Académique Documents
Professionnel Documents
Culture Documents
www.istqb.guru
Technical Review Walkthrough Review Inspection Review Informal Review
A Technical Review (also known as A walkthrough is a set of procedures An inspection is a formal type of An informal review is an extremely
a peer review), is considered to be a and techniques designed for a peer review. It requires preparation on popular choice early on in the
formal review type, even though no group, lead by the author to review the part the review team members development lifecycle of both
Managers are expected to attend. It software code. It is considered to be before the inspection meeting takes software and documentation. The
involves a structured encounter, in a fairly informal type of review. The place. A follow-up stage is also a review is commonly performed by
which a peer/s analyse the work walkthrough takes the form a requirement of the inspection. This peer or someone with relevant
with a view to improve the quality of meeting, normally between one and ensures that any re-working is experience, and should be informal
the original work. two hours in length. carried out correctly. and brief.
Software Validation and Verification Validation involves the actual Verification would normally involve
can involve analysis, reviewing, testing. This should take place after meetings and reviews and to The Waterfall model is also known
demonstrating or testing of all verification phase has been evaluate the documents, plans, as the ‘Sequential model’. Each
software developments. This will completed. requirements and specifications. stage follows on from the previous
include the development process This can be achieved by using one. The testing is performed in
and the development product itself. Validation: confirmation by reviews and meetings etc. ‘block’ as the last stage.
Verification and Validation is examination and provision of
normally carried out at the end of objective evidence that the Verification: confirmation by Planning or Test creation is not
the development lifecycle (after all particular requirements for a specific examination and provision of considered until the actual software
objective evidence that specified code has been written. This can
software developing is complete). intended use have been fulfilled.
result in problems being found much
But it can also be performed much requirements have been fulfilled.
later in the project lifecycle than is
earlier on in the development Validation: Are we building the right desirable.
lifecycle by simply using reviews. product? Verification: Are we building the
product right?
V - Model Spiral Model RAD What is an Error?
Different types of users may use the Testing the ability of the system to A program/system may have Stress Testing simply means putting
developed software in different be able to bear loads. An example requirements to meet certain levels the system under stress. The testing
ways. These ways are analysed and would be testing that a system could of performance. For a program, this is not normally carried out over a
business scenarios are then process a specified amount of could be the speed of which it can long period, as this would effectively
created. User profiles are often used transactions within a specified time process a given task. For a be a form of duration testing.
in Business Process Functional period. So you are effectively networking device, it could mean the Imagine a system was designed to
Testing. Remember that all of the loading the system up to a high throughput of network traffic rate. process a maximum of 1000
functionality should be tested for, level, then ensuring it can still Often, Performance Testing is transactions in an hour. A stress test
not just the most commonly used function correctly whilst under this designed to be negative, i.e. prove would be seeing if the systems
areas. heavy load. that the system does not meet its could actually cope with that many
required level of performance. transactions in a given time period.
A useful test in this case would be to
see how the system copes when
asked to process more than 1000.
A major requirement in today’s This is where consideration is taken This type of testing may focus on Volume Testing is a form of
software/systems is security, into account of how the user will use the actual memory used by a Systems Testing. It primary focus is
particularly with the internet the product. It is common for program or system under certain to concentrate on testing the
revolution. Security testing is considerable resources to be spent conditions. Also disk space used by systems while subjected to heavy
focused at finding loopholes in the on defining exactly what the the program/system could also be a volumes of data. Testing should be
programs security checks. A customer requires and simple it is to factor. These factors may actually approached from a negative point of
common approach is to create test use the program to achieve there come from a requirement, and view to show that the
cases based on known problems aims. For example; test cases could should be approached from a program/system cannot operate
from a similar program, and test be created based on the Graphical negative testing point of view. correctly when using the volume of
these against the program under User Interface, to see how easy it data specified in the requirements.
test. would be to use in relation to a
typical customer scenario.
Installability Testing Documentation Testing Recovery Testing System Integration
Testing
A complicated program may also Documentation in today’s Recovery Testing is normally carried This type of Integration Testing is
have a complicated installation environment can take several forms, out by using test cases based on concerned with ensuring the
process. Consideration should be as the documentation could be a specific requirements. A system interactions between systems
made as to whether the program will printed document, an integral help may be designed to fail under a behave as expected. It is commonly
be installed by a customer or an file or even a web page. Depending given scenario, for example if performed after any Systems
installation engineer. Customer of the documentation media type, attacked by a malicious user; the Testing has completed. Typically not
installations commonly use some some example areas to focus on program/system may have been all systems referenced in the testing
kind of automated installation could be, spelling, usability, designed to shut down. Recovery are controlled by the developing
program. This would obviously have technical accuracy etc. testing should focus on how the organization. Some systems maybe
to under go significant testing in system handles the failure and how controlled by other organizations,
itself, as an incorrect installation it handles the recovery process. but interface directly with the system
procedure could render the target under test.
machine/system useless.
