SECTION – C (15 MARKS)

146. Explain Web Application Architecture?

1. Definition of Web Application Architecture (WAA): Web Application
Architecture refers to the structure and organization of web-based applications. It
encompasses various components, including the client-side and server-side
elements, databases, and the communication protocols that enable the
interaction between them.

2. Client-Side Components:

- User Interface (UI): The front-end or client-side component of a web

application that users interact with.

- Browser: The platform through which users access and interact with the web
application.

3. Server-Side Components:

- Web Server: The server that hosts the web application and processes client
requests.

- Application Server: Manages the business logic and application processes.

- Database Server: Stores and manages the application's data.

4. Communication Protocols:

- HTTP/HTTPS: The protocols governing communication between the client

and server. HTTP for unsecured connections and HTTPS for secure ones.

5. Testing at the UI Level:

- Functional Testing: Ensures that all functions of the UI are working as

intended.

- Usability Testing: Evaluates the user-friendliness and overall user

experience.
 - Cross-Browser Testing: Verifies consistent performance across different web
browsers.

6. Testing at the Server Level:

- Performance Testing: Assesses the web application's responsiveness,

speed, and overall performance under various conditions.

- Load Testing: Determines the application's ability to handle a specific load or

concurrent user count.

- Stress Testing: Pushes the application beyond its limits to identify breaking
points.

7. Database Testing:

- Data Integrity Testing: Ensures that data is stored, retrieved, and updated
accurately.

- Data Migration Testing: Verifies the seamless transition of data between

different databases or systems.

- Database Security Testing: Ensures the protection of sensitive information

stored in the database.

8. Security Testing:

- Vulnerability Assessment: Identifies potential vulnerabilities in the web

application.

- Penetration Testing: Simulates real-world attacks to uncover security

weaknesses.

- Authentication and Authorization Testing: Verifies the effectiveness of access

controls.

9. Scalability Testing:

- Horizontal Scaling: Assessing the capability of the system to handle

increased load by adding more servers.

- Vertical Scaling: Evaluating the system's performance by increasing the

resources on a single server.
10. Integration Testing:

- API Testing: Ensures that different components of the web application

communicate effectively through APIs.

- End-to-End Testing: Validates the entire application workflow from user

interaction to database and back.

147. Explain testing strategy for GUH software?

Software testing is the process of evaluating a software application to identify if
it meets specified requirements and to identify any defects. The following are
common testing strategies:
1. Black box testing – Tests the functionality of the software without looking at
the internal code structure.
2. White box testing – Tests the internal code structure and logic of the
software.
3. Unit testing – Tests individual units or components of the software to
ensure they are functioning as intended.
4. Integration testing – Tests the integration of different components of the
software to ensure they work together as a system.
5. Functional testing – Tests the functional requirements of the software to
ensure they are met.
6. System testing – Tests the complete software system to ensure it meets
the specified requirements.
7. Acceptance testing – Tests the software to ensure it meets the customer’s
or end-user’s expectations.
8. Regression testing – Tests the software after changes or modifications
have been made to ensure the changes have not introduced new defects.
9. Performance testing – Tests the software to determine its performance
characteristics such as speed, scalability, and stability.
10. Security testing – Tests the software to identify vulnerabilities and
ensure it meets security requirements.

The main objective of software testing is to design the tests in such a way that it
systematically finds different types of errors without taking much time and effort
so that less time is required for the development of the software. The overall
strategy for testing software includes:
148. Explain in detail about commonly Known attacks of
software?
1. SQL Injection:

- Description: SQL Injection occurs when an attacker injects malicious SQL

code into input fields or parameters, exploiting vulnerabilities in the application's
database layer.
 - Impact: Unauthorized access to sensitive data, manipulation of data, and
potential data loss.

- Testing Strategy: Input validation, parameterized queries, and thorough code

reviews can mitigate SQL Injection risks. Testers should attempt to inject SQL
commands to verify the system's resilience.

2. Cross-Site Scripting (XSS):

- Description: XSS involves injecting malicious scripts into web pages, which
are then executed by the user's browser. Attackers often exploit user input fields
or inadequate output encoding.

- Impact: Session hijacking, stealing sensitive data (like cookies), defacement

of websites.

