Sqa Document: Ideofuzion PVT LTD
Sqa Document: Ideofuzion PVT LTD
Version 1.0
https://www.linkedin.com/in/farhaansharif/ 1
7.24 What is Volume Testing?............................................................................................14
7.25 What is Stress Testing? ..............................................................................................14
7.26 What is Scalability Testing? ........................................................................................14
7.27 What is Concurrency Testing?.....................................................................................14
7.28 What is GUI Testing? .................................................................................................14
7.29 What is Recovery Testing? .........................................................................................14
7.30 What is Installation Testing? ......................................................................................14
7.31 What is Compatibility Testing? ...................................................................................15
7.32 What is Usability Testing? ..........................................................................................15
7.33 What is User Testing? How Does User Testing Work? ...................................................15
7.34 What is Shift left Testing? And why is it so relevant? ....................................................19
7.36 What is Security Testing? ...........................................................................................25
7.37 Security Testing Tool .................................................................................................26
7.38 What is Adhoc Testing?..............................................................................................28
7.39 What is Bucket Testing? .............................................................................................28
7.40 What is Defect Cascading in Software Testing? ............................................................28
7.41 What is Walk Through? ..............................................................................................29
7.42 What is Inspection? ...................................................................................................29
7.43 What is performance testing? ....................................................................................29
8. What is a Defect? .............................................................................................................30
9. What is a Bug? .................................................................................................................30
10. What is an Error? ..........................................................................................................31
11. What is a Failure? .........................................................................................................31
12. What is Bug Severity?....................................................................................................31
13. What is Bug Priority?.....................................................................................................31
14. What is a Critical Bug? ...................................................................................................32
15. What are entry criteria? ................................................................................................32
16. What is exit criteria? .....................................................................................................32
17. STLC Life cycle ..............................................................................................................32
17.1 Requirement Analysis ................................................................................................33
17.1.1 Requirement Traceability Matrix (RTM) ...................................................................34
17.1.2 Automation feasibility report .................................................................................35
https://www.linkedin.com/in/farhaansharif/ 2
17.2 Test Planning ............................................................................................................37
17.3 Test Case Development .............................................................................................38
17.4 Test Environment setup .............................................................................................39
17.5 Test Execution...........................................................................................................39
17.6 Test Cycle Closure .....................................................................................................40
18. What is SDLC?...............................................................................................................41
18.1 Why SDLC? ...................................................................................................................41
18.2 Limitations of SDLC .......................................................................................................41
18.3 SDLC Phases .................................................................................................................42
18.3.1 Phase 1: Requirement gathering and analysis...........................................................42
18.3.2 Phase 2: Feasibility study........................................................................................42
18.3.3 Phase 3: Design .....................................................................................................43
18.3.4 Phase 4: Coding .....................................................................................................43
18.3.5 Phase 5: Testing .....................................................................................................43
18.3.6 Phase 6: Deployment .............................................................................................44
18.3.7 Phase 7: Maintenance ............................................................................................44
19. SDLC Models ................................................................................................................44
19.1 Waterfall model ...........................................................................................................44
19.2 Incremental Model .......................................................................................................45
19.3 V-Model .......................................................................................................................45
19.4 Agile Model ..................................................................................................................45
19.5 Spiral Model .................................................................................................................45
19.6 Prototyping Model ........................................................................................................46
20. What is Verification & Validation in software testing? .....................................................46
21. What is Risk Factor and it’s Types? .................................................................................47
22. List out Test Deliverables? .............................................................................................47
23. What is Test Coverage? .................................................................................................48
24. What is Boundary Value Analysis?..................................................................................48
25. Equivalence Class Partitioning ........................................................................................49
26. What is the difference between a Standalone, Client-Server and Web application? ............49
27. Can you do System testing at any stage of SDLC? .............................................................51
28. When to stop testing? (Or) How do you decide when you have tested enough? .................51
https://www.linkedin.com/in/farhaansharif/ 3
29. What information should be included in a Defect or Bug report? ......................................51
30. Mobile application testing .............................................................................................52
30.1 Mobile App Testing Parameters ..................................................................................52
30.2 Functional testing......................................................................................................53
30.3 Android/IOS UI/Responsiveness testing ......................................................................53
30.4 Compatibility testing .................................................................................................54
30.5 Interface Testing .......................................................................................................54
30.6 Network Testing ........................................................................................................54
30.7 Performance Testing..................................................................................................54
30.8 Installation/Uninstallation testing ..............................................................................54
30.9 Security Testing .........................................................................................................54
30.10 Field testing ..........................................................................................................55
30.11 Interrupt Testing....................................................................................................55
31. Difference between website and web Application ...........................................................56
32. API Testing ...................................................................................................................56
32.1 What is an API? .........................................................................................................56
32.2 What is API testing? ..................................................................................................57
32.3 What are the types of API testing? ..............................................................................57
32.4 What are the protocols used in API Testing? ................................................................57
32.5 What are the advantages of API Testing? ....................................................................58
32.6 What are the tools used for API Testing? .....................................................................58
32.7 What are the limits of API usage? ...............................................................................59
32.8 What are the common tests that performed on API? ....................................................59
32.9 What exactly needs to verify in API testing? ................................................................59
32.10 What are major challenges faced in API testing? ......................................................59
32.11 What kinds of bugs that API testing would often find? ..............................................60
32.12 What are API documentation templates that are commonly used? ............................60
32.13 What is REST? ........................................................................................................61
32.14 What is a RESTFul Web Services? ............................................................................61
32.15 What are the differences between SOAP and REST API? ............................................62
32.16 What are the major challenges faced during API testing? ..........................................62
32.17 What are the components of an HTTP request? ........................................................62
https://www.linkedin.com/in/farhaansharif/ 4
32.18 What are the most commonly used HTTP methods supported by REST? .....................63
32.19 What is payload in RESTFul Web services? ...............................................................63
https://www.linkedin.com/in/farhaansharif/ 5
1. Software Quality Assurance
It is a process that assures that all software engineering processes, methods, activities, and
work items are monitored and comply with the defined standards. These defined standards
could be one or a combination of any like ISO 9000, CMMI (Capability Maturity Model
Integration) model, ISO15504, etc.
