The Lazy Coders Way to Agile Testing, Scrum

Programming
To understand the concept of agile testing, first let's understand-

What is Agile?
AGILE is a methodology that promotes continuous iteration of development and testing
throughout the software development life cycle of the project. Both development and testing
activities are concurrent unlike the Waterfall method.
I hope we got an idea of Agile!!! Now, we can step on to Agile Testing.

What is Agile Testing?

Unlike the WaterFall method , Agile Testing can begin at the start of the project with continuous
integration between development and testing. Agile Testing is not sequential (in the sense its
executed only after coding phase) but continuous.
Agile team works as single team towards a common objective of achieving Quality .Agile Testing
has shorter time frames called iterations (say from One to Four weeks ). This methodology is also
called release or delivery driven approach since it gives better prediction on the workable
products in short duration of time.

Methodologies of Agile Testing

There are various methodologies present in agile testing and those are listed below:

Scrum
SCRUM is an agile development method which concentrates particularly on how to manage tasks
within a team based development environment. Basically, Scrum is derived from activity that

occurs during rugby match. Scrum believes in empowering the development team and advocates
working in small teams (say- 7 to 9 members). It consists of three roles and their responsibilities
are explained as follows:

Scrum Master
o

Master is responsible for setting up the team, sprint meeting and removes obstacles to
progress

Product owner
o

The Product Owner creates product backlog, prioritizes the backlog and is responsiblefor
the delivery of the functionality at each iteration

Scrum Team
o

Team manages its own work and organizes the work to complete the sprint or cycle

Product Backlog
This is repository where requirements are tracked with details on the no of requirements to be
completed for each release. It should be maintained and prioritized by scrum master and it should
be distributed to the scrum team. Team can also request for new requirement addition or
modification or deletion

Phases of Scrum testing:

There are three phases of scrum testing ,elaborated as follows:

Test Design
o

User stories are used for development of test cases .User stories are written by the product
owner. User stories are short description of functionalities of the System Under Test.
Example for Insurance Provider is - Premium can be paid using online system

Test Cases are developed based on user stories which should be approved by business
analysts and the customers

Test Execution
o

Test execution is carried out in a lab where both tester and developer work hand in hand.

Defect are logged in Defect Management tool which are tracked on a daily basis. Defects
can be discussed during scrum meeting

Defects are retested as soon as it is fixed and deployed for testing

Test Automation
o

This also gains importance due to short delivery timelines

Test Automation can be achieved by utilizing various opensource or paid tools available
in the market .

This proves effective in ensuring that everything that needs to be tested was covered.
Sufficient Test coverage can be achieved with the close interaction with the team.

Managing
o

Sprint(Cycle) meeting is held at the beginning to decide the scope of sprint, understand
the product backlog, task estimates and assignments

Daily 15 minutes meeting will be held where participants answer three questions.

Last 24 hours tasks

Plan for next 24 hours tasks

What are all obstructions of the tasks?

Sprint Burn down Charts

Each day, Scrum Master records the estimated remaining work for the sprint. This is nothing but
the Burn Down Chart. It is updated daily.

Scrum Practices
Practices are described in detailed:

Process flow of Scrum:

Process flow of scrum testing is as follows:

Each iteration of a scrum is known as Sprint

Product backlog is a list where all details are entered to get end product

During each Sprint, top items of Product backlog are selected and turned into Sprint backlog

Team works on the defined sprint backlog

Team checks for the daily work

At the end of sprint, team delivers product functionality

eXtreme Programming (XP)

This is a light weight agile testing methodology in which development and testing happen in
parallel. Business requirements are gathered in terms of stories. All those stories are stored in a
place called parking lot.
In this type of methodology, releases are based on the shorter cycles called Iterations with span of
14 days time period. Each iteration include phases like coding, unit testing and system testing
where at each phase some minor or major functionality will be built in the application.