- Testing Strategy: Input validation, output encoding, and using security

mechanisms like Content Security Policy (CSP) can help prevent XSS. Testers
should input various scripts to check for vulnerabilities.

3. Cross-Site Request Forgery (CSRF):

- Description: CSRF tricks a user's browser into performing actions on a

website without their knowledge or consent, often by exploiting the trust a
website has in a user's browser.

- Impact: Unauthorized actions on behalf of a user, such as changing account

settings or making transactions.

- Testing Strategy: Include testing for anti-CSRF tokens, ensuring that actions
require authentication, and validating the origin of requests.

4. Denial of Service (DoS) and Distributed Denial of Service (DDoS):

- Description: DoS and DDoS attacks flood a system or network with traffic,
overwhelming its capacity and causing it to become unavailable to users.

- Impact: Service disruption, loss of availability.

- Testing Strategy: Perform stress testing and load testing to assess the
system's capacity and response to high volumes of traffic. Implementing rate
limiting and traffic filtering can help mitigate these attacks.
5. Man-in-the-Middle (MitM) Attacks:

- Description: In MitM attacks, an attacker intercepts and potentially alters

communication between two parties without their knowledge.

- Impact: Data interception, eavesdropping, unauthorized access.

- Testing Strategy: Use secure communication protocols (HTTPS), perform

network security testing, and check for vulnerabilities in data transmission.

6. Security Misconfigurations:

- Description: Security misconfigurations occur when a system or application is

not securely configured, leaving potential vulnerabilities exposed.

- Impact: Unauthorized access, data leaks, system compromise.

- Testing Strategy: Regularly perform security audits and use automated tools
to identify and address misconfigurations. Testers should review configuration
files and settings for potential weaknesses.

7. Phishing Attacks:

- Description: Phishing involves tricking users into revealing sensitive

information by posing as a trustworthy entity.

- Impact: Unauthorized access to user accounts, data breaches.

- Testing Strategy: Conduct phishing simulation tests to evaluate users'

awareness and susceptibility. Ensure that the application has mechanisms in
place to detect and prevent phishing attempts.

8. Buffer Overflow Attacks:

- Description: Buffer overflow occurs when a program writes more data to a

block of memory, or buffer, than it was allocated for, potentially leading to the
execution of malicious code.

- Impact: System crashes, execution of arbitrary code.

- Testing Strategy: Implement boundary testing and input validation to detect

and prevent buffer overflow vulnerabilities. Testers should provide inputs that
exceed expected limits to identify potential weaknesses.
9. Session Hijacking:

- Description: Session hijacking involves stealing a user's session token,

typically through interception or session prediction.

- Impact: Unauthorized access to user accounts, identity theft.

- Testing Strategy: Test the effectiveness of session management

mechanisms, ensure the use of secure session tokens, and check for
vulnerabilities in session-related functionalities.

10. Zero-Day Exploits:

- Description: Zero-day exploits target vulnerabilities in software that are not

yet known to the vendor or the public, making them particularly dangerous.

- Impact: Unauthorized access, data breaches, system compromise.

- Testing Strategy: Regularly update software and employ vulnerability

scanning tools to identify and address potential zero-day vulnerabilities.
Continuous monitoring for security updates is crucial.

149. Explain SPI-SIG baselines on Software Test Metrics

Software Process Improvement - Software Improvement Group (SPI-SIG)
Baselines on Software Test Metrics:

1. Introduction to SPI-SIG:

- SPI-SIG, or Software Process Improvement - Software Improvement Group,

is an organization that focuses on assessing and improving software
development and maintenance processes.

2. Baselines in Software Testing:

- A baseline in software testing refers to a well-defined reference point that

helps establish a standard for measuring and assessing various aspects of the
testing process.

3. SPI-SIG Approach to Software Test Metrics:

- SPI-SIG provides a structured approach to defining baselines for software
testing metrics, aiming to enhance the overall quality and efficiency of the testing
process.

4. Key Software Test Metrics:

- Before establishing baselines, it's crucial to identify and understand key

software test metrics. These may include metrics related to test coverage, defect
density, test execution time, and defect discovery rates.

5. Defining Baselines:

- SPI-SIG baselines involve setting initial benchmarks for identified software

test metrics. This includes capturing current performance levels, process
maturity, and the effectiveness of testing activities.

