Tag Archives: design

Software testing lifecycle: Dealing with security

Addressing security is an essential step in the software testing lifecycle. Yet many QA professionals remain reluctant to assume some responsibility for it. Although security testing can be complex, it is important for software testers to understand the security risks of the applications they test and acquire skills to develop test cases that will expose security vulnerabilities. In this tip, we will look at ways the software test professional can get started with risk-based security testing.

Risk-based thinking
As technology has evolved, security has become an increasingly large concern in the software testing lifecycle. With increased connectivity using the Internet, smartphones, refrigerators, cars and devices of every sort, the risk of security breaches increases, too. At the same time, the growing complexity and extensibility of systems adds to security testing challenges.

As SearchSoftwareQuality site editor Jennifer Lent writes in "Security testing basics: QA professionals take the lead," test professionals are being asked to assume some responsibility for security testing basics. Testers need to use risk-based thinking to assess areas of the code that are at highest risk for security breaches. Start by understanding the probability that a breach might occur, as well as the potential impact of a breach. Areas at highest risk are those with the greatest impact and greatest probability of occurring.

In order to address security concerns most effectively, testers need to work closely with developers, and that involves some exposure to the code. The entire team should be thinking about security early in the development cycle. Requirements and design need to take security into account, and unit testing must be expanded to include security tests.

The first step is to understand the business risks that might be exposed by the application. Is there a possibility of a financial loss? Is there a security exposure that might result in a liability? Tie technical risks to the business. What business losses could potentially result from a technical failure?

Understanding common attacks
Software developers often use patterns to group areas of commonality. There are design patterns, code patterns and also attack patterns. CAPE (Common Attack Pattern Enumeration and Classification) International provides a community-developed taxonomy of common methods that exploit software. As technologies evolve, so do the attack patterns, so the list is constantly changing. However, it is useful for software testers to become familiar with the top attack patterns and understand the circumstances in which they occur.

Understanding attack patterns will help you see where your code is most vulnerable and who is most likely to attack. Once you understand this, you will be able to put the proper defense mechanisms in place.

Web-based applications are easy targets for security breaches, so those who test Web-based applications should understand some of the most common types of attacks, such as SQL injections or cross-site scripting errors.

Checklists, tools and other resources
Another technique used to uncover security risks is using a checklist to help evaluate the security of your application. For example, this Security At a Glance checklist checks things such as financial loss, number of users, security policies, use of logins, security training and so on. This list is included in the book Secure Coding: Principles and Practices.

Of course, there are a variety of tools that will help with detecting security vulnerabilities as well. Static code analysis tools scan an application and highlight possible vulnerabilities in the code. Other resources include OWASP, the Open Web Application Security Project, which provides the global community with insights into security risks. The OWASP website offers a wealth of information for the security tester and includes many educational resources to help software professionals stay informed, including a Getting Started page, which will help those who are new to the field.

Source: http://searchsoftwarequality.techtarget.com/tip/Software-testing-lifecycle-Dealing-with-security

Did you like this? Share it:

MobileFirst: IBM asking companies to design mobile applications first, rest later

ING Vysya Bank BSE 0.83 %, with around 500 branches and an additional 500 ATMs, is too small to compete with the banking titans directly. So it does what small companies do in such situations: use tact and finesse to lure and retain customers.

The bank was evaluating technology options to use mobility as a strategic edge, when it was attracted to an Israeli company, Worklight. This startup, set up in 2006, had a useful piece of technology.

It enabled companies to create, in one seamless process, an application that could work in any device: a laptop, iPad,iPhone, Android phone… Its capabilities were impressive, but there was one problem.

Worklight did not operate in India. This was in early 2012. Soon after, ING VysyaBSE 0.83 % heard an interesting piece of news: IBM was acquiring Worklight.

IBM, which had worked hard to build formidable products and services in cloud and analytics, had suddenly found itself inadequate in mobility, a rapidly-emerging area that was becoming a conduit to these two businesses.

With IBM having a substantial presence in India, ING signed up with Worklight quickly. IBM went on to acquire more companies, totaling 10 in the mobility space in four years, and launched a brand called MobileFirst on Thursday last week.

"We are planning to double investments in mobility this year," says Ed Brill, director of IBM Mobile Enterprise Marketing. MobileFirst, as the name implies, asks companies to turn their current development philosophy on its head.

MobileFirst: IBM asking companies to design mobile applications first, rest later

Instead of making mobile applications an extension of their desktop software, IBM is asking companies to design mobile applications first and then think about the rest later.

