Unit 3 - Testing
Unit 3 - Testing
3
How Developers Test Their Own Code?
Black Box testers don’t care about Unit Testing. Their main goal is
to validate the application against the requirements without going
into the implementation details.
But as a curious or out of the box thinking, have you ever wondered
how developers test their code? What method do they use to test
before releasing the code for testing? How is dev-testing important
in an agile process?
The answer to all this is Unit Testing. the importance of Unit
Testing so that development and testing teams can work more
collaboratively to design, test and release an excellent
application.
application:
o Data flow Testing
o Control Flow Testing
o Branch Coverage Testing
o Statement Coverage Testing
o Decision Coverage Testing
Advantages
o Unit testing uses module approach due to that any part can
be tested without waiting for completion of another parts
testing.
o The developing team focuses on the provided functionality
of the unit and how functionality should look in unit test suits
to understand the unit API.
o Unit testing allows the developer to refactor code after a
number of days and ensure the module still working without
any defect.
o Early Detection of Issues: Unit testing allows developers to
detect and fix issues early in the development process
before they become larger and more difficult to fix
Disadvantages
o It cannot identify integration or broad level error as it works on units of
the code.
o In the unit testing, evaluation of all execution paths is not
possible, so unit testing is not able to catch each and every
error in a program.
o It is best suitable for conjunction with other testing activities.
WHY INTEGRATION
TEST WORKS?
1. In the real world, when applications are developed, it is
broken down into smaller modules and individual developers
are assigned 1 module. The logic implemented by one
developer is quite different than another developer, so it
becomes important to check whether the logic implemented
by a developer is as per the expectations and rendering the
correct value in accordance with the prescribed standards.
2. Many a time the face or the structure of data changes when
it travels from one module to another. Some values are
appended or removed, which causes issues in the later
modules.
3. Modules also interact with some third party tools or APIs
which also need to be tested that the data accepted by
that API / tool is correct and that the response generated
is also as expected.
4. A very common problem in testing – Frequent
requirement change! :) Many a time developer deploys
the changes without unit testing it. Integration testing
becomes important at that time.
Advantages
There are several advantages of this testing and few of them are
listed below.
● This testing makes sure that the integrated modules/components work
properly.
● Integration testing can be started once the modules to be
tested are available. It does not require the other module to
be completed for testing to be done, as Stubs and Drivers
can be used for the same.
● It detects the errors related to the interface.
Challenges
Listed below are few challenges that are involved in Integration
Test.
#1) Integration testing means testing two or more integrated
systems in order to ensure that the system works properly. Not
only the integration links should be tested but an exhaustive
testing considering the environment should be done to ensure
that the integrated system works properly. There might be
different paths and permutations which can be applied to test
the integrated system.
#2) Managing Integration testing becomes complex because
of few factors involved in it like the database, Platform,
environment etc.
#3) While integrating any new system with the legacy system, it
requires a lot of changes and testing efforts. Same applies while
integrating any two legacy systems.
#4) Integrating two different systems developed by two different
companies is a big challenge as for how one of the systems will
impact the other system if any changes are done in any one of
the systems is not sure.
Types of Integration Testing
Given below is a type of Test Integration along with its advantages
and disadvantages.
Big Bang Approach:
o Big bang approach integrates all the modules in one go i.e. it
does not go for integrating the modules one by one.
o It verifies if the system works as expected or not once
integrated.
o If any issue is detected in the completely integrated module,
then it becomes difficult to find out which module has caused
the issue.
1. Bottom-up approach
2. Top-down approach.
Let’s consider the below figure to test the approaches:
Bottom-up approach:
Bottom-up testing, as the name suggests starts from the lowest
or the innermost unit of the application, and gradually moves up.
The Integration testing starts from the lowest module and
gradually progresses towards the upper modules of the
application.
This integration continues till all the modules are integrated and
the entire application is tested as a single unit.
Example:
In this case, modules B1C1, B1C2 & B2C1, B2C2 are the lowest
module which is unit tested. Module B1 & B2 are not yet
developed.
The functionality of Module B1 and B2 is that it calls the modules
B1C1, B1C2 & B2C1, B2C2. Since B1 and B2 are not yet
developed, we would need some program or a “stimulator” which
will call the B1C1, B1C2 & B2C1, B2C2 modules. These stimulator
programs are called DRIVERS.
Top-down approach
This technique starts from the topmost module and gradually
progress towards the lower modules. Only the top module is unit
tested in isolation. After this, the lower modules are integrated
one by one. The process is repeated until all the modules are
integrated and tested.
Both Stubs and drivers are dummy piece of code which is used
for testing the “non- existing” modules. They trigger the
functions/method and return the response, which is compared to
the expected behavior.
