Documente Academic
Documente Profesional
Documente Cultură
1) Requirement Gathering
2) Requirement Review
3) Business Scenario Preparations
4) Functional Testing
5) Database Testing
6) Security Testing
4) Functional Testing - Functional testing is performed and the usual software testing
activities are performed such as:
Test Case Preparation: Test Cases are derived from Business Scenarios, one Business
Scenario leads to several positive test cases and negative test cases. Generally, tools
used during this stage are Microsoft Excel, Test Director or Quality Center.
Test Case Review: Reviews by peer QA Engineers
Test Case Execution: Execution could be either manual or automatic involving tools like
QC, QTP, etc.
The functional testing of a banking application is quite different from ordinary software
testing. Since these applications operate with customer’s money and sensitive financial
data, they are required to be tested thoroughly. No important business scenario should
be left to be covered. Also, the QA resource who is testing the application should have
the basic knowledge of banking domain.
6) Security Testing - Security Testing is usually the last stage in the testing cycle. A
prerequisite to commencing security testing is the completion of functional and non-
functional testing. Security testing is one of the major stages in the entire Application
testing cycle as this stage ensures that application complies with Federal and Industry
standards.
Due to the nature of the data they carry, banking apps are very sensitive and are a prime
target for hackers & fraudulent activities. Security testing makes sure that the
application does not have any such web vulnerability that can expose sensitive data to
an intruder or an attacker. It also assures that the application complies with standards
like OWASP.
In this stage, the major task is the whole application scan which is carried out using tools
like IBM AppScan or HP WebInspect (these are the most popular tools).
Once the Scan is completed, the Scan Report is published. Over this report, False
Positives are filtered out and the rest of the vulnerabilities are reported to Development
team so that they start fixing the issues depending on the severity of each issue.
Penetration testing is also done at this step to reveal the propagation of errors. Rigorous
security testing should be done across platforms, networks, and OS.
Some Other Manual tools for Security Testing used are Paros Proxy, Http Watch, Burp
Suite, and Fortify.