Month 2: Advanced Testing Techniques & Tools (Days 31–60)

In this chunk, we discuss three important types of testing: smoke testing, sanity testing, and regression testing.

• Smoke Testing: This is a preliminary test to check if the most crucial features of a product are working. Think of it as a 'health check' for software. For instance, if you're testing a banking app, a smoke test might check if you can log in and view your balance.
• Sanity Testing: This involves testing specific functionalities after bug fixes to ensure that they work as intended. An example might be to check if the login button functions properly after a fix was implemented.
• Regression Testing: This is done to confirm that recent changes haven’t negatively impacted existing features. For example, after adding a new feature like account transfers, regression testing would involve executing previous tests to confirm that the login functionality still works as expected.

Each of these testing types plays a critical role in ensuring the software maintains quality throughout its development.

This chunk focuses on two critical testing types: integration testing and system testing.

• Integration Testing: This type of testing verifies that different modules or services within an application function correctly when combined. For instance, you might check that the 'payments' module correctly communicates with the 'order' module to ensure that products can be purchased seamlessly.
• System Testing: Unlike integration testing, which focuses on interactions between modules, system testing evaluates the complete system's compliance with specified requirements. An example would involve testing the entire e-commerce site, ensuring that users can browse products, add items to their cart and complete purchases without issues.

In this section, we take a closer look at User Acceptance Testing (UAT), Alpha testing, and Beta testing.

• UAT (User Acceptance Testing): Conducted at the end of the development process, UAT involves real users testing the software to ensure it meets their needs and requirements. This is crucial because the users ultimately decide if the software is ready for general use.
• Alpha Testing: This is an internal test conducted by developers or quality assurance experts in a controlled environment before the product is released to a select group of users for real-world testing.
• Beta Testing: This is the phase where a product is released to a limited audience outside of the company for testing in a real-world scenario. Feedback from beta tests can help identify issues that weren't discovered during earlier tests.

This chunk covers exploratory testing and ad-hoc testing, both of which are less structured than traditional testing methods.

• Exploratory Testing: In this testing approach, testers actively explore the functionalities of the application without predefined tests. They rely on their intuition and experience, which can often uncover issues that standard testing may miss.
• Ad-hoc Testing: Similar to exploratory testing, but typically less formal and unplanned. It's often done without any documentation, focusing on finding defects based on the tester's experience and instincts.

In this chunk, students are tasked with creating a regression test suite focused on a web application.

• Regression Test Suite: A set of tests designed to ensure that recent code changes haven't adversely affected existing functionality.
  Students will write five test cases that cover key functionalities of the web app. After writing the test cases, they will execute them to confirm that everything works as intended and report any findings.

In this chunk, we explore static testing methods like reviews and walkthroughs. Static testing allows the identification of potential issues before executing code.

• Static Testing: This method focuses on evaluating documents such as requirements or code for problems without executing the program. For instance, QA might be tasked with checking a requirements document for missing or unclear specifications.
• Reviews vs. Walkthroughs: A review is a formal process where documents are evaluated by several stakeholders, while a walkthrough is a more informal process where a single person explains their work to others to gather feedback.

This section discusses two essential test design techniques: decision table testing and state transition testing.

• Decision Table Testing: This is a testing technique used to identify and represent different input conditions and the corresponding output results in a tabular format. For instance, if you have a login system, you could create a decision table that includes valid and invalid credentials and outlines the expected outcomes.
• State Transition Testing: This focuses on testing the transitions between different states of the system. For example, a ticket booking system might transition from a 'available' state to 'booked', and testing would ensure that the system behaves correctly during each transition.

In this chunk, we delve into use case testing and user story mapping, which aid in understanding user interactions with the system.

• Use Case Testing: This method focuses on validating the behavior of a system as it relates to user interactions in specific scenarios. For instance, a test case might focus on how a user interacts with a 'forgot password' feature in an app.
• User Story Mapping: This technique visually represents the steps a user takes to achieve a goal within the application. It helps teams understand user needs and prioritize features based on user journeys.

This section covers risk-based testing strategies and the traceability matrix, which are essential for effective test planning.

