Documente Academic
Documente Profesional
Documente Cultură
Agiille JJourney Team Ag e ourney Team Commiittmentt tto Qualliitty Comm men o Qua y IIntterviiew wiitth Erkan Yiillmaz n erv ew w h Erkan Y maz Test Case Practtiice Test Case Prac ce QTP Code Corner QTP Code Corner Esttiimettriics -- PREDIICT AND Es me r cs PRED CT AND PRAY PRAY IImportance off mportance o communiicatiion iin testiing commun cat on n test ng
Ellementtary,, My Dear Wattson!! E emen ary My Dear Wa son A ffake tester''s diiary A ake tester s d ary Has Your Productt Passed Has Your Produc Passed Securiitty Testts? Secur y Tes s? Sofftware Testiing News So tware Test ng News Q--Patterns Q Patterns Testters iin Twiitttter Tes ers n Tw er
Testing Circus
Volume 2 - Issue 1 - January 2011
http://helpchandru.com/
w w w . T e Wwwg C i r c u s . c o m stin January 2011 Page - 2 -
Where is what?
4 9 19 26 35 42
Editorial
5 12 22 29 37 44
6 15 23 33 41 44
Agile Journey
Keystroke Logging
Q-Patterns
In Lighter Moods
News On Testing
w w w . T e Wwwg C i r c u s . c o m stin
January 2011
Page - 3 -
w w w . T e Wwwg C i r c u s . c o m stin
January 2011
Page - 4 -
Thanks for the wonderful magazine!! It helps me a lot to understand the Testing Concepts especially the Test Cases column. Also, I have told about this magazine to some of my colleagues and really it is helpful to them too. Hats off to you and your team of Testing Circus!! ~ Agrta Kansal [Editor] Dear Agrta, thank you for your appreciation.
First of all heartiest thanks to the team for coming up with such an innovative idea. It is certainly going to aid testers from all spheres of life. ~ Partha Sarathi Samal
First of all, congratulations on your appeal to bring all testers under one shelter to share, learn and grow together. It was nice to know that you conveyed the massage in Softech10 by Silicon India. I attended the same in Mumbai last day and I must not mention but it was a great experience. Would you mind if I suggest not limiting the Testing Circus core team only to Delhi-NCR and we can have some really influential/dedicated people in same team across major IT cities like Pune, Mumbai, Hyderabad and Bangalore? What I am thinking is, this will give more scope for TC community to grow further and along with that it will also facilitate the TCRs to convince the people in their respective organizations to join TC community. And this is how we can have a real united Testers Team across the nation. What I feel is instead of having different groups aiming at same purpose, its always desirable to have all under one roof. As Testing Circus has already been started it can play the role of an umbrella. Wish me luck so that someday I can confidently ask for my membership in TCs core team. And am pretty sure, Testing Circus would be the big family by then. ~ Lalitkumar Bhamare [Editor] Dear Lalit, the Testing Circus Representative initiative reflects your thoughts too. Thank you for interest to become a TCR. We will contact you further.
w w w . T e Wwwg C i r c u s . c o m stin
January 2011
Page - 5 -
By Lisa Crispin
In agile development, the whole development team, not only the testers, must commit to quality, and that commitment has to mean something. The entire team has to be engaged in making sure all testing activities are completed for each story, sprint and release. Heres an example, from a recent sprint, of what this commitment to quality means to my own team, which consists of two testers, four programmers, a DBA, two system administrators and a ScrumMaster. In the past few sprints, we had started to slide into the bad practice of having leftover testing task cards that got carried over into the next sprint. Some of these were cards to write new FitNesse fixtures to automate tests for a particular new piece of functionality. Some were end to end testing cards that simply take a long time to complete. There were also development cards left over. A couple of stories had dragged on more than two sprints without a compelling reason. This was getting awful! It felt like we were dragging through waist-deep mud of technical debt. In a sprint retrospective, we got serious about solving these problems. Here are the action items we created: Finish leftover cards before starting new stories in new sprint. This meant taking on less new work for the sprint. Ask remote team member to work on existing cards before bringing in new stuff Have main developer for a story put his name on the story card and take responsibility for making sure all tasks are done Write "end to end" test cards for each story (these are cards that remind the developer assigned to that story to test that all the pieces work together) w w w . T e Wwwg C i r c u s . c o m stin January 2011 Page - 6 -
Developer responsible for story should think about all task cards ahead of time, make sure all necessary cards are there Ensure everyone needed is copied on emails Stop checking in untested code
In the next sprint, we focused on finishing all the "leftovers" first. For the new FitNesse fixtures, the programmers asked that I first write example tests with my idea of how the test should work. One of our team members who works remotely then wrote the fixtures and updated the tests as needed so that they passed. These fixtures were difficult to do, as they had to use a lot of legacy code, but the ROI will be big because they test critical areas where we've had expensive production problems in the past. There was only one incident of untested code being checked in, and we talked about it right away and discussed ways to ensure this stops happening. Six days into the two-week sprint, we still had lots of testing cards and not many development ones. The programmers, of their own volition, decided during the Scrum to attack the test cards. By the end of the day, most of the test cards were finished! Then they went on to the stories that were new that sprint. Since a glance at the online storyboard now tells us who the main developer is on each story, communication has improved. When more than one developer works on tasks for a story, they're communicating better. Lots of pairing is happening too. Communication is better all around, including with the remote team member. Eight days into the sprint, a programmer was writing up the information on the functionality he had changed for a batch processing story, and as he wrote, he realized that he missed a use case. He fixed it, but was concerned there wasn't enough time left in the sprint to adequately test the new functionality. We decided to postpone that story to the next sprint. Consciously deciding to put off testing to the next sprint isn't a bad thing, when there's a good reason for it. Towards the end of this sprint, we were still very busy, but felt great to see our storyboard for the sprint with almost all the cards moved to the 'done' column. Since it was holiday time, people were taking time off, so time is short. A task to automate testing for a new UI feature implemented with Ajax was rolled over to the next sprint, because the test script was blowing up. w w w . T e Wwwg C i r c u s . c o m stin January 2011 Page - 7 -