For them to do this well, IBM has spread a splendid set of tools: a mobile development platform, a security platform, a mobile device management product, mobile analytics, an ecosystem which includes service-provider A&T (only in the US) and universities, and a plethora of services around of them.

Although not mentioned explicitly, it would include a cloud service also, often serving as a critical part of mobile services. Mobility is now considered as one of the mega trends affecting the IT industry, on par with three trends that defined and directed it earlier: Mainframe, client-server and Internet.

Many chief information officers and analysts now bundle mobility with other recent developments like social, cloud and analytics. These four trends are together called SMAC, a term that describes the close association between social, mobile, analytics and cloud.

All four areas are bustling with startup innovation. Big IT companies are watching them closely. Mobile applications have been growing slowly over the last decade, but mobile commerce had not, till recently.

Phones were not good enough then. The networks were slow. Enterprises had legacy applications that were not easy to extend to a mobile. So you could, in theory, buy stuff on the mobile or do other financial transactions, but customers were often put away by the poor experience.

Source: http://economictimes.indiatimes.com/tech/software/mobilefirst-ibm-asking-companies-to-design-mobile-applications-first-rest-later/articleshow/18666952.cms

Did you like this? Share it:

IBM Dives Head First Into Mobile

IBM moves into mobile

IBM last week unveiled an expansive new strategy to deliver mobile business solutions under MobileFirst, its new brand of software and services for delivering apps on smartphones and tablets. With MobileFirst, IBM seeks to bring together all of the elements required by an enterprise to successfully roll-out mobile solutions, including development, deployment, device management, and security tools. And, IBM being IBM, it also includes a healthy dose of professional services, but no apparent IBM i hooks at this time.

MobileFirst is an umbrella brand that brings together many pieces of software that already existed in IBM’s portfolio, but it introduces some new software as well. There are literally dozens of products parked under the new MobileFirst banner, including products from familiar IBM brands like WebSphere, Rational, Domino, Tivoli, and Cognos. Recent IBM acquisitions, like Q1 Labs (security), Emptoris (expense and expenditure management), and Tealeaf (customer experience management) also play a part.

IBM breaks MobileFirst products down into four main categories, including MobileFirst Platform, MobileFirst Security, MobileFirst Management, and MobileFirst Analytics. Within these four, there are no less than 28 individually named products and services sitting under Big Blue’s new mobile umbrella. Simplicity has never been IBM’s strong suit, and apparently it’s not going to start now.

The key product under the new MobileFirst Platform is Mobile Foundation, a pre-existing suite that previously combined three tools but now appears to sport only two: Worklight, an HTML 5 mobile application development and runtime environment that includes a Java-based server component and an Eclipse-based studio; and WebSphere Cast Iron, an integration framework for connecting on-premise and cloud applications and systems.

Worklight, you will remember, is on the short list of IBM apps that several prominent IBM i experts, including Roxanne Reynolds-Lair, the Power Systems champion and CIO of the Fashion Institute of Design and Merchandising, want running and supported on IBM i. The work done by Reynolds-Lair and another Power Systems champion, Steve Pitcher, were instrumental in getting other new IBM offerings supported on the platform, including Notes Traveler and IBM Connections, both of which IBM has committed to supporting on IBM i.

And lo! What do we have here but an IBM announcement letter on February 19 for Worklight version 5.0.6. Could it, would it, include a statement of direction in support of IBM i? As diligent readers scroll down, they read:

"IBM intends to provide additional platform support for the IBM Worklight product offerings in response to customer feedback and market demand…IBM anticipates extending support to IBM System z hardware and the IBM z/OS operating system in the future." Actually, IBM committed to supporting z/OS with Worklight back in September, so this isn’t news. What is disheartening is that Worklight apps can be served up from z/OS, Windows, AIX, Solaris, Linux, and Mac OS–every "major" business OS but IBM i (and HP-UX).

Worklight isn’t the only component of MobileFirst Foundation. IBM CLM [collaborative lifecycle management] suite, which in turn is composed of Rational Requirements Composer, Team Concert, and Quality Manager, is also a part of MobileFirst Foundation. Others include Rational Test Workbench; Web Experience Solutions; Lotus Domino Designer; and WebSphere MQ.