SQA incorporates all software development processes starting from defining requirements to
coding until release. Its prime goal is to ensure quality.
3. Automation testing
Automation testing is the process in which testers utilize tools and scripts to automate testing
efforts.
https://www.linkedin.com/in/farhaansharif/ 6
4. Quality Control
Quality control is a subset of QA. In QC, teams ensure that the developed product meets the
organization’s quality standards. Defects in a software product, such as UI glitches, design
imperfections, accessibility issues or security gaps, can cause irreparable damage to a brand’s
reputation. Through a systematic QC process, the organization can correct products to ensure
that they meet business requirements and customer expectations.
5. Software Testing
According to ANSI/IEEE 1059 standard – A process of analyzing a software item to detect the
differences between existing and required conditions (i.e., defects) and to evaluate the features
of the software item.
To identify defects
To reduce flaws in the component or system
Increase the overall quality of the system
The testing is important since it discovers defects/bugs before the delivery to the client,
which guarantees the quality of the software.
It makes the software more reliable and easy to use.
Thoroughly tested software ensures reliable and high-performance software operation.
Testing helps developers and testers to compare actual and expected results in order to
improve quality. If the software production happens without testing it, it could be useless or
sometimes dangerous for customers. So, a tester should wear a unique hat that protects the
reliability of the software and makes it safe to use in real-life scenarios.
https://www.linkedin.com/in/farhaansharif/ 7
A mistake in coding is called Error, error found by tester is called Defect, defect accepted by
development team then it is called Bug, build does not meet the requirements then it is Failure.
https://www.linkedin.com/in/farhaansharif/ 8
7.2What is Black Box Testing?
Black Box Testing is a software testing method in which testers evaluate the functionality of the
software under test without looking at the internal code structure. This can be applied to every
level of software testing such as Unit, Integration, System and Acceptance Testing.
https://www.linkedin.com/in/farhaansharif/ 9
7.6What is Functional Testing?
Functional testing is a type of software testing that validates the software system against the
functional requirements/specifications. Verify that each function of the software application
behaves as specified in the requirement document. Testing all the functionalities by providing
appropriate input to verify whether the actual output is matching the expected output or not. It
falls within the scope of black box testing and the testers need not concern about the source
code of the application.
https://www.linkedin.com/in/farhaansharif/ 10
7.10 What is Smoke Testing?
Smoke Testing is done to make sure if the build we received from the development team is
testable or not. It is also called as “Day 0” check. It is done at the “build level”. It helps not to
waste the testing time to simply testing the whole application when the key features don’t
work or the key bugs have not been fixed yet.
https://www.linkedin.com/in/farhaansharif/ 11
7.14 What is Exploratory Testing?
Usually, this process will be carried out by domain experts. They perform testing just by
exploring the functionalities of the application without having the knowledge of the
requirements.
https://www.linkedin.com/in/farhaansharif/ 12
7.19 What is User Acceptance Testing / UAT?
It is also known as pre-production testing. This is done by the end users along with the testers
to validate the functionality of the application. After successful acceptance testing. Formal
testing conducted to determine whether an application is developed as per the requirement. It
allows the customer to accept or reject the application. Types of acceptance testing are Alpha,
Beta & Gamma.
https://www.linkedin.com/in/farhaansharif/ 13
7.24 What is Volume Testing?
It is to verify that the system/application can handle a large amount of data.
https://www.linkedin.com/in/farhaansharif/ 14
7.31 What is Compatibility Testing?
It is to deploy and check whether the application is working as expected in a different
combination of environmental components.
https://www.linkedin.com/in/farhaansharif/ 15
desirable by its prospective users or not. It is a good idea to convert your idea into an app-only
if people are ready to use it if and only if they think they need such a solution to make their
lives easier.
Tree Testing
A tree-like sitemap will be given to users and they will be asked to navigate the software
without any distraction.
A/B Testing
It’s one of the most effective ways of user testing. If there is a huge update for the software, for
instance, a website is planning to launch a new version of its web app. Through A/B testing the
company can release two versions of the web app and seek feedback from users and compare
https://www.linkedin.com/in/farhaansharif/ 16
it to get a better perspective. The purpose of A/B testing is to study user behavior and compare
it with the feasibility of update or the production of software.
https://www.linkedin.com/in/farhaansharif/ 17
20-minute. However, the dubious part is whether you get enough chances to test the website
or will there be any geographical disparity to not?
https://www.linkedin.com/in/farhaansharif/ 18
A discussion or a survey is best suited for You have to have a design ready to get
this testing usability testing
https://www.linkedin.com/in/farhaansharif/ 19
Advantages and benefits of shift left testing
Potential smaller bugs with major risks that are detected earlier cost much less to fix and
remove.
