bianca-email

Different types of software testing can be executed into your product

Unit Testing: 

Unit Testing is done to check whether the individual modules of the source code are working properly. i.e. testing each and every unit of the application separately by the developer in the developer’s environment. 

User interface testing

User interface testing is a process used to test if the application is functioning correctly. UI testing can be performed manually by a human tester, or it can be performed automatically with the use of a software program.

Integration Testing: 

Integration Testing is the process of testing the connectivity or data transfer between a couple of unit-tested modules.

System Testing (End to End Testing):

It’s black box testing. Testing the fully integrated application is also called as an end to end scenario testing. To ensure that the software works in all intended target systems. Verify thorough testing of every input in the application to check for desired outputs. Testing of the user’s experiences with the application.

Acceptance Testing: 

To obtain customer sign-off so that software can be delivered and payments received. Types of Acceptance Testing are Alpha, Beta & Gamma Testing.

Performance Testing

Performance testing is one of the most neglected testings in companies due to its time and cost as well. Moreover, in many requirements document the quality performance requirements are not well defined to ensure system scalability. It examines responsiveness, stability, scalability, reliability, speed, and resource usage of the software and its infrastructure

Performance testing can be done by applying:

  • Load testing: checks how systems function under a heavy number of concurrent virtual users performing transactions over a certain period of time.
  • Stress testing: Stress limits of the system (maximum # of users, peak demands, concurrency)
  • Timing testing: Evaluate the time to perform a function and the response times to return the results.
  • Environmental testing: It is about the tolerances for heat, humidity, motion, portability
  • Recovery testing: It tests the operation of the system in case of data loss or hardware crash.

Regression Testing

At most software projects, there are changes in requirements, and new features are added as well. It is important to perform the new features’ test cases, but It is more important to ensure that it does not affect other tested features and functions.

Regression testing is performed to determine if the software still meets all of its requirements in light of changes and modifications to the software. Regression testing involves selectively repeating existing validation tests, not developing new tests. The most common approach to regression testing is to simply repeat the system tests. Therefore, the best to do that by using automated testing tools and techniques

Usability Testing

it is a technique used in user-centered interaction design to evaluate a product by testing it on users. This is in context, the usability inspection methods where experts use different methods to evaluate a user interface without involving users and ensure that it is usable in terms of design colors, fields and information places, A/B test, how it takes to understand the system and use it.

Security Testing

Security became a very hot topic recently especially after cloud adoption, The goal of security testing is to identify the threats to the system and measure its potential vulnerabilities. It also helps in detecting all possible security risks in the system and helps to fix these problems earlier before going to production. I wrote a lot of articles on security testing.

Software testing is defined as an activity to check whether the actual results match the expected results and to ensure that the software system is Defect free.

What is the software testing

Software testing is a process, to evaluate the functionality of a software application with an intent to find whether the developed software met the specified requirements or not and to identify the defects to ensure that the product is defect-free in order to produce a quality product.

Software Testing is not important only for the software company, it is also important for the customer. Many of the customers nowadays are concerned about how the software companies are ensuring their software quality, what is the process to do that and so on.

why Software Testing is important:

  • The testing is verifying that the required functionality is working correctly and validating that every function meets the requirements and we delivered it to the customer as per the specifications. (Doing it right and deliver the right Things)
  • It is important to make sure that the system does not do anything that it is not supposed to do.
  • Effective testing will dramatically decrease the cost of the software.
  • Continuous learning for the team, the team will learn from defects, when the team discovers a defect in function or requirements even, they learn how to avoid that in the future. This will increase team maturity as well.
  • It can decrease the system failures, there are known disasters that have been reported due to insufficient testing.
  • Quality products and software will ensure a sustainable company reputation or it can turn it into an untrustworthy company.

Here are the benefits of using software testing:

  • Cost-Effective: It is one of the important advantages of software testing. Testing any IT project on time helps you to save your money for the long term. In case if the bugs caught in the earlier stage of software testing, it costs less to fix.
  • Security: It is the most vulnerable and sensitive benefit of software testing. People are looking for trusted products. It helps in removing risks and problems earlier.
  • Product quality: It is an essential requirement of any software product. Testing ensures a quality product is delivered to customers.
  • Customer Satisfaction: The main aim of any product is to give satisfaction to its customers. UI/UX Testing ensures the best user experience.

Any software should have its testing cycle mapped to the main development lifecycle activities. every testing cycle has some common activities, which are:

  • Requirements testing: mainly how to ensure that each requirement is testable.
  • Test planning: It is about how to plan the testing activities, estimate the effort, the required team, ..etc.
  • Writing Test Cases: In this activity, the testers start to write the testing scenarios and scripts, these scenarios should include unit, integration, system testing, ..etc.
  • Test execution: It is mainly about preparing the testing environment and starting testing execution
  • Testing feedback: after the execution, the testing results and defects report should be reported to the development team to start fixing them.
  • Defect Retesting: when the developer report that the defect has been fixed, it should be tested again by the testing team.
  • User Acceptance Test: this should be the validation activity with the end-users who will use the system to ensure that they are working correctly from the business perspective. This can be iterative as well after the customer reports some defects as well.
  • Testing Closure: It is important to know when we should stop testing, explore the testing findings, and learn from the cycle for the new testing cycles.

