UNIT – 4 Prepared By MAV

UNIT IV
ADVANCED TESTING CONCEPTS
Performance Testing: Load Testing, Stress Testing, Volume Testing, Fail-Over Testing,
Recovery Testing, Configuration Testing, Compatibility Testing, Usability Testing, Testing
the Documentation, Security testing, Testing in the Agile Environment, Testing Web and
Mobile Applications.
1.Performance Testing
1.1Load Testing
Load testing is a type of Performance Testing that determines the performance of a system,
software product, or software application under real-life-based load conditions.
What is Load Testing?
Load testing determines the behaviour of the application when multiple users use it at the
same time. It is the response of the system measured under varying load conditions.
1. The load testing is carried out for normal and extreme load conditions.
2. Load testing is a type of performance testing that simulates a real-world load on a system
or application to see how it performs under stress.
3. The goal of load testing is to identify bottlenecks and determine the maximum number of
users or transactions the system can handle.
4. It is an important aspect of software testing as it helps ensure that the system can handle
the expected usage levels and identify any potential issues before the system is deployed
to production.
During load testing, various scenarios are simulated to test the system’s behaviour under
different load conditions.
This can include simulating
✓ a high number of concurrent users,
✓ simulating numerous requests, and
✓ simulating heavy network traffic.
The system’s performance is then measured and analyzed to identify any bottlenecks
or issues that may occur.
Objectives of Load Testing
1. Evaluation of Scalability: Assess the system’s ability to handle growing user and
transaction demands. Find the point at which the system begins to function badly.

Dept., of CSE. /III CSE/SEM-VI 1 A.V.C.C.E

UNIT – 4 Prepared By MAV
2. Planning for Capacity: Describe the system’s ability to accommodate anticipated future
increases in the number of users, transactions and volume of data. Making well-informed
decisions regarding infrastructure upgrades is made easier by this.
3. Determine bottlenecks: Identify and localize bottlenecks in the application or
infrastructure’s performance. Finding the places where the system’s performance can
suffer under load is part of this.
4. Analysis of Response Time: For crucial transactions and user interactions, track and
evaluate response times. Make that the system responds to changes in load with
reasonable response times.
5. Finding Memory Leaks: Find and fix memory leaks that may eventually cause a decline
in performance. Make sure the programme doesn’t use up too many resources when it’s
running.

Load Testing Process

1. Test Environment Setup: Firstly create a dedicated test environment setup for
performing the load testing. It ensures that testing would be done in a proper way.
2. Load Test Scenario: In second step load test scenarios are created. Then load testing
transactions are determined for an application and data is prepared for each transaction.
3. Test Scenario Execution: Load test scenarios that were created in previous step are now
executed. Different measurements and metrices are gathered to collect the information.
4. Test Result Analysis: Results of the testing performed is analyzed and various
recommendations are made.
5. Re-test: If the test is failed then the test is performed again in order to get the result in
correct way.
Dept., of CSE. /III CSE/SEM-VI 2 A.V.C.C.E
UNIT – 4 Prepared By MAV
Metrics of Load Testing
Metrics are used in knowing the performance of load testing under different
circumstances. It tells how accurately the load testing is working under different test cases.
It is usually carried out after the preparation of load test scripts/cases. There are many
metrics to evaluate the load testing. Some of them are listed below.
1. Average Response Time
It tells the average time taken to respond to the request generated by the clients or
customers or users. It also shows the speed of the application depending upon the time taken
to respond to the all requests generated.
2. Error Rate
The Error Rate is mentioned in terms of percentage denotes the number of errors
occurred during the requests to the total number of requests.
3. Throughput
This metric is used in knowing the range of bandwidth consumed during the load
scripts or tests and it is also used in knowing the amount of data which is being used for
checking the request that flows between the user server and application main server. It is
measured in kilobytes per second.
4. Requests Per Second
It tells that how many requests are being generated to the application server per
second. The requests could be anything like requesting of images, documents, web pages,
articles or any other resources.
5. Concurrent Users
This metric is used to take the count of the users who are actively present at the
particular time or at any time. It just keeps track of count those who are visiting the
application at any time without raising any request in the application.
6. Peak Response Time
Peak Response Time measures the time taken to handle the request. It also helps in
finding the duration of the peak time(longest time) at which the request and response cycle is
handled and finding that which resource is taking longer time to respond the request.

Load Testing Tools

1. Apache Jmeter:
It is an open-source tool used for performance testing and measuring the load and
functional behavior of web applications. It simulates multiple users sending requests to a

Dept., of CSE. /III CSE/SEM-VI 3 A.V.C.C.E

UNIT – 4 Prepared By MAV
web server, analyzes the server’s response, and measures performance metrics such as
response time, throughput, and resource utilization.
2. WebLoad:
It is a performance testing tool designed to simulate user load on web applications and
measure their behavior under various conditions. It helps identify performance
bottlenecks and ensure that web applications can handle expected traffic.

3. NeoLoad:
It is a performance testing tool used to simulate user traffic and measure how well
applications handle load and stress. It helps identify bottlenecks and performance
issues by generating virtual users to test the application’s scalability and reliability.
4. LoadNinja:
It is a cloud-based performance testing tool that enables users to simulate real-world
user loads on their applications.
5. HP Performance Tester:
HP Performance Tester, now known as Micro Focus LoadRunner, is a performance
testing tool used to simulate virtual users and measure how well an application handles
various loads. It helps identify performance bottlenecks by generating load on the
application and analyzing its response times and behavior under stress.
6. LoadUI Pro:
LoadUI Pro is a commercial load testing tool designed for testing the performance
and scalability of web applications and APIs. It enables users to simulate various load
conditions, monitor system behavior, and identify performance bottlenecks to ensure
applications can handle real-world usage.
7. LoadView:
It is a cloud-based performance testing tool used to simulate high traffic and load on
websites and applications. It helps identify how a site performs under various conditions
by generating real user interactions and analyzing the impact on performance.
Advantages of Load Testing
1. Identifying bottlenecks:
Load testing helps identify bottlenecks in the system such as slow database queries,
insufficient memory, or network congestion.

Dept., of CSE. /III CSE/SEM-VI 4 A.V.C.C.E

 UNIT – 4 Prepared By MAV
This helps developers optimize the system and ensure that it can handle the expected
number of users or transactions.
2. Improved scalability:
By identifying the system’s maximum capacity, load testing helps ensure that the
system can handle an increasing number of users or transactions over time.
This is particularly important for web-based systems and applications that are
expected to handle a high volume of traffic.
3. Improved reliability:
Load testing helps identify any potential issues that may occur under heavy load
conditions, such as increased error rates or slow response times. This helps ensure that the
system is reliable and stable when it is deployed to production.

4. Reduced risk:
By identifying potential issues before deployment, load testing helps reduce the risk
of system failure or poor performance in production.
Disadvantages of Load Testing
1. Resource-intensive:
Load testing can be resource-intensive, requiring significant hardware and software
resources to simulate a large number of users or transactions. This can make load testing
expensive and time-consuming.
2. Complexity:
Load testing can be complex, requiring specialized knowledge and expertise to set up
and execute effectively. This can make it difficult for teams with limited resources or
experience to perform load testing.
3. Limited testing scope:
Load testing is focused on the performance of the system under stress, and it may not be
able to identify all types of issues or bugs. It’s important to combine load testing with other
types of testing such as functional testing, regression testing, and acceptance testing.
4. Inaccurate results:
If the load testing environment is not representative of the production environment or
the load test scenarios do not accurately simulate real-world usage, the results of the test
may not be accurate.
1.2 Stress Testing

Dept., of CSE. /III CSE/SEM-VI 5 A.V.C.C.E

 UNIT – 4 Prepared By MAV
Stress Testing is a software testing technique that determines the robustness of software by
testing beyond the limits of normal operation. Stress testing is particularly important for
critical software but is used for all types of software.
Stress testing emphasizes robustness, availability, and error handling under a heavy load
rather than what is correct behavior under normal situations.
Characteristics of Stress Testing
1. Identification of Risk: Stress testing’s main objective is to locate and evaluate a
system’s possible hazards and weaknesses.
2. Quantitative and Qualitative Analysis: While numerical data are crucial, it’s also
critical to comprehend the qualitative characteristics of the system’s response and
potential weak points.
3. Variable Parameters: Stress testing includes changing variables including interest rates,
market conditions, transaction volumes and outside influences that could have an impact
on the system.
4. Cross-Functional Involvement: Many departments within an organization must work
together and participate in stress testing. This cross-functional strategy makes sure that
the stress testing procedure benefits from a variety of viewpoints and specialties.
5. Open and Honest Communication: Stress testing necessitates open and honest
communication regarding the goal, approach, and outcomes of the testing procedure.