MobileFirst Management is based largely on IBM Endpoint Manager for Mobile Devices, which previously was called just Endpoint Manager when it was part of the Mobile Foundation. Endpoint Manager is a Windows/SQL Server-based app that enables businesses to adopt "bring your own device" (BYOD) strategies, and supports all popular mobile platforms, including iOS, Android, Blackberry, Windows Mobile, Windows Phone, and Symbian. MobileFirst Management also includes Tivoli Netcool/OMNIbus, WebSphere Datapower, and Emptoris Rivermine Telecom Expense Management.

MobileFirst Security includes a new release of Security AppScan that has been gussied up to spot potential vulnerabilities in iOS apps; it previously supported Android. The Security Access Manager for Cloud and Mobile component delivers single sign on (SSO) capability for mobile apps–definitively a nice thing to have in enterprise environments. Integration with the security information and event management (SIEM) product QRadar is also part of MobileFirst Security, turning tablets and smartphones into listening posts to detect the activities of hackers and cybercriminals, while Mobile Connect establishes a virtual private network (VPN) connection between a mobile device and a server.

On the analytics front, IBM has crammed several apps into MobileFirst Analytics boat, including: Tealeaf CX Mobile, for detecting potential problems in the mobile user’s experience; Mobile Commerce, for mobile e-commerce; and Cognos Mobile, for accessing Cognos reports, dashboards, and metrics from mobile devices.

Bringing all these tools to bear on customers’ mobile strategies may be difficult, but never fear: IBM Global Services is here! MobileFirst has a wide array of services components, including: mobile application development; integration with back-office systems; infrastructure and planning; network integration; running mobile apps from the cloud; and embedding unified communications and collaboration (UCC) capabilities into mobile apps.

IBM also unveiled a new partnership with AT&T to integrate Worklight apps with AT&T’s cloud APIs. There’s also a new program called "Ready for IBM MobileFirst" to get ISVs going with the new brand, and new initiatives with colleges, too. IBM financing also got into the MobileFirst act.

It is almost as if every department in IBM gets to play a part in MobileFirst, which is undoubtedly what led IBM to call MobileFirst the first "true end-to-end mobile solution" that businesses can use to "transform their entire business model." Considering that most of the tools already existed in IBM’s portfolio, that claim is a stretch. (It is even more of a stretch unless IBM has done the hard work to integrate the tools, not only from a functional aspect, but from a licensing aspect, too). Every organization will have specific needs as it relates to mobile, so there will never be a one-size-fits-all solution, despite whatever messaging IBM’s marketing committees agree on.

With so many components in MobileFirst, it is likely that any given organization will find something that addresses at least some their mobile needs. And customers can even look outside of the MobileFirst family, to tools such as Rational Application Developer and Rational Business Developer, which gained Dojo X Mobile support in 2011, but which missed the first departure of the MobileFirst train.

It is clear that MobileFirst represents the product branding that IBM is using for its smartphone and tablet computing solutions, and it will undoubtedly evolve in the future. Now all that IBM needs to do is support IBM i with Worklight–the foundational element of MobileFirst–and it will have piqued the attention of 150,000 of its best customers.

Source: http://www.itjungle.com/tfh/tfh022513-story05.html

Did you like this? Share it:

Data Integration is Key Tech Need in 2013

In the past few years, many marketers have tested multiple kinds of campaign management tools, and that has created a multitude of unwieldy data silos.

“Marketers are struggling with integration issues,” says Michael Della Penna, senior vice president, emerging channels, Responsys. “They’re looking for a solution that can collect critical social data and make it actionable.”

This means that integrated solutions will be a key area for tech spending, says Della Penna, who notes that 2011 was very much a testing phase for social media.

“It wasn’t unusual to talk to a brand that has three campaign management tools in place, testing which is the best tool for them,” he says, noting that many tools initially just focused on one specific area, like email or social listening. “But by the end of 2012, many of these tools started morphing and increasing their offerings to increase revenue by account.

Now, brands are realizing that they don’t need three of the same thing, and will look to consolidate into the one that best meets their particular needs.

Where else will marketers focus their  tech budget dollars this year?

Orchestration will be key in 2013, says Della Penna. “All of the different channels [available] have created issues—customers are seeing different voices in different channels, and brands need to be creating messages in a more coordinated way, timed to where the consumer is in the buying process.”

Tied into this is optimization and responsive design, considering how customers experience things in different channels and making sure emails are rendered properly for viewing on a multitude of devices, he adds.

Optimizing systems to deliver localized targeting will also be a key area, as marketers try to take advantage of locally relevant social data. “A lot of social data is unstructured, so the challenge is making this data useful in campaign development.”