Automation is essential to reduce human errors and lets the testers focus on multiple inspiring
tasks without affecting the quality.
l Precaution is better than a cure, and not just medically.
By reducing the unexpected threats from the potential malfunction with the Shift Left Testing
strategy, you increase development process cycle efficiency.
How to Implement Shift Left Testing? / How do you shift a test to the left?
Implement a successful shift left testing strategy by following the below given important steps:
Plan & Analysis- Include Testers from the beginning to carefully analyze the requirements,
design plan, and calculate the estimated budget.
Include Developers & Testers– Build a professional team of QAs and developers throughout the
designing and developing phase of the project and increase the actual testing phase efficiency.
Unified Testing Strategy– This allows you to identify and analyze the dependencies on the
environment, code reviews, automation, and test data; and helps define clear responsibilities to
each team member.
Risk-Based Analysis– It is implemented to determine the impact and chances of failure for each
test scenario. The testers must prioritize the test cases and discuss with the developers the
likely-to-be failed aspects and their impacts on the overall development cycle.
Introduce Test Automation– As Shift Left Testing involves testing often and throughout the
process, embrace the test automation tools to speed up the development lifecycle, increase
efficiency, fewer bugs, and generate quick feedback. It ensures better code coverage and
maintains the product’s quality.
Different Types of the Shift Left Testing
There are four different types of Shift Left Testing that provide different results in different
scenarios.
1) Traditional Shift Left Testing
https://www.linkedin.com/in/farhaansharif/ 20
To understand the traditional shift testing, we must first understand the traditional SDLC V-
Model, which emphasizes, acceptance and system-level testing, on testing from lower down on
the right side of the V-model.
Whereas Traditional Shift-Left Testing emphasizes unit testing and integration testing, this is
done using API testing and automated testing tools.
2) Incremental Shift Left Testing
This is a suitable approach for large software companies and projects with complex designs and
development.
The tasks are broken into smaller segments that are built on each other with an increment.
After each increment is delivered to a customer and operation team, then the developing and
testing incrementally shifts to the left, which helps testers to run test case scenarios on each
individual bit making it easier to identify and fix the potential risks.
3) DevOps/Agile Shift Left Testing
This kind of software testing approach is practiced to run continuous tests on the number of
sprints via an evolutionary development life cycle, like DNA.
It is mainly done for development testing only once when the system is operational.
4) Model-based Shift Left Testing
The shift-left testing starts at the early stage of the development cycle, so the bugs and threats
are fixed long before the software development life cycle would start.
It leads to missing some critical issues regarding the requirement gathering phase, which gets
introduced after development cycle completion and can contain serious threats and errors.
Model-based testing shifts to the left by testing requirements, building, and designing models
are fulfilling the needs of the desired product.
Factors to Keep In Mind for a Successful Early Testing
There are lots of factors because of which your shift-left testing strategies can fail like testers or
developers are not involved from the early stage, not able to analyze the right testing
environment, and so on.
Not testing enough!
https://www.linkedin.com/in/farhaansharif/ 21
To reduce the impact of bugs and the likeliness of the failures of the testing, you must ensure to
run testing continuously.
This approach helps testers to identify minor and major issues earlier.
Practicing the same development process
The SDLC process needs to adapt and accommodate the earlier testing environment.
For instance, if you want to perform user interface testing at an early stage, you need to change
and develop the system requirements that support the earlier testing environment.
Still Stuck on Manual testing!
The larger the system, the more is it at risk and more testing.
Testers cannot keep up with the instant update, release, customization, and integration
manually and maintain the product’s quality at the same time.
Hence, shift to automated testing and tackle every challenge with more testing capacity and
accuracy. Some of the tools you can use are Selenium, Leap work, etc.
There is something called shift right as well! What’s the difference between shift left and shift
right?
Shift right is a bit of a shocking concept actually. To speed up the development process the
entire testing process will be sifted to post-development.
The reason behind such a drastic shift is to gain user insight regarding the issues and correct it
so that higher UX gain can be achieved
A/B testing can be performed easily
The stability of the back-end architecture can be examined in detail
Issues with the app can be traced out in the early stages of deployment real-world performance
insights can be gained.
https://www.linkedin.com/in/farhaansharif/ 22
7.35 What is Cross Browser Testing?
Cross browser testing validates the proper working of your application over different browsers.
It verifies that your website works steadily and as per requirements. It can be used both for
web and mobile applications.
Cross browser testing as discussed earlier is done to test the application’s compatibility with
multiple browsers. Some of the other common reasons for executing cross-browser testing are:
https://www.linkedin.com/in/farhaansharif/ 23
The analyst team and the clients make a list of the most frequently used browsers by the
application end-users and testers then perform testing over it.
How to Perform Cross Browser Testing?
Talking about the most important part – performing the cross-browser testing, the very
first thing that has to be decided is whether to perform manual testing or automation
testing.
Manual testing can be performed for cross-browser testing, but considering the
multiple machines, multiple OS, Multiple browsers, manual testing can lead to many
problems, and various challenges. Hence automation testing is a preferred method of
testing for cross browser testing.
