AGILE TESTING DEMAND

WHAT IS AGILE TESTING

Agile - means quick/rapid/speedy

Agile testing is used whenever customer requirements are changing dynamically.
The Agile methodology was introduced in year 2001.There are many agile development methods most minimize risk by developing software in short amounts of time. Software developed during one unit of time is referred to as an iteration, which may last from one to four weeks. Each Iteration is an entire software project: including planning, requirements analysis, design, coding, testing, and documentation.

Agile methods produce very little written documentation relative to other methods. Agile methods are a family of development processes, not a single approach to software development. Agile follows ‘adaptive’ planning rather than ‘predictive’ planning in conventional Waterfall Process.

Agile testing is executed in a very different way from the traditional ones. It basically consists of a continuous process throughout the SDLC as the testing provides information about the new software’s performance as well as the functionality. As a result there is no time for detailed testing of the software at a later stage let alone doing the necessary corrections, since it is an iterative process. Therefore the first sprint is developed and tested. Then the second is developed and tested in isolation, before being integration tested with the first sprint. This goes on and on till the software has been completely developed.

Involvement of Testers at Every Stage

In agile testing, a tester is a key person, whose skills are used throughout the process of software development. When requirements are well understood at the planning stage, it is easier to later accurately estimate project costs as well as deliver within the given time frames. During the development stage, agile testers will work with the developers to write the code in such a way that it will be easier to test later on. Hence time is saved again. By the time the testing stage starts, the testers are completely aware of the user requirements and what the system is expected to do.

PRINCIPLE OF AGILE METHOD

Customer satisfaction by rapid, continuous delivery of useful software.

Working software is delivered frequently (weeks rather than months)

Quality software is the principal measure of progress.

Even late changes in requirements can be implemented easily.
Close, daily, cooperation between stakeholders, project management team, developers and Quality Assurance team.

Projects are built around motivated individuals.

Continuous attention to technical excellence and good design.

Simplicity

Self-organizing teams

Regular adjustment to changing circumstances

WHY AGILE?

·         Sometimes customers want project quickly then Agile Methodology is used.

·         In this after development, testing process is done in a small amount of time.

·         It takes less time in delivering projects that’s why it is in demand.

DIFFERENT AGILE DELIVERY METHODS

 AGILE SCRUM PROCESS

In today’s rapid world stakeholders want immediate ROI (Returns on Investments). They don’t want to wait for longer periods to get full featured product.

Scrum is one of the most admired Agile delivery methods. In Agile Expedition, we refer to many Scrum terms, including sprints, Product Owner, and Scrum Master. One of Scrum’s strengths is that it is a well defined and extensively documented delivery methodology.

In scrum, projects are divided in small features to be developed and tested in specific time-frames called as sprint (small cycles). Features should get developed and tested in specified small time-frames. This agile scrum team is handled by scrum master.

 EXTREME PROGRAMMING (XP)

 Similar to Scrum in that it emphasizes short, iterative, and incremental development cycles, short feedback loops, close customer collaboration, and work prioritized by highest business value.

One of the fundamental ideas of XP is that no one process fits every project, but rather the processes should be tailored according to the needs of individual projects.

Extreme Programmers constantly communicate with their customers and fellow programmers. They keep their design simple and clean. They get feedback by testing their software starting on day one. They deliver the system to the customers as early as possible and implement changes as suggested. Every small success deepens their respect for the unique contributions of each and every team member.

XP operates on the following values:

1. Simplicity

2. Communication

3. Feedback

4. Respect

5. Courage

 TEST-DRIVEN DEVELOPMENT (TDD)

Practice of writing a unit test before writing any code. This can be done relatively quickly, with the developer writing the test, then writing the code, and then running the test in small increments. TDD ensures the code is consistently refactored for a better design.

TDD  is a software development technique that relies on the repetition of a very short development cycle: First the developer writes a quality test case that defines a desired improvement or new function, then produces code to pass that test and finally refractors the new code to acceptable standards. Here once our unit is ready we will take a customer feedback and if Customer wants some changes into that unit of software we will do it and do a final release.