Marketing automation has provided amazing results for many firms, and there is a trend to extend that beyond email into other channels, such as display, where what ads are pushed to website visitors can be automated based not only on behavior but whether the prospect has already converted.

“We can pull those who have converted out of market so clients are not wasting money trying to contact them,” he says, noting that display has been making a comeback. “There’s a huge interest in display retargeting, building strategies that are different between known and unknown users for contextually relevant offers.”

On the mobile front, there is a renewed interest in technology to enable SMS. “It’s the workhorse of mobile, and brands are now coordinating it with other channels for things like notifications about product availability or confirming purchases,” says Della Penna. “There’s particular interest in tools to push relevant offers such being able to leverage [the iOS application] Passbook to push out a coupon.”

Is getting C-level buy-in for marketing tech expenditures becoming easier? Della Penna thinks so. “The CMO and CTO relationship is changing. There is rarely a situation where we don’t have IT involved at some point in the buying cycle, and all disciplines are working more closely together.”

The way B2B and B2C firms are looking at marketing tech isn’t all that different, he adds. “The scale just varies. In B2B there may be more of a focus on live events and face-to-face but it’s all about focusing on knowing the customer better and then reaching them at the right touch points.”

Source: http://chiefmarketer.com/database-marketing/data-integration-key-tech-need-2013

Did you like this? Share it:

7 programming myths — busted

Even among people as logical and rational as software developers, you should never underestimate the power of myth. Some programmers will believe what they choose to believe against all better judgment.

The classic example is the popular fallacy that you can speed up a software project by adding more developers. Frederick P. Brooks debunked this theory in 1975, in his now-seminal book of essays, "The Mythical Man-Month."

Brooks’ central premise was that adding more developers to a late software project won’t make it go faster. On the contrary, they’ll delay it further. If this is true, he argued, much of the other conventional wisdom about software project management was actually wrong.

Some of Brooks’ examples seem obsolete today, but his premise is still sound. He makes his point cogently and convincingly. Unfortunately, too few developers seem to have taken it to heart. More than 35 years later, mythical thinking still abounds among programmers. We keep making the same mistakes.

The real shame is that, in many cases, our elders pointed out our errors years ago, if only we would pay attention. Here are just a few examples of modern-day programming myths, many of which are actually new takes on age-old fallacies.

Programming myth No. 1: Offshoring produces software faster and cheaper
These days, no one in their right mind thinks of launching a major software project without an offshoring strategy. All of the big software vendors do it. Silicon Valley venture capitalists insist on it. It’s a no-brainer — or so the service providers would have you believe.

It sounds logical. By off-loading coding work to developing economies, software firms can hire more programmers for less. That means they can finish their projects in less time and with smaller budgets.

But hold on! This is a classic example of the Mythical Man-Month fallacy. We know that throwing more bodies at a software project won’t help it ship sooner or cost less — quite the opposite. Going overseas only makes matters worse.

According to Brooks, "Adding people to a software project increases the total effort necessary in three ways: the work and disruption of repartitioning itself, training new people, and added intercommunication."

Let’s assume that the effort required for repartitioning and training is the same for outsourced projects as for homegrown ones (a dangerous assumption). The communication effort required for outsourcing is much higher. Language, culture, and time-zone differences add overhead. Worse, offshore development teams are often prone to high turnover rates, so communication rarely improves over time.

Little wonder there’s no shortage of offshoring horror stories. Outsourcers who promise more than they deliver are a recurring theme. When deadlines slip and clients are forced to finish the work in-house, any putative cost savings disappear.

Offshoring isn’t magic.In fact, it’s hard to get right. If an outsourcer promises to solve all of your problems for nothing, maintain a healthy skepticism. That free lunch could end up costing more than you bargained for.

Programming myth No. 2: Good coders work long hours
We all know the stereotype. In popular culture, programmers stay up late into the night, coding. Pizza boxes and energy-drink cans litter their desks. They work weekends; indeed, they seldom go home.

There’s some truth to this caricature. In a recent analysis of National Health Interview Survey data, programming tied for the fifth most sleep-deprived profession. Long hours are particularly endemic in the video game industry, where developers must endure "crunch time" as deadlines approach.

But it doesn’t have to be that way. There’s plenty of evidence to suggest that long hours don’t increase productivity. In fact, crunch time may hurt more than it helps.

There’s nothing wrong with putting in extra effort. Fred Brooks praises "running faster than necessary, moving sooner than necessary, trying harder than necessary." But he also warns against confusing effort with progress.