Simple Complex
Begins from the module specification Begins from the interface specification
Unit testing has a narrow scope as it just checks if each small It has a wider scope as it covers the
piece of code is doing what it is intended to do. whole application
The outcome of unit testing is detailed visibility of the code The outcome of
integration testing is
the detailed visibility of
the integration
structure
Uncover the issues within the Uncover the bugs arise when
functionality of individual modules different modules interact with each
only. Does not exposes integration other to form the overall system
errors or system-wide issues.
STUBS
DRIVER
Example:
Let us understand these three types of testing with an oversimplified
example.
E.g. For a functional mobile phone, the main parts required are “battery”
and “sim card”.
Unit testing Example – The battery is checked for its life,
capacity and other parameters. Sim card is checked for its
activation.
Integration Testing Example – Battery and sim card are
integrated i.e. assembled in order to start the mobile phone.
Functional Testing Example – The functionality of a mobile
phone is checked in terms of its features and battery usage as
well as sim card facilities.
Regression Testing
Retest All
Cookie Testing:
Cookies are small files stored on the user machine. These are
basically used to maintain the session – mainly the login sessions.
Test the application by enabling or disabling the cookies in your
browser options.
Test if the cookies are encrypted before writing to the user
machine. If you are testing session cookies (i.e. cookies that
expire after the session ends) check for login sessions and user
stats after the session ends.
Check the effect on application security by deleting the cookies. (I
will soon write a separate article on cookie testing as well)
Validate your HTML/CSS:
If you are optimizing your site for Search engines then HTML/CSS
validation is the most important one. Mainly validate the site for
HTML syntax errors. Check if the site is crawlable to different
search engines. Database Testing:
Data consistency is also very important in a web application.
Check for data integrity and errors while you edit, delete, modify
the forms or do any DB related functionality.
Check if all the database queries are executed correctly, data is
retrieved and also updated correctly. More on database testing
could be a load on DB, we will address this in web load or
performance testing below. In testing the functionality of the
websites the following should be tested:
Links
i. Internal Links
ii. External Links
iii. Mail Links
iv. Broken Links
Forms
i. Field validation
ii. Error message for wrong input
iii. Optional and Mandatory fields
Database
Testing will be done on database integrity.
#2) Usability Testing
Usability testing is the process by which the human-computer
interaction characteristics of a system are measured, and
weaknesses are identified for correction.
• Ease of learning
• Navigation
• Subjective user satisfaction
• General appearance
Test for Navigation:
Navigation means how a user surfs the web pages, different
controls like buttons, boxes or how the user uses the links on the
pages to surf different pages.
Usability Testing includes the following:
● The website should be easy to use.
● The instructions provided should be very clear.
● Check if the instructions provided are perfect to satisfy its purpose.
● The main menu should be provided on each page.
● It should be consistent enough.
Content Checking:
Content should be logical and easy to understand. Check for
spelling errors. The usage of dark colors annoys the users and
should not be used in the site theme.
You can follow some standard colors that are used for web pages
and content building. These are the commonly accepted
standards like what I mentioned above about annoying colors,
fonts, frames, etc. Content should be meaningful. All the anchor
text links should be working properly. Images should be placed
properly with proper sizes.
These are some of the basic important standards that should be
followed in web development. Your task is to validate everything
for UI testing.
Other user information for user help:
Like the search option, the sitemap also helps with files, etc. The
sitemap should be available with all the links on websites with a
proper tree view of navigation. Check for all links on the sitemap.
“Search in the site” option will help users to find content pages
that they are looking for easily and quickly. These are all
optional items and if present they should be validated.
#3) Interface Testing
In web testing, the server-side interface should be tested. This
can be done by verifying that the communication is done
properly. Compatibility of the server with software, hardware,
network, and the database should be tested.
The main interfaces are:
● Web server and application server interface
● Application server and Database server interface.
Check if all the interactions between these servers are executed
and errors are handled properly. If the database or web server
returns an error message for any query by the application server
then the application server should catch and display these error
messages appropriately to the users.
Check what happens if the user interrupts any transaction in-
between? Check what happens if the connection to the webserver
is reset in between?
#4) Compatibility Testing
The compatibility of your website is a very important testing aspect.
See which compatibility test to be executed:
● Browser compatibility
● Operating system compatibility
● Mobile browsing
● Printing options
Browser Compatibility:
Some applications are very dependent on browsers. Different
browsers have different configurations and settings that your
web page should be compatible with.
Your website coding should be a cross-browser platform
compatible. If you are using java scripts or AJAX calls for UI
functionality, performing security checks or validations then
give more stress on browser compatibility testing of your web
application.