6. Metric Categories:

- SPI-SIG categorizes software test metrics into various categories such as:

- Process Metrics: Evaluating the efficiency and effectiveness of the testing

process.

- Product Metrics: Assessing the quality and characteristics of the software

product under test.

- Resource Metrics: Measuring the utilization of resources in the testing

process.

7. Establishing SPI-SIG Baselines:

- SPI-SIG baselines are established through a combination of historical data

analysis, industry benchmarks, and organizational goals. This involves capturing
data on past testing efforts and identifying areas for improvement.

8. Continuous Monitoring and Improvement:

- SPI-SIG emphasizes the importance of continuous monitoring and

improvement. Once baselines are established, regular assessments and
comparisons against these baselines help in identifying deviations and areas
requiring attention.

9. Benefits of SPI-SIG Baselines in Software Testing:

 - Performance Measurement: Baselines serve as a reference point for
measuring the performance of the testing process and identifying areas for
enhancement.

- Quality Assurance: SPI-SIG baselines contribute to quality assurance efforts

by setting standards for product quality and testing effectiveness.

- Process Optimization: The continuous monitoring and improvement cycle

facilitated by baselines support the optimization of testing processes over time.

10. Adaptability to Change:

- SPI-SIG baselines are designed to be adaptable to changes in project

requirements, technology, or organizational structure. This flexibility ensures that
the testing process remains effective in evolving environments.

11. Communication and Transparency:

- Baselines provide a transparent and communicative framework for

discussing testing performance within the organization. This aids in aligning
testing activities with overall business objectives.

12. Challenges and Considerations:

- SPI-SIG recognizes the challenges associated with establishing baselines,

such as data accuracy, evolving project requirements, and the dynamic nature of
the software development lifecycle. Regular reviews and adjustments are
essential to address these challenges.

150. Explain in details about software failure with example?

Software Failure Mechanisms:

The software failure can be classified as:

Transient failure: These failures only occur with specific inputs.

Permanent failure: This failure appears on all inputs.

Recoverable failure: System can recover without operator help.

Unrecoverable failure: System can recover with operator help only.

Non-corruption failure: Failure does not corrupt system state or data.

Corrupting failure: It damages the system state or data.

Software failures may be due to bugs, ambiguities, oversights or

misinterpretation of the specification that the software is supposed to satisfy,
carelessness or incompetence in writing code, inadequate testing, incorrect or
unexpected usage of the software or other unforeseen problems.

A partial list of the distinct features of software compared to hardware is

listed below:
Failure cause: Software defects are primarily designed defects.

Wear-out: Software does not have an energy-related wear-out phase. Bugs can
arise without warning.

Repairable system: Periodic restarts can help fix software queries.

Time dependency and life cycle: Software reliability is not a purpose of

operational time.

Environmental factors: Do not affect Software reliability, except it may affect

program inputs.

Reliability prediction: Software reliability cannot be predicted from any physical

basis since it depends entirely on human factors in design.

Redundancy: It cannot improve Software reliability if identical software elements

are used.

Interfaces: Software interfaces are merely conceptual other than visual.

Failure rate motivators: It is generally not predictable from analyses of separate

statements.

Built with standard components: Well-understood and extensively tested

standard element will help improve maintainability and reliability. But in the
software industry, we have not observed this trend. Code reuse has been around
for some time but to a minimal extent. There are no standard elements for
software, except for some standardized logic structures.

SECTION – B (8 MARKS)
116. Explain the various types of Testing?
1. Unit Testing:

- Focuses on individual units or components of a system.

- Verifies if each unit functions as intended in isolation.

- Helps catch early and specific bugs.

2. Integration Testing:

- Ensures that different units or modules work together seamlessly.

- Detects issues arising from the interaction between integrated components.

- Validates the overall system's functionality.

3. System Testing:

- Evaluates the complete and integrated software system.

- Verifies if the system meets specified requirements.

- Addresses overall functionality, performance, and security.

4. Acceptance Testing:

- Validates if the system meets business requirements.

- Involves both user acceptance testing (UAT) and operational acceptance

testing (OAT).

- Final check before the system goes live.

117. Describe the formal verification of GUH program?

Formal verification is a rigorous and systematic approach to ensuring the
correctness of a program by mathematically proving its adherence to a
specification. In the context of the GUH program in software testing, formal
verification involves a step-by-step process to validate its functionality, reliability,
and security.