More often than not, Brooks says, software projects run late due to chronic schedule slippage, not catastrophes. Maybe the initial estimates were unrealistic. Maybe the project milestones were fuzzy and poorly defined. Or maybe they changed midstream when the client added requirements or requested new features.

Either way, the result is the same. As the little delays add up, programmers are forced into crisis mode, but their extra efforts are spent chasing goals that can no longer be reached. As the project schedule slips further, so does morale.

Some programmers might be content to work until they drop, but most have families, friends, and personal lives, like everyone else. They’d be happy to leave the office when everyone else does. So instead of praising coders for working long hours, concentrate on figuring out why they have to — and how it can stop. They’ll appreciate it far more than free pizza, guaranteed.

Programming myth No. 3: Great developers are 10 times more productive
Good programmers are hard to find, but great programmers are the stuff of legend — or at least urban legend.

If you believe the tales, somewhere out there are hackers so skilled that they can code rings around the rest of us. They’ve been dubbed "10x developers" — because they’re allegedly an order of magnitude more productive than your average programmer.

Naturally, recruiters and hiring managers would kill to find these fabled demigods of code. Yet for the most part, they remain as elusive as Bigfoot. In fact, they probably don’t exist.

Unfortunately, the blame for this myth falls on Fred Brooks himself. Well, almost — he’s been misquoted. What Brooks actually says is that, in one study, the very best programmers were 10 times more productive than the very worst programmers, not the average ones.

Most developers fall somewhere in the middle. If you really see a 10-fold productivity differential in your own staff, chances are you’ve made some very poor hiring choices in the past (along with some very good ones).

What’s more, the study Brooks cites was from 1966. Modern software project managers know better than to place too much faith in developer productivity metrics, which are seldom reliable. For one thing, code output doesn’t tell the whole story. Brooks himself admits that even the best programmers spend only about 50 percent of the workweek actually coding and debugging.

This doesn’t mean you shouldn’t try to hire the best developers you can. But waiting for superhuman coders to come along is a lousy staffing strategy. Instead of obsessing over 10x developers, focus on building 10x teams. You’ll have a much larger talent pool to choose from, which means you’ll fill your vacancies and your project will ship much sooner.

Programming myth No. 4: Cutting-edge tools produce better results
Software is a technology business, so it’s tempting to believe technology can solve all of its problems. Wouldn’t it be nice if a new programming language, framework, or development environment could slash costs, reduce time to market, and improve code quality, all at once? Don’t hold your breath.

Plenty of companies have tried using unorthodox languages to outflank their competitors. Yammer, a social network, wrote its first version in Scala. Twitter began life as a Ruby on Rails application. Reddit and Yahoo Store were both built with Lisp.

Unfortunately, most such experiments are short-lived. Yammer switched to Java when Scala couldn’t meet its needs. Twitter switched from Ruby to Scala before also settling on Java. Reddit rewrote its code in Python. Yahoo Store migrated to C++ and Perl.

This isn’t to say your choice of tools is irrelevant. Particularly in server environments, where scalability is as important as raw performance, platforms matter. But it’s telling that the aforementioned companies all switched from trendy languages to more mainstream ones.

Fred Brooks foresaw this decades ago. In his essay "No Silver Bullet," he writes, "There is no single development, in either technology or management technique, that promises even one order of magnitude improvement in productivity, in reliability, in simplicity."

For example, when the U.S. Department of Defense developed the Ada language in the 1970s, its goal was to revolutionize programming — no such luck. "[Ada] is, after all, just another high-level language," Brooks wrote in 1986. Today it’s a niche tool at best.

Of course, this won’t stop anyone from inventing new programming languages, and that’s fine. Just don’t fool yourself. When building quality software is your goal, agility, flexibility, ingenuity, and skill trump technology every time. But choosing mature tools doesn’t hurt.

Programming myth No. 5: The more eyes on the code, the fewer bugs
Open source developers have a maxim: "Given enough eyeballs, all bugs are shallow." It’s sometimes called Linus’ Law, but it was really coined by Eric S. Raymond, one of the founding thinkers of the open source movement.

"Eyeballs" refers to developers looking at source code. "Shallow" means the bugs are easy to spot and fix. The idea is that open source has a natural advantage over proprietary software because anyone can review the code, find defects, and correct them if need be.

