing.
Product elements are the elements or specific areas of a product that the testers intend to test. The aim behind this is to include all relevant and important areas that require attention.
Quality criteria are the specific rules, ethics and sources that assists testers in identifying if a product has some issues or not.
Test techniques are the methods used to create tests for a product. These involve analysis and study of project’s environment, product elements and quality criteria.
Perceived quality is the result attained after conducting tests on a product. This involves applying of various testing methods, which enables one to reach a conclusion about the product’s quality.

Common Testing Techniques
Since heuristic is an observation-based model that evolves over time, there are a few other techniques that can be applied universally in every sphere. These include the following:

Function testing

This type of testing is used to identify the functions performed by a particular product. It involves testing each component of the program to validate its functions and sub functions.

Domain testing

To conduct this type of testing, the user decides on the type of data to be tested for different functions along with several other aspects such as typical values, invalid values, convenient values, etc.

Stress testing

This type of testing aims at testing the product’s functionality under different stress situations. The conditions selected can be varied such as complex data structure, high load, long test runs and low memory conditions.

Flow testing

Conducted to check the entire flow of the program, flow testing is based on establishing connection between activities.

Scenario testing

This type of testing is done to check the product on the basis of all the possible situations and circumstances. Conducting this helps in identifying the way in which a product would respond in different situations.

Claims testing

This testing is done to verify the various claims made about the product in magazines, advertisements or any other place.

User testing

Conducting this type of testing helps in determining the ways in which a user interacts with the system. The aim behind this type of testing is to be at the users place and test the product from his/her perspective.

Risk testing

This type of testing is used to check the way in which a product responds in a particular circumstance or situation. Designing of appropriates test cases based on the issues identified is an important part of this type of testing. The best test cases can be prepared after seeking help from past test reports, design documentation, etc.

Automatic Checking

This type of testing enables one to conduct automated testing of a product. It is important to ensure that the tool selected for automated testing enables one to partially automate test coverage, use automatic test data generators, etc.
Things to consider before conduction heuristic testing
It is important to keep certain key factors in mind before conduction this form of testing. Some of these include:

The purpose of the project as interpreted by the user as well as the tester
Information needed to conduct the test should be precise and concise
Relationship between tester and developer
The team members who will be conducting or supporting the test
The sequence and duration of product events

Selecting product elements
While performing a test, it is important to ensure that all the unique and important aspects of the product are taken in focus so that there is no bug that is missed. Some of the product elements that are important while conducting a test are:

Structure of the final product
Functionality delivered by the product
The data used by the product and to be used while testing the product
Interfaces that are used to access the product/system
Identifying the ways in which product will be used
Defining quality criteria such as reliability, usability and scalability

Conclusion
Testing a product involves a lot of challenges. Therefore, it is important to have well-defined strategies that can enable one to deal with such challenges and situations. Since heuristic model is one such strategy, implementing some new rules and focusing on developing some better products can enable one to deliver much-better products.

Performance Testing – Types, Stages, and Advantages

Posted on November 24, 2017 by tbsupadminnxtbackendacc

Performance testing has proved itself as a crucial success factor of projects with an aim to demonstrate an application which works as per benchmarked specification within a given response time and on a practical database.