1. Specification Development:

The formal verification of the GUH program begins with the development of a
precise and unambiguous specification. This specification outlines the intended
behaviour, requirements, and constraints of the program. It serves as the
foundation for the subsequent verification steps.

2. Formal Model Representation:

 The GUH program is translated into a formal model using a mathematical
notation such as a formal specification language or a mathematical logic. This
model captures the essential properties and behaviour of the program in a way
that allows for rigorous analysis.

3. Theorem Formulation:

The verification process involves the formulation of mathematical theorems

that represent the correctness properties of the GUH program. These theorems
express conditions that, when satisfied, guarantee the desired behaviour of the
program, including functional correctness and adherence to safety specifications.

4. Proof Construction:

Formal verification relies on the construction of formal proofs based on the

previously formulated theorems. These proofs involve applying mathematical
reasoning to demonstrate that the GUH program adheres to its specification
under all possible inputs and scenarios. This step is crucial for establishing a
high level of confidence in the correctness of the program.

5. Model Checking:

Automated tools, known as model checkers, are employed to systematically

explore the state space of the formal model. This process verifies whether the
GUH program satisfies the specified properties across all possible states and
transitions. Model checking complements manual proof construction and helps
detect potential issues that may have been overlooked.

6. Review and Validation:

The formal verification process concludes with a comprehensive review of the

developed formal proofs, theorems, and the overall methodology. Validation
activities ensure that the formal verification adequately captures the intended
behaviour of the GUH program and that any assumptions made during the
process are justified.

118. Explain the evaluation of Get-U-Home Panel software?

The evaluation of the Get-U-Home Panel software in software testing involves a
comprehensive analysis of various aspects to ensure its functionality, reliability,
and overall effectiveness.

1. Functionality Testing:

- Verify that the software meets the specified requirements and performs its
intended functions accurately.

- Test various features such as navigation, search functionality, and user

interactions to ensure a seamless user experience.

2. Performance Testing:

- Evaluate the software's responsiveness and efficiency under different

workloads and conditions.

- Measure response times, resource utilization, and overall system

performance to identify and address any bottlenecks.

3. Compatibility Testing:

- Ensure that the Get-U-Home Panel software is compatible with different

operating systems, browsers, and devices.

- Test the software across various configurations to identify and resolve any
compatibility issues.

4. Security Testing:

- Assess the software's resistance to unauthorized access, data breaches, and

other security threats.

- Conduct penetration testing and vulnerability assessments to identify and fix

potential security vulnerabilities.

5. Usability Testing:

- Evaluate the user interface and overall user experience to ensure that the
software is intuitive and user-friendly.

- Gather feedback from end-users to identify areas for improvement in terms of

usability and user satisfaction.
6. Reliability Testing:

- Test the software's stability and reliability under normal and stressful
conditions.

- Identify and address any potential issues related to crashes, data loss, or
system failures.

7. Regression Testing:

- Ensure that new updates or changes do not adversely affect existing

functionality.

- Perform regression testing to verify that modifications do not introduce new

bugs or issues into the system.

8. Documentation Review:

- Evaluate the completeness and accuracy of the software documentation.

- Ensure that user manuals, technical documentation, and other relevant

materials are up-to-date and provide sufficient information for users and
developers.

119. Explain the tools used for web testing?

Web testing involves assessing the functionality, usability, security, and
performance of web applications. Several tools are employed in software testing
to ensure the effectiveness of web applications.

1. Selenium:

 Selenium is an open-source testing framework widely used for web

application testing. It supports multiple programming languages such as
Java, Python, and C#.
 Selenium provides a suite of tools like Selenium WebDriver for browser
automation and Selenium Grid for parallel test execution across multiple
machines.

2. JIRA:
  JIRA is primarily a project management tool, but it is often used for issue
tracking and bug reporting in web testing.
 Testers can use JIRA to create, track, and manage testing tasks and
issues, providing a centralized platform for collaboration among testing and
development teams.

3. LoadRunner:

 LoadRunner, developed by Micro Focus, is a performance testing tool

used to assess the scalability and performance of web applications under
various loads.
 It allows testers to simulate virtual users, monitor system behavior, and
identify performance bottlenecks.