• Risk-Based Testing: This approach prioritizes testing efforts based on the risks associated with different functionalities. For example, in a payment system, functions that handle financial transactions might be tested more rigorously because they carry a higher risk of failure.
• Traceability Matrix: This is a tool used to trace requirements to their corresponding test cases. For instance, if you have several user login requirements, each would be linked to specific tests that validate those requirements.

In this final chunk of Week 6, students are encouraged to apply various test design techniques in a practical setting.

• Test Design Techniques Project: In this project, students will utilize what they've learned about decision tables, state transitions, and traceability matrices to create comprehensive test cases for a hypothetical application.
  This project not only consolidates knowledge but also promotes hands-on experience, which is crucial for real-world QA roles.

This chunk introduces JIRA, a popular tool for test management in software development.

• JIRA: JIRA is primarily used for tracking project progress by managing tasks, bugs, and test cases throughout the software development lifecycle. It allows QA teams to document bugs thoroughly, including essential details like steps to reproduce, descriptions, and expected results, ensuring developers can understand and fix issues effectively.

In this section, we discuss tools that are specifically designed for test management.

• TestRail, Zephyr, and qTest: These are advanced tools to manage the entirety of testing processes. They provide functionalities to formulate test cases, manage test execution, track results, and generate comprehensive reports for analysis. Using such specialized tools benefits QA teams by promoting efficiency and organization throughout the testing lifecycle.

In this hands-on module, students gain practical experience in test execution and reporting using a test management tool such as TestRail.

• Executing Test Cases: Execution involves running the previously defined test cases in the application to check if they pass or fail. The outcomes are then logged for analysis.
• Generating Reports: After execution, students will create reports that summarize the results of the tests, providing insights into the application's quality and areas needing attention.

This chunk focuses on the essential practices for effective defect tracking.

• Defect Tracking Best Practices: For effective tracking of defects, it’s crucial to provide as much detail as possible, including clear descriptions of what the issue is, steps to reproduce it, expected versus actual results, and adding attachments such as screenshots. Prioritization of defects based on their severity and impact on the project is also important for which issues need immediate attention versus those that can wait.

In this project, students apply their knowledge of JIRA to manage a complete test cycle.

• Managing a Test Cycle: Students will create a new test cycle in JIRA, populate it with relevant test cases, and log defects encountered during testing. This exercise simulates the workflow that a QA team experiences, allowing for practical exposure to real-world scenarios and tools.

This chunk introduces foundational concepts of performance testing, focusing on both load and stress testing.

• Performance Testing: This testing type assesses how a system performs under normal and peak conditions.
• Load Testing checks if the application can handle expected user traffic without performance degradation. For instance, testing how the e-commerce site performs when 1,000 users are logged in simultaneously.
• Stress Testing goes further by stressing the application beyond normal operational capacity to evaluate its resilience under extreme conditions or loads.

In this section, we explore JMeter, a widely used tool for performance testing.

• JMeter: A powerful open-source tool designed to load test functional behavior and measure performance. For instance, you can create a script in JMeter to simulate 500 users attempting to log in simultaneously, helping to identify bottlenecks or failures in the application before it goes live.

This chunk discusses security testing and its crucial role in the software development lifecycle.

• Security Testing: The goal is to reveal vulnerabilities in the application that could be exploited by malicious users. It involves various techniques to ensure data integrity and confidentiality.
  Common vulnerabilities include SQL injection, where attackers can manipulate database queries to access sensitive data, and weak authentication, which allows unauthorized access due to insecure login routines.

In this section, we dive into some of the most critical security vulnerabilities outlined by the OWASP (Open Web Application Security Project) Top 10 list.

• OWASP Top 10: This list highlights the ten most critical security risks to web applications. Common examples include:
• Cross-Site Scripting (XSS): This vulnerability allows attackers to inject malicious scripts into web pages viewed by other users.
• SQL Injection: This involves manipulating and executing arbitrary SQL commands through input fields to gain unauthorized access to data.

In this final chunk of Month 2, students put their skills into practice with performance and security testing.

• Performance Test Plan: Students design a comprehensive plan that outlines how they will conduct performance testing on an application. This plan will detail load scenarios, metrics for measurement, and expected outcomes.
• Security Test Cases: Students draft specific test cases aimed at identifying vulnerabilities, allowing them to practice applying what they have learned about security testing techniques.