OUR COMPETENCY
Functional Testing
Performance Testing
Security Testing
Usability Testing
Compatibility Testing
Bug Tracking
Functional Testing
Type of QA Testing where input and output validations of the feature/functionality is measured/tracked against a set of specific requirement document or specification. Types of test involve testing newly introduced feature in UI, changes/enhancements to existing feature or testing a service based on service specifications. All checks are done against the requirements which have been created in the project management repository. Based on the requirements, test cases are created and execution tasks are performed against the relevant test case. If tests are PASSING, then appropriate status is marked against the test case. If tests do not PASS, then a defect is created against the requirement. After defect analysis and FIX, a re-verification of the defect is done to ensure fix is working properly.
Performance Testing
Performance testing is done to provide stakeholders with information about their application regarding speed, stability and scalability.
The focus of Performance testing is checking a software programs:
Speed – Determines whether the application responds quickly
Scalability – Determines maximum user load the software application can handle.
Stability – Determines if the application is stable under varying loads
Performance testing is important as without this testing, software is likely to suffer from issues such as: Running slow while several users use it simultaneously, inconsistencies across different operating systems and poor usability. For Ex. mission critical applications like space launch programs or life saving medical equipments should be performance tested to ensure that they run for a long period of time without deviations.
Types of Performance Testing are: Load testing, Stress Testing, Scalability testing etc.
In performance testing basic parameters monitored are;
Session Connections: Maximum number of session that can be active
Memory Usage: Amount of memory available to process.
Response time: time from when a user enters a request.
Rollback segment: The amount of data that can be rollback at any point.
Performance Testing Tools: Commonly used testing tools are Load Runner and Proxy Sniffer:
Advantages: Performance testing has proved itself to be crucial for the success of a business. This testing ensures customer satisfaction and help to face financial losses against product failure.
Security Testing
Security testing for any software is mainly done to ensure that the ‘Confidentiality and Integrity’ of software/application is secured. The purpose of the security test is to discover the vulnerabilities within software, to make sure software or website is safe from any outside malicious attacks. Along with that security testing ensures that users who are authenticated and authorized can only access software or can do certain sensitive transaction in an application.
A typical security requirement for software includes specific elements of “Confidentiality, Integrity, Authentication, Availability, Authorization and Non-repudiation”.
Below are various ‘Security checks/Aspects’ that QA needs to test while performing Security testing:-
Password Cracking /Confidentiality:-
In order to log in to the private areas of the application or to access the sensitive data, one can either guess a username/ password or use some ‘Password cracker’ tool for the same. Lists of common usernames and passwords are available along with open source password crackers. If the web application does not enforce a complex password, it may not take very long to crack the username and password. If username or password is stored in cookies without encrypting, attacker can use different methods to steal the cookies and then information stored in the cookies like username and password.
Bizsense QA check all the possibilities in-terms of authentication and authorization and make sure that Software application is safe and secure in-terms of confidentiality.
The application will have to use industry standard encrypting/decrypting techniques to save/retrieve the username/password or any critical data.
SQL/Command Injection:-
SQL injection is code injection technique through which attackers can corrupt application database or can hack/retrieve sensitive data. SQL injection attacks are very critical as attacker can get vital information from server database. Bizsense QA verify each and every text-field, forms in the application and make sure that it is not allowing any SQL command to be executed from the UI. Similarly Web application should handle or render input data correctly when characters like “1=1” or ‘‘are entered from application UI (through textfields or textarea).
Similarly Bizsense QA test ‘Command Injection’ scenarios malicious user can try to enter input data in an application which can be interpreted as an operating system command. This type of vulnerability can allow an attacker to gain full access over the server and the web application.
HTTP Header Injection/ Manipulation:-
Some web applications communicate additional information between the client (browser) and the server in the URL or between third party websites. Changing or editing some information in the URL may sometimes lead to unintended behavior by the server. Similarly someone can manipulate client/server session and cookies to manipulate the server request. This can cause some serious problems. To avoid this Bizsense QA test HTTP header and URL aspects to make sure that application/software can handle such attacks.
-Use of HTTPS instead of HTTP is highly recommended for websites handling financial data.
Cross Site Scripting (XSS):-
As Bizsense tester we always check the web application for XSS (Cross site scripting). Any HTML tag should not be accepted by the application. If it is, the application can be prone to an attack by Cross Site Scripting.
Attacker can use this method to execute malicious script or URL on victim’s browser. Using cross-site scripting, attacker can use scripts like JavaScript to steal user cookies and information stored in the cookies.