Again, this was a conscious decision by the team, not a case of "Oops! Today is the last day of the sprint and we didn't get this finished". Many teams struggle with trying to finish all the testing for all the stories by the end of each iteration. If this happens to you, the first action to take is to limit the amount of new work brought into the next sprint, so you can focus on finishing the leftovers. As you catch up and are able to reduce your technical debt by finishing testing and test automation tasks, you'll be able to increase your velocity later, without sacrificing quality. This has to be a team effort. If youre doing your best and working hard, and you still dont finish what you planned for the sprint, dont beat yourselves up. Use your retrospective to identify impediments, and focus on how you can overcome one or two of them. Talk about what your team commitment to quality really means, and take baby steps to do a little better every iteration. Youll enjoy your agile journey! w w w . T e Wwwg C i r c u s . c o m stin
An agile testing coach and practitioner, Lisa Crispin is the coauthor, with Janet Gregory, of Agile Testing: A Practical Guide for Testers and Agile Teams (Addison-Wesley, 2009), and a contributor to Beautiful Testing (OReilly, 2009) and Testen in der Finanzwelt (2009). She also co-wrote Testing Extreme Programming (Addison-Wesley, 2002) with Tip House. Lisa specializes in showing agile teams how testers can add value and guide development with business-facing tests. For the past ten years, Lisa has worked as a tester on agile teams developing web applications in Java and .Net. She teaches Agile Testing courses and tutorials worldwide. Lisa regularly contributes articles to publications such as Better Software magazine, Software Test & Performance Magazine, IEEE Software Magazine, Methods & Tools, Agile Journal, Agile Record, She enjoys sharing her experiences at conferences and user group meetings around the world. Lisa was named one of the 13 Women of Influence in testing by Software Test & Performance magazine. For more about Lisas work, visit www.lisacrispin.com
January 2011
Page - 8 -
By Nandagopall R Nandagopa R
The title sounds familiar, right? The master detective Sherlock Holmes often commented this to his friend Dr. Watson Even though a fictional character, Mr. Holmes is one of my favorites. I always wondered about his observation, logical reasoning and deduction skills. Though I would like to believe that Mr. Holmes did exist, its not the truth that points to the fact that how gifted the writer Sir Arthur Conan Doyle was! Mr. Holmes could have easily become the best tester in this world if he was in the Software Industry and Sir Conan Doyle could have been the most sophisticated criminal the world has ever seen (no offenses meant! I was referring to the details of the crime scenes in his stories). Now, lets come to the business part of this yes, you guessed right Observation, Logical Reasoning and Deduction great skills to have as a tester. Of course, deduction can be a trivial since one of the most common mistakes done by a tester is the assumption he/she makes after the deduction of his/her experiments. So be careful when you try to be the Sherlock Holmes tester Experience adds a lot to your testing skills in an exploratory method a simple definition of exploratory testing can be like learning the application by playing with it and using your prior experience. Once you start your career as a tester and become more experienced, you might be thinking like a tester even in lifes scenarios. Your eyes and ears become trained to look at things in a lateral way than others. I dont know whether its good or bad but I like it (and since I like Holmes and am a tester, I like it more!) I have realized that my lateral thinking has improved since I started my career as a Tester. I will site a few examples.
w w w . T e Wwwg C i r c u s . c o m stin
January 2011
Page - 9 -
Scene Number One: I went out for dinner with my wife last month. There were 3 wash basins in that hotel. My wife went straight to one and was about to open the tap. Me: Thats not working use the next one! Since she had already placed her hand on the tap, she opened it and found that there is no water coming from it. She: How did you know that? Me: The wash basin is dry, the naphthalene polls in it are as it is and looks new, and the hotel is reasonably full that means the wash basin is not working. I used Observation, Logical Reasoning and Deduction there and I was right Scene Number Two: Since I started my career as a tester, most of the time I flip the correct switches for lights or fans in an unfamiliar place. You know how? I flip the most commonly used switches in a switch board they might be evident from color change due to constant use. I used Observation, Logical Reasoning and Deduction in here too and most of the time Im right Testing and Common sense So, this brings us back to a typical interview question What are the qualities/skills you have as a tester? Curiosity, lateral thinking, problem solving are some of the skills you should have to become a good tester. Having these skills helps you to become a better tester for sure. I always wanted to become a private detective like Sherlock Holmes. Even though I couldn't pursue that dream the way it needs to be done, I'm happy that I'm doing it in some other way - I'm a Software Detective. I use my curiosity to investigate further into a problem, use lateral thinking and hence solve the problems As somebody w w w . T e Wwwg C i r c u s . c o m stin January 2011 Page - 10 -
rightly said - "the best free tool you can use in testing is your brain" Common sense also plays a huge a part in making you a better tester. It comes handy when you start making assumptions. As I have stated in the start of this topic, assumption is one of the most commonly committed mistakes by a tester. Common sense helps you to get out of assumption traps and makes you do little things that might save you a lot of time and might show you that legendary showstopper you always wanted to find I remember a narration from my friend when he was reading this topic (as some you might be aware, this is already published in my blog). My friend went for a movie and in the theater; everybody is using one basin out of three. First one is clean, tap is good, everybody tried it and they got only air flowing from it. Second one is clean, tap is good and it is working. Everybody is waiting for their turn to use the second basin. Nobody is trying the third. The basin is not clean, the tap-head is broken and people conclude that there is no water in it! He tried and it was working!
Nandagopal R is a software tester with 4+ years of experience, currently working for RM Education Solutions India Pvt Ltd, Trivandrum, Kerala. He is a passionate tester who likes to practice the context driven approach. He has vast experience with web, desktop and mobile applications and is an active participant in the crowd sourcing testing community uTest.
