UNIT NO 4

Levels of Testing and

Special Tests
By
Arvind Sardar
 Integration Testing:
Upon completion of unit testing, the units or modules are to be integrated which
gives raise to integration testing. The purpose of integration testing is to verify the
functional, performance, and reliability between the modules that are integrated.
Integration Testing is a level of software testing where individual units are
combined and tested as a group.
The purpose of this level of testing is to expose faults in the interaction between
integrated units. Test drivers and test stubs are used to assist in Integration Testing.

Approaches/Methodologies/Strategies of Integration Testing:

Big Bang Approach :
Incremental Approach: Top Down Approach , Bottom Up Approach
 Integration Testing:
Decomposition Based Testing
As PDFs
Non-Incremental Approach: Big-Bang Approcach
Incremental Approach:
a) Top-down Testing
b) Bottom-up Testing
c) Sandwich (Hybrid) Testing / Bi-Directional
Integration,
 System Testing:
System Testing is a level of the software testing where a complete and
integrated software is tested.
System Testing is the type of testing to check the behavior of a complete
and fully integrated software product based on the software requirements,
specification (SRS) document.
The main focus of System testing is to evaluate Business / Functional /
End-user requirements.
System Testing:-
Recovery Testing, Security Testing, Performance Testing,
Load Testing, Stress Testing, Usability Testing, Compatibility Testing
 System Testing:
Recovery testing

Recovery testing is a type of non-functional testing technique performed in order to

determine how quickly the system can recover after it has gone through system crash
or hardware failure. Recovery testing is the forced failure of the software to verify if
the recovery is successful.
Recovery Plan - Steps:
Determining the feasibility of the recovery process.
Verification of the backup facilities.
Ensuring proper steps are documented to verify the compatibility of backup facilities.
Providing Training within the team.
Demonstrating the ability of the organization to recover from all critical failures.
Maintaining and updating the recovery plan at regular intervals.
 System Testing:
Advantages of Recovery Testing:
Eliminates risks.
Improves system quality:
Performances related issues are found and fixed before the software goes
live in the market.

Disadvantages of Recovery Testing

Issues are sometimes unpredictable.
Testing is time consuming,
It needs trained tester to perform recovery testing in a proper way.
 System Testing:
Security Testing
Security testing is a testing technique to determine if an information
system protects data and maintains functionality as intended.
It also aims at verifying 6 basic principles as listed below:
Confidentiality
Integrity
Authentication
Authorization
Availability
Non-repudiation
Security Testing is a variant of Software Testing which ensures, that system
and applications in an organization, are free from any loopholes that may
cause a big loss. Security testing of any system is about finding all possible
loopholes and weaknesses of the system which might result into a loss of
information at the hands of the employees or outsiders of the Organization.
 System Testing:
Security Testing - Techniques:
Injection
Broken Authentication and Session Management
Cross-Site Scripting (XSS)
Insecure Direct Object References
Security Misconfiguration
Sensitive Data Exposure
Missing Function Level Access Control
Cross-Site Request Forgery (CSRF)
Using Components with Known Vulnerabilities
Unvalidated Redirects and Forwards
 System Testing:
Types of Security Testing:
Vulnerability Scanning: This is done through automated software to scan a system against known vulnerability signatures.

Security Scanning: It involves identifying network and system weaknesses, and later provides solutions for reducing these
risks. This scanning can be performed for both Manual and Automated scanning.

Penetration testing: This kind of testing simulates an attack from a malicious hacker. This testing involves analysis of a
particular system to check for potential vulnerabilities to an external hacking attempt.

Risk Assessment: This testing involves analysis of security risks observed in the organization. Risks are classified as Low,
Medium and High. This testing recommends controls and measures to reduce the risk.

Security Auditing: This is an internal inspection of Applications and Operating systems for security flaws. Audit can also be
done via line by line inspection of code

Ethical hacking: It's hacking an Organization Software systems. Unlike malicious hackers ,who steal for their own gains , the
intent is to expose security flaws in the system.