It actually enables developers to elicit the diagnostic information needed to eliminate bottlenecks in the performance of a system or software or application in users’ system. In otherwise it determines the readiness of the system to third party use.
Type of Performance tests
Performance testing is a comprehensive terminology. It entails five types of tests such as performance testing, load testing, scalability test, volume testing and stress testing.
1) Performance testing
This is the first task and it includes testing each part of the system to detect which part is slow. Based on the results of this test, efforts are made to make the response faster.
2) Load testing
This test is done to test whether the application or system is user ready in terms of expected load or not. The applications performance is examined by the response time it takes for a specified user load.
3) Stress testing
The test is done to understand at what level of stress or user number, the system starts generating errors and whether it is able to come back online after a massive spike in user number or a crash. The time taken to come back online is another factor to reckon with in this test.
4) Scalability testing
Scalability testing is done to ensure that the software is handling increasing workload effectively. This is done by gradually adding work load or users and continuously monitoring performance of the software or application.
5) Volume testing
This ensures how effectively the system is able to handle a large amount of data. That is why, it is also known as flood testing. The data is then gradually increased with the apps usage.
Performance Testing Stages
There are basically 7 important steps in performance testing.
1) Identifying the testing environment:
The testing team has to identify the hardware, software, network configurations and tools needed to start the test. This may include the actual production system or a replica of the same. Sometimes a subset of the production system with same or lower specification is also used.
2) Identifying the performance metrics:
Performance metrics is very important which determines the parameters on which the performance has to be tested. The metric must include response time, wait time, average load time, peak response time, error rate, concurrent users, throughput, request per second, CPU utilisation, memory utilisation, constraints etc. The success criterion differs from application to application. Therefore, corresponding success criteria must be included in the metrics.
3) Planning and designing the test:
At this stage the test team has to identify test scenarios taking into account variability of users, test data and testing parameters. This may lead to creation of more than one model for testing.
4) Configuring the testing environment:
At this stage the testing environment consisting of hardware, software and testing instruments needs to be prepared to monitor the performance of the application or system.
5) Capturing the data:
When everything is ready testing is begun and the data captured on different parameters is captured for analysis.
6) Analysis and report generation:
The data captured in the previous step is analysed and shared with the team. Based on the analysis corrective action is taken to rectify the problems.
7) Retesting:
The test is again performed on the same parameters to test if the rectification work is sufficient or needs fine tuning. Once this is found to be okay testing is carried out using different parameters and rectification, if needed, conducted.

Advantages of Performance Testing
Performance testing helps to –

Assess the amenability of the system to growth
Identify weak points in the architecture
Detect bugs in the software that could not have been identified otherwise
Tune up the system
Verify resilience and reliability of the system

When Should Performance Testing be Performed?
To save money and time, performance testing should be done early in the application or system development life cycle. This helps in testing the basic technology such as network performance, load balancing, application server performance, database server performance and web server performance. However, this should be done with expected load levels.
Detecting and correcting a performance problem after the website has gone live can be a prohibitively costly proposition for you. As soon as all the web pages are built and working load testing should be initiated. Thereafter, every time a module or part of software or application is implemented it should be tested for performance.
Conclusion
To avoid delay and cost overrun the best practice to be adopted is testing the application early in its development cycle. So individual units or modules should be tested for performance as and when these are complete.
Moreover, a single test does not resolve all queries. So repeated, but smaller tests need to be performed to come up with a robust system.

A Guide on Game Testing Methodology

Posted on November 22, 2017 by tbsupadminnxtbackendacc

Game testing is one of the most crucial steps that help in ensuring optimum quality and performance in the final product. A subset of game development, game testing helps in maintaining quality control of the desktop and mobile games. Game testing methodology aims at identifying the bugs and maintaining documentation of the software products. It can be performed in 9 different ways that include:

1) Combinatorial testing
Used as a method for commercial software testing, this type of testing is used to generate test cases and is also beneficial to improve the efficiency of test execution, quality, cost and phase containment.
2) Clean room testing
This helps to ensure the reliability of the gaming software. Working on the basis of mathematical reasoning, design refinement and statistical reasoning, the aim of conducting this type of testing is to generate a product with minimal errors.
3) Functionality testing
This is done to confirm whether the product developed works in accordance with the specifications. Aimed at identifying errors that affect user experience, this type of testing is time taking as it looks for issues related to game play, graphics, audio and visual.
4) Compatibility testing
This testing aims to identify any errors in the product’s functionality in terms of its hardware, software and graphics. Conducting this test helps in validating whether the games user interface is optimized for different screen sizes.
5) Tree testing
Similar to the usability testing, tree testing is a game testing methodology of testing that helps organize the test cases as well as make the right choice of tests that are most suitable for a given set of code changes. It is not necessary to conduct tree testing after designing the page layout as the same can be conducted in advance as well. The best part of this type of testing is that there is no need to prepare any sort of content for testing as the same can be done using a tree (menu) and tasks (instructions).