Test web applications on different browsers like Internet Explorer,
Firefox, Netscape Navigator, AOL, Safari, Opera browsers with
different versions.
OS Compatibility:
Some functionality in your web application is that it may not be
compatible with all operating systems. All new technologies used
in web development like graphic designs and interface calls like
different API’s may not be available in all Operating Systems.
Hence test your web application on different operating systems
like Windows, Unix, MAC, Linux, Solaris with different OS flavors.
Mobile Browsing:
We are in the new technology era. So in the future Mobile
browsing will rock. Test your web pages on mobile browsers.
Compatibility issues may be there on mobile devices as well.
Printing Options:
If you are giving page-printing options then make sure fonts,
page alignment, page graphics, etc., are getting printed properly.
Pages should fit the paper size or as per the size mentioned in
the printing option.
Connection Speed
Tested on various networks like Dial-Up, ISDN, etc.
Load
i. What is the no. of users per time?
ii. Check for peak loads and how the system behaves
iii. A large amount of data accessed by the user
Stress
i. Continuous Load
ii. Performance of memory, CPU, file handling, etc..
#6) Security Testing
The following are some of the test cases for web security testing:
● Test by pasting the internal URL directly into the browser
address bar without login. Internal pages should not
open.
● If you are logged in using username and password and
browsing internal pages, then try changing URL options
directly. I.e. If you are checking some publisher site statistics
with publisher site ID= 123. Try directly changing the URL
site ID parameter to a different site ID which is not related to
the logged-in user. Access should be denied for this user to
view other people’s stats.
● Try some invalid inputs in input fields like login
username, password, input text boxes, etc. Check the
system’s reaction to all invalid inputs.
● Web directories and files should not be accessible directly
unless they are given the download option.
● Test the CAPTCHA to automate script logins.
● Test if SSL is used for security measures. If used, the proper
message should get displayed when users switch from non-
secure HTTP:// pages to secure HTTPS:// pages and vice
versa.
● All transactions, error messages, and security breach
attempts should be logged in log files somewhere on
the webserver.
The primary reason for testing the security of a web is to
identify potential vulnerabilities and subsequently repair them.
● Network Scanning
● Vulnerability Scanning
● Password Cracking
● Log Review
● Integrity Checkers
● Virus Detection
Web-based ERP systems used today are the best evidence that IT
has revolutionized our beloved global village. These days,
websites are not only meant for publicity or marketing but they
have evolved into stronger tools to cater to complete business
needs.
Web-based Payroll systems, Shopping Malls, Banking, and Stock
Trade applications are not only being used by organizations but
are also being sold as products today.
Also, keep in mind that Brute Force Attack is not only related to
web applications, but the desktop software is also vulnerable to
this.
How to Test: In order to test this, thorough testing of all roles and rights
should be performed.
The tester should create several user accounts with different as
well as multiple roles. He should then be able to use the
application with the help of these accounts and should verify
that every role has access to its own modules, screens, forms,
and menus only. If the tester finds any conflict, then he should
log a security issue with complete confidence.
This can also be understood as authentication and
The tester should also check for proper use of salting (appending
an extra secret value to the end input like password and thus
making it stronger and more difficult to be cracked).Insecure
randomness should also be tested as it is a kind of vulnerability.
Another way to test data protection is to check for weak
algorithm usage.
Testing for brute force can also be divided into two parts –
black box testing and grey-box testing.In Black box testing, the
authentication method employed by the application is
discovered and tested. Furthermore, the grey box testing is
based on partial knowledge of password & account details and
memory trade-off attacks.
How to test SQL Injection and XSS: Tester must ensure that
maximum lengths of all input fields are defined and implemented.
(S)He should also ensure that the defined length of input fields
does not accommodate any script input as well as tag input. Both
of these can be easily tested.
For Example, If 20 is the maximum length specified for the ‘Name’ field,
and input string “<p>thequickbrownfoxjumpsoverthelazydog” can verify
both these constraints.
It should also be verified by the tester that the application does
not support anonymous access methods. If any of these
vulnerabilities exist, then the application is in danger.
The attackers then elevate their access rights to gain control over
more sensitive systems or data. Common reasons for successful
privilege escalation include insufficient security controls, non-
adherence to the principle of least privilege, and exploitable software
vulnerabilities. This can lead to either external threat actors or
insiders gaining undue access.
9) Specific Risky Functionalities
Mainly, the two risky functionalities are payments and file
uploads. These functionalities should be tested very well. For file
uploads, you need to primarily test if any unwanted or malicious
file upload is restricted.
For payments, you need to primarily test for injection
vulnerabilities, insecure cryptographic storage, buffer overflows,
password guessing, etc.
Stubs Driver