Stress Testing Process

The stress testing process is divided into 5 steps:

Dept., of CSE. /III CSE/SEM-VI 6 A.V.C.C.E

UNIT – 4 Prepared By MAV
1. Planning the stress test
This step involves gathering the system data, analyzing the system, and defining the stress
test goals.
• Gathering System Data : For a web application, collect details about server
specifications, database configurations, network bandwidth, and current traffic patterns.
• Analyzing the System : Evaluate how the web application performs during peak traffic
times, such as during a sales event. Identify any existing issues like slow page loads or
database timeouts.
• Defining Stress Test Goals : Set goals such as ensuring the application can handle a
traffic spike of 10,000 users per minute without crashing and maintaining response times
below 2 seconds.
2. Create Automation Scripts
This step involves creating the stress testing automation scripts and generating the test data
for the stress test scenarios.
• Developing Stress Testing Scripts : Use tools like Apache JMeter or LoadRunner to
create scripts that simulate user actions such as logging in, browsing products, and
making purchases.
• Generating Test Data : Create datasets that include various user profiles, product
inventories, and transaction records to ensure the test is realistic and comprehensive.

3. Script Execution
This step involves running the stress test automation scripts and storing the stress test results.
• Analyzing Test Data : Review the logs to identify performance trends. Look for any
significant slowdowns or failures as the load increases.
• Identifying Bottlenecks : If the application slows down significantly at 5,000 users,
investigate the server logs to determine if the issue is related to database queries, server
CPU limits, or network bandwidth.
4. Result Analysis
This phase involves analyzing stress test results and identifying the bottlenecks.
• Running the Stress Test Scripts : Execute the scripts in a test environment that mirrors
the production setup. Gradually increase the number of simulated users to observe how
the system handles the load.
• Storing Test Results : Use logging tools to capture performance data such as server
response times, error rates, and resource utilization metrics.

Dept., of CSE. /III CSE/SEM-VI 7 A.V.C.C.E

UNIT – 4 Prepared By MAV
5. Tweaking and Optimization
This step involves fine-tuning the system and optimizing the code with the goal meet the
desired benchmarks.
• Fine-Tuning the System : Based on the findings, optimize database queries, increase
server CPU capacity, or enhance network configurations.
• Optimizing for Desired Benchmarks : Retest the application to ensure it now handles
10,000 users per minute with response times below 2 seconds.

Types of Stress Testing

1.Server-client Stress Testing

Server-client stress testing also known as distributed stress testing is carried out
across all clients from the server.
The aim is to assess how well the server can handle numerous simultaneous requests from
different clients.
• Example : Imagine a web application where thousands of users try to log in
simultaneously. The server-client stress test would simulate these concurrent logins to
ensure the server doesn’t crash and can handle the load effectively.
2. Product Stress Testing
Product stress testing concentrates on discovering defects related to data locking and blocking,
network issues, and performance congestion in a software product.
It focuses on identifying issues related to data locking, network problems, and performance
bottlenecks within a specific software product.
• Example : In a database application, product stress testing might involve simulating multiple
transactions occurring simultaneously to check for issues like data locks or network
slowdowns, ensuring the system can handle real-world usage without significant delays or
crashes.
Dept., of CSE. /III CSE/SEM-VI 8 A.V.C.C.E
UNIT – 4 Prepared By MAV
3. Transactional Stress Testing
Transaction stress testing is performed on one or more transactions between two or
more applications. It is carried out for fine-tuning and optimizing the system.
• Example : For an e-commerce platform, transactional stress testing could simulate
thousands of transactions per minute between the payment gateway and the order
management system to ensure the process remains smooth and error-free under peak loads.
4. Systematic Stress Testing
It involves integrated testing across multiple systems running on the same server. This
approach helps identify defects where one application’s data processing might interfere with
another application on the same server.
• Example : On a shared server hosting multiple applications, systematic stress testing might
reveal that a heavy load on a database application slows down a concurrent web application,
highlighting the need for resource optimization or separation.
5. Analytical Stress Testing
Analytical or exploratory stress testing is performed to test the system with abnormal parameters
or conditions that are unlikely to happen in a real scenario.
It is carried out to find defects in unusual scenarios like a large number of users logged at the
same time or a database going offline when it is accessed from a website.
Example : Analytical stress testing might involve simulating scenarios where the database goes
offline while thousands of users are accessing the application, or where the application faces a
sudden surge in traffic due to a viral event. This helps identify vulnerabilities that might not be
apparent under normal conditions.

Advantages of Stress Testing

• Determines the behavior of the system: Stress testing determines the behavior of the
system after failure and ensures that the system recovers quickly.
• Ensure failure does not cause security issues: Stress testing ensures that system failure
doesn’t cause security issues.
• Makes system function in every situation: Stress testing makes the system work in
normal as well as abnormal conditions in an appropriate way.
• Improving Decision Making: Decision-making processes can benefit from the insightful
information that stress testing offers.
• Increasing Stakeholder confidence: Providing clear information about the outcomes of
stress tests helps boost stakeholder confidence. Organizations that show a proactive

Dept., of CSE. /III CSE/SEM-VI 9 A.V.C.C.E

UNIT – 4 Prepared By MAV
approach to risk management are valued by investors, customers, and other stakeholders,
since it cultivates credibility and confidence.

Disadvantages of Stress Testing

1. Manual stress testing is complicated: The manual process of stress testing takes a
longer time to complete and it is a complicated process.
2. Good scripting knowledge required: Good scripting knowledge for implementing the
script test cases for the particular tool is required.
3. Need for external resources: There is a need for external resources to implement stress
testing. It leads to an extra amount of resources and time.
4. Constantly licensed tool: In the case of a licensed stress testing tool, it charges more
than the average amount of cost.
5. Additional tool required in case of open-source stress testing tool: In the case of some
open-source tools, there is a need for a load testing tool additionally for setting up the
stress testing environment.

Stress Testing Tools

1. Jmeter : Apache JMeter is a stress testing tool is an open-source, pure Java-based
software that is used to stress test websites. It is an Apache project and can be used for
load testing for analyzing and measuring the performance of a variety of services.
2. LoadNinja: LoadNinja is a stress testing tool developed by SmartBear that enables users
to develop codeless load tests, substitutes load emulators with actual browsers, and helps
to achieve high speed and efficiency with browser-based metrics.
3. WebLoad: WebLoad is a stress testing tool that combines performance, stability, and
integrity as a single process for the verification of mobile and web applications.
4. Neoload: Neoload is a powerful performance testing tool that simulates large numbers of
users and analyzes the server’s behavior. It is designed for both mobile and web
applications. Neoload supports API testing and integrates with different CI/ CD
applications.

Metrics of Stress Testing

Metrics are used to evaluate the performance of the stress and it is usually carried out at the
end of the stress scripts or tests. Some of the metrics are given below.
1. Pages Per Second: Number of pages requested per second and number of pages loaded
per second.

Dept., of CSE. /III CSE/SEM-VI 10 A.V.C.C.E

 UNIT – 4 Prepared By MAV
2. Pages Retrieved: Average time is taken to retrieve all information from a particular
page.
3. Byte Retrieved: Average time is taken to retrieve the first byte of information from the
page.
4. Transaction Response Time: Average time is taken to load or perform transactions
between the applications.
5. Transactions per Second: It takes count of the number of transactions loaded per second
successfully and it also counts the number of failures that occurred.
6. Failure of Connection: It takes count of the number of times that the client faced
connection failure in their system.
7. Failure of System Attempts: It takes count of the number of failed attempts in the
system.
1.3 Volume Testing
It is a type of software testing which is carried out to test a software application with a
certain amount of data. The amount used in volume testing could be a database size or it
could also be the size of an interface file that is the subject of volume testing.
While testing the application with a specific database size, database is extended to that size
and after that the performance of the application is tested. When an application needs
interaction with an interface file this could be either reading or writing the file or same from
the file.
A sample file of the size required is created and then functionality of the application is tested
with that file in order to test the performance. In volume testing a huge volume of data is
acted upon the software.
It is basically performed to analyze the performance of the system by increasing the volume
of data in the database. Volume testing is performed to study the impact on response time
and behavior of the system when the volume of data is increased in the database.
Volume Testing is also known as Flood Testing.
Characteristics of Volume Testing
• Performance of the software decline as passing of the time as there is huge amount of
data overtime.
• Basically the test data is created by test data generator.
• Only small amount of data is tested during development phase.
• The test data need to be logically correct.
• The test data is used to assess the performance of the system.
Objectives of Volume Testing

Dept., of CSE. /III CSE/SEM-VI 11 A.V.C.C.E

UNIT – 4 Prepared By MAV
The objectives of volume testing is:
• To recognize the problems that may be created with large amount of data.
• To check The system’s performance by increasing the volume of data in the database.
• To find the point at which the stability of the system reduces.
• To identify the capacity of the system or application.

Volume Testing Attributes

Following are the important attributes that are checked during the volume testing:
• System’s Response Time: During the volume testing, the response time of the system or
the application is tested. It is also tested whether the system responses within the finite
time or not. If the response time is large then the system is redesigned.
• Data Loss: During the volume testing, it is also tested that there is no data loss. If there is
data loss some key information might be missing.
• Data Storage: During the volume testing, it is also tested that the data is stored correctly
or not. If the data is not stored correctly then it is restored accordingly in proper place.
• Data Overwriting: In volume testing, it is tested that whether the data is overwritten
without giving prior information to the developer. If it so then developer is notified.

Advantages of Volume Testing

• Volume testing is helpful in saving maintenance cost that will be spent on application
maintenance.
• Volume testing is also helpful in a rapid start for scalability plans.
• Volume testing also helps in early identification of bottlenecks.
• Volume testing ensures that the system is capable of real world usage.