Beta Testing is commonly It is imperative that when a fault is When checking a fixed fault, you A Test Plan should be a single
performed at the customer’s site, fixed it is re-tested to ensure the can also consider checking that document that basically contains
and normally carried out by the fault has indeed been correctly other existing functionality has not what is going to be tested, why it is
customers themselves. Potential fixed. been adversely affected by the fix. going to be tested, and how it is
customers are often eager to trial a This is called Regression Testing. going to be tested. It is also
new product or new software important to clarify what is not going
version. This allows the customer to Re-test: Regression Test: to be tested in the software product
see any improvements at first hand “Whenever a fault is detected and “Regression testing attempts to too. With regards to using a
and ascertain whether or not it fixed then the software should be re- verify that modifications have not standard Test Plan layout, then we
satisfies their requirements. On the tested to ensure that the original caused unintended adverse side can look to the advice given by the
flip side, it gives invaluable feedback fault has been successfully effects in the unchanged software IEEE(Institute of Electrical and
to the developer, often at little or no removed.” (regression faults) and that the Electronic Engineers) located in the
cost. modified system still meets its International Standard IEEE Std
requirements.” 929-1998.
A standard test process that is This should apply to both new Based on the test policy, the test Exactly how the test strategy for a
commonly used exists within the projects and maintenance work. strategy is designed to give an particular project will be
BS7925-2 Standard for Software overview of the test requirements for
Normally fairly short in length, the implemented is displayed in the
Component Testing:
test policy should be a high-level a programme or even organization. project plan. The project test plan
document, and should contain the will normally be referenced from the
Test Planning following items: Information relating to risks should overall project plan. In relation to the
Test Specification be documented here, specifically test strategy, the project plan should
Test Execution the risks that will be addressed by
Definition of testing detail items from the test strategy
Test Checking & Recording
The testing process the testing, and the specific tests that it is complying with, and also
Checking for Test
Completion Evaluation of testing that will be used against each risk. items it is not complying with.
Quality levels
Improvement approach
Phase Test Plan What is a Failure? Quality & Testing Test Planning & Control
This type of Black-box testing is This testing method involves using This test method uses a model of
Branch Condition Testing uses a
based on the concept of ‘states’ and a model of the source code which the source code which identifies
identifies statements. These individual decisions, and their model of the source code, and
‘finite-states’, and is based on the
statements are the categorized as outcomes. A ‘decision’ is defined as identifies decisions based on
tester being able to view the
software’s states, transition between being either ‘executable’ or ‘non- being an executable statement individual Boolean operands within
states, and what will trigger a state executable’. In order to use this containing its own logic. each decision condition. A ‘decision’
change. Test cases can then be method, the input to each
is defined as being an executable
designed to execute the state component must be identified. Also, This logic may also have the
each test case must be able to capability to transfer control to statement containing its own logic.
changes.
identify each individual statement. another statement. Each test case is
Lastly, the expected outcome of designed to exercise the decision An example of a decision would be
each test case must be clearly outcomes. In order to use this a ‘loop’ in a program.
defined method, the input to each
component must be identified.
A program/system may have Stress Testing simply means Dynamic analysis is a testing Static Analysis is a set of methods
requirements to meet certain levels putting the system under stress. The method that can provide information designed to analyse software code
of performance. For a program, this testing is not normally carried out on the state of software. It can in an effort to establish it is correct,
could be the speed of which it can over a long period, as this would achieve this dynamically i.e. it prior to actually running the
process a given task. For a effectively be a form of duration provides information when the software. As we already know, the
networking device, it could mean the testing. Imagine a system was software is actually running. It is earlier we find a fault the cheaper it
throughput of network traffic rate. designed to process a maximum of commonly used to exercise parts of is to fix. So by using Static Analysis,
Often, Performance Testing is 1000 transactions in an hour. A the program that use memory we can effectively test the program
designed to be negative, i.e. prove stress test would be seeing if the resources e.g.: even before it has been written. This
that the system does not meet its systems could actually cope with would obviously only find a limited
required level of performance. that many transactions in a given Memory allocation number of problems, but at least it is
time period. A useful test in this Memory usage something that can be done very
case would be to see how the Memory de-allocation early on in the development
system copes when asked to Memory leaks lifecycle.