Testers observe, apply logic, then deduct and based on that deduction starts assuming sometimes. So due to the bad state of the tap, people assumes that it is not working. As a tester, I must be trying the tap even if that observation-reasoning-deduction process DOES NOT come natural to me; that is where commonsense plays the part and it points to another must have skill for a tester patience! Elementary, my dear Watson
w w w . T e Wwwg C i r c u s . c o m stin
January 2011
Page - 11 -
w w w . T e Wwwg C i r c u s . c o m stin
January 2011
Page - 12 -
Form Grabber based: Form Grabber-based keyloggers log web form submissions by recording the web browsing onSubmit event functions. This records form data before it is passed over the internet and bypasses https encryption. Packet analyzers: This involves capturing network traffic associated with HTTP POST events to retrieve unencrypted passwords. Remote access software keyloggers These are local software keyloggers programmed with an added feature to transmit recorded data from the target computer to a monitor at a remote location. Remote communication is facilitated by one of four methods: Data is uploaded to a website, database or an FTP account. Data is periodically emailed to a pre-defined email address. Data is wirelessly transmitted by means of an attached hardware system. The software enables a remote login to the local machine via the internet or ethernet, for data logs stored on the target machine to be accessed. Related features Software Keyloggers may be augmented with features that capture user information without relying on keyboard key presses as the sole input. Some of these features include: Clipboard logging. Anything that has been copied to the clipboard can be captured by the program. Screen logging. Screenshots are taken in order to capture graphics-based information. Applications with screen logging abilities may take screenshots of the whole screen, just one application or even just around the mouse cursor. They may take these screenshots periodically or in response to user behaviours (for example, when a user has clicked the mouse). A practical application used by some keyloggers with this screen logging ability is to take small screenshots around where a mouse has just clicked; these defeat web-based keyboards (for example, the web-based screen keyboards that are often used by banks) and any web-based on-screen keyboard without screenshot protection. Programmatically capturing the text in a control. The Microsoft Windows API allows programs to request the text 'value' in some controls. This means that some passwords may be captured, even if they are hidden behind password masks (usually asterisks). The recording of every program/folder/window opened including a screenshot of each and every website visited, also including a screenshot of each. The recording of search engines queries, Instant Messenger Conversations, FTP Downloads and other internet based activities (including the bandwidth used). In some advanced software keyloggers, sound can be recorded from a user's microphone and video from a user's webcam. Hardware-based keyloggers Hardware-based keyloggers do not depend upon any software being installed as they exist at a hardware level in a computer system. Firmware-based: BIOS-level firmware that handles keyboard events can be modified to record these events as they are processed. Physical and/or root-level access is required to the machine, and the software loaded into the BIOS needs to be created for the specific hardware that it will be running on. Keyboard hardware: Hardware keyloggers are used for keystroke logging by means of a hardware circuit that is attached somewhere in between the computer keyboard and w w w . T e Wwwg C i r c u s . c o m stin January 2011 Page - 13 -
the computer, typically inline with the keyboard's cable connector. More stealthy implementations can be installed or built into standard keyboards, so that no device is visible on the external cable. Both types log all keyboard activity to their internal memory, which can be subsequently accessed, for example, by typing in a secret key sequence. A hardware keylogger has an advantage over a software solution: it is not dependent on being installed on the target computer's operating system and therefore will not interfere with any program running on the target machine or be detected by any software. However its physical presence may be detected if, for example, it is installed outside the case as an inline device between the computer and the keyboard. Some of these implementations have the ability to be controlled and monitored remotely by means of a wireless communication standard. Wireless keyboard sniffers These passive sniffers collect packets of data being transferred from a wireless keyboard and its receiver. As encryption may be used to secure the wireless communications between the two devices, this may need to be cracked beforehand if the transmissions are to be read. Keyboard overlays Criminals have been known to use keyboard overlays on ATMs to capture people's PINs. Each keypress is registered by the keyboard of the ATM as well as the criminal's keypad that is placed over it. The device is designed to look like an integrated part of the machine so that bank customers are unaware of its presence. Acoustic keyloggers Acoustic cryptanalysis can be used to monitor the sound created by someone typing on a computer. Each character on the keyboard makes a subtly different acoustic signature when stroked. It is then possible to identify which keystroke signature relates to which keyboard character via statistical methods such as frequency analysis. The repetition frequency of similar acoustic keystroke signatures, the timings between different keyboard strokes and other context information such as the probable language in which the user is writing are used in this analysis to map sounds to letters. A fairly long recording (1000 or more keystrokes) is required so that a big enough sample is collected. Electromagnetic emissions It is possible to capture the electromagnetic emissions of a wired keyboard from up to 20 metres (66 ft) away, without being physically wired to it.In 2009, Swiss researches tested 11 different USB, PS/2 and laptop keyboards in a semi-Anechoic chamber and found them all vulnerable, primarily because of the prohibitive cost of adding shielding during manufacture. The researchers used a wide-band receiver to tune into the specific frequency of the emissions radiated from the keyboards. Optical surveillance Optical surveillance, while not a keylogger in the classical sense, is nonetheless an approach that can be used to capture passwords or PINs. A strategically placed camera, such as a hidden surveillance camera at an ATM, can allow a criminal to watch a PIN or password being entered.