Unfortunately, that’s wishful thinking. Just because bugs can be found doesn’t mean they will be. Most open source projects today have far more users than contributors. Many users aren’t reviewing the source code at all, which means the number of eyeballs for most projects is exaggerated.

More importantly, finding bugs isn’t the same as fixing them. Anyone can find bugs; fixing them is another matter. Even if we assume that every pair of eyeballs that spots a bug is capable of fixing it, we end up with yet another variation on Brooks’ Mythical Man-Month problem.

One 2009 study found that code files that had been patched by many separate developers contained more bugs than those patched by small, concentrated teams. By studying these "unfocused contributions," the researchers inferred an opposing principle to Linus’ Law: "Too many cooks spoil the broth."

Brooks was well aware of this phenomenon. "The fundamental problem with program maintenance," he wrote, "is that fixing a defect has a substantial (20 to 50 percent) chance of introducing another." Running regression tests to spot these new defects can become a significant constraint on the entire development process — and the more unfocused fixes, the worse it gets. It’s enough to make you bug-eyed.

Programming myth No. 6: Great programmers write the fastest code
A professional racing team’s job is to get its car to the finish line before all the others. The machine itself is important, but it’s the hard, painstaking work of the driver and the mechanics that makes all the difference. You might think that’s true of computer code, too. Unfortunately, hand-optimization isn’t always the best way to get the most performance out of your algorithms. In fact, today it seldom is.

One problem is that programmers’ assumptions about how their own code actually works are often wrong. High-level languages shield programmers from the underlying hardware by design. As a result, coders may try to optimize in ways that are useless or even harmful.

Take the XOR swap algorithm, which uses bitwise operations to swap the values of two variables. Once, it was an efficient hack. But modern CPUs boost performance by executing multiple instructions in parallel, using pipelines. That doesn’t work with XOR swap. If you tried to optimize your code using XOR swap today, it would actually run slower because newer CPUs favor other techniques.

Multicore CPUs complicate matters further. To take advantage of them, you need to write multithreaded code. Unfortunately, parallel processing is hard to do right. Optimizations that speed up one thread can inadvertently throttle the others. The more threads, the harder the program is to optimize. Even then, just because a routine can be optimized doesn’t mean it should be. Most programs spend 90 percent of their running time in just 10 percent of their code.

In many cases, you’re better off simply trusting your tools. Already in 1975, Fred Brooks observed that some compilers produced output that handwritten code couldn’t beat. That’s even truer today, so don’t waste time on unneeded hand-optimizations. In your race to improve the efficiency of your code, remember that developer efficiency is often just as important.

Programming myth No. 7: Good code is "simple" or "elegant"
Like most engineers, programmers like to talk about finding "elegant" or "simple" solutions to problems. The trouble is, this turns out to be a poor way to judge software code.

For one thing, what do these terms really mean? Is a simple solution the same as an elegant one? Is an elegant solution one that is computationally efficient, or is it one that uses the fewest lines of code?

Spend too long searching for either, and you risk ending up with that bane of good programming: the clever solution. It’s so clever that the other members of the team have to sit and puzzle over it like a crossword before they understand how it works. Even then, they dare not touch it, ever, for fear it might fly apart.

In many cases, the solution is too clever even for its own good. In their 1974 book, "The Elements of Programming Style," Brian Kernighan and P.J. Plauger wrote, "Everyone knows that debugging is twice as hard as writing a program in the first place. So if you’re as clever as you can be when you write it, how will you ever debug it?" For that matter, how will anyone else?

In a sense, concentrating on finding the most "elegant" solution to a programming problem is another kind of premature optimization. Solving the problem should be the primary goal.

So be wary of programmers who seem more interested in feathering their own caps than in writing code that’s easy to read, maintain, and debug. Good code might not be that simple. Good code might not be that elegant. The best code works, works well, and is bug-free. Why ask for more?

source:

http://www.javaworld.com/javaworld/jw-04-2012/120423-programming-myths-busted.html?page=5

Did you like this? Share it:

Non-Functional Software Testing

If functional software testing is the practice of verifying and validating a software package — in other words making sure the software works and does was it was designed to do — then non-functional software testing is everything else beyond that. One of the first of these “everything-else” categories is performance testing.

Performance Testing

Testing the performance of a new or existing program is the process of determining how well an application performs under actual working conditions. Performance testing was not a great concern for software developers until the rise of client/server technology. In the earlier days of computer development, most programs were standalone, independent creations that were restricted to local environments. Having thousands and thousands of users attempting to access the same information simultaneously was not a consideration.