Disadvantages of Volume Testing

• More number of skilled resources are needed to carry out this testing.
• It is sometimes difficult to prepare test cases with respect to the number of volume of
data to be tested.
• It is a time consuming technique since it requires lot of time to decide the number of
volume of data and test scenarios.
• It is a bit costly as compared to another testing technique.
• It is not possible to have the exact break down of memory used in the real world
application.

Dept., of CSE. /III CSE/SEM-VI 12 A.V.C.C.E

UNIT – 4 Prepared By MAV

1.4 Fail-Over Testing

Failover testing is designed to check how well the software can recover from such failures.
For example, imagine your computer shuts down unexpectedly. When you restart your
browser, a pop-up asks if you want to restore all the pages you had open. Clicking “Restore”
brings back all the tabs exactly as they were. This process of recovering and restoring the
previous state of the application is what failover testing ensures.
What is Failover Testing?
Failover testing is a method used to check if a system can smoothly allocate additional
resources and back up all its data and processes when something goes wrong, such as a system
failure.
It tests whether the system can handle serious failures and uses backup servers when needed.
Importantly, this type of testing focuses on how the system handles failure, rather than the
physical components like the server hardware.

There are two common configurations for failover testing: active-active and active-
passive standby.
• Active-Active: In this setup, all servers are running and share the load equally.
• Active-Passive Standby: Here, one server takes the main load, and the backup server
remains idle until the primary one fails.

Dept., of CSE. /III CSE/SEM-VI 13 A.V.C.C.E

UNIT – 4 Prepared By MAV
For example, imagine you have three servers. If one of them fails due to a heavy load, there
are two possible outcomes:
1. The failed server restarts on its own and resumes operations.
2. If the failed server cannot be restarted, the remaining servers take over the load and
continue functioning without interruption.
Failover testing verify that the system handles such failures properly, keeping the software
running smoothly even during unexpected issues.

Considerable Factors Before Performing Failover Testing

1. The budget has to be the first thing to be taken into consideration before thinking about
performing the Failover test.
2. The budget is connected to the frameworks that might crash or break down under
pressure/load.
3. Always keep in mind how much time it will take to fix all the issues caused by the failure
of the system.
4. Note down the most likely failures and organize the outcomes according to how much
harm is caused by the failure.
Considerable Factors While Performing Failover Testing
1. Keep a plan of measures to be taken after performing a test.
2. Focus on the execution of the test plan.
3. Set up a benchmark so that performance requirements can be achieved.
4. Prepare a report concerning issue requirements and/or requirements of the asset.

Working of Failover testing

Dept., of CSE. /III CSE/SEM-VI 14 A.V.C.C.E

UNIT – 4 Prepared By MAV
1. Consider the factors: Before performing failover testing like budget, time, team,
technology, etc.
2. Analysis on failover reasons and design solutions: Determine probable failure
situations that the system might experience. Examine the causes of failover, including
software bugs, hardware malfunctions, network problems, etc. It provides fixes for any
flaws or vulnerabilities found in the failover procedure.
3. Testing failover scenarios: It develops extensive test cases to replicate various failover
scenarios. This covers both unplanned failovers (system or component failures) and
scheduled failovers (maintenance). Test cases ought to address many facets of failover,
such as load balancing, user impact, network rerouting, and data synchronization.
4. Executing the test plan: To reduce the impact on production systems, carry out the
failover test plan in a controlled setting. Keep an eye on how the system behaves during
failover to make sure it satisfies the recovery point and recovery time objectives (RPO
and RTO, respectively).
5. Detailed report on failover: Keep a record of the failover testing findings, including any
problems you ran across, how long it took to failover and how it affected customers or
services. Assess problems according to their severity and offer suggestions for
improvements.
6. Necessary actions based on the report: Distribute the report on the failover test to all
pertinent parties, such as project managers, developers, and system
administrators. Determine what needs to be done and prioritize it based on the report’s
conclusions. This might involve fixing found flaws in the system, updating failover
setups or improving the documentation.
Benefits of Failover Testing
1. Determines Vulnerabilities and Weaknesses: Failover testing helps in locating holes
and vulnerabilities in the system by simulating different failure scenarios. Organizations
can address any problems before they have an impact on production settings by taking a
proactive approach.
2. Verifies Redundancy Procedures: Redundancy mechanisms are frequently incorporated
into systems to improve reliability. In order to make sure that these systems such as
redundant servers, databases, or network paths, work flawlessly in the event of a
breakdown, failover testing verifies their efficacy.
3. Improving the User Experience: Consumers anticipate consistent and dependable
service availability. By reducing interruptions and ensuring service availability even in

Dept., of CSE. /III CSE/SEM-VI 15 A.V.C.C.E

 UNIT – 4 Prepared By MAV
the face of unanticipated circumstances, failover testing contributes to the provision of a
positive user experience.
4. Encourages Compliance: Failover testing supports organizations in demonstrating
compliance with these rules by ensuring that systems can recover within prescribed times.
5. Encourages Continuous Improvement: Organizations that regularly test their systems
can learn from each test cycle, fix problems found and upgrade their failover procedures
to meet changing business needs and technological advancements.

Examples of Failover Testing

1. Banking and Financial applications
2. Telecom applications
3. Visa applications
4. Trading applications
5. Emergency service business applications
6. Government applications
7. Defense service-related applications

1.5 Recovery Testing

Recovery Testing is a crucial aspect of software testing focused on ensuring that applications
can recover quickly and effectively from crashes, failures, and unexpected interruptions.
This type of testing verifies the software’s robustness and its ability to restore operations after
a malfunction.
By simulating various failure scenarios, recovery testing helps in identifying potential
weaknesses and ensures that the system can handle unexpected events gracefully. This testing
is essential for maintaining high software reliability and delivering a seamless user
experience.
What is Recovery Testing?
Recovery Testing is a type of software testing that checks how well an application
can recover from crashes, failures, or other unexpected issues. It involves intentionally
causing problems in the software to see if it can quickly and effectively return to normal
operation. This helps ensure the software is reliable and can handle unexpected situations
without losing data or functionality.

Dept., of CSE. /III CSE/SEM-VI 16 A.V.C.C.E

UNIT – 4 Prepared By MAV
Recovery tests for failures include
• Power supply failure
• The external server is unreachable
• Wireless network signal loss
• Physical conditions
• The external device not responding
• The external device is not responding as expected, etc.

Steps to be performed before executing a Recovery Test

1. Recovery Analysis – It is important to analyze the system’s ability to allocate extra

resources like servers or additional CPUs. This would help to better understand the
recovery-related changes that can impact the working of the system. Also, each of the
possible failures, their possible impact, their severity, and how to perform them should be
studied.
2. Test Plan preparation – Designing the test cases keeping in mind the environment and
results obtained in recovery analysis.
3. Test environment preparation – Designing the test environment according to the
recovery analysis results.
4. Maintaining Back-up – Information related to the software, like various states of the
software and database should be backed up. Also, if the data is important, then the
backing up of the data at multiple locations is important.

Dept., of CSE. /III CSE/SEM-VI 17 A.V.C.C.E

UNIT – 4 Prepared By MAV
5. Recovery personnel Allocation – For the recovery testing process, it is important to
allocate recovery personnel who are aware and educated enough for the recovery testing
being conducted.
6. Documentation – This step emphasizes on documenting all the steps performed before
and during the recovery testing so that the system can be analyzed for its performance in
case of a failure.

Example of Recovery Testing

• Example 1: When a system is receiving some data over a network for processing
purposes, we can stimulate software failure by unplugging the system power. After a
while, we can plug in the system again and test its ability to recover and continue
receiving the data from where it stopped.
• Example 2: when a browser is working on multiple sessions, we can stimulate software
failure by restarting the system. After restarting the system, we can check if it recovers
from the failure and reloads all the sessions it was previously working on.

Types of Recovery Testing

• Database Recovery Testing: Evaluate the system’s capacity to recover from corrupted
or malfunctioning databases. In order to test how well the system can restore the database
to a consistent and useful condition, it involves intentionally destroying or damaging it.
• Load and Stress Recovery Testing: Determine how effectively the system bounces back
from variables that affect performance, including heavy loads or stressful situations. It
helps in determining if the system is capable of handling higher loads and in the event
that it cannot, how soon it will resume normal operation after the load is dropped.