Posture Assessment: This combines Security scanning, Ethical Hacking and Risk Assessments to show an overall security
posture of an organization.
 Security Tests
Security Tests
Security tests are designed to verify that the system meets the security requirements
Confidentiality
It is the requirement that data and the processes be protected from
unauthorized disclosure
Integrity
It is the requirement that data and process be protected from unauthorized
modification
Availability
It is the requirement that data and processes be protected form the denial of
service to authorized users
Security test scenarios should include negative scenarios such as misuse and abuse
of the software system
 System Testing:
Performance Testing
Performance testing, a non-functional testing technique performed to determine the system
parameters in terms of responsiveness and stability under various workload. Performance testing
measures the quality attributes of the system, such as scalability, reliability and resource usage.

Performance Testing Techniques:

Load testing - It is the simplest form of testing conducted to understand the behavior of the
system under a specific load. Load testing will result in measuring important business critical
transactions and load on the database, application server, etc., are also monitored.
Stress testing - It is performed to find the upper limit capacity of the system and also to
determine how the system performs if the current load goes well above the expected maximum.
 System Testing:
Performance Testing Techniques:
Soak testing - Soak Testing also known as endurance testing, is performed to
determine the system parameters under continuous expected load. During soak tests
the parameters such as memory utilization is monitored to detect memory leaks or
other performance issues. The main aim is to discover the system's performance
under sustained use.

Spike testing - Spike testing is performed by increasing the number of users

suddenly by a very large amount and measuring the performance of the system. The
main aim is to determine whether the system will be able to sustain the workload.
 Performance Tests

Tests are designed to determine the performance of the actual system

compared to the expected one
Tests are designed to verify response time, execution time, throughput,
resource utilization and traffic rate
One needs to be clear about the specific data to be captured in order to
evaluate performance metrics.
For example, if the objective is to evaluate the response time, then one
needs to capture
End-to-end response time (as seen by external user)
CPU time
Network connection time
Database access time
Network connection time
Waiting time
 System Testing:
Software performance testing is a means of quality assurance (QA). It
involves testing software applications to ensure they will perform well
under their expected workload.

Common Performance Problems

Long Load time
Poor response time
Poor scalability
Bottlenecking (obstructions)
 Stress Tests

The goal of stress testing is to evaluate and determine the behavior

of a software component while the offered load is in excess of its
designed capacity
The system is deliberately stressed by pushing it to and beyond its
specified limits
It ensures that the system can perform acceptably under worst-case
conditions, under an expected peak load. If the limit is exceeded
and the system does fail, then the recovery mechanism should be
invoked
Stress tests are targeted to bring out the problems associated with
one or more of the following:
Memory leak
Buffer allocation and memory carving
 Load and Stability Tests
Tests are designed to ensure that the system remains stable for a
long period of time under full load
When a large number of users are introduced and applications that
run for months without restarting, a number of problems are likely
to occur:
the system slows down
the system encounters functionality problems
the system crashes altogether
Load and stability testing typically involves exercising the system
with virtual users and measuring the performance to verify
whether the system can support the anticipated load
This kind of testing help one to understand the ways the system
will fare in real-life situations
 Usability Testing
Usability Testing is a type of testing done from an end-users perspective to
determine if the system is easily usable.

Usability testing, a non-functional testing technique that is a measure of

how easily the system can be used by end users. It is difficult to evaluate
and measure but can be evaluated based on the below parameters:
Level of Skill required to learn/use the software. It should maintain the
balance for both novice and expert user.
Time required to get used to in using the software.
The measure of increase in user productivity if any.
Assessment of a user's attitude towards using the software.
 Compatibility Testing
Compatibility testing is a non-functional testing conducted on the
application to evaluate the application's compatibility within different
environments. It can be of two types - forward compatibility testing and
backward compatibility testing.
Operating system Compatibility Testing - Linux , Mac OS, Windows
Database Compatibility Testing - Oracle SQL Server
Browser Compatibility Testing - IE , Chrome, Firefox
Other System Software - Web server, networking/ messaging tool, etc.