There are three types of software testing approaches.

White Box Testing:

It is also called Glass Box, Clear Box, Structural Testing. White Box Testing is based on the application’s internal code structure. In white-box testing, an internal perspective of the system, as well as programming skills, are used to design test cases. This testing is usually done at the unit level.

Black Box Testing:

It is also called Behavioral/Specification-Based/Input-Output Testing. Black Box Testing is a software testing method in which testers evaluate the functionality of the software under test without looking at the internal code structure.

Grey Box Testing:

The grey box is the combination of both White Box and Black Box Testing. The tester who works on this type of testing needs to have access to design documents. This helps to create better test cases in this process.

The following types of testing can be executed from Blackbox and Whitebox approaches:

  • Unit Testing: 
  • User interface testing
  • Integration Testing: 
  • System Testing (End to End Testing):
  • Acceptance Testing: 
  • Performance Testing
  • Regression Testing
  • Usability Testing
  • Security Testing

In the current digital age and the competitive software industry, it became essential to deliver not only the intended functionalities of the system but to ensure its scalability, agility, and modifiability. In order to reach this competitiveness in the market and to have qualified products, you need an efficient quality process of the software.

Security Within Your Development, Staging, and Production Environments

A typical development workflow has three environments: development, staging, and production. Some developers don’t view staging as an environment, but we included it here to give you a full scope of the process.

Development Environment

A development environment is on your computer. It’s the environment where you’ll conduct all your code development without touching the actual data. In development, you can test upgrades, new features, and improvements without impacting the customer’s view. You may find bugs along the way, but that’s what this environment is meant to discover.

Typical use-cases for a development environment include:

  • Building new features, extending existing features, and code refactoring.
  • Running integration tests. 
  • Debugging.

There are few restrictions on what developers can do in their development environment, and they are free to experiment with code until they are happy with it, at which point they will push it to the staging environment.

Staging Environment

The staging environment is a production-like environment to see how your code will perform. This is the final testing ground before the code is pushed into production. Staging environments are often used for:

  • Quality assurance and performance testing.
  • Vulnerability testing and risk analysis.  
  • Integration testing, to ensure that the code integrates well with services and databases the app depends on. 

Staging environments also give other developers, project managers, and clients an opportunity to examine software before it goes live. 

Because extensive testing takes place in the staging environment, it’s important that it is as similar to production as possible, including both the software and hardware. While it’s fine to host a development environment on a laptop, the staging environment should be on a server with the same hardware it will run on in production. 

Production Environment

In a production environment, systems go live and your developed code is released to end-users. You deploy completed code that has endured proper vulnerability testing and risk analysis. All of the testings are complete and there’s the expectation that you’ll find only minor bugs if any. Once it’s released, you’re relying on it as a profit source, so you want to make sure it’s secure

In theory, major bugs and software vulnerabilities should have been discovered before the code goes to production, but that’s rarely the case for complex software systems. It is likely that at least some bugs made it through testing, so organizations must design and implement network and data security systems that assume the existence of vulnerabilities. 

Importance of Security Throughout Dev, Staging, and Production

With multiple environments comes the difficulty of securely managing them. The best practice is to separate your development, staging, and production environments. This allows each to evolve at its own pace – maybe the development environment is testing out features that won’t be available in production for at least a year – and reduces the risk of cross-contamination. Any bugs discovered in staging, for example, will be contained within that environment and not spread any further. Most importantly, keeping your development, staging, and production environment separate will help protect data.

Security Concerns in DevOps

For organizations that use the DevOps approach, security is an even greater concern. It’s face-based, there’s more overlap, there’s automation – there are many reasons to implement and verify security processes in DevOps.

To preserve high-level compliance practices within your development, staging, and production environments, you can implement configuration management techniques, monitoring, and logging processes, and even integrate infrastructure as code or policy as code. You can set yourself up for success by performing regular code review during the development process, making changes proactively to all environments, confirming that you have limited access to the proper channels, or even engage in continuous penetration testing to ensure no vulnerability is overlooked. These practices will ensure you’re doing your due diligence to securely manage your various environments.

duan tran-email

What is Secure Software Development Life Cycle

Security is an important part of any application that encompasses critical functionality.
Security applies at every phase of the software development life cycle (SDLC) and needs to be at the forefront of your developers’ minds as they implement your software’s requirements.
It requires a mindset that is focused on secure delivery, raising issues in the requirements and development phases as they are discovered.


Let’s review 5 phases of the Secure Software Development Life Cycle
Phase 1: Requirements
In this early phase, requirements for new features are collected from various stakeholders. It’s important to identify any security considerations for functional requirements being gathered for the new release.


Phase 2: Design
This phase translates in-scope requirements into a plan of what this should look like in the actual application. Here, functional requirements typically describe what should happen, while security requirements usually focus on what shouldn’t.