Dept., of CSE. /III CSE/SEM-VI 18 A.V.C.C.E

UNIT – 4 Prepared By MAV
• Crash Recovery Testing: Determine how well the system bounces back from a hardware
or software failure. To make sure the system can resume regular operations without
losing data, it can involve unexpected shutdowns, abrupt power failures or a sudden halt
of services.
• Security Recovery Testing: Examine the system’s resilience to security lapses, illegal
access, and other security-related events by conducting security recovery testing. It
guarantees that the system can recover from security breaches and helps discover
loopholes in the security procedures, reducing the impact of any unauthorized access.
• Data Recovery Testing: Evaluate the system’s capacity to restore data following an
unplanned disruption or failure. To make sure that data backups, restoration
procedures and recovery mechanisms are efficient and dependable, this might involve
planned data loss scenarios.
• Environment Recovery Testing: Examine the software’s ability to adjust to changes in
dependencies or configurations in the environment. It guarantees that in the event of
modifications to the underlying structure or environmental circumstances, the system can
recover and go on operating as anticipated.
Advantages of Recovery Testing
• Improves the quality of the system by eliminating the potential flaws in the system so
that the system works as expected.
• Recovery testing is also referred to as Disaster Recovery Testing. A lot of companies
have disaster recovery centers to make sure that if any of the systems is damaged or fails
due to some reason, then there is back up to recover from the failure.
• Risk elimination is possible as the potential flaws are detected and removed from the
system.
• Improved performance as faults are removed, and the system becomes more reliable
and performs better in case a failure occurs.
• Ensures Reliability: Confirms that the software can recover from crashes or failures,
making it more reliable for users.
• Identifies Weaknesses: Helps uncover potential weaknesses or vulnerabilities in the
system that could lead to failures.
• Enhances User Experience: Ensures a smooth user experience by minimizing downtime
and data loss during unexpected events.
• Improves System Stability: Contributes to overall system stability by ensuring it can
handle and recover from disruptions.

Dept., of CSE. /III CSE/SEM-VI 19 A.V.C.C.E

 UNIT – 4 Prepared By MAV
• Supports Business Continuity: Aids in maintaining business operations by ensuring
critical systems can quickly resume functioning after a failure.
• Validates Backup and Recovery Procedures: Tests the effectiveness of backup systems
and recovery procedures, ensuring they work as intended.
• Reduces Costs: By identifying and addressing recovery issues early, it can reduce the
costs associated with system downtimes and data losses.
• Boosts Confidence: Provides stakeholders with confidence in the system’s ability to
handle unforeseen problems.
Disadvantages of Recovery Testing
• Recovery testing is a time-consuming process as it involves multiple steps and
preparations before and during the process.
• The recovery personnel must be trained as the process of recovery testing takes place
under his supervision. So, the tester needs to be trained to ensure that recovery testing is
performed in the proper way. For performing recovery testing, he should have enough
data and back up files to perform recovery testing.
• The potential flaws or issues are unpredictable in a few cases. It is difficult to point
out the exact reason for the same, however, since the quality of the software must be
maintained, so random test cases are created and executed to ensure such potential flaws
are removed.
• Time-Consuming: Simulating failures and ensuring proper recovery can be a lengthy
process, especially for complex systems.
• Resource-Intensive: Requires significant computational and human resources to create
and manage various failure scenarios.
• Complexity: Developing effective recovery test cases can be complicated, as it involves
understanding potential failure points and designing appropriate recovery strategies.
• Costly: Due to the need for specialized tools and resources, recovery testing can be
expensive to implement and maintain.

1.6 Configuration Testing

Configuration Testing is the type of Software Testing that verifies the performance of the
system under development against various combinations of software and hardware to find out
the best configuration under which the system can work without any flaws or issues while
matching its functional requirements.

What is Configuration Testing?

Dept., of CSE. /III CSE/SEM-VI 20 A.V.C.C.E

UNIT – 4 Prepared By MAV
Configuration Testing is the process of testing the system under each configuration of the
supported software and hardware.
Here, the different configurations of hardware and software mean the multiple operating
system versions, various browsers, various supported drivers, distinct memory sizes, different
hard drive types, various types of CPU, etc.
The various configurations are Win XP, Win 7 32/64 bit, Win 8 32/64 bit, Win 10, etc.
1. Database Configuration: Oracle, DB2, MySQL, MSSQL Server, Sybase etc.
2. Browser Configuration: IE 8, IE 9, FF 16.0, Chrome, Microsoft Edge etc.

Objectives of Configuration Testing:

1. Adaptability to Different Configurations: Check that the program’s basic features work
consistently and dependably in all configurations. Testing the behavior of the program
with different setups and settings is part of this process.
2. Evaluation of Stability: Examine the software’s stability under various configurations.
Find and fix any configuration-specific problems that might be causing crashes, unstable
systems or strange behavior.
3. Testing the User Experience: Assess the value and consistency of the user experience
across various setups. Make that the graphical user interface (GUI) of the software
adjusts to various screen sizes, resolutions and display settings.
4. Security Throughout Configurations: To make sure that sensitive data is kept safe, test
the software’s security features in various setups. Determine and fix any vulnerabilities
that might be configuration-specific.
5. Compatibility of Networks: Examine the software’s behavior with various network
setups. Evaluate its compatibility with various network types, speeds and latency.
6. Data Compatibility: Check if the programme can manage a range of data configurations,
such as those from diverse sources, databases and file formats. Verify the consistency and
integrity of the data across various setups.

Configuration Testing Process:

Dept., of CSE. /III CSE/SEM-VI 21 A.V.C.C.E

UNIT – 4 Prepared By MAV
Types of Configuration Testing:
Configuration testing is of 2 types:
1. Software Configuration Testing:
Software configuration testing is done over the Application Under Test with various
operating system versions and various browser versions etc.
It is a time-consuming testing as it takes long time to install and uninstall the various
software which are to be used for testing.
When the build is released, software configuration begins after passing through the unit
test and integration test.
2. Hardware Configuration Testing:
Hardware configuration testing is typically performed in labs where physical machines
are used with various hardware connected to them.
When a build is released, the software is installed in all the physical machines to which
the hardware is attached and the test is carried out on each and every machine to confirm
that the application is working fine.
While doing hardware configuration test, the kind of hardware to be tested is spelled out
and there are several computer hardware and peripherals which make it next to
impossible to execute all the tests.
Configuration Testing can also be classified into following 2 types:
1. Client level testing: Client level testing is associated with the usability and functionality
testing. This testing is done from the point of view of its direct interest of the users.
2. Server level Testing: Server level testing is carried out to determine the communication
between the software and the external environment when it is planned to be integrated
after the release.

1.7 Compatibility Testing

Compatibility testing re-sure that the application functions are correctly across
different platforms, environments, and devices.
It is crucial for identifying issues that could affect user experience and application
performance before release.
What is Compatibility testing?

Dept., of CSE. /III CSE/SEM-VI 22 A.V.C.C.E

UNIT – 4 Prepared By MAV
Compatibility testing is software testing that comes under the non-functional
testing category, and it is performed on an application to check its compatibility (running
capability) on different platforms/environments.
This testing is done only when the application becomes stable. This means simply this
compatibility test aims to check the developed software application functionality on various
software, hardware platforms, networks and browsers, etc.
This compatibility testing is very important in product production and implementation
point of view as it is performed to avoid future issues regarding compatibility.

Types of Compatibility Testing

1. Software
• Testing the compatibility of an application with an Operating
System like Linux, Mac, Windows.
• Testing compatibility on databases like Oracle SQL server, and MongoDB server.
• Testing compatibility on different devices like mobile phones, and computers.
Types based on Version Testing
There are two types of compatibility testing based on version testing
1. Forward compatibility testing: When the behavior and compatibility of software or
hardware are checked with its newer version then it is called forward compatibility
testing.

Dept., of CSE. /III CSE/SEM-VI 23 A.V.C.C.E

UNIT – 4 Prepared By MAV
2. Backward compatibility testing: When the behavior and compatibility of software or
hardware are checked with its older version then it is called backward compatibility
testing.
2. Hardware
Checking compatibility with a particular size of
• RAM
• ROM
• Hard Disk
• Memory Cards
• Processor
• Graphics Card
3. Smartphones
Checking compatibility with different mobile platforms like android, iOS etc.
4.Network
Checking compatibility with different:
• Bandwidth
• Operating speed
• Capacity
How to perform Compatibility testing?
Testing the application in a same environment but having different versions. For
example, to test compatibility of Facebook application in your android mobile.
First check for the compatibility with Android 9.0 and then with Android 10.0 for the
same version of Facebook App.
Testing the application in a same versions but having different environment.
For example, to test compatibility of Facebook application in your android mobile.
First check for the compatibility with a Facebook application of lower version with a
Android 10.0(or your choice) and then with a Facebook application of higher version with a
same version of Android.
Why compatibility testing is important?
• It ensures complete customer satisfaction.
• It provides service across multiple platforms.
• Identifying bugs during development process.
Compatibility Testing Defects
• Variety of user interface.
• Changes with respect to font size.

Dept., of CSE. /III CSE/SEM-VI 24 A.V.C.C.E

 UNIT – 4 Prepared By MAV
• Alignment issues.
• Issues related to existence of broken frames.
• Issues related to overlapping of content.

1.8 Usability Testing

Usability testing is a method used to evaluate the user experience and navigation of
websites, apps, and digital products.

What is Usability Testing?

Usability Testing in software testing is a type of testing, that is done from an end
user’s perspective to determine if the system is easily usable. Usability testing is generally the
practice of testing how easy a design is to use on a group of representative users.
Several tests are performed on a product before deploying it. You need to
collect qualitative and quantitative data and satisfy customers’ needs with the product. A
proper final report is made mentioning the changes required in the product (software).

Usability testing involves evaluating the functionality of a website, app, or digital

product by observing real users as they navigate through it. Typically conducted by
researchers, either in-person or remotely, the aim is to identify any areas of confusion or
difficulty users encounter while completing tasks.
The ultimate goal of usability testing is to uncover pain points in the user experience,
revealing opportunities for improvement. By assessing how efficiently users achieve their
goals within the product, usability testing helps in enhancing its overall functionality and
user satisfaction.

Dept., of CSE. /III CSE/SEM-VI 25 A.V.C.C.E

UNIT – 4 Prepared By MAV

Types of Usability Testing

1. Remote Usability Testing: Participants use a product or website from their own location
while researchers observe and gather feedback remotely. It’s convenient and allows
testing with diverse users without geographical constraints.
2. Moderated Usability Testing: A researcher guides participants through tasks, observes
their interactions, and collects feedback in real-time. It’s helpful for understanding user
behavior and thoughts as they navigate through the product.
3. Unmoderated Usability Testing: Participants complete tasks independently, without
direct guidance from a researcher. They usually record their screen and verbalize their
thoughts while interacting with the product. It’s efficient for gathering feedback from a
large number of users quickly.
4. Comparative Usability Testing: This involves testing multiple versions of a product or
interface to determine which performs better in terms of usability. It helps in making
informed design decisions by identifying strengths and weaknesses of each version.
5. Think-Aloud Testing: Participants verbalize their thoughts and actions as they interact
with the product. This provides insights into their decision-making process and helps
identify usability issues that might not be obvious otherwise.
6. A/B Testing: Also known as split testing, it involves presenting users with two (or more)
versions of a product or interface and measuring which one performs better based on
predefined metrics such as conversion rate or user engagement.

Dept., of CSE. /III CSE/SEM-VI 26 A.V.C.C.E

UNIT – 4 Prepared By MAV
7. Guerrilla Usability Testing: Conducted informally in public spaces or online
communities, often with minimal planning and resources. It’s useful for gathering quick
feedback from a diverse range of users in a natural setting.

Difference between usability testing and user testing

Usability testing and user testing are often confused, but they have different
purposes. Both are part of UX testing, which aims to understand the user experience
comprehensively.
User testing involves real people using a product or service and providing feedback.
It helps understand what users think about the product, how they perceive it, and what their
needs are.
Usability testing, on the other hand, focuses on specific aspects like finding bugs or errors
that affect user flow, checking if users can complete tasks easily, and ensuring they
understand how to navigate the site.

Why is Usability Testing important?

The primary goals of usability testing are
✓ discovering problems (hidden issues) and opportunities,
✓ comparing benchmarks,
✓ comparison against other websites.
The parameters tested during usability testing are
✓ efficiency,

Dept., of CSE. /III CSE/SEM-VI 27 A.V.C.C.E

UNIT – 4 Prepared By MAV
✓ effectiveness,
✓ satisfaction.

Phases of Usability Testing

1. Prepare your product or design to test: The first phase of usability testing is choosing a
product and then making it ready for usability testing. For usability testing, more
functions and operations are required than this phase provided that type of requirement.
Hence, this is one of the most significant phases in usability testing.
2. Find your participants: The second phase of usability testing is finding an employee
who is helping you with performing usability testing. Generally, the number of
participants that you need is based on several case studies. Mostly, five participants can
find almost as many usability problems as you’d find using many more test participants.
3. Write a test plan: This is the third phase of usability testing. The plan is one of the first
steps in each round of usability testing is to develop a plan for the test. The main purpose
of the plan is to document what you are going to do, how you are going to conduct the
test, what metrics you are going to find, the number of participants you are going to test,
and what scenarios you will use.
4. Take on the role of the moderator: This is the fourth phase of usability testing and here
the moderator plays a vital role that involves building a partnership with the participant.
Most of the research findings are derived by observing the participant’s actions and
gathering verbal feedback to be an effective moderator, you need to be able to make
instant decisions while simultaneously overseeing various aspects of the research session.
5. Present your findings/ final report: This phase generally involves combining your
results into an overall score and presenting it meaningfully to your audience. An easy
method to do this is to compare each data point to a target goal and represent this as one
single metric based on the percentage of users who achieved this goal.
Advantages of Usability Testing

Dept., of CSE. /III CSE/SEM-VI 28 A.V.C.C.E

UNIT – 4 Prepared By MAV
Usability testing is preferred to evaluate a product or service by testing it with the proper users.
In Usability testing, the development and design teams will use to identify issues before coding
and the result will be earlier issues will be solved. During a Usability test, you can,
• User-Centric Design: By involving actual users in the testing process, you ensure that
your product or website is designed with their needs and preferences in mind.
• Identifying User Pain Points: Usability testing helps uncover areas where users struggle
or encounter difficulties while interacting with your product. This insight allows you to
address these pain points and improve the overall user experience.
• Optimizing User Interface: Through usability testing, you can evaluate the effectiveness
of your user interface (UI) design, including layout, navigation, and interactive elements.
This enables you to refine and optimize the UI for better usability.
• Enhancing User Satisfaction: By addressing usability issues and making improvements
based on user feedback, you can enhance user satisfaction and loyalty, leading to
increased engagement and retention.
• Reducing Development Costs: Identifying usability issues early in the development
process helps prevent costly redesigns and rework later on. This ultimately saves time and
resources during product development.
Disadvantages of Usability Testing
The biggest cons of usability testing are the cost and time. The more usability testing is
performed, the more cost and time is being used.
• Bias and Subjectivity: Testers’ biases, preferences, and interpretations can influence the
results of usability testing. Additionally, participants may alter their behavior when they
know they are being observed, leading to results that do not accurately reflect real-world
usage.
• Influence of Testing Environment: Usability testing often takes place in controlled
environments, such as labs or testing facilities, which may not accurately replicate the
conditions in which the product will be used. This can impact the validity of the test
results.
• Difficulty in Capturing Emotions and Context: Usability testing may struggle to
capture users’ emotions, motivations, and the context in which they are using the product.
This qualitative aspect of user experience can be challenging to measure objectively.
• Limited Scope of Testing: Usability testing typically focuses on specific tasks or
scenarios, which may not fully capture the overall user experience or uncover all
potential usability issues.

Dept., of CSE. /III CSE/SEM-VI 29 A.V.C.C.E

UNIT – 4 Prepared By MAV
• Difficulty in Identifying Solutions: While usability testing can identify usability
problems, it may not always provide clear solutions or recommendations for
improvement. Additional analysis and interpretation may be required to address identified
issues effectively
Factors Affecting Cost of Usability Testing
The testing cost will depend on the following factors:
1. No. of participants for testing.
2. Number of Days which you need for testing.
3. which type of testing.
4. the size of the team used for testing.
Techniques and Methods of Usability Testing
There are various types of usability testing that when performed lead to efficient software. But
few of them which are the most widely used have been discussed here.
1. Guerilla Testing
It is a type of testing where testers wander to public places and ask random users about the
prototype. Also, a thank gift is offered to the users as a gesture of token. It is the best way to
perform usability testing during the early phases of the product development process. Users
mostly spare 5–10 minutes and give instant feedback on the product. Also, the cost is
comparatively low as you don’t need to hire participants. It is also known as corridor or hallway
testing.
2. Usability Lab
Usability lab testing is conducted in a lab environment where moderators (who ask for
feedback on the product) hire participants and ask them to take a survey on the product. This
test is performed on a tablet/desktop. The participant count can be 8-10 which is a bit costlier
than guerrilla testing as you need to hire participants, arrange a place, and conduct testing.
3. Screen or Video Recording
Screen or video recording kind of testing is in which a screen is recorded as per the user’s
action (navigation and usage of the product). This testing describes how the user’s mind runs
while using a product. This kind of testing involves the participation of almost 10 users for 15
minutes. It helps in describing the issues users may face while interacting with the product.
Generally, there are two studies in usability testing –
1. Moderated – the Moderator guides the participant for the changes required in the
product (software)
2. Unmoderated – There’s no moderator (no human guidance), participants gets a set of
questions on which he/she has to work.

Dept., of CSE. /III CSE/SEM-VI 30 A.V.C.C.E

 UNIT – 4 Prepared By MAV
While performing usability testing, all kinds of biases (be it friendly bias, social bias, etc.)
by the participants are avoided to have honest feedback on the product so as to improve
its durability.
1.9 Testing the Documentation
Testing the document comprising of the following three stages.
1. Before Testing:
Since testing begins with the generation of the test cases. The following documents are
required for reference –
• SRS document – Functional Requirements document.
• Test Policy document – It means the product must be tested far before release.
• Test Strategy document – It mentions detailed aspects of test the team, responsibility
matrix, and rights/responsibilities of the test manager and test engineer.
• Traceability Matrix document – This is SDLC document, that is related to the
requirements-gathering process. As new requirements come, they are added to this
matrix. They can be traced forward and backward. These matrices help testers know the
source of the requirement.
2. During Testing:
While testing is started and is being done, the following documents may be required.
• Test Case document – It contains the list of to-be tests. It includes various testing
like Unit test plan, Integration test plan, System test plan and Acceptance test plan.
• Test description – It is a detailed description of all test cases and procedures for
executing them.
• Test case report – It contains a test case report resulting from the test.
• Test logs – It contains test logs for every test case report.
3. After Testing:
After testing, only the test summary remains which is a collective analysis of all test reports
and logs. The software is released under the version control system if it is ready to launch. It
summarizes and concludes whether the software is ready to launch.
1.10 Security Testing
Security Testing is a type of Software Testing that uncovers vulnerabilities in the
system and determines that the data and resources of the system are protected from possible
intruders.
It ensures that the software system and application are free from any threats or risks
that can cause a loss. Security testing of any system is focused on finding all possible

Dept., of CSE. /III CSE/SEM-VI 31 A.V.C.C.E

UNIT – 4 Prepared By MAV
loopholes and weaknesses of the system that might result in the loss of information or repute
of the organization.