Compatibility Testing is a type of Software testing to check whether your

software is capable of running on different hardware, operating systems,
applications , network environments or Mobile devices.
Types of Compatibility Tests
 Acceptance Testing
Acceptance testing, a testing technique performed to determine whether
or not the software system has met the requirement specifications.
The main purpose of this test is to evaluate the system's compliance with
the business requirements and verify if it is has met the required criteria
for delivery to end users.
There are various forms of acceptance testing:
User acceptance Testing
Business acceptance Testing
Alpha Testing
Beta Testing
Acceptance Testing
 Acceptance Testing
Acceptance Criteria
Acceptance criteria are defined on the basis of the following attributes
Functional Correctness and Completeness
Data Integrity
Data Conversion
Usability
Performance
Timeliness
Confidentiality and Availability
Install ability and Upgradability
Scalability
Documentation
 Acceptance Testing
The acceptance test activities are designed to reach at one of the
conclusions:
Accept the system as delivered
Accept the system after the requested modifications have been made
Do not accept the system
 Alpha Testing
Alpha testing takes place at the developer's site by the internal teams, before
release to external customers. This testing is performed without the
involvement of the development teams.
How do we run it?
In the first phase of alpha testing, the software is tested by in-house
developers during which the goal is to catch bugs quickly.
In the second phase of alpha testing, the software is given to the software
QA team for additional testing.
Alpha testing is often performed for Commercial off-the-shelf software
(COTS) as a form of internal acceptance testing, before the beta testing is
performed.
 Beta Testing
Beta testing also known as user testing takes place at the end users site by
the end users to validate the usability, functionality, compatibility, and
reliability testing.
Beta testing adds value to the software development life cycle as it allows
the "real" customer an opportunity to provide inputs into the design,
functionality, and usability of a product. These inputs are not only critical to
the success of the product but also an investment into future products when
the gathered data is managed effectively
 Beta Testing
Beta Testing Dependencies
There are number of factors that depends on the success of beta testing:
Test Cost
Number of Test Participants
Shipping
Duration of Test
Demographic coverage
 Beta Testing
Advantages of beta testing
You have the opportunity to get your application into the hands of users prior to
releasing it to the general public.
Users can install, test your application, and send feedback to you during this beta
testing period.
Beta testers can discover issues with your application that you may have not noticed,
such as confusing application flow, and even crashes.
Using the feedback you get from these users, you can fix problems before it is
released to the general public.
The more issues you fix that solve real user problems, the higher the quality of your
application when you release it to the general public.
Having a higher-quality application when you release to the general public will
increase customer satisfaction.
These users, who are early adopters of your application, will generate excitement
about your application.
 Special Test
Smoke Test:- Smoke Testing, also known as Build Verification Testing, is a
type of software testing that comprises of a non-exhaustive set of tests that aim at
ensuring that the most important functions work. The results of this testing is used
to decide if a build is stable enough to proceed with further testing.
Smoke testing covers most of the major functions of the software but none of
them in depth. The result of this test is used to decide whether to proceed with
further testing.
Smoke test helps in exposing integration and major problems early in the cycle.
ADVANTAGES
It exposes integration issues.
It uncovers problems early.
It provides some level of confidence that changes to the software have not
adversely affected major areas.
 Special Test
Smoke testing is the initial testing process exercised to check whether the
software under test is ready/stable for further testing.