Phases of eXtreme programming:

There are 6 phases available in Agile XP method and those are explained as follows:

Planning

Identification of stakeholders and sponsors

Infrastructure Requirements

Security related information and gathering

Service Level Agreements and its conditions

Analysis

Capturing of Stories in Parking lot

Prioritize stories in Parking lot

Scrubbing of stories for estimation

Define Iteration SPAN(Time)

Resource planning for both Development and QA teams

Design

Break down of tasks

Test Scenario preparation for each task

Regression Automation Framework

Execution

Coding

Unit Testing

Execution of Manual test scenarios

Defect Report generation

Conversion of Manual to Automation regression test cases

Mid Iteration review

End of Iteration review

Wrapping

Small Releases

Regression Testing

Demos and reviews

Develop new stories based on the need

Process Improvements based on end of iteration review comments

Closure

Pilot Launch

Training

Production Launch

SLA Guarantee assurance

Review SOA strategy

Production Support

There are two story boards available to track the work on a daily basis and those are listed below
for reference.

Story Cardboard
o

This is traditional way of collecting all the stories in a board in the form of stick notes to
track daily XP activities. As this manual activity involves more effort and time, it is better
to switch to online form.

Online Story board

o

Online tool Storyboard can be used to store the stories .This can be used by several teams
for different purposes.

Difference between Scrum and XP Testing:

XP Testing

Scrum Testing

Engineering practices like test driven development,

Managing of requirements or requested

refactoring, pair programming, etc...

features

Stories are used as single line requirements

User Stories are used as requirements

Stories are stored in Parking lot

Stories are stored in Product backlog and

Sprint backlog

Iteration is used in XP testing

Iteration is termed as Sprint

Iteration period is for 14 days max

Iteration period is for 30 days

Requirement changes are accepted during iteration

Mid and end of Iteration review meetings

Requirements changes are acceptable

after the current iteration
Daily scrum meeting

Scrum and eXtreme are the popular Agile methodologies. Below listed methodologies are used
less frequently
Dynamic System Development Method (DSDM)

This is an Iterative and incremental approach that emphasizes on the continuous user
involvement.

Test Driven Development (TDD)

This is a technique which has short iterations where new test cases covering the desired
improvement or new functionality are written first.

Feature Driven Development

This is an iterative and incremental software development process.

XBreed

Agile enterprise previously known as Xbreed .It is agile way of managing, architecting and
monitoring the enterprise.

Crystal

Crystal is an adaptive technique mainly used for software development methodologies.

Agile metrics:
Metrics that can be collected for effective usage of Agile is:

Drag Factor
o

Effort in hours which do not contribute to sprint goal

Drag factor can be improved by reducing number of shared resources, reducing the
amount of non-contributing work

New estimates can be increased by percentage of drag factor -New estimate = (Old
estimate+drag factor)

Velocity
o

Amount of backlog converted to shippable functionality of sprint

No of Unit Tests added

Time taken to complete daily build

Bugs detected in an iteration or in previous iterations

Production defect leakage

Conclusion:
Agile testing involves testing as early as possible in software development life cycle. It demands
high customer involvement and testing code as soon as it becomes available. The code should be
stable enough to take it to system testing. Extensive regression testing can be done to make sure
that the bugs are fixed and tested. Mainly, Communication between the teams makes agile testing
success!!!

What Everybody Ought to Know About - Testing

Methodology
To begin with , lets understand -

What is a Software Methodology?

A methodology is a package of methods. In simple words , it's a bundle of practical
ideas and proven practises which help in efficient software project management.
Software Test Methodology : The important Software Test Methodologies are discussed
below...

Waterfall model

What is it?
In the waterfall model ,software development progress through various phases like Requirements
Analysis , Design etc - sequentially.
In this model, next phase begins only when the earlier phase is completed.
What Is The Testing Approach?
The first phase in waterfall model is the requirements phase in which all the project requirements
are completely defined before starting the testing. During this phase , the test team brainstorms
the scope of testing , test strategy and drafts a detailed test plan.
Only once the design of software is complete, the team will move on to execution of the test
cases to ensure that the developed software behaves as it expected.
In this methodology, the testing team proceeds to the next phase only when the previous phase is
completed.