4. TestComplete:

 TestComplete is a functional testing tool that supports the testing of web

applications across different browsers.
 It provides features for scriptless testing, allowing testers to create
automated tests without extensive programming knowledge.

5. Burp Suite:

 Burp Suite is a security testing tool specifically designed for web

applications. It is widely used for finding security vulnerabilities such as
SQL injection and cross-site scripting (XSS).
 The tool includes features for crawling web applications, analysing
requests and responses, and identifying potential security risks.

6. Postman:

 Postman is an API testing tool that helps in testing web services and APIs.
It allows testers to create and manage API requests, automate testing, and
validate responses.
 Postman simplifies the testing of RESTful APIs, ensuring their functionality
and interoperability.

7. Browser Developer Tools:

 Built-in browser developer tools, such as Chrome Developer Tools and

Firefox Developer Tools, are essential for web testing.
  Testers use these tools to inspect and debug web elements, analyze
network traffic, and assess the performance of web pages.

8. Snyk:

 Snyk is a tool used for identifying and fixing security vulnerabilities in web
applications and their dependencies.
 It scans for known vulnerabilities in libraries and dependencies, helping
developers and testers address security issues proactively.

120. Explain the elements of Security Testing in Software?

Types of Security Testing:

1. Vulnerability Scanning: Vulnerability scanning is performed with the help of

automated software to scan a system to detect the known vulnerability
patterns.
2. Security Scanning: Security scanning is the identification of network and
system weaknesses. Later on it provides solutions for reducing these defects
or risks. Security scanning can be carried out in both manual and automated
ways.
3. Penetration Testing: Penetration testing is the simulation of the attack from
a malicious hacker. It includes an analysis of a particular system to examine
for potential vulnerabilities from a malicious hacker that attempts to hack the
system.
4. Risk Assessment: In risk assessment testing security risks observed in the
organization are analyzed. Risks are classified into three categories i.e., low,
medium and high. This testing endorses controls and measures to minimize
the risk.
5. Security Auditing: Security auditing is an internal inspection of applications
and operating systems for security defects. An audit can also be carried out
via line-by-line checking of code.
6. Ethical Hacking: Ethical hacking is different from malicious hacking. The
purpose of ethical hacking is to expose security flaws in the organization’s
system.
7. Posture Assessment: It combines security scanning, ethical hacking and
risk assessments to provide an overall security posture of an
8. Application security testing: Application security testing is a type of testing
that focuses on identifying vulnerabilities in the application itself. It includes
testing the application’s code, configuration, and dependencies to identify
any potential vulnerabilities.
122. What are the common reasons for software failure? Explain.
Software failure during testing can occur due to various reasons. Here are
some common factors contributing to software failures in the testing phase:

1. Incomplete Requirements:
Inadequate or unclear requirements can lead to misunderstandings between
developers and testers, resulting in the development of software that does not
meet the user's expectations. Without comprehensive and precise
requirements, it becomes challenging to create effective test cases and assess
the software's functionality accurately.
2. Poorly Defined Test Cases:
Test cases serve as the foundation for software testing. If test cases are
poorly designed or lack coverage, critical functionalities may be overlooked,
leaving potential defects undiscovered. It's essential to have a comprehensive
set of test cases that cover various scenarios and edge cases to ensure
thorough testing.
3. Lack of Test Data:
Insufficient or unrealistic test data can lead to an inadequate evaluation of the
software's performance. The absence of diverse and representative test data
may result in overlooking potential issues related to data processing, validation,
or security.
4. Inadequate Testing Environment:
The testing environment needs to mirror the production environment closely.
Issues may arise if there are disparities between the testing and production
environments, leading to failures that only become apparent in the live system.
5. Communication Gaps:
Communication breakdowns between development and testing teams can
result in misunderstandings, missed requirements, or incomplete test coverage.
Effective communication is crucial to ensure that all stakeholders are on the
same page regarding expectations, changes, and testing progress.
6. Insufficient Regression Testing:
Changes in the codebase or new feature implementations can introduce
unexpected side effects or break existing functionalities. Without thorough
regression testing, it's challenging to identify and rectify issues arising from
modifications made during the development cycle.