Manual Method
When executing cross browser testing manually, it is very difficult to test the application on
the number of diverse browsers. In manual testing, the app can be tested over a few
limited browsers only and hence delimiting the efficiency of the app.
Also, manual testing for cross-browser testing is both costly and time-consuming.
Automated Method
Cross-browser testing requires running the same test suit over various browsers. This is a
recurrent task, and can result in errors if done manually and is also very time-consuming
and costly when done manually.
Hence, cross browser testing is generally executed using automation testing. Cross browser
testing is more cost and time effective when done using automated testing tools.
A lot many tools are available that assists in cross-browser testing.
Recommended Tools
1. LambdaTest
LambdaTest is used to test web app on over 2000+ combinations of different browser and
operating system. It is a cloud-based cross-browser testing platform.
https://www.linkedin.com/in/farhaansharif/ 24
2. Cross Browser Testing
Cross browser testing has a vast competency to execute manual, visual, and Selenium tests
in the cloud on over 2050+ real desktop and mobile browsers.
3. Experitest
Experitest allows executing a parallel test on different browsers and mobile devices.
4. Selenium
Selenium with an easy transaction of browser can help test the web applications easily in
parallel. It is a well-known automated testing tool.
5. BrowserStack
This cloud-based web and mobile testing allow on-demand browsers, operating systems,
and real mobile devices testing.
6. Browserling
Browserling is a live interactive for testing effortlessly. Browserling offers speedy access to
all the common browsers and popular operating systems.
https://www.linkedin.com/in/farhaansharif/ 25
Vulnerability Scanning: This is done through automated software to scan a system
against known vulnerability signatures.
Security Scanning: It involves identifying network and system weaknesses, and later
provides solutions for reducing these risks. This scanning can be performed for both
Manual and Automated scanning.
Penetration testing: This kind of testing simulates an attack from a malicious hacker.
This testing involves analysis of a particular system to check for potential vulnerabilities
to an external hacking attempt.
Risk Assessment: This testing involves analysis of security risks observed in the
organization. Risks are classified as Low, Medium and High. This testing recommends
controls and measures to reduce the risk.
Security Auditing: This is an internal inspection of Applications and Operating systems
for security flaws. An audit can also be done via line by line inspection of code
Ethical hacking: It’s hacking an Organization Software systems. Unlike malicious hackers,
who steal for their own gains, the intent is to expose security flaws in the system.
Posture Assessment: This combines Security scanning, Ethical Hacking and Risk
Assessments to show an overall security posture of an organization.
1. Acunetix
Intuitive and easy to use, Acunetix by Invicti helps small to medium-sized organizations ensure
their web applications are secure from costly data breaches. It does so by detecting a wide
range of web security issues and helping security and development professionals act fast to
resolve them.
Features:
Advanced scanning for 7,000+ web vulnerabilities, including OWASP Top 10 such as SQLi and
XSS
Automated web asset discovery for identifying abandoned or forgotten websites
Advanced crawler for the most complex web applications, incl. multi-form and password-
protected areas.
https://www.linkedin.com/in/farhaansharif/ 26
Combined interactive and dynamic application security testing to discover vulnerabilities other
tools miss
Proof of exploit provided for many types of vulnerabilities
DevOps automation through integrations with popular issue tracking and CI/CD tools
Compliance reporting for regulatory standards, such as PCI DSS, NIST, HIPAA, ISO 27001, and
more.
2. Intruder
Intruder is a powerful, automated penetration testing tool that discovers security weaknesses
across your IT environment. Offering industry-leading security checks, continuous monitoring
and an easy-to-use platform, Intruder keeps businesses of all sizes safe from hackers.
Features:
Best-in-class threat coverage with over 10,000 security checks
Checks for configuration weaknesses, missing patches, application weaknesses (such as SQL
injection & cross-site scripting) and more.
Automatic analysis and prioritization of scan results.
Intuitive interface, quick to set-up and run your first scans.
Proactive security monitoring for the latest vulnerabilities.
AWS, Azure and Google Cloud connectors.
API integration with your CI/CD pipeline.
3. Owasp
The Open Web Application Security Project (OWASP) is a worldwide non-profit organization
focused on improving the security of software. The project has multiple tools to pen test
various software environments and protocols. Flagship tools of the project include
Zed Attack Proxy (ZAP – an integrated penetration testing tool)
OWASP Dependency Check (it scans for project dependencies and checks against know
vulnerabilities)
OWASP Web Testing Environment Project (collection of security tools and documentation)
4. WireShark
Wireshark is a network analysis tool previously known as Ethereal. It captures packet in real
time and display them in human readable format. Basically, it is a network packet analyzer-
which provides the minute details about your network protocols, decryption, packet
information, etc. It is an open source and can be used on Linux, Windows, OS X, Solaris, NetBSD,
https://www.linkedin.com/in/farhaansharif/ 27
FreeBSD and many other systems. The information that is retrieved via this tool can be viewed
through a GUI or the TTY mode TShark Utility.
5. W3af
w3af is a web application attack and audit framework. It has three types of plugins; discovery,
audit and attack that communicate with each other for any vulnerabilities in site, for example a
discovery plugin in w3af looks for different url’s to test for vulnerabilities and forward it to the
audit plugin which then uses these URL’s to search for vulnerabilities.
https://www.linkedin.com/in/farhaansharif/ 28
7.41 What is Walk Through?
A walkthrough is an informal meeting conducts to learn, gain understanding, and find defects.