The suite of unit tests provides constant feedback that each component is still working. Test-driven development forces critical analysis and design because the developer cannot create the production code without truly understanding what the desired result should be and how to test it.

The test suite acts as a regression safety net on bugs: If a bug is found, the developer should create a test to reveal the bug and then modify the production code so that the bug goes away and all other tests still pass. On each successive test run, all previous bug fixes are verified.

TDD has the following distinct benefits:

1. It contributes to better overall system design by reducing code duplication and other anomalies.

2. It forces programmers to think about end results first, which increases the likelihood that the code will meet customer needs.

 FEATURE-DRIVEN DEVELOPMENTS (FDD)

Like XP and Scrum, is focused on delivering customer value by identifying and delivering the features with the highest business value first, in an iterative and incremental fashion. FDD is a model-driven Agile process that puts emphasis on first identifying the problem domain using Unified Modeling Language  then digging into feature development on an iterative and incremental basis. Because FDD is model driven, it has additional roles such as Class Owner to support the modeling function.

FDD emphasizes the following activities as part of its process:

1. Develop an overall model

2. Build a features list

3. Plan by feature

4. Design by feature

5. Build by feature

Pair Programming:

As name indicates programming done in pairing. In pain programming two developer works on same module of code. The basic idea behind pair programming is that programming / writing code is -above all- intellectual work. So two brains working together through a specific task perform better with desired quality.

Benefits

1. Development time is reduced and software quality is higher.

2. Teams doing pair programming tend to have more fun than teams working individually.

3. Pair programming is that it can push people well outside their comfort zones.

4. By discussing the code or knowledge leads to increase number of generalists

 CHALLENGES IN AGILE TESTING

• Adequate/Detailed test planning is not possible due to tight timelines/deadlines
• There are too many changes in the software requirements and development which conflict with the test planning.
• The testing phase is not specified. That is, it is not clear when tests start and end.
• Since testing starts when the first iteration is complete, judging at that stage whether it will lead to working software is difficult.

 BENEFITS

Delivers highest business values early on in the project.

Promotes customer satisfaction

Provides customer driven approach

Focuses on speed of delivery

Provides openness and visibility to customers

Improves employee retention by empowering employees and by promoting self-management, team communication, learning, and value-building

DISADVANTAGE

The stakeholders will be tempted to keep demanding new functionality is delivered.

If a task is not well defined, estimating project costs and time will not be accurate. In such a case, the task can be spread over several sprints.

If the team members are not committed, the project will either never complete or fail.

It is good for small, fast moving projects as it works well only with small team.

This methodology needs experienced team members only. If the team consists of people who are novices, the project cannot be completed in time.

If any of the team members leave during a development it can have a huge inverse effect on the project development.

Security Testing

Software Security testing:-

Security testing is a process to determine a qualitative information system protects data and maintains functionality as required.

 Software security testing verifies software quality complies with security requirements.  Software security is always relative to the qualitative information and services being protected, the skills and resources of adversaries, and the costs of potential assurance remedies.

In simple words Software Security testing is the process that determines confidential data stays confidential (i.e. it is not exposed to individuals/ entities for which it is not meant) and users can perform only those tasks that they are authorized to perform (e.g. a user should not be able to deny the functionality of the web site to other users, a user should not be able to change the functionality of the web application in an unintended way etc.).

Software Security = breaking stuff + building quality stuff

Software security basically works on two phases

·         Offense and defense

·         Breaking and building quality

Software Security design is based on software quality engineering & security analysis based on attack. Software security testing has two pillars

·         Functional security testing (constructive)

·         Risk-based security testing (destructive)

Importance of Software Security Testing

• Software Security test helps in finding out loopholes in the software that can cause loss of important qualitative information and allow any intruder enters into the systems.
• Software Security Testing helps in improving quality of current software system and also helps in ensuring that the system will work as required.
• Software security if involved right from the first phase of software development life cycle (SDLC), security testing can help in eliminating the flaws into design and implementation of the software quality and in turn help the organization in blocking the potential software security loopholes in the earlier stage which is beneficial to the organization in aspects like financially, security and even efforts point of view.

What actually are we protecting?