All of that emphasis on standalone software went away with the advent of the Internet. Suddenly, a program was expected to concurrently service similar requests of any number of users. The need for performance testing became evident in a hurry.

Performance Testing Requirements

The first requirement for testing performance is that the program in question be completely functional. That means that all functional testing should have been completed successfully, and all bugs should have been corrected. Performance testing also requires that the testing be done automatically, with the aid of a service that is designed to simulate multiple users performing identical actions in a short (or, at least, defined) period of time.

Performance testing attempts to verify that an application can perform satisfactorily while serving a given number of users. Typically, the number of virtual users will be determined by the testing program but it can often be more than a thousand simulated users. Hence the requirement for automation. Endurance testing, an element of performance testing sometimes referred to as “stability testing,” verifies that the application can continue to perform for an extended period of time under conditions that are as near to real-life parameters as possible. Load testing can easily fit into this category, as it attempts to verify either the number of simultaneous users that can be serviced or the level of parallel requests for data manipulation (this can include transfer quantity and/or data modification activity).

Stress testing, another form of performance testing, attempts to find the point at which the application begins to break down or fall apart under duress. One of the important elements of stress testing is to determine how the program reacts to overload situations: does it just quit, or does it systematically shut down, sending warning messages to users and management as appropriate?

Usability Testing

Usability testing is the method of checking to see if the program is easy to use and performs things the user wants in an intuitive manner. A relatively new practice employed by software developers is to have the users perform these tests themselves. The results are solicited through the use of surveys, which contain questions such as “Did you find the program easy to use?” and “Do you have any suggestions for improvements?” This form of testing is extremely useful to the developer because it often gets to the direct root of any existing usability problems.

The term “user-friendly” comes to mind under the umbrella of usability testing. “User-friendly” often refers to the user being able to progress through the program without having to make any abstract or unexpected decisions, which could cause the program to inadvertently abort. This may take the form of yes/no questions, radio-button pushing, or having the user make a selection from a dropdown list of choices. The more user-friendly a program is, the less likely it is to fail the usability test. Of course, writing user-friendly code for such a program puts a much greater demand on the programmer.

Security Testing

The latest addition to the whole software testing scheme involves the testing of security. Again, the need for this type of testing became evident with the creation of the Internet. Hackers originally took pleasure in breaking into a system and modifying the performance of an application. Their motivation was primarily self-identification to show the world just how smart they were. As the Internet became more commercial, though, it quickly became evident that there was money to be made in the practice of hacking.

There are numerous programs and services available to scan soon-to-be-released software for security breaches. They present a risk-based analysis as to the vulnerability of the program indicating whether the defects found are in need of immediate attention, or if they can possibly wait for the next release. At any level, they merely point out the security problems – it’s still up to the developers to come up with the solutions.

The difficulty with testing security is that it involves the human element. Passwords, personal questions, or other means of authenticating the user must be safeguarded by the user themself. If the user is not dutifully inclined to protect said security information, then all the security testing in the world is for naught. Writing passwords down, giving passwords to others, or just leaving a computer open and unattended are invitations for a security disaster.

Wrapping It Up

I hope you have enjoyed and gotten something out of this exploration on non-functional software testing. Obviously, my approach was merely an overview of the whole concept. Entire books (emphasis on the plural) have been written on the subject. My intent was to present you with the major facets and, hopefully, spark some interest in the subject.

Source: http://buildmobile.com/non-functional-software-testing/

Did you like this? Share it:

What Should Testers Do in the Early Design Stage?

Are software testers needed in the early design stage of the products? If they are, what should they do? I often hear such questions asked by my friends. As far as I am concerned, many medium and small-sized companies in our country do not attach importance to the testing job in the early stage or even the whole process of developing products. Example one: some companies hold the view that the investment in testing during the early stage is high and meaningless, so they will start design test cases after the first period of development ends. Example two: some hold that testers do not have to participate in the requirements mapping work, they just need to accept. As a result, the marketing department and the development department will discuss about the demands directly, and the test manager will just refer to the demand design documents. Example three: the test manager does participate in the requirements design at the beginning, and work out the test plan. But the quality of the products is what the engineer deploying on the scene determines. At the user’s place, something unsatisfactory and failed will be found. To save time, the testers have to adjust the software at the user’s place, with no regard for whether the product needs an overall testing.