process more than 1000. Unassigned pointers
Control flow graphs display the logic Cyclomatic Complexity is a software The most basic form of a complexity The idea behind Data-flow Analysis
structure of software. The flow of metric that is used to measure the metric is the ‘Lines of Code’ metric, is to work-out the dependencies
logic through the program is complexity of a software program. or ‘LOC’ metric. Its purpose like between items of data that are used
charted. It is normally used only by Once we know now how complex other complexity metrics is to by a program. When a program is
Developers as it is a very low level the program is, we then know how estimate the amount of effort that ran, it rarely runs in a sequential
form testing, often used in easy it will be to test. will be required not only to develop order i.e. starting at line 1 and
Component Testing. such a program, but also assist in finishing at line 100. What usually
C=E–N+P estimating how much effort will be happens is that the dependencies of
It can be used to determine the required to test it. the data within the program will
number of test cases required to C = Cyclomatic Complexity determine the order. Data-flow
test the programs logic. It can also E = number of edges Analysis can be used to find
In its simplest form we could use the ‘definitions’ that have no intervening
provide confidence that the detail of N = number of nodes LOC metric by literally counting the
the logic in the code has been P = number of components ‘use’. Data-flow analysis is also
number of lines of code in the used to detect variables that are
checked. program. ‘used’ after it has effectively been
‘killed’.
Error Guessing Exploratory Testing Ad-hoc Testing Random Testing
Why can one Tester find more This type of testing is normally This type of testing is considered to A Tester normally selects test input
errors than another Tester in the governed by time. It consists of be the most informal, and by many it data from what is termed an ‘input
same piece of software? More often using tests based on a test chapter is considered to be the least domain’. Random Testing is simply
than not this is down to a technique that contains test objectives. It is effective. Ad-hoc testing is simply when the Tester selects data from
called ‘Error Guessing’. To be most effective when there are little making up the tests as you go the input domain ‘randomly’. As you
successful at Error Guessing, a or no specifications available. It along. Often, it is used when there is can tell, there is little structure
certain level of knowledge and should only really be used to assist only a very small amount of time to involved in ‘Random Testing’. In
experience is required. A Tester can with, or compliment a more formal test something. A common mistake order to avoid dealing with the
then make an educated guess at approach. It can basically ensure to make with Ad-hoc testing is not above questions, a more structured
where potential problems may arise. that major functionality is working as documenting the tests performed Black-box Test Design could be
This could be based on the Testers expected without fully testing it. and the test results. Even if this implemented instead. However,
experience with a previous iteration information is included, more often using a random approach could
of the software, or just a level of than not additional information is not save valuable time and resources if
knowledge in that area of logged such as, software versions, used in the right circumstances.
technology. dates, test environment details etc.
Organisations will commonly have An example of a typical review We term an incident; any significant, This standard aims to provide a
different named roles than those process is below. This is probably unplanned event that occurs during standard approach to classification
listed below, but this will give you an the most documented review testing that requires subsequent of anomalies found in software. It
idea of a commonly used set of process you will find in the software investigation and/or correction. The includes descriptions of the
roles used throughout the world. development world, and is open to incident should be raised when the processes involved in a software life
interpretation: actual result differs from the cycle, including details on how
Manager expected result. After the inevitable anomalies should be recorded and
Moderator Planning investigation of the incident, there subsequently processed. It consists
Author Kick-off may be a reason other than a of four sequential steps;
Reviewer Preparation software fault, for example: Recognition, Investigation, Action,
Scribe Meeting Disposition. Each of those steps has
Rework Test environment incorrectly three administrative activities which
Follow-up set up are; Recording, Classifying,
Exit Criteria Incorrect Test Data used Identifying Impact.
Incorrect Test Specification
Test Implementation and Evaluating Exit Criteria Test Closure Activities Developer Attributes
Execution and Reporting
This stage is where the actual This stage is designed to ensure This stage is concerned with
collecting test results and test A Developer’s attributes:
testing is performed. It can mean that any specified Exit Criteria has
running the test cases manually or been met by the performed testing related documentation in order to
Highly valued within the company
by use of an automated testing tool. activities. The Exit Criteria should achieve a milestone prior to a Industry standard qualifications
Before this can happen though, the have been previously specified in release of the product. Any defects Seen as being creative
Test Case designs need to be made the Test Planning stage. The stored found during the testing should have Poor communicators
been fixed and verified fixed at this Skills in a very specific area
into actual Test Cases. Test Results can be checked in this
stage against the Exit Criteria. If the stage. As with most development
Exit Criteria has not been met, then projects there are always problems
more tests may be required, or even encountered, here is a good stage
changes to the Exit Criteria may be to evaluate those and attempt to
recommended. This is a good stage learn any lessons for future
to create a Test Summary. developments.
Tester Attributes Reviews - Manager Reviews - Moderator Reviews - Author
The Manager will be the person who The Moderator effectively has The Author is the person who has
Rarely valued within a company makes the decision to hold the overall control and responsibility of created the item to be reviewed.
No industry standard qualifications review. Managing people’s time with the review. They will schedule the The Author may also be asked
Seen as being destructive respect to the review is also a review, control the review, and questions in the review.
Very good communicators Managers responsibility. ensure any actions from the review
Multi-talented are carried out successfully.
Training may be required in order to
carry out the role of Moderator
successfully.
This type of tool can generate test Data can be selected from existing These are an extremely popular
If the software under test does not
cases from specifications, which are test specific databases by using this type of tool. They provide capture
type of tool. Advanced types of this and replay facilities for WIMP have a user interface, then test
normally stored in a CASE tool
repository. Some variations of this tool can utilise a range of database interface based applications. The harnesses and drivers can be used
type of tool can also generate test and file formats. tools can simulate mouse to execute the software. These
cases from analysing the code itself. movement, mouse clicks and types of tools can be bought off the
keyboard inputs. The tools can even
shelf, but more commonly they are
recognize windows and buttons,
thus making them extremely built for a specific purpose.
versatile. The test procedures are
normally written in a specific
scripting language. This tool is
another popular choice for
regression testing.
This type of tool stores and This type of tool comprises of two Run-time information on the state of
manages any incident reports. This type of tool provides features
components; Load Generation and the executing software is achieved such as storing review comments,
Prioritisation of incident reports can by using Dynamic Analysis Tools.
Test Transaction Measurement., review processes, traceability
be achieved by this tool. Automatic
Load Generation is commonly These tools are ideally suited for between documents and source
assigning of actions, and status
reporting is also a common feature performed by running the monitoring the use and allocation of code.
of this type of tool. application using its interface or by memory. Faults such as memory
using drivers. The number of leaks, unassigned pointers can be
transactions performed this way are found, which would otherwise be
then logged. Performance test tools difficult to find manually.
will commonly be able to display
reports and graphs of load against
response time.
Test Comparators Test Management Coverage Measurement Modelling Tools
Tools Tools
This type of tool is used to highlight Test Management Tools commonly This type of tool provides objective Several different types of modelling
differences between actual results have multiple features. Test measures of structural test coverage tools exist today, they can range
and expected results. Off the shelf Management is mainly concerned when the actual tests are executed. from finding defects in state models,
Comparison Tools can normally object models and data models.
with the management, creation and Before the programs are compiled,
deal with a range of file and Valuable defects can be found using
control of test documentation. More they are first instrumented. Once modelling tools, with the added
database formats. This type of tool
often has filter capabilities to allow advanced tools have additional this has been completed they can benefit of finding them early in the
‘ignoring’ of rows or columns of data capabilities such as test then be tested. The instrumentation development lifecycle.
or even areas on a screen management features, for example; process allows the coverage data to
result logging and test scheduling. be logged whilst the program is
running. Once testing is complete,
the logs can provide statistics on the
details of the tests covered.
These tools are typically used for These tools are commonly used for This type of tool is designed to A suggested tool selection and
testing e-commerce and e-business testing e-commerce and e-business assist with verification and validation evaluation process is:
applications. The main purpose of applications, and sometimes web of requirements, for example;
this tool is to check web sites to sites. A security testing tool will consistency checking. They are also Determine the actual problem or
ensure that they are available to check for any parts of a web based designed to store requirements requirement
customers and also to produce system that could cause potential statements, which assists with Ensure that there are no
warnings if problems are detected. security risks if attacked. traceability. obvious alternative solutions
Prepare a business case
Identify any constraints
Identify any specific required
tool features or characteristics
Prepare a short-list of possible
suitable tools
Perform a detailed evaluation
Perform a competitive trial, if
needed
Pilot Projects Review - Planning Review – Kick-off Review - Preparation
The review normally lasts between 1 The Moderator and Scribe The Moderator ensures that all Exit Criteria can take the form of
– 2 hours. All items on the document the findings in a Review additional work by the author is ensuring that all actions are
agenda/checklist are worked Summary and report it to the checked for completeness and completed, or that any uncorrected
through. Findings are noted by the Manager. The Review Summary will correctness. An additional review items are properly documented,
recorder. Comments are aimed at contain defects found and actions of may be required; dependant on the possibly in a defect tracking system.
the review item not the author. follow-up work to be carried out. amount/complexity of re-work
undertaken.
The Test Leader The Tester The Client The Project Manager
The Developer The Business Analyst The Systems Analyst The Technical Designer
A Developer will provide the skills to The Business Analyst will provide Systems design will be provided by Technical detail and support to the
write the actual software code and knowledge of the business and the Systems Analyst. The Systems system design is the responsibility
perform Unit Testing. They may also analysis skills. The Business Analyst will also be responsible for of the Technical Designer. This role
be called upon at a later stage to Analyst will also be responsible for developing the Functional may include database
provide bug fixes and technical creating User Requirements based Specification from the User administration.
advice. on talks with the Users. Requirements.
ISTQB Self Learning Materials
www.istqb.guru