Phase 3: Development
When it’s time to actually implement the design and make it a reality, concerns usually shift to making sure the code well-written from the security perspective. There are usually established secure coding guidelines as well as code reviews that double-check that these guidelines have been followed correctly. These code reviews can be either manual or automated using technologies such as static application security testing (SAST).
That said, modern application developers can’t be concerned only with the code they write, because the vast majority of modern applications aren’t written from scratch. Instead, developers rely on existing functionality, usually provided by free open source components to deliver new features and therefore value to the organization as quickly as possible.

Phase 4: Verification
The Verification phase is where applications go through a thorough testing cycle to ensure they meet the original design & requirements. This is also a great place to introduce automated security testing using a variety of technologies. The application is not deployed unless these tests pass. This phase often includes automated tools like CI/CD pipelines to control verification and release.


Phase 5: Maintenance and Evolution
The story doesn’t end once the application is released. In fact, vulnerabilities that slipped through the cracks may be found in the application long after it’s been released. These vulnerabilities may be in the code developers wrote, but are increasingly found in the underlying open-source components that comprise an application.


What are the benefits of Secure Software Development?
– Higher security
. continuous monitoring for vulnerabilities results in better application quality and mitigation of business risks.
Cost reduction. early attention to flaws significantly reduces the effort required to detect and fix them.
Regulatory compliance. encourages a conscientious attitude toward security-related laws and regulations. Ignoring – – them may result in fines and penalties, even if no sensitive data is lost.
– Development teams get continuous training in secure coding practices.
– Security approaches become more consistent across teams.
– Customers trust you more because they see that special attention is paid to their security.
– Internal security improves when SDL is applied to in-house software tools.

duan tran-email

What is Application Security Testing

Application security testing is the process of making applications more resistant to security threats, by identifying security weaknesses and vulnerabilities in source code.
AST started as a manual process. Today, due to the growing modularity of enterprise software, the huge number of open source components, and a large number of known vulnerabilities and threat vectors, Application security testing must be automated.


Static Application Security Testing (SAST)
Static Application Security Testing tools use a white box testing approach, in which testers inspect the inner workings of an application. Static Application Security Testing inspects static source code and reports on security weaknesses.
Static testing tools can be applied to non-compiled code to find issues like syntax errors, math errors, input validation issues, invalid or insecure references. They can also run on compiled code using binary and byte-code analyzers.

Dynamic Application Security Testing (DAST)
Dynamic Application Security Testing tools take a black-box testing approach. They execute code and inspect it in runtime, detecting issues that may represent security vulnerabilities. This can include issues with query strings, requests and responses, the use of scripts, memory leakage, cookie and session handling, authentication, execution of third-party components, data injection, and DOM injection.
Dynamic Application Security Testing tools can be used to conduct large-scale scans simulating a large number of unexpected or malicious test cases and reporting on the application’s response.


Interactive Application Security Testing (IAST)
Interactive Application Security Testing tools are the evolution of Static Application Security Testing and Dynamic Application Security Testing tools—combining the two approaches to detect a wider range of security weaknesses. Like Dynamic Application Security Testing tools, Interactive Application Security Testing tools run dynamically and inspect software during runtime. However, they are run from within the application server, allowing them to inspect compiled source code like Interactive Application Security Testing tools do.
Interactive Application Security Testing tools can provide valuable information about the root cause of vulnerabilities and the specific lines of code that are affected, making remediation much easier. They can analyze source code, data flow, configuration and third-party libraries, and are suitable for API testing.


Mobile Application Security Testing (MAST)
Mobile Application Security Testing tools combine static analysis, dynamic analysis and investigation of forensic data generated by mobile applications. They can test for security vulnerabilities like Static Application Security Testing, Dynamic Application Security Testing and Interactive Application Security Testing, and in addition address mobile-specific issues like jailbreaking, malicious wifi networks, and data leakage from mobile devices.


Software Composition Analysis (SCA)
Software Composition Analysis tools help organizations conduct an inventory of third-party commercial and open source components used within their software. Enterprise applications can use thousands of third-party components, which may contain security vulnerabilities. Software Composition Analysis helps understand which components and versions are actually being used, identify the most severe security vulnerabilities affecting those components, and understand the easiest way to remediate them.


Runtime Application Self-Protection (RASP)
Runtime Application Self-Protection tools evolved from Static Application Security Testing, Dynamic Application Security Testing and Interactive Application Security Testing. They are able to analyze application traffic and user behavior at runtime, to detect and prevent cyber threats.
Like the previous generation of tools, Runtime Application Self-Protection has visibility into application source code and can analyze weaknesses and vulnerabilities. It goes one step further by identifying that security weaknesses have been exploited, and providing active protection by terminating the session or issuing an alert.
Runtime Application Self-Protection tools integrate with applications and analyze traffic at runtime, and can not only detect and warn about vulnerabilities but actually prevent attacks. Having this type of in-depth inspection and protection at runtime makes Static Application Security Testing, Dynamic Application Security Testing and Interactive Application Security Testing much less important, making it possible to detect and prevent security issues without costly development work.