Not to say whether these methods are even more costing, it is easier for us to get the answer of “what should testers do during the early stage”: it will be nice if the test plan is made during the early stage, and it is okay if it is not made. But the testing should be done. It is also uncertain that what kind of product will be handed to the user. But there is only one aim: the product should be able to be used by the users, no matter for a mature or a newly started company.

For Microsoft, there are three product life cycles: Product Definition, Product Development and Product Serving. To make the best use of the resources, the testers mainly participate in the Product Development and Product Serving work. Their major duties are: to determine the priority levels of all the products’ functions; to review the definition of the product using conditions; to review the user experience documents.

Of course, every company should have its own development mode that fits itself, but there is no difference between their goals when deciding whether to let the testers do these jobs: firstly, the testers should know what the customers demand; secondly, the tester should tell what demands are reasonable and what are not according to his own experience and from the angle of testing and preserving, then gives feedbacks to the project manager or the marketing department. Lastly, the tester should make test plans according to the demands and the software framework documents.

Each company and each team of the company does not have to take the same pattern. We should act according to actual circumstances, but the focus should not vary, neither should the goal, just like some companies in our country apply the CMM blindly, which is just imitation, but with no soul.

Did you like this? Share it:

Black Box Test Techniques. Syntax Testing

Analysis

Syntax Testing uses such model of the formally defined syntax of the inputs to a component. The syntax is described as a number of rules each of which characterizes the probable means of production of a symbol in terms of sequences, iterations, or selections between symbols.

Test cases with valid and invalid syntax are designed from the formally defined syntax of the inputs to the component.

Supplementary rules can also be applied when appropriate:

  • whenever an iteration is used, at least 2 options are derived, one with the minimum number of iterated symbols and the other with more than the minimum number of repetitions
  • whenever a selection is used, an option is derived for each alternative by replacing the selection with that alternative

For every test case these should be clarified:

  • the input to the component;
  • the generic mutation used;
  • the syntax element to which the mutation is applied;
  • the expected result of the test case.

Test cases with invalid syntax should be designed as:

  • a checklist of generic mutations should be documented which can be applied to rules in order to generate an invalid area of the input;
  • this checklist should be applied to the syntax to identify particular mutations of the valid input;
  • test cases should be designed to perform particular mutations.

A test case may exercise any number of options. For each test case these should be clarified:

  • option exercised;
  • the input to the component;
  • the expected result of the test case.

Source: http://www.vietnamesetestingboard.org/zbxe/?mid=download&category=12674&document_srl=572301&listStyle=&cpage=

Did you like this? Share it:

White Box and Black Box Test Cases

To write black box test cases software tester needs the requirement document and design plan. These documents are easily accessible at the very beginning of the project.

At the same time white box test cases cannot be written at the initial start of the project. It is so because white box test cases need more architecture clearness which is not accessible at the beginning of the project.

White Box and Black Box Test Cases

So it is a common situation when white box test cases are written after black box ones.

Black box test cases don’t need system comprehension but white box testing requires more structural comprehension.

Structural comprehension is more intelligible in the later stages of project.

For black box testing QA engineer needs to only analyze from the functional perspective which is easily accessible from a simple requirement document.

Source: http://www.vietnamesetestingboard.org/zbxe/?mid=download&category=12675&document_srl=588605&listStyle=&cpage=

Did you like this? Share it:

5 common solutions to software development problems

  1. solid requirements – clear, complete, detailed, cohesive, attainable, testable requirements that are agreed to by all players. Use prototypes to help nail down requirements.
  2. realistic schedules – allow adequate time for planning, design, testing, bug fixing, re-testing, changes, and documentation; personnel should be able to complete the project without burning out.
  3. adequate testing – start testing early on, re-test after fixes or changes, plan for adequate time for testing and bug-fixing.
  4. stick to initial requirements as much as possible – be prepared to defend against changes and additions once development has begun, and be prepared to explain consequences. If changes are necessary, they should be adequately reflected in related schedule changes.If possible, use rapid prototyping during the design phase so that customers can see what to expect.This will provide them a higher comfort level with their requirements decisions and minimize changes later on.
  5. communication – require walkthroughs and inspections when appropriate; make extensive use of group communication tools – e-mail, groupware, networked bug-tracking tools and change management tools,     intranet capabilities, etc.; insure that documentation is available and up-to-date – preferably electronic, not paper; promote teamwork and cooperation; use protoypes early on so that customers’expectations are clarified.

Source: http://www.vietnamesetestingboard.org/zbxe/?mid=download&category=12646&document_srl=432592&listStyle=&cpage=

Did you like this? Share it: