Version control systems are software tools to help a team mange changes to source code over time. It keeps track of the modifications to the code in a special database. Developers can move through versions, compare and rolling-back changes, this helps minimizing the disruption of the code.
Some commonly used version control tools are:
Git
Git is free and open source, is compatible with protocols like HTTP, FTP and SSH. Is fast, cross platform. It is the most used version control tool out there, and the one that I use.
CVS
Another very popular version control tool. Is a client server repository model, it has cross platform support and it is also open source and free.
SVN (Apache Subversion)
Aims to be the successor to CVS. It is also a client server repository model, open source and free.
Tools for testing
There are many types of software testing tools each with their different objectives.
Test Management Tools
These tools help organize the end to end test Cycle.
XRay
One the most used Manual & Automated test management app for QA. It’s a full-featured that integrates with Jira. Helps improving the quality of products.
Features:
Traceability between requirements, tests, defects, executions
Define reusable preconditions and associate to tests
Organize tests in folders and test sets
Test plans for tracking progress
Test environments
Integrates with test automation frameworks (Selenium, JUnit, Nunit, Robot, …)
Built-in REST API
CI integrations (Bamboo, Jenkins)
Built-in reports
Automated Testing Tools
This category of tools helps automate functional and Regression Testing of your application under test.
Squish
Its a GUI test automation tool to automate functional regression tests and system test of their graphical user interface. It is cross-platform.
Some of its features are:
Test script recording
Powerful and reliable object identification and verifications (object-based and image based)
No dependency on screenshots or visual appearance
A wide range of popular script languages for test scripting
Full support for Behavior Driven Development (BDD)
Full control via command line tools
Integrations with Test Management and CI-Systems
Security Testing Tools
These tools detect security vulnerabilities in your Application Under Test.
Netsparker
Automatically scans websites, web applications and web services for vulnerabilities.
It has the following features:
Very configurable
Easily IntegrateS Web Security Scanning In SDLC
Supports Enterprise Level Collaboration
Tools for process and Administration for V&V
Jira
Jira is designed teams of all types manage work, it is a tool for management from requirements and test case management to agile software development. Jira has a robust set of features and widely used and because of that it can be integrated with many tools.
We use software testing to check if the software complies with all requirements and make sure there are no defects. There are white box and black box testing. Software Testing means the Verification of Application Under Test (AUT).
Types of Tests
Unit Tests
Unit tests only test a single part of an implementation. Basically a unit, theres no dependencies or integrations involved.
Integration Tests
Integration tests concern about the functionality of the code with another third party, this could be a database, a server, another module, etc.
Functional Tests
Functional test makes sure the system works as the user expects it to behave.
Categories of Testing
Functional Testing
Unit Testing
Integration testing
Non-Functional Testing or Performance Testing
Performance
Endurance
Load
Volume
Scalability
Usability
Maintenance
Regression
Maintenance
Software Testing Roles
Test lead / manager
Has all responsibilities of test planning.
Check if the team has all necessary resources.
Check if the test are going according to plan.
Test engineers / QA testing / QC testers
Read all documents and understand what needs to be tested.
How things should be tested.
Inform the test lead about all resources required.
Software tester
Designing testing scenarios for usability testing
Conducting testing and analyzing results.
Interact with clients to understand product requirements and see needed modifications.
Crear documentación de los tests.
Software tester manager
Supervise all testing activities carried out by the team and identify team members who require more training.
Schedule testing activities, create budget for testing and prepare test effort estimations.
Selection of right test tools after interacting with the vendors. Integration of testing and development activities.
Software test automator
Design automated test scripts that are reusable.
Ensure that all automated testing related activities are carried out as per the standards defined by the company.
Understand the requirement and design test procedures and test cases for automated software testing.Testing EnviromentsA test environment is software with a configuration that can execute tests cases following that configuration. The testing environment need to be configure depending on the scenario.
Testing Enviroments
A test environment is software with a configuration that can execute tests cases following that configuration. The testing environment need to be configure depending on the scenario.
Integration Testing Environment
Individual software is integrated to see how the system behaves and if it follows the requirements. One or more modules can be integrated.
Performance Testing Environment
It use to check how performant our system is, concurrency, response time, throughput and stability our tested and see if the goals our reached.
Security Testing Environment
Ensuring the software has no security flaws. Authentication, authorization, integrity are tested to find vulnerabilities.
Software Review is an important process thanks to it engineers can validate the quality and functionality of a software being worked on. Its and examination made by one or more individuals, the objective is to find and resolve errors, defects or make changes that they see fit to improve the software, this is done during the early stages of the software development life cycle.
Software review brings it own advantages which are:
Help the productivity of the team
Cost and time effective, as more time is spent on testing the software during the initial development of the product
Fewer defects in the final stages
Frequent checks of the software being developed.
Software changes can be discussed and understood by more people
Software can be modify in the stage to make more effective
Types of software reviews
Software Peer Review
Its the process of evaluating the software by the author and another person of a team to detect errors and prevent them in future phases of the software process.
Types of software peer review
code review
fix mistakes and to remove vulnerabilities from the software product by and examination
Pair programming
Two developers work in the same workstation to develop code together.
Walkthrough
Lead designer or developer goes through the errors and defect making questions and comments about them.
Software Management Review
Take place in the later stages by the management representatives. The work status is evaluated. decisions of future software activities are taken.
Software Audit Reviews
External type of review, one or more auditors not part of the team examine the software and asses their compliance with the standards and requirements stated. In software audit reviews there are many roles to fulfill so that guidelines and standards can be achieved as planed.
Initiator: Decides if an audit is needed and establishes its purpose and scope.
Lead auditor: responsible for administrative tasks such as planning the audit and managing the team.
Recorder: documents anomalies, action items, decisions, and recommendations made by the audit team.
Auditors: examine products defined in the audit plan, document their observations, and recommend corrective actions.
A software audit follows a list of principles which are:
Timeliness: Processes and programming is continuously inspected.
Source openness
Elaborateness: Audit processes should be oriented to certain minimum standard.
Financial background reflection: if the audit was funded and if the software is being commercially developed.
Literature-inclusion: A reader should not rely solely on the results of one review, but also judge according to a loop of a management system.
Inclusion of user manuals & documentation
Identify references to innovations
Process of a software Review
The software review process is usually based on the IEEE Standard 1028.
The following process is as it follows:
Evaluation:
A checklist is used by entry of criteria to ensure a successful review.
Management preparation:
Responsible management makes sure all the software review has all required resources such as staff, materials and time.
Review planning
An objective is identified.
Preparation:
Reviewers prepare the group examination to review the tasks.
Examination and evaluation:
Results are combined and all activities are verified.
Jest is a testing framework that helps us easily doing tests in javascript, it works out of the box on most projects. But first I want to explain the types of testing there are that I have investigated.
Types of Tests
Unit Tests
Unit tests only test a single part of an implementation. Basically a unit, theres no dependencies or integrations involved.
Integration Tests
Integration tests concern about the functionality of the code with another third party, this could be a database, a server, another module, etc.
Functional Tests
Functional test makes sure the system works as the user expects it to behave.
Frequency of Tests
The smaller and more isolated the tests the more frequent they become because of their simplicity, so functional tests are written just a few times.
Test will help build a software which is less prone to defects latter in the future and more well structured.
What I learnt using jest
I used an already built simple project with jest with the configuration being done, what my objective was is learning the basics structure of the jests test and how it is applied in a project.
First Test
First I made the simplest test ever to just see how a test is written, it was a simple arrow function which returns Hello as a string. All I need to do with the function is export to later imported in a test file.
Later imported the function in a test file which expects the output to be Hello, it shows that it ran correctly, the good thing about jest is the feedback given by the framework and every time a change is made and save the test run automatically.
The test has a describe to grab the function being imported, the it first parameter gives a description of what the test should do, and the second is a functions with the expect which is the test case that will run. We expect hello() to have “Hello” as an output.
To give another example which is more likely to happen when coding in a project I used a simple technique call TDD (Test Driven Development) where tests are written first and the code is done after to make it comply with the tests being made. This makes it easier to make the code reliable for the project, not just making it work for some cases, but all cases possible. The function will have to remove all names that begin with a letter s.
I wrote three kind of tests, one that should see if all name with S are removed, one that keeps all names without a letter S as a first letter, and one that takes attention to the lower and upper case letters. With that done I can make the function. Each expect has a matcher toContain or a negated toContain.
As an example I omitted the removal of upperCase letters. Just as an example of how jest can tell me what went wrong and help me figure out what the code needs to have.
In the third case I see that “scott” passed and “Scott” did not pass, which I can tell that I’m not accounting for upper case letters. I can also see the expected array given by the method and the result. By adding a toLowerCase function to the name array the problem is fixed. Another useful case for TDD is if I made my function to have a for loop instead of a filter I can later try to optimize the code and see how well its made by the feedback of the tests cases.
My conclusions
By making tests code can be thought out more, make functions smaller to making them easily testable with unit tests, have code that works in all cases so that each part of the project wil not fail in the future with unforeseen problems and can save a lot of time. When I was working in my social service making a webpage the automatic test runs could have saved me a lot of time becuase I made the tests case manually by inputting values that came to my head one by one and later forgot which one I did. With a tool like jest I can have my tests organize and easily run them whenever I need.
I will be learning more about Jest in the future and will write about my progress.
Verification and Validation (V&V) is the process of successfully eliminating software defects from all software lifecycles, this happens before testing. What is important to mention is that V&V does not replaces testing or that testing can replace this process, it is a vital part of the whole process. I mention this because V&V, Quality and testing are often put in the same category when they should each be thought as a different part of the process.
Verification is the process of evaluating products of a development phase to find out whether they meet the specified requirements. Lifecycle frameworks and methodologies are used in the verification phase.
Validation is the process of evaluating software at the end of the development process to determine whether software meets the customer expectations and requirements. Testing fits in the validation process.
Verification and validation can be compacted into two phrases, “Are we building the product right?” and “Are we building the right product?”
V&V approaches
Testing (post process)
Testing is a process of dynamically executing software after it is complete to see if it has all the software requirements, it is referred as post process because it usually done at the end of the software lifecycle.
Lifecycle Framework
Lifecycle frameworks have the use of multiple techniques for eliminating software defects at each software lifecycle stage. They are non methodological because each software project must have it own unproven lifecycle methodology that fits itself by picking and choosing from hundreds of vaguely defined and measured techniques.
Lifecycle frameworks have the following advantages:
Errors are detected and corrected as early as possible.
Project risk, cost, and schedule effects are lessened.
Software quality and reliability are enhanced.
Management visibility into the software process is improved.
Proposed changes and their consequences can be quickly assessed.
Lifecycles are very useful but ca be seen as highly bureaucratic.
Lifecycle Methodologies
Lifecycle methodologies address V&V across all software lifecycle stages, they are streamlined to include only the most effective and bare minimum software defect elimination techniques recommended by lifecycle frameworks and add step by step metrics and measurements approaches for accurately estimating software lifecycle resources, software defects, and software defect elimination effectiveness. It has its own processes.
Software Inspection Process
highly structured and measured
multiple people review the software to find defects
Inspection Process Measurability
highly structured, well defined, step-by-step process for identifying defects for elimination. All aspects of the inspection can be identified, as the total effort required, and the efficiencies of every aspect of Inspections
An inspection can take 15 hours to uncover as 15 to 45 defects.
Acurracy
Lifecycle methodologies use Rayleigh models which in theory can tell the exact number of resources that need to be allocated for a process within a tenth of a defect.
To have an efficient organization at developing software products and services a model should be follow to have order in its development process make the most accurate estimations possible, being efficient and learning which improvements can be made, so this blog will give a quick introduction to a number of Models.
CMMI
CMMI stands for Capability Maturity Model Integration, it is a is a process level improvement training and appraisal program, it measures the maturity of an organization’s processes in software development.
CMMI starts with an appraisal process that evaluates 3 areas:
process and service development
service establishment and management
product and service acquisition
CMMI breaks organizational maturity into five leves
Initial
Processes are viewed as unpredictable and reactive. work gets done but it’s often delayed and over budget
Managed
There’s a level of project management achieved
Projects are “planned, performed, measured and controlled”
There’s still issues to address
Defined
Organizations are more proactive than reactive
The organization has standards use in all across itself
Shortcomings are understood, and understands how to address them and what the goal is for improvement.
Quantitatively managed
This stage is more measured and controlled
Ahead of risks, with more data-driven insight into process deficiencies
Optimizing
organization’s processes are stable and flexible. At this final stage, an organization will be in constant state of improving and responding to changes or other opportunities
PSP (Person Software Process)
Structured development process that is designed to help software engineers to:
Improve their estimating and planning skills.
Make commitments they can keep.
Manage the quality of their projects.
Reduce the number of defects in their work.
PSP training follows a evolutionary methods, its levels are:
PSP0 has 3 phases:
Planning
Development
Design, code, compile, tests
Post Modern
engineer ensures all data for the projects has been properly recorded and analysed
PSP0.1 advances the process by adding a coding standard, a size measurement and the development of a personal process improvement plan
PSP1
Introduces estimating and planning
PSP2
Quality management and design
One of the core aspects of the PSP is using historical data to analyze and improve process performance. PSP data collection is supported by four main elements:
Scripts
Measures
Standards
Forms
TSP (Team Software Process)
TSP improves the quality and productivity of engineering teams and helps them develop software intensive products at timely and cost effective manner. Designed for use with teams of 2 to 20 members, and the larger multi-team TSP process is designed for teams of up to about 150 members
TSP can be applied in all aspects of software development.
TSP indicates that a self directed team should have the following qualities:
Understand product and business goals
Produces their own plans for addressing the goals
Makes their personal commitments
Directs their own projects
Consistently uses processes and methods that they select
Manages quality
TSP follows a cycle, first it begins with a planning process called launch, led by a coach and the team establishes goals, defined team roles, asses risks, estimate effort, allocate tasks and produce a team plan. next comes an execution phase, developers track planned and actual effort, schedule, and defects meeting regularly to report status and revise plans. The cycle ends with a Post Mortem to assess performance, revise planning parameters, and capture lessons learned for process improvement.
ISO-15504
Services are outputs of process by identifying those processes we can improve the services, ISO-15504 helps us achieve that, it is a set of technical standards document is for the computer software development process and related business management functions and is the reference model for the maturity models, assessors can give an overall determination of the organization’s capabilities for delivering products.
An assessment process must be done and the report will result in one the six classes levels
Incomplete (level 0)
The process is not implemented or fails at its purpose
Performed (level 1)
The process is performed and achieves it purpose
Managed (level 2)
Process is managed and results are specified, controlled and maintained
Established (level 3)
Process defined and use throughout the organization
Predictable (level 4)
Executed consistently with defined limits
Optimizing (level 5)
Process is continuously improved to meet currently and projected goals
MOPROSOFT
Moprosoft is a model of software processes for the Software Mexican industry, it is oriented for small and medium size business or internal areas of development and maintenance of software. It considers 3 levels of organization:
Business management
Management
Management of processes, projects, and management of materials
It also oversees human resources, services of the organization, infrastructure and knowledge of the business.
Operation
IDEAL METHOD
IDEAL stands for Initiating, Diagnosing, Establishing, Acting & Learning. IDEAL serves as a roadmap for initiating, planning, and implementing process improvement actions in the context of the CMMI product suite, it is a process-improvement and defect-reduction methodology.
Each letter of IDEAL is phase of the roadmap
Initiating
Lay groundwork for improvement effort
Usually is a response of a stimulus which shows an urgency the change the current process
In response the appropriate resources and support is given to get the change needed.
Diagnosing
It gives and indication on where the organization is relative to the place it hopes to be.
Analysis is performed to baseline the current practices and to probe potential improvement opportunities.
For the CMMI Product Suite this is a SCAMP Appraisal, for ISO 15504 an assessment.
Establishing
Planning the specifics of how to reach the goal
recommendations of the analysis are prioritized, change implementation teams are established, and plans are developed to conduct the activities.
Acting
Do the steps indicated in the plan
Learning
Learn from the experience and improve at adopting new improvements
My first approach to making tests and understanding its impact on the development of a program was done with Postman, so here I am writing a little of my first approach to testing and a little of what tools I found out.
I used postman before to verify that my API’s made in nodejs worked in a page for an animal shelter organization over the summer, such API’s did work as registering and logging in users, changing data from the users, adding and deleting, uploading and consulting info of the animals being rescued but as a naive software engineer I had no idea of the capabilities of doing tests in postman. Thanks to a class workshop given to us by Kin lane (also known as the API evangelist, blog here: https://apievangelist.com ) I got to know a lot more about postman and its tests.
What I learned about Tests
Each url request can have their own tests to see if the code works as it should be. The test are done in js and writing tests is pretty straight forward and easy to understand.
In the example we are testing the response and looking and the status code. When running the request postman will show us the results of the tests.
In postman we can test the following and much more:
Tests the performance such as testing the time the request took time to finish
Response status of the responses
Check the output of the variables and the types of those variables
Check if a variable is contained in a response
Check the content type of the response
We can even prevent SQL injections attacks by evaluating the content of the body request.
Can establish dynamic variables to test its values and establish some before the tests are done
Capabilities of Postman
Snippets and collection
Postman includes snippets for including tests in our requests to quickly establishing our test cases aside from that we can look for collections done by other people and organizations to apply those tests in our own programs.
Runner
We can group by request to run in a specific order to tests along each other various request to see how the program runs as a whole and get all of the tests results in such a simple manner and get a better understanding of the flow of the program
Newman
Tests and runners can also be run from the terminal thanks to postman’s tool
Continuous Integration
I have not tried this my self but tests can also be automated with a Continuous Integration or Continuous Delivery tool, like Jenkins or Travis CI. I would have to check those tools later on my on to write about them but its good to know that the capability is there.
My take on Postmans Test
Making tests can allow me to ensure the proper functionality of my API’s more quickly than doing a lot of requests on my own without knowing what I’m expecting from them most of the time, with tests I can verify that new developments haven’t broken any functionality as I progress on the program. Tests can aid the debbuging process when something inevitable goes wrong.
When developing my next project which I can aid the development of Postman I will make sure that I write tests.
Software quality sees the total functionality of a software system. In other words it has to do all of its tasks, those are its functional requirements and non functional requirements.
Functional requirements are the features of the software such as like registering users, display data requested. Non functional requirements are how the software is accomplishing the task successfully and with good quality for the user. That means it has to have some of the be efficient, fast, it needs to be reliable and be user friendly.
What do we have to take into account in Software Quality?
Software quality consists of three components
Functional
Correctly performs tasks
Specified requirements for the software:
Few defects
Works well
Easy to learn and use
Structural
Code testability
Code maintainability
Code understandability
Code efficiency
Code security
Process
Meeting deadlines
Meeting the budget
Repeatable development process that reliably delivers software quality
How do we ensure software quality?
Making sure that everything works in an efficient way is hard to achieve but there are different work methodologies that can be used to have a better chance to get to a product of good qualit.
Software quality assurance
To have all of the processes, methods, activities and work items are monitored and comply against the defined standards. software quality assurance employs a systematic plan of all actions needed to provide adequate confidence that an item or product conforms to establish technical requirements.
Quality Assurance
Has a defined cycle
Plan
plan and establish the process related objectives and determine the processes that are required to deliver the product
Do
Development and testing of Processes and also “do” changes in the processes
Check
Monitoring of processes, modify the processes, and check whether it meets the predetermined objectives
Act
Implement actions that are necessary to achieve improvements in the processes
Importance of Standards
Nowadays having certifications for software quality standards brings a big advantage over companies that don’t. Having a certification apart for applying the best software quality practices which reduce cost and increases efficiency it also brings confidence to clients and show that a company in good at competing in an international market.
Some Certifications:
ISO 9000
Prioritizing the customer data, purchasing and managing the Quality systems
Six sigma
data-drive and fact based approach
analyzes existing processes
Forces to break project into smaller and easily manageable projects, which are then subdivided, internally
Have to have a margin error of 0.0000002%
CMMI model, ISO15504,
Having good software quality practice can avoid making costly mistakes and giving the company an advantage over others. Throughout the next blogs we will see what practices are used and which tools are really useful for having an all around good product.
Hello to everyone. Its nice that you came and gave some of your valuable time to check out my blog. What can someone expect of this? Well I’m starting this blog to have a place to write about my progress as a computer science student, show what things I’ve learned along the way and what that new knowledge meant to me and how I apply it on my projects and school.
This blog started because is the requirement of my class called “Software Quality and Testing” but I’ll try to write about other topics that I’ve learned by myself or my thoughts on some areas, I want to show what difficulties I’ve encountered, which thing called my attention and changed the way I work. I can’t promise anything but if I really believe in one of my favorite rules is that I have to look to be a person that is 1% better than I was the other day, and that is mainly what I will try to show.
With that out of the way I want to point some important points that this blog will have to be a little unique and truthful to me.
I’ll try to show in what ways I got better and it which ways I still need to practice
The blogs will be short, no need to drag things.
The blogs won’t try to make me look like a beast of a programmer, the most productive person ever or even someone that has everything together. I want the blogs to be real and hopefully relatable