Advantages
This model is very simple to plan and manage. Hence, projects where requirements are clearly
defined and stated beforehand can be easily tested using waterfall model.
Disadvantages

In the waterfall model , you can begin with the next phase only once the previous phase is
completed. Hence , this model cannot accommodate unplanned events and uncertainty.
This methodology is not suitable for projects where the requirements change frequently.

Iterative development

What is it?
In this model , a big project is divided into small parts , and each part is subjected to multiple
iterations of the waterfall model. At the end of iteration, a new module is developed or an existing
module is enhanced. This module is integrated into the software architecture and the entire
system is tested all together
What is the testing Approach?
As soon as iteration is completed, the entire system is subjected to testing. Feedback from testing
is immediately available and is incorporated in next cycle. The testing time required in successive
iteration can be reduced based on the experience gained from past iterations.

Advantages
The main advantage of iterative development is the test feedback is immediately available at the
end of each cycle.
Disadvantages
This model increases communication overheads significantly since at the end of each cycle,
feedback about deliverables , effort etc must be given.

Agile methodology

What is it ?
Traditional software development methodologies work on the premise that software
requirements remain constant throughout the project. But with increase in complexity , the
requirements undergo numerous changes and continuously evolve. At times, the customer himself
is not sure what he wants. Though iterative model addresses this issue, it's still based on the
waterfall model.
In Agile methodology , software is developed in incremental, rapid cycles. Interactions
amongst customers, developers and client are emphasized rather than processes and tools. Agile
methodology focuses on responding to change rather than extensive planning.

What Is The Testing Approach?

Incremental testing is used in agile development methods and hence, every release of the project
is tested thoroughly. This ensures that any bugs in the system are fixed before the next release.

Advantages
It is possible to make changes in the project at any time to comply with the requirements.
This incremental testing minimizes risks.
Disadvantages
Constant client interaction means added time pressure on all stake holders including the client
themselves , software development and test teams .

Extreme programming

What is it?
Extreme programming is a type of agile methodology which believes in short development
cycles. A project is divided into simple engineering tasks. Programmers code a simple piece of
software and get back to customer for feedback. Review points from the customer are
incorporated and the developers proceed with the next task.

In extreme programming developers usually work in pairs.

Extreme Programming is used in places where customer requirements are constantly changing.
What Is The Testing Approach?
Extreme programming follows a Test-driven development which is described as follows 1. Add a test case to the test suite to verify the new functionality which is yet to be developed
2. Run all the tests and obviously the new test case added must fail since the functionality is
not coded yet
3. Write some code to implement the feature/functionality
4. Run the test suite again .This time , the new test case should pass since the functionally has
been coded
Advantages
Customers having a vague software design in mind could use extreme programming
Continuous testing and continuous integration of small releases ensure software code is delivered
is of high quality
Disadvantages
Meetings amongst the software development team and clients add to time requirements.

Which Software Methodology to choose ?

There are tons of methodologies available for software development and its corresponding
testing. Each methodology is designed for a specific purpose and has its relative merits and demerits.
Selection of a particular methodologies depends on many factors such as the nature of project,
client requirement, project schedule , etc.
From a testing perspective, some methodologies push for testing input early in the development
life cycle , while others wait until a working model of the system is ready.

How to setup software testing methodologies?

Software testing methodologies should not be setup just for the sake of testing software code. The
big picture should be considered and the prime goal of the project should be satisfied by the
testing methodology.

Scheduling
Realistic scheduling is the key to the implementation of successful testing methodology and the
schedule should meet the needs of every member of the team.
Defined deliverables
In order to keep all the members of the team on the same page, well defined deliverables should
be provided. The deliverables should contain direct content without any ambiguity.
Test approach
Once scheduling is complete and defined deliverables are made available, the testing team should
be able to formulate the right test approach. Definition documents and developer meetings should
indicate the team about the best test approach that can be used for the project.
Reporting
Transparent reporting is very difficult to achieve, but this step determines the effectiveness of the
testing approach used in the project.

Cyclomatic complexity and its Applications

To understand Cyclomatic Complexity , lets first understand -

What is Software Metric?