Types of Security Testing

1. Vulnerability Scanning
It is a type of testing that uses automated tools to scan the system for known vulnerabilities and
weaknesses. It aims to detect patterns of vulnerabilities that are commonly exploited by attackers.
By performing vulnerability scans regularly, organizations can proactively address these
vulnerabilities before they become security risks.

2. Security Scanning
It involves identifying weaknesses in the network or system and then providing solutions to
mitigate these risks. It can be performed either manually or automatically, depending on the
complexity of the system. This process helps uncover potential weak points that could be
exploited by attackers, allowing for early intervention to secure the system.
3. Penetration Testing
It simulates an attack from a malicious hacker to identify vulnerabilities in the system. This type
of testing helps organizations understand how an attacker might exploit weaknesses in the
system. By performing penetration testing, organizations can see their system from an attacker’s
perspective and fix vulnerabilities before they are exploited in a real-world attack.
4. Risk Assessment
It involves analyzing the security risks that could affect the organization. Risks are categorized
as low, medium, or high, and this testing suggests controls and measures to minimize those risks.
Risk assessment helps prioritize actions by identifying the most critical threats and focusing
efforts on addressing them first, ultimately improving the overall security posture of the system.

Dept., of CSE. /III CSE/SEM-VI 32 A.V.C.C.E

UNIT – 4 Prepared By MAV
5. Security Auditing
These is an internal inspection of the system to identify security defects. This can involve
reviewing system configurations, checking for weaknesses in the code, or conducting a line-by-
line inspection of the application’s source code. Security audits ensure that all security standards
and protocols are being followed and identify any gaps that need to be addressed.
6. Ethical Hacking
It also known as white-hat hacking, is when security professionals are hired to simulate attacks
on the system to identify vulnerabilities. Unlike malicious hacking, ethical hacking is done with
the organization’s consent to help improve system security. Ethical hackers use the same
techniques as malicious hackers to uncover weaknesses in the system, but their goal is to fix
those flaws before they can be exploited by actual attackers.
7. Posture Assessment
These will combines security scanning, ethical hacking, and risk assessments to provide an
overall view of the system’s security. It gives a comprehensive evaluation of the system’s
security by integrating multiple testing methods, ensuring that no part of the security
infrastructure is overlooked. This assessment helps organizations understand their security
readiness and take necessary actions to strengthen their defenses.
8. Application Security Testing
These Testing focuses specifically on identifying vulnerabilities within the application itself.
This includes examining the application’s code, configurations, and dependencies to identify
flaws that could lead to security breaches. Regular application security testing ensures that the
software does not contain any weaknesses that could be exploited by attackers.
9. Network Security Testing
In these testing targets the vulnerabilities in the network infrastructure, such as firewalls, routers,
and other network devices. This testing is crucial for identifying weaknesses that could allow
unauthorized access to the system. Network security testing helps ensure that the communication
pathways between devices are secure and that sensitive data is protected from cyber threats.
10. Social Engineering Testing
Social Engineering Testing simulates phishing, baiting, or other manipulative techniques used to
exploit human behavior to gain unauthorized access. This type of testing focuses on the human
element of security, ensuring that employees are aware of potential threats and know how to
protect themselves from such attacks. By testing employees with simulated social engineering
attacks, organizations can gauge the effectiveness of their security awareness programs and make
necessary improvements.

Dept., of CSE. /III CSE/SEM-VI 33 A.V.C.C.E

UNIT – 4 Prepared By MAV
In addition to manual methods, tools like Nessus, OpenVAS, and Metasploit can automate
and simplify the process of security testing. These tools help speed up the identification of
vulnerabilities and reduce the risk of human error, making the testing process more efficient.

Types of Security Testing Tools

Principle of Security Testing

1. Confidentiality: verifies that sensitive data is only accessible to authorized users, often
through encryption and access control mechanisms.
2. Integrity: Verifies that data remains unchanged and unaltered during storage or
transmission. Hash functions and checksums are commonly used to guarantee integrity.
3. Authentication: Ensures that only authorized users can access the system. This involves
testing password policies, multi-factor authentication (MFA), and identity verification
mechanisms.
4. Authorization: Verifies that authenticated users can only access the resources and data
they are authorized to use, through mechanisms such as role-based or attribute-based
access control (RBAC and ABAC).
5. Availability: Ensures that the system remains functional and accessible, even under
heavy traffic or during a cyberattack, such as a Distributed Denial of Service (DDoS)
attack.
6. Non-Repudiation: Ensures that users cannot deny their actions in the system. Digital
signatures, audit logs, and transaction records are commonly used to guarantee non-
repudiation.
7. Resilience: Verifies the system’s ability to recover from incidents, such as system crashes
or attacks, by evaluating backup systems and response protocols.
Major Focus Areas in Security Testing
• Authentication and Authorization: Testing the system’s ability to properly authenticate
and authorize users and devices. This includes testing the strength and effectiveness of

Dept., of CSE. /III CSE/SEM-VI 34 A.V.C.C.E

UNIT – 4 Prepared By MAV
passwords, usernames, and other forms of authentication, as well as testing the system’s
access controls and permission mechanisms.
• Network and Infrastructure Security: Testing the security of the system’s network and
infrastructure, including firewalls, routers, and other network devices. This includes
testing the system’s ability to defend against common network attacks such as denial of
service (DoS) and man-in-the-middle (MitM) attacks.
• Database Security: Testing the security of the system’s databases, including testing for
SQL injection, cross-site scripting, and other types of attacks.
• Application Security: Testing the security of the system’s applications, including testing
for cross-site scripting, injection attacks, and other types of vulnerabilities.
• Data Security: Testing the security of the system’s data, including testing for data
encryption, data integrity, and data leakage.
• Compliance: Testing the system’s compliance with relevant security standards and
regulations, such as HIPAA, PCI DSS, and SOC2.
• Cloud Security: Testing the security of cloud.
Advantages
• Identifying vulnerabilities: Security testing helps identify vulnerabilities in the system
that could be exploited by attackers, such as weak passwords, unpatched software, and
misconfigured systems.
• Improving system security: Security testing helps improve the overall security of the
system by identifying and fixing vulnerabilities and potential threats.
• Ensuring compliance: Security testing helps ensure that the system meets relevant
security standards and regulations, such as HIPAA, PCI DSS, and SOC2.
• Reducing risk: By identifying and fixing vulnerabilities and potential threats before the
system is deployed to production, security testing helps reduce the risk of a security
incident occurring in a production environment.
• Improving incident response: Security testing helps organizations understand the
potential risks and vulnerabilities that they face, enabling them to prepare for and respond
to potential security incidents.

Disadvantages of Security Testing

• Resource-intensive: Security testing can be resource-intensive, requiring significant
hardware and software resources to simulate different types of attacks.
• Complexity: Security testing can be complex, requiring specialized knowledge and
expertise to set up and execute effectively.

Dept., of CSE. /III CSE/SEM-VI 35 A.V.C.C.E

 UNIT – 4 Prepared By MAV
• Limited testing scope: Security testing may not be able to identify all types of
vulnerabilities and threats.
• False positives and negatives: Security testing may produce false positives or false
negatives, which can lead to confusion and wasted effort.
• Time-consuming: Security testing can be time-consuming, especially if the system is
large and complex.
• Difficulty in simulating real-world attacks: It’s difficult to simulate real-world attacks,
and it’s hard to predict how attackers will interact with the system.
4.11 Testing in the Agile Environment
Agile Testing is a type of software testing that follows the principles of agile software
development to test the software application. All members of the project team along with
the special experts and testers are involved in agile testing.
Agile testing is not a separate phase and it is carried out with all the development phases
i.e. requirements, design and coding, and test case generation. Agile testing takes place
simultaneously throughout the Development Life Cycle.
Agile testers participate in the entire development life cycle along with development
team members and the testers help in building the software according to the customer
requirements and with better design and thus code becomes possible.
The agile testing team works as a single team towards the single objective of achieving
quality. Agile Testing has shorter time frames called iterations or loops.
This methodology is also called the delivery-driven approach because it provides a
better prediction on the workable products in less duration time.
• Agile testing is an informal process that is specified as a dynamic type of testing.
• It is performed regularly throughout every iteration of the Software Development
Lifecycle (SDLC).
• Customer satisfaction is the primary concern for agile test engineers at some stage in the
agile testing process.
Features of Agile Testing
Some of the key features of agile software testing are:
• Simplistic approach: In agile testing, testers perform only the necessary tests but at the
same time do not leave behind any essential tests. This approach delivers a product that is
simple and provides value.
• Continuous improvement: In agile testing, agile testers depend mainly on feedback and
self-learning for improvement and they perform their activities efficiently continuously.