6) Regression testing
Regression testing is used to check the functionality of those features of the app using test cases that have not been changed. It is also used to check and verify whether introducing any changes has not led to any new errors. Allowing the testers to conduct previously conducted tests, this is important to maintain the product’s quality control as well as detect bugs at the beginning stages of product development.
7) Ad hoc testing
An unplanned testing method that does not follow any flow of operation, ad hoc testing is used to conduct random testing of the app without creating any specific test cases or documents. This type of testing works on the method called “error guessing” and sometimes, even makes it difficult to reproduce the defects as the same are not mapped to test cases.
8) Load testing
This type of testing is used to test a system’s performance under real-time scenario and load. It helps in determining the way in which an app performs when there are multiple users using it simultaneously. Conducting this type of testing helps in ensuring whether the existing infrastructure can ensure smooth running of the game and the extent to which it is scalable.
9) Play testing
Play testing is done by having a practical exposure to the game. Using this method helps in analyzing whether the game’s non-functional features such as difficulty levels, balance and fun are optimum in quality. Developers generally rely on play testing for PC games and character-playing games that help ensure that the particular game performs in a structured manner.
All these types of testing are suitable for different environments and situations. Therefore, it is important to gain a clear understanding about the game being developed so that the right choice of the game testing methodology is done to ensure optimum quality and performance in the final product.
Process of Game Testing
Game testing is one of the rapidly growing industries as per the current market scenario. Growing exponentially due to increased use of applications on mobile and tablets, it is quite difficult to specify a standard testing process. While it is obvious that the process tests a game on various aspects such as performance, usability and endurance, the typical phases of game testing align with the basic SDLC.
The process of game testing can be explained in few simple steps as mentioned below:
1. Requirement elicitation
The process of game testing begins with the detailed understanding of various aspects of the game. This includes its storyboard, architecture, characters involved in game, the concept behind the game, rules that would be applicable and stages. Having this understanding makes it easier for the testers to design an effective game testing strategy.

2. Preparing game testing strategy
This stage involves preparation of a particular form of document that includes the complete details of the game test strategy. The document includes details and sections such as time line, number of testing cycles involved, types of testing that would be conducted, process to record errors/defects, etc.
3. Designing test cases
Testers prepare the test cases that would be used by them to carry out the process of testing. This would include creating of both positive as well as negative test cases. Some common and effective techniques to design effective test cases are critical path test, exception path test, equivalence partitioning, etc.
4. Executing game test cases
This step is extremely crucial as this involves testing of a product in different setting, which, in turn, helps in identifying more errors and bugs in the product. Some of the common testing techniques used are alpha, beta testing, content testing, etc.
5. Recording test results
This is an extremely important step as it helps in ensuring that the product delivered to the client is error-free. Once the tests are conducted, its results are, then, recorded in the form of movie or as screenshots. This, in turn, allows the developers to analyze the products behavior easily and in a refined manner.
6. Maintaining defect log
All the defects/bugs identified during the process are then kept as record. This is done to ensure that the defects that were found are logged, prioritized, categorized and tracked in an effective way. Doing so makes it easier for the developers to choose their next title work.
Once this process is complete, the game is sent to the required censor board for approval. And, if approved, it is released in the market for commercial purposes.
Game Testing Tips
Here are some simple yet effective tips to conduct game testing easily:
• Perform game testing on the entire screen and not its part.
• Testing the game against the rules specified when developing the game.
• Do remember to carry out the test for clipping such as two or more polygon objects overlapping each other.
• Test for inappropriate collision
• Closely monitor the character’s behavior on moving through available objects and all other things.
• Test the loading of the game from another device such as hard drives and verifying if the correct messages are being displayed on screen.
• Verify it the game loading shows an appropriate game loading message to the users.
• Testing if the game leads to memory overload in case the game is left turn on for several days.
Conclusion
Conducting an effective game testing requires one to have a well-defined and well-structured game testing methodology. Since each game’s development process is different, it is important that one has a clear understanding of the same so that it gets easier to conduct testing the way one wants. One must essentially realize the need to conduct these tests as that is what can help fix errors and make one’s life simpler.