Measurement is nothing but quantitative indication of size / dimension / capacity of an attribute
of a product / process.
Software metric is defined as a quantitative measure of an attribute a software system possesses
with respect to Cost, Quality, Size and Schedule.
ExampleMeasure - No. of Errors
Metrics - No. of Errors found per person

What is Cyclomatic Complexity?

Cyclomatic complexity is a software metric used to measure the complexity of a program. These
metric, measures independent paths through program source code.
Independent path is defined as a path that has atleast one edge which has not been traversed
before in any other paths.
Cyclomatic complexity can be calculated with respect to functions, modules, methods or classes
within a program.
This metric was developed by Thomas J. McCabe in 1976 and it is based on a control flow
representation of the program. Control flow depicts a program as a graph which consists of Nodes
and Edges.
In the graph, Nodes represent processing tasks while edges represent control flow between the
nodes.

Flow graph notation for a program:

Flow Graph notation for a program is defines . several nodes connected through the edges.
Below are Flow diagrams for statements like if-else, While, until and normal sequence of flow.

Mathematical representation:
Mathematically, it is set of independent paths through the graph diagram. The complexity of the
program can be defined as V(G) = E - N + 2
Where,
E - Number of edges
N - Number of Nodes
V (G) = P + 1
Where P = Number of predicate nodes (node that contains condition)
Example ?
1

i = 0;

2
3

n=4; //N-Number of nodes present in the graph

4
5
6

while (i<n-1) do

j = i + 1;

8
9

while (j<n) do

10
11 if

A[i]<A[j] then

12
13 swap(A[i],

A[j]);

14
15 end

do;

16
17 i=i+1;
18
19 end

do;

Flow graph for this program will be

Computing mathematically,

V(G) = 9 - 7 + 2 = 4

V(G) = 3 + 1 = 4 (Condition nodes are 1,2 and 3 nodes)

Basis Set - A set of possible execution path of a program

1, 7

1, 2, 6, 1, 7

1, 2, 3, 4, 5, 2, 6, 1, 7

1, 2, 3, 5, 2, 6, 1, 7

Properties of Cyclomatic complexity:

Following are the properties of Cyclomatic complexity:

1. V (G) is the maximum number of independent paths in the graph
2. V (G) >=1
3. G will have one path if V (G) = 1
4. Minimize complexity to 10

How this metric is useful for software testing?

Basis Path testing is one of White box technique and it guarantees to execute atleast one
statement during testing. It checks each linearly independent path through the program, which
means number test cases, will be equivalent to the cyclomatic complexity of the program.
This metric is useful because of properties of Cyclomatic complexity (M) 1. M can be number of test cases to achieve branch coverage(Upper Bound)
2. M can be number of paths through the graphs.(Lower Bound)
Consider this example ?
1

If (Condition 1)

2
3

Statement 1

4
5

Else

6
7

Statement 2

8
9

If (Condition 2)

10
11 Statement

12
13 Else
14
15 Statement

Cyclomatic Complexity for this program will be 9-7+2=4.

As complexity has calculated as 4, four test cases are necessary to the complete path coverage for
the above example.

Steps to be followed:
The following steps should be followed for computing Cyclomatic complexity and test cases
design.
Step 1 - Construction of graph with nodes and edges from the code
Step 2 - Identification of independent paths
Step 3 - Cyclomatic Complexity Calculation
Step 4 - Design of Test Cases
Once the basic set is formed, TEST CASES should be written to execute all the paths.