Content Source http://en.wikipedia.org/wiki/Keystroke_logging
w w w . T e Wwwg C i r c u s . c o m stin
January 2011
Page - 14 -
improvements, how realistic is it to find 20 high severity defects in that product unless testing was performed by a few people who didnt know what testing is in the first place? Numbers Game Suppose that a routine medical report showed something suspicious about ones health. Apart from the family doctor, some people would prefer second/third opinion especially in critical cases. Such people are often baffled after different doctors interpret same medical report in different ways. One doctor would have focused on the positive aspect of the report and said Yes, there is a problem. But, we can get you out of it as long as you believe in yourself and our team. Another doctor might say You are going to live only for next six months. Get ready with your will. While the third one gives a perfect picture of what is going on without a speck of emotion or warmth. Do you go looking for a fourth opinion or decide what is good enough for your own self? Ashok T, Founder and CEO at Stag Software Private Limited asks Is 33 diseases in a human body good enough to be healthy? Is that a good number to measure the well being of a human being? Does the number of fungal cells wreck as much havoc as the cancerous cells? Is it fair to even compare fungal vs. cancerous cells in the first place? Is any such meaningless comparison and the measurement that follows it any good at all? Numbers in general are used to impress people. Higher the number, better are the results. Unfortunately, many organizations today fall victims to this number game and grant incentives to employees who manage to earn them either through manipulation or least amount of effort. But, their reliability is often suspected. Numbers should not be used for checking the performance of testers or their efficiency simply because testers can bluff around their superiors in any case. After all, it is part of human nature. Rewards and Incentives Tester who filed the most number of severity 1 defects, tester who executed most number of test cases in shortest period of time, tester who helped programmers the most by unit testing several new features (though it was their responsibility to unit test before dropping off the feature to testing teams), testers who say Yes boss to not just their manager, but also to other teams managers who they interact with irrespective of what is right and ethical to do in any situation and testers who are liked more by nepotists for weird reasons and less for their skills Hurray, these are the testers who get rewarded in the long run. People in power consider above numbers as The Metrics to measure their sub-ordinates against. Testers consider these as their personal targets. Once they hit these targets, its done! They dont have to slog anymore. They dont have to work harder. Anyway, they will be rewarded because w w w . T e Wwwg C i r c u s . c o m stin January 2011 Page - 16 -
they crossed their targets. Why bother testing the product further and waste any more time? Estimation The joy of an early release lasts but for a short time. The bitterness of an unusable system lasts for years ~ Anonymous For any brand new project, requirements are studied, functional and technical design documents are analyzed, test cases are written, detailed test plans are created, appropriate schedules are worked out, detailed project plans are created, published and approved by the big guy who is often the project manager or the director of the engineering team in collaboration with the product management team. All of these without involving actual people who code or test the product! Typically they would need anything between 2-4 weeks to come up with an estimation plan. What? You mean close to one months planning for a project that lasts 2 months. Oh Wow! Of course, there is a lot of documentation to be done, many meetings to attend, have demos of prototypes and fights/arguments with product management teams and customers regarding timelines and cost respectively. It does take one month. May be, even more. Justified! It is common practice in most organizations to spend a fortune on project plans and estimating how much time it takes to execute them. Mind you, just execute them. Not execute them rightfully! Does your Number match mine? Test estimation at a high level includes identifying features to be tested, operating systems and browsers to be used, number of test cases that need to be run, number of testers available, the deadline by which product has to be tested and hand over to product management for a formal release. None of these is considered when a timeline is decided for many releases. A tentative date would be decided with some amount of buffer time which mostly goes to programmers. This date is just an estimated date, but it is made out to be THE DATE for the release. All that testers need to do is to squeeze in their tasks within this limited timeline, Do their best and leave the rest to their reporting managers. Project managers and Product managers are keen on just one thing. What is the earliest time by which a project can be tested *completely* and *thoroughly*. By thoroughly, they mean exhaustively. They have a rough timeline in their minds by which their gut feeling says that so and so product can be tested and released in this timelines. If the testing team comes up with anything equal to or greater than that, these guys have a problem. They always want to reduce that number and speed up the release. Agree that the customer is time pressed to buy the product at the earliest, but the question is Do you really want to deliver a baby in 6 months?
w w w . T e Wwwg C i r c u s . c o m stin
January 2011
Page - 17 -
Estimates Gone Mad The word estimation itself says that its just an estimate. It could go wrong. There is a high probability that estimates end up being wrong. In spite of this, any deadline committed is committed. Testers often have to stretch, work extra hours, sleep in office at nights, work on weekends and still stick to the deadline. Whether drops to testers were delayed, whether new requirements came in at last minute, whether defect verifications resulted in newer defects, whether regressions failed big time, no one really seems to bother unless one killer defect comes from the customer which cost the organization, that complete deal. Testers will manage anyway. After all, that is what they are hired for! Half the time, they wait. Rest of the time, they slog! Plan, Plan, Plan Having a plan is a good thing. It will help foresee many hidden risks within the project. However, worshipping the plan as if someone from the top is going to shoot you dead is a bad practice. Planning forever, but hardly doing anything with respect to the plan or acting on it doesnt make any good difference to any project. Having a preliminary plan, going by that plan, making modifications as necessary, being flexible to changing priorities and timelines, taking some buffer time into account to accommodate miscellaneous issues are also important. This is how a meaningful plan is built. To quote Steven M Smith, Have a plan. Dont worship the plan. Follow the energy and respond to it Plug and Play
Parimala Shankaraiah has more than seven years of experience in testing and mentoring teams of software testers. Apart from testing that she is most passionate about, she loves mentoring upcoming testers and has mentored over 30 testers. She frequently writes about her testing experiences at her Blog. She is also a regular contributor of articles on testing and issues concerning testing. Apart from testing, she loves to play with her 3 yo, read books, magazines, articles and many more. She is a self-claimed emotional overeater who eats to beat every emotion in the world. Parimala Shankaraiah works as a Principal Tester at Consona Corporation, Bangalore. She blogs at http://curioustester.blogspot.com/
These are the times when customers are ready to shell out money to buy products that are Plug and Play. All it matters to them is products have to solve their business problems with least amount of effort and time from their side. Times are changing. Measurement mechanisms are changing. And so are organizational practices and standards. These days, all that the customer is doing is PREDICT AND PRAY!
w w w . T e Wwwg C i r c u s . c o m stin
January 2011
Page - 18 -
Q-Patterns
This is the last part of two part series of article on Questioning pattern. Readers are encouraged to read the first part of this article published in the December 2010 issue of Testing Circus. - Editor
Access Rights
Intent We know that To err is human, so everybody cant be given rights to do anything neither in social life nor in our systems/applications. Hierarchies are always there to control or restrict actions of users. If you have used Administrator/User hierarchy in your code/test you may ask following questions: Administration 1. Administration management Administrator role management How is new administrator created Can it be deleted Can new administrators be created Any roles/groups as role for component management only, user management only etc. Password management Default password? Change password facility?
w w w . T e Wwwg C i r c u s . c o m stin
January 2011
Page - 19 -
<Associated Pattern: Password Management> 1. Can an administrator create the sub administrator? If yes what all rights given to them to differentiate between administrator and sub administrator. 2. Whether the rights have been divided into separate groups like basic, advanced etc.? Usage 3. Can a user define roles for herself? 4. Can a user create groups for herself? 5. Whether the user can view/modify her own rights or only administrator can take care of this? 6. There should be a limited no. of groups etc.( user is not supposed to create a different group for each role). 7. Can a user account temporarily be locked? UI 8. How the rights of a user may be viewed and modified? 9. Can the administrator see the rights given to each user on a single screen (like in tree structure etc.)? 10. Can administrator make the same modification on more than one user/group simultaneously? Security 11. Number of users to access a resource, file etc. can be restricted or not? 12. Can a user be restricted from not using certain privileges? 13. Whether the Read/Write accesses etc. are being taken care? Performance 14. How much time will it take to show the different screens of user right policies? 15. How much time will it take to add/delete/modify roles to users?