The author leads the meeting and clarifies the queries raised by the peers in the meeting.
https://www.linkedin.com/in/farhaansharif/ 29
Types of Performance Testing:
Load testing:
It checks the product’s ability to perform under anticipated user loads. The objective is to
identify performance congestion before the software product is launched in market.
Stress testing:
It involves testing a product under extreme workloads to see whether it handles high traffic or
not. The objective is to identify the breaking point of a software product.
Endurance testing:
It is performed to ensure the software can handle the expected load over a long period of time.
Spike testing:
It tests the product’s reaction to sudden large spikes in the load generated by users.
Volume testing:
In volume testing large number of data is saved in a database and the overall software system’s
behavior is observed. The objective is to check product’s performance under varying database
volumes.
Scalability testing:
In scalability testing, software application’s effectiveness is determined in scaling up to support
an increase in user load. It helps in planning capacity addition to your software system.
8. What is a Defect?
The variation between the actual results and expected results is known as a defect. If a
developer finds an issue and corrects it by himself in the development phase, then it’s called a
defect.
9. What is a Bug?
If testers find any mismatch in the application/system in testing phase, then they call it as Bug.
https://www.linkedin.com/in/farhaansharif/ 30
10. What is an Error?
We can’t compile or run a program due to a coding mistake in a program. If a developer
Unable to successfully compile or run a program, then they call it as an error.
https://www.linkedin.com/in/farhaansharif/ 31
14. What is a Critical Bug?
A critical bug is a show stopper which means a large piece of functionality or major system
component is completely broken and there is no workaround to move further.
For example, Due to a bug in one module, we cannot test the other modules because that
blocker bug has blocked other modules. Bugs which affect the customers’ business are
considered as critical.
Example:
1. “Sign In” button is not working on Gmail App and Gmail users are blocked to login to their
accounts.
2. An error message pops up when a customer clicks on transfer money button in a
Banking website.
This is the very first phase of Software testing Life cycle (STLC). In this phase testing team goes
through the Requirement document with both Functional and non-functional details in order to
identify the testable requirements.
Analyzing the System Requirement specifications from the testing point of view
Preparation of RTM that is Requirement Traceability Matrix
Identifying the testing techniques and testing types
Prioritizing the feature which need focused testing
https://www.linkedin.com/in/farhaansharif/ 33
Analyzing the Automation feasibility
Identifying the details about the testing environment where actual testing will be done
https://docs.google.com/spreadsheets/d/1twNAz01PPBQRMNfZ7NlaqJ8RKUvLBf3d/edit?us
p=sharing&ouid=113144539660973376722&rtpof=true&sd=true
Examples Of RTM
#1) Business Requirement
BR1: Writing emails option should be available.
Test Scenario (technical specification) for BR1
TS1: Compose mail option is provided.
Test Cases:
Test Case 1 (TS1.TC1): Compose mail option is enabled and works successfully.
Test Case 2 (TS1.TC2): Compose mail option is disabled.
#2) Defects
After executing the test cases if any defects are found that too can be listed and mapped with
the business requirements, test scenarios and test cases.
For Example, If TS1.TC1 fails i.e. Compose mail option though enabled does not work properly
then a defect can be logged. Suppose the defect ID auto-generated or manually assigned
number is D01, then this can be mapped with BR1, TS1, and TS1.TC1 numbers.
Thus all Requirements can be represented in a table format.
https://www.linkedin.com/in/farhaansharif/ 34
Business Requirement # Test Scenario # Test Case # Defects #
Without seeing the test cases, an automation team was assigned 500 test cases to automate
and a time estimate of 30 days. When they began automating it, they ran into problems with
item recognition, functional flow, and a variety of other challenges. As a result, the delivery of
the scripts is delayed. If you don’t want to be in the same tumultuous position, you must have a
solid automated procedure in place. The feasibility analysis should be the initial stage in this
procedure.
https://www.linkedin.com/in/farhaansharif/ 35
If you don’t want to be in the same tumultuous position, you must have a solid automated
procedure in place. The feasibility analysis should be the initial stage in this procedure.
This checklist consists of various factors upon which automation can be decided.
https://www.linkedin.com/in/farhaansharif/ 36
17.1.2.4 Percentage of the automation that can be achievable
When considering the automation of a certain application, we must first determine the minimal
proportion of automation that is permissible. In most organizations, this figure hovers around
70%.
https://docs.google.com/spreadsheets/d/13MWEjn4tNqKgowBBbNjESl5vfb2xJgZb/edit?usp=sh
aring&ouid=113144539660973376722&rtpof=true&sd=true
Test Planning phase starts soon after the completion of the Requirement Analysis phase. In this
phase the QA manager or QA Lead will prepare the Test Plan and Test strategy documents. As
per these documents they will also come up with the testing effort estimations.
https://www.linkedin.com/in/farhaansharif/ 37
o Test Strategy is a high-level document (static document) and usually developed
by project manager. It is a document which captures the approach on how we go
about testing the product and achieve the goals. It is normally derived from the
Business Requirement Specification (BRS). Documents like Test strategy doc is
project-based document it can change according to project domain and
requirements.
Best suited Testing Approach
Number of Resources, skill required and their roles and responsibilities
Testing tool to be used
In this phase the QA team write test cases. They also write scripts for automation if required.