123. Explain any 4 commonly known attacks on software?

1. SQL Injection:
 SQL Injection is a type of cyber attack where malicious SQL queries are
injected into input fields of an application to manipulate or exploit the database.
Attackers use this technique to bypass authentication, retrieve sensitive
information, modify data, or even execute administrative operations on the
database. Proper input validation and the use of parameterized queries can
help mitigate the risk of SQL Injection attacks.

2. Cross-Site Scripting (XSS):

XSS is an attack where attackers inject malicious scripts into web pages that
are then viewed by other users. These scripts can be used to steal session
cookies, deface websites, or redirect users to malicious sites. Input validation,
output encoding, and the use of security mechanisms like Content Security
Policy (CSP) are essential in preventing XSS attacks.

3. Denial-of-Service (DoS) Attacks:

In a DoS attack, the attacker overwhelms a system, network, or service with
excessive traffic, making it unavailable to legitimate users. This can be
achieved by flooding the target with traffic or exploiting vulnerabilities to exhaust
system resources. Implementing traffic filtering, rate limiting, and having a
robust infrastructure are strategies to mitigate the impact of DoS attacks.

4. Man-in-the-Middle (MitM) Attacks:

MitM attacks involve intercepting and potentially altering communication
between two parties without their knowledge. This can occur in various
scenarios, such as unsecured Wi-Fi networks or compromised routers.
Attackers can eavesdrop on sensitive information, inject malicious content, or
impersonate one of the communicating parties. Encrypting communication with
protocols like HTTPS and using secure channels, such as virtual private
networks (VPNs), can help prevent MitM attacks.

124. Explain with diagram web application and its architecture?

A web application is a software application that runs on web browsers,

allowing users to interact with it through a graphical user interface (GUI) over
the internet. The architecture of a web application consists of several
components that work together to deliver the desired functionality. Let's break
down the key components and their interactions:

1. Client-Side (Frontend):
  The client-side, or frontend, is the user interface that users interact
with. It is rendered in web browsers and is responsible for presenting
data and handling user interactions.
 Technologies such as HTML (Hypertext Markup Language), CSS
(Cascading Style Sheets), and JavaScript are commonly used to build
the client-side.
2. Server-Side (Backend):
 The server-side, or backend, is responsible for processing requests,
managing data, and performing business logic. It runs on a web server
and communicates with the client-side.
 Common technologies for backend development include server-side
languages like Node.js, Python (Django/Flask), Ruby (Ruby on Rails),
Java (Spring), or PHP.
3. Database:
 The database stores and manages the application's data. It could be a
relational database (e.g., MySQL, PostgreSQL) or a NoSQL database
(e.g., MongoDB, Cassandra).
 The backend interacts with the database to retrieve or store data
based on user requests.
4. Web Server:
 The web server handles communication between the client-side and
the server-side. It receives incoming requests from clients, forwards
them to the backend, and sends the response back to the client.
 Common web servers include Apache, Nginx, and Microsoft Internet
Information Services (IIS).
5. Application Programming Interface (API):
 APIs enable communication and data exchange between different
software systems. In the context of web applications, APIs define how
the frontend and backend interact.
 RESTful APIs or GraphQL are common approaches for building web
application APIs.

This diagram illustrates the flow of information in a typical web application

architecture:
125. Explain software testing metrics?

Software testing metrics are quantifiable indicators of the software

testing process progress, quality, productivity, and overall health. The purpose
of software testing metrics is to increase the efficiency and effectiveness of the
software testing process while also assisting in making better decisions for
future testing by providing accurate data about the testing process. A metric
expresses the degree to which a system, system component, or process
possesses a certain attribute in numerical terms.

Test metrics are essential in determining the software’s quality and

performance. Developers may use the right software testing metrics to improve
their productivity.
 Test metrics help to determine what types of enhancements are required in
order to create a defect-free, high-quality software product.
 Make informed judgments about the testing phases that follow, such as
project schedule and cost estimates.
 Examine the current technology or procedure to see if it need any more
changes.

Types of Software Testing Metrics:

Software testing metrics are divided into three categories:

1. Process Metrics: A project’s characteristics and execution are defined by
process metrics. These features are critical to the SDLC process’s
improvement and maintenance (Software Development Life Cycle).
2. Product Metrics: A product’s size, design, performance, quality, and
complexity are defined by product metrics. Developers can improve the
quality of their software development by utilizing these features.
3. Project Metrics: Project Metrics are used to assess a project’s overall
quality. It is used to estimate a project’s resources and deliverables, as well
as to determine costs, productivity, and flaws.