Search
Intent Search is the only way to find the existence or non-existence of a record. Search is every there whether it is in a database, in a document or it is a web-search. If you are using Search in your code/test you may ask following questions: Administration 1. Who can perform the search (only an administrator, a user or certain right is to be given for search)? Usage 1. 2. 3. 4. 5. Does it search on exact matching string? Does it allow wild card search? What are the wild card characters that are recognized? Is wild card substitution for single alphabet/numeric or string recognized? When more than one search criteria is allowed does it allow OR or AND of the conditions? January 2011 Page - 20 -
w w w . T e Wwwg C i r c u s . c o m stin
6. Can all kind of operators (relational, logical) be used in search query? 7. When using the relational operators for search on alphanumeric characters, what is the behavior? 8. Does it allow specifying default sort order of the search results? 9. In case of search criteria being a date/time, does it recognize a specific format or all the formats? 10. Does it allow search in both directions (up and down)? 11. Is the search criterion case-sensitive? 12. Can we define the search area (eg. from line number n1 to line number n2)? 13. What is the behavior of search in case of check boxes are used in the search form? 14. Is the search possible on each component of the application or not? 15. Can search results be saved in a different file or not? UI 1. Does it give a correct error message when no matching entries are found? 2. When more than one entry satisfies the search criteria does it allow complete navigation between the entries? 3. Does it give an error message in case a wrong/invalid format is specified in the search criteria? 4. If we give wrong search condition then what happens? It simply shows no result or an error message appears? Security 1. Are different levels of search used (eg. An administrator can see all the records of an employee but a user is restricted to some of the records). Performance 1. If the search result shows 10,000 or 1,00,000 records then how much time will it take? 2. What happens if we give a very complex query in search condition? 3. What happens if we join contradictory queries in search condition? Other Suggested Patterns Some other useful patterns could be: UI Pattern (list handling) Groups and templates Error reporting/logging Web related: Java Applets/HTML pages/ASP/JSP/CGI Installation
Vipul Kocher is the Cofounder and Co-President of PureTesting. He is a person with deep and passionate interest in software testing which also happens to be his profession. His other areas of interests are Science Fiction, Archaeology, History of Ancient Bharat, Religions. In his own words Too many interests, too few skills.
w w w . T e Wwwg C i r c u s . c o m stin
January 2011
Page - 21 -
Q: How many software testers does it take to change a light bulb? A: None. Software testers just noticed that the room was dark. Testers don't fix the problems, they just find them. Q: How many Developers does it take to change a light bulb? A: What's the problem? The bulb at my desk works fine! Q: How many programmers does it take to change a light bulb? A: NONE! That's a hardware problem....
w w w . T e Wwwg C i r c u s . c o m stin January 2011 Page - 22 -
The Introduction Tanash Ramuk is a 23 yr old Software Test Engineer. Having completed his degree in computer engineering a couple of years back, he joined a start-up and was recently laid off. 2 Days back, he got a call from Ele Info Systems, a huge off-shoring software services company known for providing testing services and which could also boast of becoming a 1 billion $ company from a 1 $ company. Hes promised to write to us regularly about his adventures with Ele Info Systems and heres what he wrote to us this week. On how they recruited him. Chapter 1 - The Recruitment When Tanash arrived at the walk-in event, he found himself face-to-face with 1 of those pretty looking member of the HR dept. She was given the job of screening resumes. Observing her from a distance, Tanash understood that she was given the job of rejecting applicants, who did not have --- an engineering degree, less than 60% marks in their degree, people who could not talk proper English. He also understood that they were hiring for testing positions. Tanash slipped in his resume to her and was happy on being shortlisted for the test. He was asked to sit in a room with another 1000 grads. Looking at the other people who were writing the test, this is what he saw --- some of them were attending the test to try and get the job, some of the were there to practice for their CAT exams, some of w w w . T e Wwwg C i r c u s . c o m stin January 2011 Page - 23 -
them looked like wanting to work for pocket money, some of them were there to fund their MBA exams and classes. His eyes were unable to spot a person for whom testing was a passion, in the crowd of 1000 people. Silence --- boomed the mike. Another guy well dressed with a tie took the mike and announced that they were going to hand out question papers. Tanashs 1st test lasted 50 mins, 25 questions. He had to solve aptitude problems. Tanashs 2nd test lasted another 50 mins and another 25 questions. The questions reminded him of an English test from his school. All questions were objective type questions. 3 hours later, Tanashs joy grew. He was selected for the interviews scheduled for the afternoon. Round 1 His 1st interviewer introduced himself as a senior Test Lead having 4.78 yrs of experience. Top 3 questions from the interview were:1) On Software definitions what is grey box testing? What is the difference between grey box and white box testing? What is the difference between smoke testing and sanity testing? What is break-in testing? What is the difference between component integration testing and system integration testing? 2) What is the Requirement Traceability matrix? 3) Tell me about the Defect Life Cycle and the project life cycle Round 2 The 2nd interview was conducted by the manager. The manager initially talked for 10 minutes about himself and the next 5 mins about how challenging it was to work for this company. Some words he used were cutting edge technology, out of the box thinking, high-skilled leadership, Browser Wars, etc. Tanash was wondering if he was being interviewed for some battle. Top 4 questions from the managerial round:The italics are Tanashs thoughts on the reply. And the bold ones is the gist of what he said. 1) Why do you want to join us? (Obviously coz am out of a job) I have always wanted to join a company which has become a market leader. w w w . T e Wwwg C i r c u s . c o m stin January 2011 Page - 24 -
2) What do you expect from us? (US, Onsite and lotsa pretty babes).. A challenging career, working on the latest software and brightest minds, yada yada yada!!! 3) Where do you see yourself in 5 years from now? (@ Whoever pays me what I ask for!!!) Id see myself having experience on the latest technologies, leading a team and mentoring other new joiners. 4) What can you do for us which the others cannot? (How would I know? I dont know who else applied) Be more industrious, offer more due to my selflearning abilities, my better writing abilities etc. Round 3 - HR And the HR round they were only interested in his pay. He felt like he was bargaining to a vegetable vendor across the street. He felt like a resource while talking to them and not like a humanJ!!! Top 2 questions from the HR interview 1) Whats your ideal job? (Money, Money and more money!!!). --- Working in a fun environment, with the ability to contribute towards the team goals. The atmosphere should be competitive, and should reward quality!!! 2) Why do you think you previous manager is a good manager? (What makes you think hes one? All managers are Jerks and should be fed to the sharks!!!) --- Coz hes a thought leader and he has been able to effectively mentor and guide me, without passing on any kind of pressure down to me. 2 more hours later, they promised that the offer letter would arrive in a weeks time!!! Only Tanash knew how he came through the tests and interview He was able to Google the questions and answers the previous day. Tanashs adventures would continue. Hes promised to write to us about his adventures!!! Can you identify what you think are fake practices in the above story?