Verification of both the test cases and test scripts are done by peers. Creation of Test Data is
done in this phase. Test data is the data that is used by the testers to run the test cases. Whilst
running the test cases, testers need to enter some input data. To do so, testers prepare test
data. It can be prepared manually and also by using tools.
Test cases
Test scripts (for automation if required)
https://www.linkedin.com/in/farhaansharif/ 38
Test Data
This phase includes the setup or installation process of software and hardware which is
required for testing the application. In this phase the integration of the third party application is
also carried out if required in the project.
After setting up the required software and hardware the installation of build is tested. Once the
installation of build is successful and complete then the Test Data is generated.
After the creation of Test data the Smoke testing is executed on the build in order to check
whether the basic functionalities are working fine or not. This phase can be done in parallel
with the Test Case Development phase.
As per the Requirement and Architecture document the list of required software and
hardware is prepared
Setting up of test environment
Creation of test data
Installation of build and execution of Smoke testing on it
Before starting the Test Execution phase the Test Environment setup should be ready. In Test
Execution phase the test cases are executed in the testing environment.
https://www.linkedin.com/in/farhaansharif/ 39
While execution of the test cases the QA team may find bugs which will be reported against
that test case. This bug is fixed by the developer and is retested by the QA.
In order to start the Test Cycle Closure activity the Test Execution phase should be completed.
In Test Cycle phase the QA team will meet and discuss about the testing artifacts. Test Closure
is the note prepared before test team formally completes the testing process. This note
contains the total no. of test cases, total no. of test cases executed, total no. of defects found,
total no. of defects fixed, total no. of bugs not fixed, total no of bugs rejected etc.
The whole intent of this discussion is to learn lessons from the bad practices. This will help in
future projects.
To evaluate the test completion on the basis of Test Coverage and Software Quality
Documentation of the learning from the project
Analyzing the test results to find out the distribution of severe defects
https://www.linkedin.com/in/farhaansharif/ 40
Test Closure Report preparation
● It is difficult to estimate the actual cost of the entire project and the project overruns.
● It may lead to an increase in the cost of software development, especially if the
customer requirements are not understood properly.
https://www.linkedin.com/in/farhaansharif/ 41
● It consists of specific requirements and phases that need to be completed, which
increase the time taken in software development.
● Sometimes the input of users may be limited.
● The execution of SDLC phases depends on factors, such as customer requirements and
the availability of funds.
This is a process with much communication taking place between stakeholders, end users and
the project team. Meetings with managers, stake holders and users are held in order to
determine the requirements like; who is going to use the system? How will they use the
system? What data should be input into the system? What data should be output by the
system? These are general questions that get answered during a requirement gathering phase.
The QA engineer playing the role to configure the requirements using requirements
traceability matrix (RTM).
https://www.linkedin.com/in/farhaansharif/ 42
● Economic feasibility: Are there enough funds to invest in the development of the
software?
● Technical feasibility: Does the organization have the necessary technology and human
resources for the SDLC process?
18.3.3Phase 3: Design
In this phase the software design is prepared from the requirement specifications which were
studied in the first phase. System Design helps in specifying hardware and system requirements
and also helps in defining overall system architecture. In this phase the QA Engineers comes up
with the Test strategy, where they mention what to test, how to test.
18.3.4Phase 4: Coding
Upon receiving system design documents, the work is divided in modules/units and actual
coding is started. Since, in this phase the code is produced so it is the main focus for the
developer. This is the longest phase of SDLC. In this phase the QA Engineers comes up with the
Test Environment setup and test Case Documentation.
18.3.5Phase 5: Testing
After the code is developed it is tested against the requirements to make sure that the product
is actually solving the needs addressed and gathered during the requirements phase. During
this phase all types of like unit testing, integration testing, Smoke Testing, functional testing,
https://www.linkedin.com/in/farhaansharif/ 43
Sanity Testing, system testing, acceptance testing is done as well as non-functional testing are
also done.
18.3.6Phase 6: Deployment
After successful testing the product is delivered / deployed to the customer for their use. As
soon as the product is given to the customers, they will first do the beta testing/User
Acceptance Testing. If any changes are required or if any bugs are caught, then they will report
it to the engineering team. Once those changes are made or the bugs are fixed then the final
deployment will happen.
18.3.7Phase 7: Maintenance
This phase involves solving issues faced by the customers when they use the software. When an
issue is solved by the developers or software engineers, the software is tested to ensure it
functions well. The software is then handed back to the customer for use. In the maintenance
phase, the software can be enhanced to add other new features. It can also be upgraded to
establish a new version of the system.
Waterfall model works well for smaller projects where requirements are very well understood.
The waterfall is a widely accepted SDLC model. In this approach, the whole process of the
software development is divided into various phases. In this SDLC model, the outcome of one
phase acts as the input for the next phase. This SDLC model is documentation-intensive, with
earlier phases documenting what need be performed in the subsequent phases.
https://www.linkedin.com/in/farhaansharif/ 44
19.2 Incremental Model
The incremental model is not a separate model. It is essentially a series of waterfall cycles. The
requirements are divided into groups at the start of the project. For each group, the SDLC
model is followed to develop software. The SDLC process is repeated, with each release adding
more functionality until all requirements are met. In this method, every cycle act as the
maintenance phase for the previous software release. Modification to the incremental model
allows development cycles to overlap. After that subsequent cycle may begin before the
previous cycle is complete.