More on V (G):
Cyclomatic complexity can be calculated manually if the program is small. Automated tools need
to be used if the program is very complex as this involves more flow graphs. Based on
complexity number, team can conclude on the actions that need to be taken for measure.
Following table gives overview on the complexity number and corresponding meaning of v (G):

Complexity Number

Meaning
Structured and well written code

1-10

High Testability
Cost and Effort is less
Complex Code

10-20

Medium Testability
Cost and effort is Medium
Very complex Code

20-40
Low Testability

Cost and Effort are high

Not at all testable
>40
Very high Cost and Effort

Tools for Cyclomatic Complexity calculation:

Many tools are available for determining the complexity of the application. Some complexity
calculation tools are used for specific technologies. Complexity can be found by the number of
decision points in a program. The decision points are if, for, for-each, while, do, catch, case
statements in a source code.
Examples of tools are

OCLint - Static code analyzer for C and Related Languages

devMetrics - Analyzing metrics for C# projects

Reflector Add In - Code metrics for .NET assemblies

GMetrics - Find metrics in Java related applications

NDepends - Metrics in Java applications

Uses of Cyclomatic Complexity:

Cyclomatic Complexity can prove to be very helpful in

Helps developers and testers to determine independent path executions

Developers can assure that all the paths have been tested atleast once

Helps us to focus more on the uncovered paths

Improve code coverage

Evaluate the risk associated with the application or program

Using these metrics early in the cycle reduces more risk of the program

Conclusion:
Cyclomatic Complexity is software metric useful for structured or white box testing .It is mainly
used to evaluate complexity of a program. If the decision points are more, then complexity of the

program is more. If program has high complexity number, then probability of error is high with
increased time for maintenance and trouble shoot.

All About Quality Assurance

What is Quality?
Quality is extremely hard to define and it is simply stated "Fit for use or purpose". It is
all about meeting the needs and expectations of customers with respect to functionality,
design, reliability, durability, & price of the product.

What is assurance?
Assurance is nothing but a positive declaration on a product or service ,which gives confidence. It
is certainty of a product or a service, which it will work well. It gives a guarantee that the product
will work without any problems as per the expectations or requirements.

What is Quality Assurance?

Quality Assurance popularly known as QA, is an activity to ensure that an organization is
providing the best possible product or service to customers. QA focuses on improving the
processes to deliver Quality Products to the customer. An organization has to ensure ,that
processes are efficient, and effective as per the quality standards defined for software products.
Quality assurance has a defined cycle called PDCA cycle or Deming cycle.The phases of this
cycle are:

Plan

Do

Check

Act

These above steps are repeated to ensure that processes followed in the organization are evaluated
and improved on a periodic basis. Let's look into the above steps in detail

Plan - Organization should plan and establish the process related objectives and determine
the processes that are required to deliver a high Quality end product.

Do - Development and testing of Processes and also "do" changes in the processes

Check - Monitoring of processes, modify the processes, and check whether it meets the
predetermined objectives

Act - Implement actions that are necessary to achieve improvements in the processes

An organization must use quality assurance to ensure that the product is designed and
implemented with correct procedures. This helps reduce problems and errors , in the final
product.

What is Quality Control?

Quality control popularly abbreviated as QC, is a process used to ensure quality in a product or a
service.It does not deal with the processes used to create a product, rather It examines the quality
of the "end products" and the final outcome .

Main aim of Quality control is to check whether the products meet the specifications and
requirements of the customer. If an issue or problem is identified, it needs to be fixed before
delivery to the customer.

QC also evaluates people on their quality level skill sets and imparts training and certifications.
This evaluation is required for the service based organization, and helps provide "perfect" service
to the customers.

Difference between Quality Control and Quality

Assurance?
Sometimes, QC is confused with the QA. Quality control is to examine the product or service and
check for the result. Quality assurance is to examine the processes and make changes to the
processes which led to the end-product.

Examples of QC and QA activities are as follows:

Quality Control Activities

Quality Assurance Activities

Walkthrough

Quality Audit

Testing

Defining Process

Inspection

Tool Identification and selection

Checkpoint review

Training of Quality Standards and Processes

The above activities are concerned with QA and QC of any product and not essentially
software. With respect to software

QA becomes SQA ( Software Quality Assurance)

QC becomes Software Testing.

Following table explains on differences between SQA and Software Testing:

SQA

Software Testing

Software Quality Assurance is about engineering

Software Testing is to test a product for

process that ensure quality

problems before the product goes live

Involves activities related to implementation of

processes, procedures and standards.