***All characters and organizations mentioned are imaginary, and any resemblance to real persons or organization is entirely accidental. - Testing Circus Editorial Team***
w w w . T e Wwwg C i r c u s . c o m stin
January 2011
Page - 25 -
Objective: Development and testing team have to work together in achieving the single goal of delivering quality product in predefined time line. It is a two way process. Problem1: Defect Reporting/Unacceptable Defect Solution: An accurately communicated defect plays a major role. Testers have to see how precise they are explaining the defect to development team. Before reporting w w w . T e Wwwg C i r c u s . c o m stin January 2011 Page - 26 -
testers should reproduce the bug at least twice and report it in well documented format. The template/tool used for reporting the defects should include clear description of defect, sufficient steps to reproduce, exact error messages, priority, severity with references to specifications. Tester should also share the screenshots/logs, examples etc. for ready reference and better understanding of defect for developers. Testing team should ensure that the defect is communicated within the agreed timelines to the development team. A defect reported well in time pays long to the team. A defect may become invalid for the development team after a certain period.
Problem2: Defensive Development Team Solution: Testers are sometimes seen as pain in neck by development team. It is testers job to find the defects. Development team should not be cynical as it is not always developers fault. Both the teams should not indulge themselves in cold wars. Defects may occur because of several reasons like environment problems, documentation or data, improper requirement gathering etc. Developers should not take it in person .It is the imperfection of the application and not theirs. They can very well analyze the defect, notify the grounds for the defects and fix them.
w w w . T e Wwwg C i r c u s . c o m stin
January 2011
Page - 27 -
Solution: Team leader should possess good communication and interpersonal skills so that he can handle conflicts, motivate team members and if required escalate the issues in the application to the Client. He needs to allocate task to all Testing Team members and ensure that all of them have sufficient work in the project. The task allocation should be well communicated to the team so that everyone is aware of their work priorities. Team leader should raise the concerns of testing team to management in a timely manner. Effective communication of team leader creates a health environment and boosts the morale of testing team members. Team leader should frequently give feedback to his team members about their work and should mentor team that how new techniques tools, processes can be implemented. Communicating with client needs effective choice of words as project success gets impacted because of miscommunication.
w w w . T e Wwwg C i r c u s . c o m stin
January 2011
Page - 28 -
CERTIFICATE OF ZERO DEFECTS: Testers sometimes are considered to be the final authority of the successful completion. Testing comes at the end of the life cycle. It is done to ensure the quality but tested product is not a certificate that the product delivered is a zero defect product. Team can follow numerous processes to minimize the defects as much as possible. It is always better to deliver the product with a list of known bugs instead of hiding or not revealing them to customer. LAST MINUTE CHANGE: Sometimes user demands changes at last moment. Our aim is to satisfy customer in all respects but delivery team should understand the impact of change before accepting the change for current release. If impact is high then it should be taken as change request rather than including the change and hastily testing the product to meet timelines. TESTING TIME CRUNCH: Testers often have to face the situation where testing time is bought by development team and the duration for testing time gets reduced. It is very important for the testing team to communicate a time line beyond which they cannot cut down their time and delay in product delivery for testing, will impact the quality of end product.
Deepti Miglani has over 6 years of IT experience in Testing and support functions, currently employed with HCL Technologies Gurgaon as a Senior Test Engineer in ECMP domain. In her free time Deepti likes to read and listen to music.
To one side from removing bugs and usage of tools in the software testing we should also work upon eliminating flaws in our communiqu capability to make the testing process more competent.
w w w . T e Wwwg C i r c u s . c o m stin
January 2011
Page - 29 -
w w w . T e Wwwg C i r c u s . c o m stin
w w w . T e Wwwg C i r c u s . c o m stin
January 2011
Page - 31 -
Over the last couple of years, Santhosh Tuppad has come to be known for his testing skills, winning bug battles & testing competitions across the world. He is an avid testing blogger, testing enthusiast who organizes monthly meets for testers in Bangalore & Chennai. He loves being hands on. While many youngsters of his age are thinking about job security, Santhosh was game to start his own testing services. Santhosh got into testing because his girl friend wanted to. He thanks his girl friend so much today. Santhosh blogs at http://tuppad.com/blog
Through cross site scripting attackers could steal someones cookie information and take the access of the particular session In a chat conversation if HTML tags are executed then it might result in different problems like, sending large font size text entering malicious javascript and making the chat application to stop functioning [ Javascript if not ended properly might stop the other part of the code from execution sometimes ] And many more problems depending on various factors / parameters Some of the tools / utilities / add-ons that can be of help to you in starting with Security Testing, Fiddler / WireShark Mozilla Firefox add-ons Firebug, XSSme, Hackbar and many more which you might want to explore TestersDesk.com In Miscellaneous Toolkit you can find SQL Injection tool FireSheep by Eric Butler Reading articles / books on Security Testing Others are for you to explore These are very few techniques that the author has shared. In the Part II, Santhosh Tuppad will be talking about more security testing techniques and approaches. Stay Tuned! Editor.
w w w . T e Wwwg C i r c u s . c o m stin
January 2011
Page - 32 -
Mohinder Khosla
BIO: Provide consultancy in Business Analysis, Data Modelling,Test management and Application Support for major platforms. 212 following 195 followers 20 listed http://twitter.com/mpkhosla
Lanette Creamer
BIO: Software tester, writer, presenter. 386 following 950 followers 115 listed http://twitter.com/lanettecream
w w w . T e Wwwg C i r c u s . c o m stin
January 2011
Page - 33 -
Moolya Testing
BIO: Moolya Software Testing Pvt.Ltd. is a brainual software testing services organization offering Offshore testing, Exploratory Testing, Check Automation & more. 0 following 45 followers 2 listed http://twitter.com/moolyatesting
w w w . T e Wwwg C i r c u s . c o m stin
January 2011
Page - 34 -
Sr. Steps to Execute No. 1 Check the color of the pen. 2 3 4 Check the Logo of the pen maker. Check the grip of the pen. Write in different surfaces like plane paper, art paper etc. Check whether cap is present. Check the Hanger in cap. Check the fitting of the pen cap with the body. Check whether pen is writing in any climate (hot and cold). Check the ink storage/refill in the pen. Check the volume of ink in the refill. Check leakage in refill of pen.