19.3 V-Model
In this type of SDLC model testing and the development, the phase is planned in parallel. So,
there are verification phases on the side and the validation phase on the other side. V-Model
joins by Coding phase.
The spiral model is a risk-driven process model. This SDLC model helps the team to adopt
elements of one or more process models like a waterfall, incremental, waterfall, etc. This model
adopts the best features of the prototyping model and the waterfall model. The spiral
https://www.linkedin.com/in/farhaansharif/ 45
methodology is a combination of rapid prototyping and concurrency in design and development
activities.
Prototyping model is a software development model in which prototype is built, tested, and
reworked until an acceptable prototype is achieved. It also creates base to produce the final
system or software. It works best in scenarios where the project's requirements are not known
in detail. It is an iterative, trial and error method which takes place between developer and
client.
https://www.linkedin.com/in/farhaansharif/ 46
21. What is Risk Factor and it’s Types?
In software testing Risks are the possible problems that might endanger the objectives of the
project stakeholders. It is the possibility of a negative or undesirable outcome. A risk is
Something that has not happened yet and it may never happen; it is a potential problem.
The types of Risk in a Test Project can be broadly categorized as
1. Strategy Risk: This includes Budget, Communication and Management risks
2. Project Definition Risks: This includes Project target, Scope, and requirements risks.
3. Human Resources Risk: This includes Skill, Team members and organization risks.
https://www.linkedin.com/in/farhaansharif/ 47
23. What is Test Coverage?
Test Coverage states which requirements of the customers are to be verified when the testing
phase starts. Test Coverage is a term that determines whether the test cases are written and
executed to ensure to test the software application completely, in such a way that minimal or
NIL defects are reported.
https://www.linkedin.com/in/farhaansharif/ 48
25. Equivalence Class Partitioning
Equivalence Partitioning is type of black box testing technique which can be applied to all levels
of software testing like unit, integration, system, etc. In this technique, input data units are
divided into equivalent partitions that can be used to derive test cases which reduces time
required for testing because of small number of test cases.
It divides the input data of software into different equivalence data classes. You can apply this
technique, where there is a range in the input field.
Example 1: Equivalence and Boundary Value
Let's consider the behavior of Order Pizza Text Box Below
Pizza values 1 to 10 is considered valid. A success message is shown.
While value 11 to 99 are considered invalid for order and an error message will appear,
"Only 10 Pizza can be ordered"
Standalone application:
Software installed in one computer and used by only one person.
For ex – Installing s/w of a Calculator, Adobe Photoshop, MS Office, AutoCad. Standalone
applications follow one-tier architecture. Presentation, Business, and Database layer are in one
system for a single user.
https://www.linkedin.com/in/farhaansharif/ 49
Client-Server Application:
In Client Server application, unlike Standalone Application, part of application is installed on to
the client system and the remaining part is installed on to the server machine. Client-server
applications follow two-tier architecture. Presentation and Business layer are in a client system
and Database layer on another server. Both Client and server interact with the help of
network/internet.
Web Application:
A web application is a computer program that uses a web browser to perform a particular
function. It is also called a web app. A web application is a client-server program. It means that
it has a client-side and a server-side. The term "client" here refers to the program the individual
uses to run the application. It is part of the client-server environment, where many computers
share information. For example, in the case of a database, the client is the program through
which the user enters data. The server is the application that stores the information. Web
https://www.linkedin.com/in/farhaansharif/ 50
server applications follow three-tier or n-tier architecture. The presentation layer is in a client
system, a Business layer is in an application server and Database layer is in a
Database server. It works both in Intranet and Internet.
28. When to stop testing? (Or) How do you decide when you
have tested enough?
There are many factors involved in the real-time projects to decide when to stop testing.
1. Testing deadlines or release deadlines
2. By reaching the decided pass percentage of test cases
3. The risk in the project is under acceptable limit
4. All the high priority bugs, blockers are fixed
5. When acceptance criteria are met.
https://www.linkedin.com/in/farhaansharif/ 51
8. Current status of Bug.
Screen sizes
Thousands of mobile phones are pumped into the market with varied screen size, aspect ratio
and pixel densities.
Internet strength
With respect to countries, internet providers and connectivity type internet strength can vary
drastically and can affect app performance to a great extent
OS versions
Android versions upgrade usually takes time owing to fragmentation. Meanwhile iOS upgrade
takes place swiftly. So our testers check your app on various versions to ensure stable
performance on each version.
https://www.linkedin.com/in/farhaansharif/ 52
Power consumption
There is not much innovation happening in battery industry. Owing to that, app optimization
check has to be done.
Usability
Owing to the size and shape of mobile phone screens, usability testing indeed a hurdle.
Security issues
Breaches are happening at an alarming rate. To validate the measures adopted by the
developers to secure apps is indeed challenging.
Contextual issues
Context can enhance or limit the functionalities of apps. Since apps have varied context with
different data, testing process can become complex.
https://www.linkedin.com/in/farhaansharif/ 53
30.4 Compatibility testing
The extension for Android apps is .APK. and for iOS apps is .ipa should be confirm. This testing is
done mostly in the form of two matrices of OS Vs app and Device
Model Vs App. Usually, a list of supported OS (and sometimes devices) is provided by the
product owner or customer.
https://www.linkedin.com/in/farhaansharif/ 54
30.10 Field testing
Field testing is done specifically for the mobile data network and not in-house but by going out
and using the app as a normal user.
It is basically done to verify the behavior of the app when the phone has a 2G or 3G connection.
Field testing verifies if the app is crashing under slow network connection or if it is taking too
long to load the information.
https://www.linkedin.com/in/farhaansharif/ 55
31. Difference between website and web Application
https://www.linkedin.com/in/farhaansharif/ 56
32.2 What is API testing?
API testing is a type of software testing that involves testing APIs directly. API is a part of
integration testing to check whether the API meets expectations in terms of functionality,
reliability, performance, and security of applications. Multiple API system can performed API
testing. In API testing, our primary focus is on Business Logic Layer of the software architecture.
o Unit Testing
o Functional Testing
o Load Testing
o Runtime/Error Detection
o Security Testing
o UI Testing
o Interoperability and WS compliance Testing
o Penetration Testing
o Fuzz Testing
o HTTP
o REST
o SOAP
o JMS
o UDDI
https://www.linkedin.com/in/farhaansharif/ 57
32.5 What are the advantages of API Testing?
API testing provides access to the application without a user interface. The core and code-level
of functionalities of the application will be tested and evaluated early before the GUI tests. This
will help detect the minor issues which can become bigger during the GUI testing.
Time Effective:
API testing usually is less time consuming than functional GUI testing. The web elements in GUI
testing must be polled, which makes the testing process slower. Particularly, API test automation
requires less code so it can provide better and faster test coverage compared to GUI test
automation. These will result in the cost saving for the testing project.
Language-Independent:
In API testing, data is exchanged using XML or JSON. These transfer modes are completely
language-independent, allowing users to select any code language when adopting automation
testing services for the project.
API tests enable highly integrable tests, which is particularly useful if you want to perform
functional GUI tests after API testing. For instance, simple integration would allow new user
accounts to be created within the application before a GUI test started.
o Parasoft SOAtest
o PostMan
o AlertSite API monitoring
https://www.linkedin.com/in/farhaansharif/ 58
32.7 What are the limits of API usage?
Many APIs have certain limit set up by the provider. Hence, try to estimate our usage and
understand how that will impact the overall cost of the offering.
Here, are the common tests that performed on API are as:
Response of the API should be verified based on the request. We will verify that the
return value is based on request.
When API is updating any data structure we should verify the system is authenticating
the outcome.
We will verify whether the API is trigger other event or request another API.
We will verify the behavior of the API when no value is return.
In API testing, we send a request to API with the known data and then analysis the response.
If you can overcome the challenges in API Testing, you can be confident in the API testing
interview too. They are:
Parameter Selection
https://www.linkedin.com/in/farhaansharif/ 59
Parameter Combination
Call sequencing
Another important challenge is providing input values, which is very difficult as GUI is not
available in this case.
32.11 What kinds of bugs that API testing would often find?
Stress
Reliability
Security
Unused flags
Performance
Multi-threading issues
Improper errors
32.12 What are API documentation templates that are commonly used?
There are several available API documentation templates help to make the entire process
simple and straightforward, such as:
Swagger
https://www.linkedin.com/in/farhaansharif/ 60
Miredot
Slate
FlatDoc
API blueprint
RestDoc
REST (Representational State Transfer) is an architectural style for developing web services
which exploit the ubiquity of HTTP protocol and uses HTTP method to define actions. It revolves
around resource where every component being a resource that can be accessed through a
shared interface using standard HTTP methods.
Mostly, there are two kinds of Web Services which should be remembered in your next API
testing interview:
1. SOAP (Simple Object Access Protocol) – an XML-based method to expose web services.
2. Web services developed in the REST style are referred to as RESTful web services. These
web services use HTTP methods to implement the concept of REST architecture. A
RESTful web service usually defines a URI, Uniform Resource Identifier a service,
provides resource representation like JSON and a set of HTTP methods.
https://www.linkedin.com/in/farhaansharif/ 61
32.15 What are the differences between SOAP and REST API?
3. SOAP can work with XML REST permit different data format such as Plain text,
format. In SOAP all the data HTML, XML, JSON etc. But the most preferred format
passed in XML format. for transferring data is in JSON.
32.16 What are the major challenges faced during API testing?
o Parameter Selection
o Parameter Combination
o Call sequencing
o A major challenge is providing input values which are very difficult because GUI is not
available.
2. Uniform Resource Identifier (URI): URI is the identifier for the resource on the server.
https://www.linkedin.com/in/farhaansharif/ 62
4. Request Header: Request Header carries metadata for the HTTP request message.
Metadata could be a client type, format supported by the client, format of a message
body, cache setting etc.
32.18 What are the most commonly used HTTP methods supported by
REST?
GET is only used to request data from a specified resource. Get requests can be cached and
bookmarked. It remains in the browser history and has length restrictions. GET requests should
never be used when dealing with sensitive data.
POST is used to send data to a server to create/update a resource. POST requests are never
cached and bookmarked and do not remain in the browser history.
PUT replaces all current representations of the target resource with the request payload.
OPTIONS is used to describe the communication options for the target resource.
HEAD asks for a response identical to that of a GET request, but without the response body.
The “payload” is the data you are interested in transporting. This is differentiated from the
things that wrap the data for transport like the HTTP/S Request/Response headers,
authentication, etc.
https://www.linkedin.com/in/farhaansharif/ 63