Dept., of CSE. /III CSE/SEM-VI 36 A.V.C.C.E

UNIT – 4 Prepared By MAV
• Self-organized: Agile testers are highly efficient and tend to solve problems by bringing
teams together to resolve them.
• Testers enjoy work: In agile testing, testers enjoy their work and thus will be able to
deliver a product with the greatest value to the consumer.
• Encourage Constant communication: In agile testing, efficient communication
channels are set up with all the stakeholders of the project to reduce errors and
miscommunications.
• Constant feedback: Agile testers need to constantly provide feedback to the developers
if necessary.
Agile Testing Principles
• Shortening feedback iteration: In Agile Testing, the testing team gets to know the
product development and its quality for each and every iteration. Thus continuous
feedback minimizes the feedback response time and the fixing cost is also reduced.
• Testing is performed alongside Agile testing is not a different phase. It is performed
alongside the development phase. It ensures that the features implemented during that
iteration are actually done. Testing is not kept pending for a later phase.
• Involvement of all members: Agile testing involves each and every member of the
development team and the testing team. It includes various developers and experts.
• Documentation is weightless: In place of global test documentation, agile testers use
reusable checklists to suggest tests and focus on the essence of the test rather than the
incidental details. Lightweight documentation tools are used.
• Clean code: The defects that are detected are fixed within the same iteration. This
ensures clean code at any stage of development.
• Constant response: Agile testing helps to deliver responses or feedback on an ongoing
basis. Thus, the product can meet the business needs.
• Customer satisfaction: In agile testing, customers are exposed to the product throughout
the development process. Throughout the development process, the customer can modify
the requirements, and update the requirements and the tests can also be changed as per the
changed requirements.
• Test-driven: In agile testing, the testing needs to be conducted alongside the
development process to shorten the development time. But testing is implemented after
the implementation or when the software is developed in the traditional process.
Agile Testing Methodologies
Some of the agile testing methodologies are:

Dept., of CSE. /III CSE/SEM-VI 37 A.V.C.C.E

UNIT – 4 Prepared By MAV
1. Test-Driven Development (TDD): TDD is the software development process relying on
creating unit test cases before developing the actual code of the software. It is an iterative
approach that combines 3 operations, programming, creation of unit tests, and
refactoring.
2. Behavior Driven Development (BDD): BDD is agile software testing that aims to
document and develop the application around the user behavior a user expects to
experience when interacting with the application. It encourages collaboration among the
developer, quality experts, and customer representatives.
3. Exploratory Testing: In exploratory testing, the tester has the freedom to explore the
code and create effective and efficient software. It helps to discover the unknown risks
and explore each aspect of the software functionality.
4. Acceptance Test-Driven Development (ATDD): ATDD is a collaborative process
where customer representatives, developers, and testers come together to discuss the
requirements, and potential pitfalls and thus reduce the chance of errors before coding
begins.
5. Extreme Programming (XP): Extreme programming is a customer-oriented
methodology that helps to deliver a good quality product that meets customer
expectations and requirements.
6. Session-Based Testing: It is a structured and time-based approach that involves the
progress of exploratory testing in multiple sessions. This involves uninterrupted testing
sessions that are time-boxed with a duration varying from 45 to 90 minutes. During the
session, the tester creates a document called a charter document that includes various
information about their testing.
7. Dynamic Software Development Method (DSDM): DSDM is an agile project delivery
framework that provides a framework for building and maintaining systems. It can be
used by users, developers, and testers.
8. Crystal Methodologies: This methodology focuses on people and their interactions when
working on the project instead of processes and tools. The suitability of the crystal
method depends on three dimensions, team size, criticality, and priority of the project.
Agile Testing Strategies
1. Iteration 0
It is the first stage of the testing process and the initial setup is performed in this stage. The
testing environment is set in this iteration.
• This stage involves executing the preliminary setup tasks such as finding people for
testing, preparing the usability testing lab, preparing resources, etc.

Dept., of CSE. /III CSE/SEM-VI 38 A.V.C.C.E

UNIT – 4 Prepared By MAV
• The business case for the project, boundary situations, and project scope are verified.
• Important requirements and use cases are summarized.
• Initial project and cost valuation are planned.
• Risks are identified.
• Outline one or more candidate designs for the project.
2. Construction Iteration
It is the second phase of the testing process. It is the major phase of the testing and most of
the work is performed in this phase. It is a set of iterations to build an increment of the
solution. This process is divided into two types of testing:
• Confirmatory testing: This type of testing concentrates on verifying that the system
meets the stakeholder’s requirements as described to the team to date and is performed by
the team. It is further divided into 2 types of testing:
o Agile acceptance testing: It is the combination of acceptance testing and
functional testing. It can be executed by the development team and the
stakeholders.
o Developer testing: It is the combination of unit testing and integration testing
and verifies both the application code and database schema.
• Investigative testing: Investigative testing detects the problems that are skipped or
ignored during confirmatory testing. In this type of testing, the tester determines the
potential problems in the form of defect stories. It focuses on issues like integration
testing, load testing, security testing, and stress testing.
3. Release End Game
This phase is also known as the transition phase. This phase includes the full system testing
and the acceptance testing. To finish the testing stage, the product is tested more relentlessly
while it is in construction iterations. In this phase, testers work on the defect stories. This
phase involves activities like:
• Training end-users.
• Support people and operational people.
• Marketing of the product release.
• Back-up and restoration.
• Finalization of the system and user documentation.
4. Production
It is the last phase of agile testing. The product is finalized in this stage after the removal of
all defects and issues raised.

Dept., of CSE. /III CSE/SEM-VI 39 A.V.C.C.E

UNIT – 4 Prepared By MAV

Agile Testing Quadrants

The whole agile testing process is divided into four quadrants:
1. Quadrant 1 (Automated)
The first agile quadrat focuses on the internal quality of code which contains the test cases
and test components that are executed by the test engineers. All test cases are technology-
driven and used for automation testing. All through the agile first quadrant of testing, the
following testing can be executed:
• Unit testing.
• Component testing.
2. Quadrant 2 (Manual and Automated)
The second agile quadrant focuses on the customer requirements that are provided to the
testing team before and throughout the testing process. The test cases in this quadrant are
business-driven and are used for manual and automated functional testing. The following
testing will be executed in this quadrant:
• Pair testing.
• Testing scenarios and workflow.
• Testing user stories and experiences like prototypes.
3. Quadrant 3 (Manual)
The third agile quadrant provides feedback to the first and the second quadrant. This quadrant
involves executing many iterations of testing, these reviews and responses are then used to
strengthen the code. The test cases in this quadrant are developed to implement automation
testing. The testing that can be carried out in this quadrant are:
• Usability testing.
• Collaborative testing.
• User acceptance testing.
• Collaborative testing.
• Pair testing with customers.

Dept., of CSE. /III CSE/SEM-VI 40 A.V.C.C.E

UNIT – 4 Prepared By MAV
4. Quadrant 4 (Tools)
The fourth agile quadrant focuses on the non-functional requirements of the product like
performance, security, stability, etc. Various types of testing are performed in this quadrant
to deliver non-functional qualities and the expected value. The testing activities that can be
performed in this quadrant are:
• Non-functional testing such as stress testing, load testing, performance testing, etc.
• Security testing.
• Scalability testing.
• Infrastructure testing.
• Data migration testing.

Agile Testing Life Cycle

The agile testing life cycle has 5 different phases:
1. Impact Assessment: This is the first phase of the agile testing life cycle also known as
the feedback phase where the inputs and responses are collected from the users and
stakeholders. This phase supports the test engineers to set the objective for the next phase
in the cycle.
2. Agile Testing Planning: In this phase, the developers, customers, test engineers, and
stakeholders team up to plan the testing process schedules, regular meetings, and
deliverables.
3. Release Readiness: This is the third phase in the agile testing lifecycle where the test
engineers review the features which have been created entirely and test if the features are
ready to go live or not and the features that need to be sent again to the previous
development phase.

Dept., of CSE. /III CSE/SEM-VI 41 A.V.C.C.E

UNIT – 4 Prepared By MAV
4. Daily Scrums: This phase involves the daily morning meetings to check on testing and
determine the objectives for the day. The goals are set daily to enable test engineers to
understand the status of testing.
5. Test Agility Review: This is the last phase of the agile testing lifecycle that includes
weekly meetings with the stakeholders to evaluate and assess the progress against the
goals.