Expected Result The color should be grey. Actual brand logo should be printed on the pen. The pen should not slip when user writes. The pen should write on all paper surfaces such as plane paper, art paper etc. The cap should be present with pen. Hanger should provided in the cap Body of the pen should perfectly fit with the cap of the pen. It should write smoothly in any climate. Refill/ink storage should be present in the pen. Refill should indicate the availability of ink (full/empty etc). Pen refill should not leek.
5 6 7
8 9 10
11
w w w . T e Wwwg C i r c u s . c o m stin
January 2011
Page - 35 -
12 13 14 15 16
Check the color of ink. Check the Size of nib. Check whether the pen can write in any angle. Check the quality of the material of the pen. Check if the ink blots the paper.
Color should be blue. Size of the nib like 0.5mm. Pen should write in any angle. Pen should not break if it falls from 2 meter height. Pen ink should not blot on the paper.
*Actual Results are written when you get to test the actual stapler.
In this section we will practice to write test cases on various items, objects and applications. We do not claim that test cases written here are exhaustive. It is just to give ideas to testers, beginners on how to approach for writing test cases. Readers are encouraged to share their views on the test cases. Editor
Naresh Bisht has 3 years experience in Software Testing. He has hands on experience in both manual testing and automation testing using QTP. He is currently employed with HCL Technologies, Gurgaon. Naresh can be reached at
http://twitter.com/Naresh_Bisht
w w w . T e Wwwg C i r c u s . c o m stin
January 2011
Page - 36 -
w w w . T e Wwwg C i r c u s . c o m stin
January 2011
Page - 37 -
Also there were key notes topics where participants would share their thoughts on self proposed topics. These topics were not decided by NCRTMM organizers. Each speaker was given 5 minutes to sum up their thoughts.
There were goodies presented from the venue organizer Impetus Technologies. The meet was concluded with lunch. The next meet is scheduled on 15th January at Nextag Software and Services, Gurgaon. For more information visit http://ncrtesters.blogspot.com
Check out software testing trends for 2011 that will make a significant impact on the testing scene IT applications are increasingly constituted of complex business processes and are becoming more intricate and inter-connected. This aspect, combined with the pressure to reduce IT spend, is forcing enterprises to look for alternate ways to manage their growing portfolio of requirements; such as streamlining the quality processes, increasing the degree of test automation etc. In this context, I would like to briefly touch upon a few of the software testing trends for 2011 that I believe will make a significant impact on the testing scene. Key trends for 2011 Testing on the Cloud: To minimize test environment expenditures and gain better control of their IT resources, companies are beginning to take advantage of a delivery model known as cloud computing. In cloud computing, applications and information are provisioned on-demand, as a shared resource. Cloud architecture can be set up as w w w . T e Wwwg C i r c u s . c o m stin January 2011 Page - 38 -
a public cloud with services dynamically delivered from a third-party provider hosted outside of the firewall; private cloud where a cloud-like architecture can be set up over the companys private network (inside the firewall); or a hybrid model utilizing a combination of internal and external providers. Traditionally, IT would have had to purchase additional server capacity and deploy it in their test environment, requiring added staff and extra maintenance expenses. Using the cloud architecture, IT managers are now able to quickly replicate their application test environment on the cloud and have the capacity they need on-demand. Companies are still cautious about moving all of their mission-critical applications to the cloud. Agile Testing: Agile development methodology took the IT world by storm when it first emerged nearly 10 years ago. Organizations turned from waterfall and other traditional development methodologies to agile, hoping to improve business responsiveness, make their applications more adaptable to changing market conditions and enhance the quality of their IT systems. But these organizations are finding their own, unique forms of agile. Many organizations find success in taking the best of traditional methodologies and applying them to their agile projects, creating a unique hybrid model that works for them. Agile Testing does not emphasize rigidly defined testing procedures, but rather focuses on testing iteratively against newly developed code. Quality is achieved from an end customers perspective. Agile brings the development and testing functions closer together, but it does not automatically turn developers into good testers, or make testers more familiar with the development process. Organizations need to take a closer look at the skill sets required by the testing team to effectively support agile methods. Agile testers need to be more versatile than traditional testers. On the one hand, they must be more technical, more familiar with development practices, and comfortable with using non-traditional test automation tools to validate Graphical User Interface (GUI)-less applications. On the other hand, they need to be close to the business to understand the requirements, work with end-users throughout the project, react quickly to change and tie application quality directly to business value. Right Information at the Right Time: As James Whittaker, an international speaker once pointed out: Information is at the core of everything we do as software testers. The better our information about what the software is supposed to be doing and how it is doing it, the better our testing can actually be. I find it unacceptable that testers get so little information and none of it is specifically designed to make it easier to do our jobs. I am happy to say that this is changing... rapidly.... and that in the near term, we will certainly be gifted with the right information at the right time. This is definitely one of the trends that will change perceptions in 2011. Skilled Testing resources: Organizations are constantly on the lookout for better skillsets and test profiles that can add real value to improving the quality of software. In the past, the development team would typically test the systems they developed. Today, the profile of a tester is changing rapidly and organizations prefer testers who w w w . T e Wwwg C i r c u s . c o m stin
January 2011
Page - 39 -
bring both strong technical skills and the relevant domain and business knowledge to the table. In addition to being knowledgeable about automation technologies, testers today are able to understand the purpose of business solutions & requirements and contribute intelligently to improving the quality of the system. They are also able to provide actionable analysis to the development community, for faster resolution of defects. Testing is increasingly seen as being closer to the business and considered a very progressive career path with multiple roles and responsibilities. Analytics / BI (Business intelligence) Testing: In today's fast paced business environment, it is almost always an unstated fact that the success of any BI (Business intelligence)/ Data Warehouse solution lies in its ability to not only analyze vast quantities of data over time but also to provide stakeholders and end-users meaningful options that are based on real-time data. This requirement mandates an extremely efficient system that can extract, transform, cleanse and load data from the source systems on a 24/7 basis without impacting the performance, scalability or causing system downtime. One of the key elements contributing to the success of a BI (Business intelligence)/Data Warehouse solution is the ability of the test team to plan, design and execute a set of effective tests that will help identify multiple issues related to data inconsistency, data quality, data security, failures in the extract, transform and load (ETL) process, performance related issues, accuracy of business flows and fitness for use from an end user perspective. The primary focus of testing is usually on the ETL processes. This includes, validating the loading of all required rows, correct execution of all transformations and successful completion of the cleansing operation. The team also typically thoroughly tests SQL queries, stored procedures or queries that produce aggregate or summary tables. Keeping in tune with emerging trends, it is also important for the test team to design and execute a set of tests that are customer experience-centric. Reusability of testing assets: Organizations are investing time in quality solutions where they reuse 45-60% of their testing assets, leading to increased testing efficiency, high level of test case automation and shorter testing cycles. Test automation solutions: Organizations are investing on resources to implement test automation solutions to increase time to market, save money, improve accuracy, increase test/requirement coverage and improved team morale. Summary: Many of the trends outlined in this paper are fast being seen as business-asusual practices today. However, these trends are still evolving and lean towards bringing in measurable gains to the business community, so the budgets for IT testing are justified.
http://www.ciol.com/Developer/Testing/Feature/Trends-in-software-testing-for-2011/145154/0/
w w w . T e Wwwg C i r c u s . c o m stin
January 2011
Page - 40 -
Jaijeet Pandey has over 5 years of experience in Application Development, Maintenance and Testing. From more than last 3 years he is involved in automation testing with QTP and Load Runner tools. He also teaches QTP on weekends. He is currently employed with Birlasoft, Noida. He can be reached at
http://twitter.com/jaijeetpandey
Problem: There is a link on webpage, when I am moving mouse over the link, color of link gets changed. How do you check the change in color after moving the mouse over the link? Navigate to url http://indianrail.gov.in/ Hover the mouse over any of the link in left pane and see how color changed. Solution: Here is the solution color_before=Browser("Welcome to Indian Railway").Page("Welcome to Indian Railway").Link("Availability at Major").Object.currentStyle.color Setting.WebPackage("ReplayT ype") = 2
Browser("Welcome to Indian Railway").Page("Welcome to Indian Railway").Link("Availability at Major").FireEvent "onmouseover" color_after=Browser("Welcome to Indian Railway").Page("Welcome to Indian Railway").Link("Availability at Major").Object.currentStyle.color Setting.WebPackage("ReplayType") = 2 msgbox color_before&" "&color_after The same way you can find the Font Size, Font Name etc. Browser("").Page("").Link("").Object.color Browser("").Page("").Link("").Object.fontSize Browser("").Page("").Link("").Object.fontFamily Browser("").Page("").Link("").Object.backgroundColor
w w w . T e Wwwg C i r c u s . c o m stin
January 2011
Page - 41 -
Name Erkan Yilmaz Organization Yilmaz Consulting Role/Designation Shareholder, Evangelist Location Karlsruhe, Germany
After working as Quality Manager for a German IT company, Erkan Yilmaz will make customers happy with his consulting company. In his free time he deepens his interest in systems thinking and history. Email ID erkan77@gmail.com
January 2011
Page - 42 -
A: Don't stop learning (e.g. engage in systems thinking)! Interact with people (from your field) outside the company! You will make errors but always be open about it! Q: Where do you see software testing in next five years? A: I see the rise of many Jane Doe + John Doe, providing inputs for others in the software testing field. I see how tester clouds will gain importance thus helping other testers to improve their skills. I also see better quality for open source software, since it is one good way to train testers in bug reporting. And this will help software testing in getting more acceptance + recognition (as a cognitive task). Q: What qualities will you look for in a candidate when you want to recruit someone for software testing job? A: I look how people approach problems. Since candidates are generally nervous at the beginning I give them items they are familiar with (pencil, pen, puncher, the chair they sit on ...) + ask them to evaluate these. Later I want to see them working on a task that they actually expected (a software task). Apart from that I also look if they are honest how they present themselves. My advice for the interview: also swap tables and ask for the interviewer's opinion. Don't forget: the company must also suit you! Q: Your weekend routine? A: Talk with friends, listening to erhu + haegeum music + with a fresh coffee might even finish a book. Q: Movie you would like to watch again? A: Gladiator + from Bollywood genre: Kabhi Khushi Kabhie Gham. Q: I am a social networking site geek Or I hate facebook /orkut / twitter? A: I use twitter + I'm using IRC a lot. I'm also enthusiastic about wikis (Wikipedia, Wikiversity, ...).
Speed up your Testing Career. Take Online Trainings on Software Testing !!! www.BestSoftwareTesting.com
w w w . T e Wwwg C i r c u s . c o m stin January 2011 Page - 43 -
We are inviting at least one representative from each IT organization where testing is practiced as an independent activity different from development. These TCRs will help us in bringing in more testers to Testing Circus; to read, contribute and to share knowledge on software testing. We will publish a list of TCRs in this magazine. Write to us (tcr@testingcircus.com) with your organization name and location. Our team will contact you to work further in this area. Independent test consultants and freelance testers are also encouraged to apply.
w w w . T e Wwwg C i r c u s . c o m stin
January 2011
Page - 44 -
Wanted A Designer for Testing Circus who can help us with the design and layout of the magazine. Also send your article for our next issue. Write to us at editor@testingcircus.com
www.TestingCircus.com
http://www.Twitter.com/TestingCircus
w w w . T e Wwwg C i r c u s . c o m stin
January 2011
Page - 45 -