Provide Comments to Disabled Tests

At times, you may require to disable an existing test temporarily, if the corresponding functionality of the test is disabled in the application under test or if the test results in an error that could potentially affect other tests. In such circumstances, one should write a comment to the disabled test, indicating details such as the author of disabling, reasons for disbanding the test (defect number, if any), date etc. Such comments become useful when the author/other testers may require to reopen the test after a long time. Though a very inconsequential advice, it can lead to extreme time and resource saving in the future.

Perform an automatic restart of failed tests

In a large number of cases, tests may fail when performed automatically but pass when they are run separately. Such cases may arise due to the use of the application for long durations or other specific issues which need to be investigated in order to find solutions and fix them. At times, such problems also arise because of the specific test environment or the interaction of the automation tool with the application under test. In these instances, tests may hang for no good reason, or worse, report strange errors. In these cases, it becomes necessary to perform an automatic restart of those tests that fail for unknown reasons.

However, sometimes, the tests also fail because of errors in the test itself and performing automatic restart may not solve the problem. In such cases, it is necessary to identify the cause of such errors and fix them accordingly.

Run Scripts Frequently

Usually, every new build requires running tests, but if the tests are unstable or flawed, even correctly run applications may show some errors. Thus, to stabilize your tests, it’s useful to run them as often as possible, as you are more likely to spot the problems and fix them on an immediate basis. It is also necessary to note that running tests each time on different builds may also be redundant. Instead, you can use the same build for multiple runs. This is particularly true at the time of introducing automation when the test duration is less and the number of tests is few, but as the testing progresses, it may become difficult to run all tests. Running frequent scripts is especially useful when a large number of verifications are required or for tests that work for a long while and are dependent on several factors. Such tests must be thoroughly debugged as they must be reliable in future.

Errors in Logs Should Be Informative

Many times, a typical error message may show something on the following lines-

ERROR: incorrect value

In such cases, the text of the error does not disclose any details required to correct the flaws. A number of components are missing in such error logs, including the actual and expected values, place of occurrence of error and actions leading to such error. Hence, while formulating tests, keep such things in mind. If required, you can also arrange the expected and actual values on different lines, one under the other. In this case, it’s also easier to see the differences, especially in the case of long strings.

Take screenshots of the error

A screenshot taken at the time when the error arises is a great tip that could be of great help in performing tests effortlessly. It is especially useful in GUI applications where errors are easier to identify visually or where the application under test is affected by an unforeseen event (for instance, there appeared a system message that caught the focus). If the tool does not have an automatic screenshot functionality in case of an error, you should go ahead and take it manually. Often, tools allow you to take either a screenshot of the screen or a page, and for these actions, you may need to call different functions.

Hence, while you are working with a web application and require a screenshot to be taken, think of the information that you need to be saved. If the content of the entire page is needed, it is convenient to save the entire page. In case you require a screenshot (for example, to not only see the browser window, but also other applications), use the technique of saving the entire screen, while also keeping in mind that some of the page content may not be shown in the screenshot.

Conclusion

The tips mentioned above may help you in performing tests efficiently. Also note that while you are running tests against the application, it is necessary to have a detailed report with messages/information regarding any issues faced during the test run. Also, never forget the benefits of organizing your tests’ run and the efficiency and time-saving benefits it may bring to your organization.

Give us 30 minutes and we will show you how many millions you can save by outsourcing software testing. Make Your product quality top notch. Talk to us to see how

The post Your Guide to Excellent QA Automation Testing Services: Techniques to Enhance Efficiency in Automation Testing appeared first on KiwiQA.

This article discusses the importance of incorporating and addressing security issues early on in the lifecycle through a process called Secure Software Development Life Cycle, which ensures software quality from the early stages of the testing process. Such efforts engage the stakeholders early on as well as throughout analysis, design, and development of each software build, which is done in an incremental fashion.

The SSDL is geared towards assuring a successful application of secure software. It has six major components:

1. Security Guidelines, Rules, and Regulations

It is important to note that security guidelines and basic rules and regulations should be taken into account at the time of the Project’s inception phase. This component of SSDL is the primary requirement. At this phase, a system-wide specification (defining the security needs which apply to the system) is generally based upon certain government regulations. In India, various corporate governance norms ensure that internal controls are put in place to curtail fraud and abuse. It is also important not only to document the security policy but also to continuously enforce it by tracking and evaluating it on an ongoing basis.