• Customer information :-  Most of the customer information like name, SS#, address, etc. is behind the web applications
• Employee information:- Protecting employee information is critical and hackers can get to it easily
• Credit Card information :- Hackers can get to your credit card information by coming through applications
• Patient information: - Most of the patient information can be accessed by hacking through the web applications.

Different types of Software security testing:-

Following are the main types of software security testing:

1.       Software Security Auditing: Software Security Auditing includes direct inspection of quality application developed, Operating Systems & any software system on which it is being developed. This also involves code walk-through. In short : Software Security Auditing involves hands on internal inspection of Operating Systems and Applications, often via line-by-line inspection of the code.

2.       Software Security Scanning: It is all about scanning and verification of the software system and applications. During security scanning, auditors inspect and try to find out the weaknesses in the software security that includes: OS, applications and network(s). It is Vulnerability Scan plus Manual verification. The Security Analyst will then identify network weaknesses and perform a customized professional analysis.

3.       Software Vulnerability Scanning: Software Vulnerability Scanning is weakness in the web application. The cause of such a “weakness” can be bugs in the application, an injection (SQL/ script code) or the presence of viruses. Examples of this software are Nessus, Sara, and ISS.

4.       Software Risk Assessment: Risk assessment is a method of analyzing and deciding the risk that depends upon the type of quality loss and the possibility/probability of quality loss occurrence. Risk assessment is carried out in the form of various ways like, interviews, discussions and analysis. It helps in finding out and preparing possible backup-plan for any type of software potential risk. Risk Assessment involves a security analysis of interviews compiled with research of business, legal, and industry justifications.

5.       Software Penetration Testing: In this type of testing, a tester tries to forcibly access and enter the application under test. In the penetration testing, a tester may try to enter into the application/system with the help of some other application or with the help of combinations of quality loopholes that the application has kept open unknowingly. Penetration test is highly important as it is the most effective way to practically find out potential loopholes in the application.

Penetration Testing takes a snapshot of the security on one machine, the “trophy”. The Tester will attempt to gain access to the trophy and prove his access, usually, by saving a file on the machine. It is a controlled and coordinated test with the client to ensure that no laws are broken during the test

6.       Software Ethical Hacking: It’s a forced intrusion of an external element into the software system & applications quality that are under Security Testing. Ethical hacking involves number of penetration tests over the wide network on the system under test.

Security Testing Methods:-

1.

SQL Injection

This is the process of inserting SQL statements through the web application user interface into some query that is then executed by the server to assure the quality of the software.

Ø  What is it?: Database contents are compromised or disclosed by the use of specially crafted input that manipulates SQL Query Logic.

Ø  Root Cause: Failure to properly scrub, reject, or escape domain-specific SQL characters from an input vector.

Ø  Impact: Data confidentiality, integrity, and availability with the ability to read, modify, delete, or even drop database tables.

Ø  Solution: Define accepted character-sets for input vectors, and enforce these white lists rigorously. Force input to conform to specific patterns when other special characters are needed: dd-mm-yyyy. Also, use SQL Prepared Statements.

2.       Directory Traversal

Ø  Attacker notices the URL

Ø  He modifies it to another directory by adding /.../

Ø  Attacker views other file

Ø  Quality Assurance broken

3.       Tampering

Parameter tampering is a type of Web-based hacking event (called an attack) in which certain parameters are entered in the Uniform Resource Locator (URL) or Web page application which in turn changes user’s information without user's authorization.

Some web applications communicate additional information between the client (browser) and the server in the URL. Changing some information in the URL may sometimes lead to unintended behavior by the server which hampers the quality of software application developed.

4.       JS Injection

JavaScript injection is a process of inserting and using JavaScript code in a URL, either by entering the code into the address bar, or by finding XSS vulnerability in a website. Note that the changes can only be seen by you and are not permanent. This is because JavaScript is a 'client-side' language

5.       XSS(Cross side scripting) Injection Vulnerabilities

Cross-site scripting (XSS) is a type of software security vulnerability typically found in web applications that enables malicious attackers to inject client-side script and hamper quality of the software viewed by users.