Involves actives with respect to verification

of product

Example Example Audits

Review
Training
Testing

Process focused

Product focused

Preventive technique

Corrective technique

Proactive measure

Reactive measure

The scope of SQA applied to all products that will The scope of Software Testing applies to a
be created by the organization

particular product being tested.

Quality Assurance Certifications:

There are several certifications available in the industry to ensure that Organizations follow
Standards Quality Processes. Customers makes this as qualifying criteria while selecting a
software vendor.

ISO 9000
This standard was first established in 1987, and it is related to Quality Management Systems.
This helps the organization ensure quality to their customers and other stakeholders. An
organization who wishes to be certified as ISO 9000 is audited based on their functions, products,
services and their processes.The main objective is to review and verify whether the organization
is following the process as expected and check whether existing processes needs improvement.
This certification helps

Increase the profit of the organization

Improves Domestic and International trade

Reduces waste and increase productivity of the employees

Provide Excellent customer satisfaction

CMMI level
The Capability Maturity Model Integrated (CMMI) is a process improvement approach
developed specially for the software process improvement. It is based on the process maturity
framework and used as general aid in business processes in Software Industry. This model is
highly regarded and widely used in Software Development Organizations.
CMMI has 5 levels. An organizations is certified at CMMI level 1 to 5 based on the maturity of
their Quality Assurance Mechanisms.

Level 1 - Initial: In this stage quality environment is unstable. Simply, no processes has
been followed or documented

Level 2 - Repeatable : Some processes are followed which are repeatable. This level
ensures processes are followed at the project level.

Level 3 - Defined : Set of processes are defined and documented at the organizational level.
Those defined processes are subject to some degree of improvement.

Level 4 - Managed : This level uses process metrics and effectively controls the processes
that are followed.

Level 5 - Optimizing : This level focuses on the continuous improvements of the processes
through learning & innovation.

Test Maturity Model (TMM):

This model assesses the maturity of processes in a Testing Environment. Even this model has 5
levels , defined below -

Level 1 - Initial: There is no quality standard followed for testing processes and only ad-hoc
methods are used at this level

Level 2 - Definition: Defined process .Preparation of test strategy, plans, test cases are done.

Level 3 - Integration: Testing is carried out throughout the software development life cycle
(SDLC) - which is nothing but integration with the development activities E.g. V- Model.

Level 4 - Management and Measurement: Review of requirements and designs takes place
during this level and criteria has been set for each level of testing

Level 5 - Optimization: Many preventive techniques are used for testing processes and tool
support(Automation) is used to improve the testing standards and processes.

Conclusion:

Quality Assurance is to check whether the product developed is fit for use. For that, Organization
should have processes and standards to be followed which need to be improved on a periodic
basis. It concentrates mainly on the quality of product / service that we are providing to the
customers during or after implementation of software.

Tips and Tricks to Design your Test Data

Everybody knows that testing is a process that produces and consumes large amounts of
data. Data used in testing describes the initial conditions for a test and represents the
medium through which the tester influences the software. It is a crucial part of most
functional testing. But what actually is the test data? Why is it used? Maybe you would
wonder Designing Test cases is challenging enough , then why bother about something
as trivial as Test Data The purpose of this tutorial is to introduce you to Test Data , its
importance and give practical tips and tricks to generate test data quickly.So, Let's
Begin!

What is Test Data ? Why is it Important?

Test data is actually the input given to a software program. It represents data that affects or is
affected by the execution of the specific module. Some data may be used for positive testing,
typically to verify that a given set of input to a given function produces an expected result. Other
data may be used for negative testing to test the ability of the program to handle unusual,
extreme, exceptional, or unexpected input. Poorly designed testing data may not test all possible
test scenarios which will hamper the quality of the software.

What is Test Data Generation? Why test data

should be created before test execution?
Depending on your testing environment you may need to CREATE Test Data (Most of the
times)or atleast identify a suitable test data for your test cases (is the test data is already created).
Typically test data is created in-sync with the test case it is intended to be used for.
Test Data can be Generated

Manually

Mass copy of data from production to testing environment

Mass copy of test data from legacy client systems

Automated Test Data Generation Tools

Typically test data should be generated before you begin test execution since in many testing
environments creating test data takes many pre-steps or test environment
configurations which is very time consuming. If test data generation is done while you are in
test execution phase you may exceed your testing deadline.
Below are described several testing types together with some suggestions regarding their testing
data needs.