2. Document Security Requirements, Develop Attack Use Cases

One of the most common mistakes that testers usually make is omitting the security needs from the given requirement documentation. However, it is important to consider the security needs always as they aid in the development of test case, software design, and implementation. Apart from that, they even help in determining the technology choices as well as risk areas.

The security tester must make sure that the necessary security requirements are documented and described along with all the functional requirements. When you define a quality measure that is based on the requirements, you get a chance to rationalize the system’s fuzzy requirements.

Attack use cases showing unauthorized behavioural flows can also be developed. This can help in understanding and analyzing the security implications arising before and after the condition.

Some of the sample security requirements are as follows:

• Private data is sent by the application over the net; hence, encrypting the communication is a basic requirement.
• The application takes the input given by the user and makes use of SQL. SQL injection mitigation is a fundamental requirement.
• The application interfaces with other trusted applications, and these connections must be validated and protected.
• The application helps in managing the sessions for logged-in users; hence, session hijacking mitigation is one of the basic requirements.

3. Perform Architectural and Design Reviews; Identify and Define Threat Models

The design and architectural threat and review modelling showcase the third stage of the software development lifecycle. For devising better and fully completed security plans, strategies, procedures, designs and techniques, the security practitioners often need in-depth knowledge about the design and architecture of the product. An earlier involvement of the security team can help in preventing low-security designs and insecure architectures and ensuring the elimination of misperception related to the behaviour of the application in the later phases of the project development lifecycle. Apart from that, an earlier involvement can also help the security engineers in learning about the most important and high-risk aspects of the software application.

The advantages of threat modelling are, it figures out different problems than code reviewing and test performing, and can also detect the higher-level design problems versus implementation errors. You can detect the security issues early, before coding them into product. This helps in determining the ‘highest-vulnerability parts of the application— basically those that require the most monitoring during the entire software development process.

4. Secure Coding Guidelines

Design threats are basically defects in the design that prevent the program from operating securely regardless of how perfectly it is implemented. The implementation threats are usually the result of security flaws that are caused during the coding process. Static analysis tools are used for the detection of a lot of implementation defects. These tools work by checking the program source code. They are mostly used to detect problems like buffer overflows. The results offered by these tools help the developers in learning to avoid such flaws at the very first place itself.

The software testers and developers should undertake training sessions teaching about the methods for developing secure code abiding by the general standards of secure coding. By considering the general standards of secure coding as a baseline, the testers can create test cases for verifying whether that standard is actually being followed.

5. Black/Gray/White Testing

Setting up the test environment is a very critical aspect of the security test plan. It helps in planning, tracking and managing the activities related to setting up a test environment, where the material processes may consume a lot of time. The testing team should take care of tracking and scheduling environment setup tasks; installation of the test environment, network resources, software, and hardware; integration and installation of environment resources; refining/obtaining the testing database; and development of the scripts for environment setup.

All these include execution and refinement of the security testing scripts, implementation of evaluation tasks for avoiding both false positives as well as false negatives, documentation of security issues through system issue reports, facilitating developer learning of the software issues, the performance of regression tests, and detection of issues to closure.

6. Determining Exploitability

Ideally, all the vulnerabilities detected during the software testing process can be fixed easily. However, the effort needed for addressing them can largely vary depending on whether a particular vulnerability is a design defect or an implementation error. The exploitability of a particular vulnerability is a critical aspect of measuring the threat it avoids. This information can be used for prioritizing the remediation of the vulnerability amongst the other development needs, including implementing new functionalities and taking care of other security issues.

Conclusion

Focusing on application security throughout the software development lifecycle is most efficient and is just as important as the focus on infrastructure security. After the process is completed, the process of deploying and maintaining the application securely occurs at the end of the lifecycle. Following these steps is important to ensure secure software.

The post Building A Secure Software Development Life Cycle: Beginner’s Guide to Success appeared first on KiwiQA.