Agile Test Plan

An agile test plan includes types of testing done in that iteration like test data requirements,
test environments, and test results. In agile testing, a test plan is written and updated for
every release. The test plan includes the following:
• Test Scope.
• Testing instruments.
• Data and settings are to be used for the test.
• Approaches and strategies used to test.
• Skills required to test.
• New functionalities are being tested.
• Levels or Types of testing based on the complexity of the features.
• Resourcing.
• Deliverables and Milestones.
• Infrastructure Consideration.
• Load or Performance Testing.
• Mitigation or Risks Plan.
Benefits of Agile Testing
Below are some of the benefits of agile testing:

Dept., of CSE. /III CSE/SEM-VI 42 A.V.C.C.E

UNIT – 4 Prepared By MAV
• Saves time: Implementing agile testing helps to make cost estimates more transparent
and thus helps to save time and money.
• Reduces documentation: It requires less documentation to execute agile testing.
• Enhances software productivity: Agile testing helps to reduce errors, improve product
quality, and enhance software productivity.
• Higher efficiency: In agile software testing the work is divided into small parts thus
developer can focus more easily and complete one part first and then move on to the next
part. This approach helps to identify minor inconsistencies and higher efficiency.
• Improve product quality: In agile testing, regular feedback is obtained from the user
and other stakeholders, which helps to enhance the software product quality.
Limitations of Agile Testing
Below are some of the limitations of agile software testing:
• Project failure: In agile testing, if one or more members leave the job then there are
chances for the project failure.
• Limited documentation: In agile testing, there is no or less documentation which makes
it difficult to predict the expected results as there are explicit conditions and
requirements.
• Introduce new bugs: In agile software testing, bug fixes, modifications, and releases
happen repeatedly which may sometimes result in the introduction of new bugs in the
system.
• Poor planning: In agile testing, the team is not exactly aware of the end result from day
one, so it becomes challenging to predict factors like cost, time, and resources required at
the beginning of the project.
• No finite end: Agile testing requires minimal planning at the beginning so it becomes
easy to get sidetracked while delivering the new product. There is no finite end and there
is no clear vision of what the final product will look like.

4.12 Testing Web and Mobile Applications

4.12.1Web Application Testing
What is Web Application Testing?
The web application testing involves detection of bugs and to ensure that quality of the
websites is maintained. In order to efficiently plan, and conduct web application testing, the
testers should be aware of its complete architecture, and all the critical features.
The web application testing is an integral part of complete verification of the software.
It includes the validation of all the web features, parameters, browser compatibility etc. It

Dept., of CSE. /III CSE/SEM-VI 43 A.V.C.C.E

UNIT – 4 Prepared By MAV
evaluates the web errors with respect to all the errors of the total software. It is mandatory to
execute the web application test cases on the different browsers, and operating systems.
Types of web application testing
1. Static Web Based Testing
It involves a static web application where the displayed content is identical to the one
which is saved in the server. This type of application contains a very attractive graphical user
interface, but it only supports the static contents. The static web based testing is only focussed
on verifying the UI which includes the font type and size, color, width, forms, URLs etc which
are normally the part of a normal website.
2. Dynamic Web Based Testing
It involves verification of both the front end and back end components of the websites.
This type of testing consists of checking the dynamic updates on the web as per the customer
requirements. It is mainly focussed on verifying whether the changes made in the frontend are
in sync with the backend and vice-versa.
3. E-commerce Web Based Testing
An e-commerce website undergoes complex testing as it is composed of multiple
screens. This type of testing comprises verification of individual modules as well as interaction
among various modules to perform a successful transaction for the customer.
For example, the testing includes validation of individual modules namely login,
payment, product search as well as validation of the complete workflow required to perform a
successful transaction.

How to Execute Web Application Testing?

The software web application testing can be executed by the ways listed below −
Step 1 − The software web application testing should comprise the verification of the frontend,
backend, firewalls, internet protocols and all other entities that are required to run the website
on the server.
Step 2 − Verify if all the screens possess the correct URL or links.
Step 3 − Verify if the web application under test is compatible with other systems.
Step 4 − Verify if all the dimensions of the images and displays are appropriate for all kinds of
end users.
Step 5 − Verify the security features of the website.
Step 6 − Verify all the details on the analytics of the websites.
Step 7 − Verify if all the customer contact information is correctly updated on the website.
Objectives of Software Web Application Testing

Dept., of CSE. /III CSE/SEM-VI 44 A.V.C.C.E

UNIT – 4 Prepared By MAV
The objectives of the web application testing are listed below −
• The web application testing ensures that all the features and functionalities of the
software works as per the requirements. It also validates whether the form submissions,
navigations on the application etc are proper.
• The web application testing verifies the compatibility of the web applications in various
browsers, devices, platforms etc. It also confirms whether the application under test is
functional within a range of parameters.
• The web application testing checks the performance, reliability, robustness, and
responsiveness of the software hosted on the web. It also identifies all the performance
issues such as slow page loads, very high response time etc.
• The web application testing measures the maximum amount of load or transactions that
the website is able to handle at a time. It is mainly focussed on determining if there are
performance degradation in the events of huge traffic.
• The web application testing ensures that the website is built following the accessibility
rules such as WCAG. It guarantees that it can be used by users having various
disabilities. It basically tests whether the application under test supports the assistive
technologies.
• The web application testing is used to perform the cross browser testing. It checks if
there are issues while the website is launched with a particular browser.

4.12.2Mobile Application Testing

Mobile Application Testing refers to the process of evaluating the functionality,
usability, and performance of mobile apps across various devices and platforms to ensure
they meet quality standards and deliver a seamless user experience.
It encompasses testing aspects such as functionality, compatibility, security, and user
interface to identify and rectify issues before the app's release.

What is Mobile Application Testing?

Mobile Application Testing is an important process in software development that
focuses on ensuring the quality, functionality, usability, security, and performance of mobile
applications across various devices and platforms.
It involves a series of testing activities aimed at identifying and fixing defects or
issues before the application is released to end-users. Here's a detailed explanation of mobile
application testing:
Types of Mobile Applications:

Dept., of CSE. /III CSE/SEM-VI 45 A.V.C.C.E

UNIT – 4 Prepared By MAV
• Native Apps: Developed for a specific platform (e.g., iOS, Android) using platform-
specific programming languages and APIs.
• Web Apps: Accessed through mobile web browsers and often built using web
technologies like HTML5, CSS, and JavaScript.
• Hybrid Apps: Combine elements of both native and web apps, typically using web
technologies but wrapped in a native shell for distribution.

Why is Mobile Testing Important?

1. Cost-Effectiveness: After an app is released, resolving bugs and issues can be expensive
and time-consuming. Early and frequent testing helps identify problems early in the
development process, which lowers the cost of addressing them afterward.
2. Brand Reputation: A malfunctioning or poor app can harm a company's standing by
generating unfavorable comments and diminishing consumer confidence. Testing
preserves the reputation of the brand by assisting in ensuring a great user experience.
3. Diverse Environment: With a vast array of devices, operating systems, screen sizes, and
network configurations, the mobile environment is extremely diverse. Through testing,
the app's functionality throughout this diversity is ensured, offering a consistent user
experience.
4. User Expectations: When it involves the functionality, dependability, and overall
performance of apps, cellular customers have excessive requirements. By spotting and
resolving problems before they affect the user experience, testing assists in living up to
these expectations.
5. Industry Competition: Thousands of apps are fighting for users' attention in the fiercely
competitive app industry. Superior applications that offer a smooth user experience have
a higher chance of standing out, drawing in, and keeping users.

Approaches to Test the Mobile Application

1. Manual Testing
• Exploratory testing: It involves testers experimenting with the program to find bugs
without using pre-defined test cases.
• Ad Hoc Testing: To find issues rapidly, testers do impromptu tests without a hard and
fast methodology.
• Usability testing: To ensure the software program lives as much as consumer
expectancies, testers determine the user interface, navigation, and standard consumer
experience.

Dept., of CSE. /III CSE/SEM-VI 46 A.V.C.C.E

UNIT – 4 Prepared By MAV
2. Automation Testing
• Functional Testing: To test the application's functionality across a range of scenarios
and user interactions, automation scripts are written.
• Regression Testing: To ensure that new updates do not add any new issues or destroy
contemporary capability, automatic tests are performed again after each code exchange.
• Testing for Compatibility: Automation scripts are used to check if an application is
compatible with various hardware, operating systems, and screen sizes.
3. Beta Testing
• Before the app's official release, a small set of actual users are given access to a limited
version of it through beta testing. Beta tester's feedback is useful in locating flaws,
usability problems, and potential improvement areas.
4. Testing of Devices
• Real Device Testing: To guarantee realistic performance and behavior, the app is tested
on real devices, taking into account elements like hardware capabilities and device-
specific features.
• Emulator/Simulator Testing: The application is evaluated using simulated devices that
replicate real-world functionality. For testing Android apps, emulators are utilized, whilst
simulators are utilized for testing iOS apps.

Advantages of Mobile Testing Automation

1. Increased Accuracy: Automated tests reduce the opportunity of lacking errors or
inconsistencies that could stand up with manual testing by way of cautiously carrying out
predetermined approaches and inspections.
2. More Comprehensive Test Coverage: Compared to manual testing, automated testing
may cover a larger range of test scenarios and settings, such as various devices, operating
systems, screen sizes, and network circumstances. This results in more thorough test
coverage.
3. Enhanced Efficiency: As automated tests can also execute extensively more quickly than
manual tests, comments on the functionality, compatibility, and performance of the app
may be obtained more fast.
4. Consistency: Compared to manual testing, automated tests ensure constant testing and
decrease the danger of human errors via constantly executing equal strategies and checks.
5. Cost Savings: By lowering the requirement for manual testing resources and speeding up
time-to-market, automated testing can result in significant cost savings over time, even if
it may initially involve an investment in tools and infrastructure.

Dept., of CSE. /III CSE/SEM-VI 47 A.V.C.C.E