Test Data for White Box Testing

In white box testing, test data is derived from direct examination of the code to be tested. Test
data may be selected by taking into account the following things:

It is desirable to cover as many branches as possible; testing data can be generated such that
all branches in the program source code are tested at least once

Path testing: all paths in the program source code are tested at least once - test data can be
designed to cover as many cases as possible

Negative API testing:

o

Testing data may contain invalid parameter types used to call different methods

Testing data may consist in invalid combination's of arguments which are used to call
the program's methods

Test Data for Performance Testing

Performance testing is the type of testing which is performed in order to determine how
fast system responds under a particular workload. The goal of this type of testing is not to find
bugs, but to eliminate bottlenecks. An important aspect of performance testing is that the set of
test data used must be very close to 'real' or 'live' data which is used on production. The
following question arises: Ok, its good to test with real data, but how do I obtain this data? The
answer is pretty straightforward: from the people who know the best the customers. They may
be able to provide some data they already have or, if they dont have an existing set of data, they
may help you by giving feedback regarding how the real-world data might look like.In case you
are in a maintenance testing project you could copy data from the production environment into
the testing bed. It is a good practice to anonymize (scramble) sensitive customer data like Social
Security Number , Credit Card Numbers , Bank Details etc while the copy is made.

Test Data for Security Testing

Security testing is the process that determines if an information system protects data from
malicious intent. The set of data that need to be designed in order to fully test a software security
must cover the following topics:

Confidentiality:All the information provided by clients is held in the strictest confidence

and is not shared with any outside parties. As a short example, if an application uses SSL,
you can design a set of test data which verifies that the encryption is done correctly.

Integrity: Determine that the information provided by the system is correct. To design
suitable test data you can start by taking an in depth look at the design, code, databases and
file structures.

Authentication: Represents the process of establishing the identity of a user. Testing data
can be designed as different combination of usernames and passwords and its purpose is to
check that only the authorized people are able to access the software system.

Authorization: Tells what are the rights of a specific user. Testing data may contain
different combination of users, roles and operations in order to check only users with
sufficient privileges are able to perform a particular operation.

Test Data for Black Box Testing

In Black Box Testing the code is not visible to the tester . Your functional test cases can have test
data meeting following criteria

No data: Check system response when no data is submitted

Valid data : Check system response when Valid test data is submitted

Invalid data :Check system response when InValid test data is submitted

Illegal data format: Check system response when test data is in invalid format

Boundary Condition Data set: Test data meeting bounding value conditions

Equivalence Partition Data Set : Test data qualifying your equivalence partitions.

Decision Table Data Set: Test data qualifying your decision table testing strategy

State Transition Test Data Set: Test data meeting your state transition testing strategy

Use Case Test Data: Test Data in-sync with your use cases.

Note: Depending on the software application to be tested, you may use some or all
of the above test data creation

Automated Test Data Generation

In order to generate various sets of data, you can use a gamut of automated test data generation
tools. Below are some examples of such tools:
Test Data Generator by GSApps can be used for creating intelligent data in almost any database
or text file. It enables users to:

Complete application testing by inflating a database with meaningful data

Create industry-specific data that can be used for a demonstration

Protect data privacy by creating a clone of the existing data and masking confidential values

Accelerate the development cycle by simplifying testing and prototyping

Test Data generator by DTM, is a fully customizable utility that generates data, tables (views,
procedures etc) for database testing (performance testing, QA testing, load testing or usability
testing) purposes.
Datatect by Banner Software, generates a variety of realistic test data in ASCII flat files or
directly generates test data for RDBMS including Oracle, Sybase, SQL Server, and Informi.

In conclusion, well-designed testing data allows you to identify and correct serious flaws in
functionality. Choice of test data selected must be reevaluated in every phase of a multiphase product development cycle. So, always keep an eye on it.