Following are some of sample testing scenarios for Security Testing:-
Check for SQL injection attacks.
Secure pages should use HTTPS protocol.
Error messages should not reveal any sensitive information.
All credentials should be transferred over an encrypted channel.
Test password security and password policy enforcement. Password and other sensitive fields should be masked while typing.
Cookie information should be stored in encrypted format only. Password should not be stored in cookies.
Check session cookie duration and session termination after timeout or logout.
Test unauthorized application access by manipulating variable values in browser address bar.
Check if access privileges are implemented correctly.
Test for memory leakage in software.
Usability Testing
- In a usability test, we watch real users working with the product/site, performing tasks that approximate their goals.
- The purpose of usability testing is to discover the ways in which the interface makes it hard for people to accomplish their goals (as well as the things that work well).
- Usability Testing, goes through the following activities: Picking the target user to focus on for the series of tests
Defining the tasks, ask the users to attempt with the interface. Holding a “rehearsal” to prepare for the usability tests. Conducting the usability tests while members of the usability team observe and take notes. Responding to the issues we discover from the tests by making as many changes between tests as possible. Prioritizing the issues in terms of their effect on the success of the next release.
Compatibility Testing
Compatibility is nothing but the capability of existing or living together. In normal life, Oil is not compatible with water, but milk can be easily combined with water.
Let’s look into compatibility testing types
Hardware: It checks software to be compatible with different hardware configurations.
Operating Systems: It checks your software to be compatible with different Operating Systems like Windows, Unix, Mac OS etc.
Software: It checks your developed software to be compatible with other software. For example, MS Word application should be compatible with other software like MS Outlook, MS Excel, VBA etc.
Network: Evaluation of performance of a system in a network with varying parameters such as Bandwidth, Operating speed, Capacity. It also checks application in different networks with all parameters mentioned earlier.
Browser: It checks the compatibility of your website with different browsers like Firefox, Google Chrome, Internet Explorer etc.
Devices: It checks compatibility of your software with different devices like USB port Devices, Printers and Scanners, Other media devices and Blue tooth.
Mobile: Checking your software is compatible with mobile platforms like Android, iOS etc.
Versions of the software: It is verifying your software application to be compatible with different versions of the software. For instance checking your Microsoft Word to be compatible with Windows 7, Windows 7 SP1, Windows 7 SP2, Windows 7 SP3.
Bug Tracking
A good bug tracking system is usually a necessary component of a good software infrastructure and consistent use of a bug tracking system is considered one of the “hallmarks of a good software team. A major component of a bug tracking system is a database that records facts about known bugs. In Bizsense Bug tracking systems are often implemented as a part of integrated project management systems. This approach allows fixing bugs in several product versions, automatic generation of a product knowledge base and release notes.
What We Do and How You Will Benefit
Before starting evaluating bug tracking systems, we make sure to identify requirements for
the system. Understanding these requirements helps to build a list of features helps to guide valuations.
To identify bug tracking requirements, we consider:
- What are the different roles and responsibilities of the people who will use the system?
- What is the workflow for managing and resolving bugs?
- What information do we need to track for each bug?
- What reports and metrics do we need?
We want to track more than just bugs for which we make sure the bug tracking system can be adapted to track other types of issues. A system that is designed specifically for bug tracking could be hard to adapt, so we use system that provides pre-built templates for tracking different issue types. We maintain the bug change histories(audit trails), which allow you to trace who did what to an issue and when (for example, who raised the priority of a bug). We use an end to end project management tool called Rally as our Bug Tracking Systems. The tool provide a configurable workflow that allows us to define the steps in your process and the order of the steps.Workflow is typically modeled as a series of states, such as New, Fixed, and To be Verified. To support process, we add and remove workflow states, as well as define the allowable transitions between states. For example, between Fixed and Closed you may want to add a required Verify Fix state, to ensure that an issue is never closed until after QA verifies the fix. We provide an effective, hosted task and issue tracking application available to any browser on the internet. This allows you to become operational in minutes instead of weeks or months. We provide world-class solutions for bug tracking and project management: unlimited user and project licenses, requirements documents and change requests, individual and project-level task tracking, custom reports, email notifications, custom fields, customizable discussion forum, file system, test case management & logging, and much more! With so many features…Bug Tracking, Requirements, Writing Test Cases, Task Tracking, Scheduling, Management just got easier!
Transform your Business Digitally
We offer a wide range of IT Services and products to enable your Business to grow and transform digitally. Contact us now and get a quote.