Software testing can be further divided into manual and automated testing.

In manual testing, the test is performed by QA analysts in a step-by-step

process. Meanwhile, in automated testing, tests are executed with the help of
test automation frameworks, tools, and software.

Both manual and automated testing has its strength and weakness.

Manual testing is a slow process, but it allows testers to handles complex

scenarios.

Types of Manual Test Metrics:

Manual Test Metrics are of two types:

 Base Metrics.
 Calculated Metrics.

SECTION – A (3 MARKS)
61. What is security testing?

 Security testing checks whether software is vulnerable to cyber attacks,

and tests the impact of malicious or unexpected inputs on its operations.
Security testing provides evidence that systems and information are safe
and reliable, and that they do not accept unauthorized inputs.
 Security testing is a type of non-functional testing. Unlike functional testing,
which focuses on whether the software’s functions are working properly
(“what” the software does), non-functional testing focuses on whether the
application is designed and configured correctly (“how” it does it).
62. What are the techniques used for software development
process?

1. Waterfall.
2. Agile.
3. Lean Development.
4. Scrum.
5. Software Testing.
6. DevOps Methodology.
7. Dynamic systems development.
8. Software Deployment.

63. Write short note on unit testing?

Unit Testing is defined as a type of software testing where individual components

of a software are tested. Unit Testing of the software product is carried out during
the development of an application. An individual component may be either an
individual function or a procedure. Unit Testing is typically performed by the
developer. In SDLC or V Model, Unit testing is the first level of testing done
before integration testing. Unit testing is such a type of testing technique that is
usually performed by developers.

65. Describe the characteristics of web application?

 Scalability.
 Cross Platform.
 Accessibility.
 Data Recovery.
 Portal Web Apps.
 Customization.
 Deployment.
 Security.
 User Interaction.
 Lower Cost.
 Integration.
  Search Engine Optimization.
 Loosely Coupled.

66. What is the need for Security Testing of Software?

The need of security testing is to:
 To identify the threats in the system.
 To measure the potential vulnerabilities of the system.
 To help in detecting every possible security risks in the system.
 To help developers in fixing the security problems through coding.
 The goal of security testing is to identify vulnerabilities and potential threats
in a system or application, and to ensure that the system is protected against
unauthorized access, data breaches, and other security-related issues.

67. What are the elements of Security Testing in Software?

Elements of Security Testing: The six basic elements of security testing:

 Confidentiality
 Integrity
 Authentication
 Authorization
 Availability
 Non-repudiation

68. Describe any 2 reasons for Software failure?

Common Software Failure Causes:
 Lack of user participation.
 Changing requirements.

69. What is defect injection rate and how will it be calculated?

Defect injection rate measures the total number of defects (bugs) that was
detected during an interval of time (days / weeks etc.…)

DDE = (Number of defects injected and detected in a phase/ Total number of

defects injected in that phase) * 100.
70. Write a notes on SPI-SIG?
 SPI-SIG, or Software Process Improvement - Software Improvement
Group, is an organization that focuses on assessing and improving
software development and maintenance processes.
 SPI-SIG baselines involve setting initial benchmarks for identified software
test metrics. This includes capturing current performance levels, process
maturity, and the effectiveness of testing activities.
 SPI-SIG provides a structured approach to defining baselines for software
testing metrics, aiming to enhance the overall quality and efficiency of the
testing process.

72. What are the tools used in web testing?

 Selenium.
 Apache JMeter.
 Katalon Studio
 SoapUI.
 TestComplete.
 Cucumber.
 LoadRunner.
 WebLoad.
 LambdaTest.
 LoadUI.

73. Write any two common reasons for software failure?

The two common reasons for software failure is:
 Unclear Software Requirements.
 Lack of User Involvement.

74. Define software attack?

Software threats are malicious pieces of computer code and applications that can
damage your computer, as well as steal your personal or financial information.
For this reason, these dangerous programs are often called malware (short for
“malicious software”).

75. Write any 2 commonly known attacks?

The 2 commonly known attacks in software testing is:

 Malware Attack.
 SQL Injection Attack.