Smoke Testing is done whenever the new functionalities of software are

developed and integrated with existing build that is deployed in QA/staging
environment. It ensures that all critical functionalities are working correctly
or not.
Example: -New registration button is added in the login window and
build is deployed with the new code. We perform smoke testing on a new
build.
 Special Test
Smoke Testing - Features:
Identifying the business critical functionalities that a product
must satisfy.
Designing and executing the basic functionalities of the
application.
Ensuring that the smoke test passes each and every build in
order to proceed with the testing.
Smoke Tests enables uncovering obvious errors which saves
time and effort of test team.
Smoke Tests can be manual or automated
 Special Test
Sanity testing
Sanity testing, a software testing technique performed by the test team for
some basic tests. The aim of basic test is to be conducted whenever a new
build is received for testing. The terminologies such as Smoke Test or Build
Verification Test or Basic Acceptance Test or Sanity Test are
interchangeably used, however, each one of them is used under a slightly
different scenario.
Sanity test is usually unscripted, helps to identify the dependent missing
functionalities. It is used to determine if the section of the application is
still working after a minor change.
Sanity testing can be narrow and deep. Sanity test is a narrow regression
test that focuses on one or a few areas of functionality
 Special Test
Sanity testing
After receiving a Software build with the minor issues fixes in code or
functionality, Sanity testing is carry out to check whether the bugs reported
in previous build are fixed & there is regression introduced due to these
fixes i.e. not breaking any previously working functionality. The main aim
of Sanity testing to check the planned functionality is working as expected.
Instead of doing whole regression testing the Sanity testing is perform.
 Special Test
Difference between Smoke & Sanity Software Testing:
Smoke testing is a wide approach where all areas of the software application are tested without
getting into too deep. However, a sanity software testing is a narrow regression testing with a
focus on one or a small set of areas of functionality of the software application.
The test cases for smoke testing of the software can be either manual or automated. However, a
sanity test is generally without test scripts or test cases.
Smoke testing is done to ensure whether the main functions of the software application are
working or not. During smoke testing of the software, we do not go into finer details. However,
sanity testing is a cursory software testing type. It is done whenever a quick round of software
testing can prove that the software application is functioning according to business / functional
requirements.
Smoke testing of the software application is done to check whether the build can be accepted
for through software testing. Sanity testing of the software is to ensure whether the
requirements are met or not.
 Special Test
Regression testing a black box testing technique that consists of re-
executing those tests that are impacted by the code changes. These tests
should be executed as often as possible throughout the software
development life cycle.
Types of Regression Tests:
Final Regression Tests: - A "final regression testing" is performed to
validate the build that hasn't changed for a period of time. This build is
deployed or shipped to customers.
Regression Tests: - A normal regression testing is performed to verify if
the build has NOT broken any other parts of the application by the recent
code changes for defect fixing or for enhancement.
 Special Test
Selecting Regression Tests:
Requires knowledge about the system and how it affects by the existing
functionalities.
Tests are selected based on the area of frequent defects.
Tests are selected to include the area, which has undergone code changes
many a times.
Tests are selected based on the criticality of the features
Regression Testing is required when there is a
Change in requirements and code is modified according to the requirement
New feature is added to the software
Defect fixing
Performance issue fix
Regression Testing Techniques
Retest All
All the tests in the existing test bucket or suite should be re-executed. This is very
expensive as it requires huge time and resources.
Regression Test Selection
Instead of re-executing the entire test suite, it is better to select part of test suite to be
run.
Prioritization of Test Cases
Prioritize the test cases depending on business impact, critical & frequently used
functionalities. Selection of test cases based on priority will greatly reduce the
regression test suite.
 GUI testing

GUI testing is the process of testing the system's Graphical User Interface of the
Application Under Test. GUI testing involves checking the screens with the
controls like menus, buttons, icons, and all types of bars - toolbar, menu bar,
dialog boxes and windows, etc.
GUI Testing - Characteristics:
GUI is a hierarchical, graphical front end to the application, contains graphical
objects with a set of properties.
During execution, the values of the properties of each objects of a GUI define the
GUI state.
It has capabilities to exercise GUI events like key press/mouse click.
Able to provide inputs to the GUI Objects.
To check the GUI representations to see if they are consistent with the expected
ones.
It strongly depends on the used technology.
 GUI Testing
GUI Testing - Approaches:
Manual Based - Based on the domain and application
knowledge of the tester.
Capture and Replay - Based on capture and replay of user
actions.
Model-based testing - Based on the execution of user sessions
based on a GUI model. Various GUI models are briefly discussed
below.
 CLIENT / SERVER TESTING
CLIENT / SERVER TESTING
This type of testing usually done for 2 tier applications (usually developed for LAN)

Here we will be having front-end and backend.

The application launched on front-end will be having forms and reports which will
be monitoring and manipulating data
E.g: applications developed in VB, VC++, Core Java, C, C++, D2K, PowerBuilder
etc.,
The backend for these applications would be MS Access, SQL Server, Oracle,
Sybase, Mysql, Quadbase
The tests performed on these types of applications would be
User interface testing
Manual support testing
Functionality testing
Compatibility testing & configuration testing
Intersystem testing
 WEB TESTING
WEB TESTING
This is done for 3 tier applications (developed for Internet / intranet / xtranet)
Here we will be having Browser, web server and DB server.
The applications accessible in browser would be developed in HTML,
DHTML, XML, JavaScript etc. (We can monitor through these applications)
Applications for the web server would be developed in Java, ASP, JSP,
VBScript, JavaScript, Perl, Cold Fusion, PHP etc. (All the manipulations are
done on the web server with the help of these programs developed)