Posterous theme by Cory Watilo

SQL DDL COMMANDS:

CREATE : Used to create tables, views, and also used to create functions, stored procedures, triggers, indexes etc.


CREATE TABLE sql (
stud_id NUMBER(10) PRIMARY KEY,
first_name VARCHAR2(20) NULL,
last_name VARCHAR2(20) NOT NULL,
dateofbirth DATE NULL);

----------------------------------------------------------------------------------------------------------------------------

DROP : Used to totally eliminate a table, view, index from a database - which means that the records as well as the total structure is eliminated from the database.


DROP TABLE sql;

-----------------------------------------------------------------------------------------------------------------

ALTER : Used to alter or in other words, change the structure of a table, view, index. This is particularly used when there is a scenario wherein the properties of fields inside a table, view, index are supposed to be updated.


ALTER TABLE sql ADD address VARCHAR2(200);{adds a column}

ALTER TABLE sql DROP COLUMN address; {drops a column}

ALTER TABLE sql MODIFY COLUMN address VARCHAR2(100);

ALTER TABLE sql MODIFY
{
COLUMN address VARCHAR2(100)
COLUMN first_name VARCHAR2(50)s
COLUMN last_name VARCHAR2(50)
}; {modify multiple columns using a single modify clause}

ALTER TABLE sql Modify { first_name VARCHAR2(50) NOT NULL };

{You can also add constraints like NOT NULL using the Modify statement}

----------------------------------------------------------------------------------------------------------

 

SQL DML COMMANDS:

SELECT : This command is used to fetch a result set of records from a table, view or a group of tables, views by making use of SQL joins.

Retrieval of data using SQL statements can be done by using different predicates along with it like
Where
Group By
Having
Order By

-- The simplest example of a select statement where in a user wants to
-- retrieve all the records of a table, can be performed by using '*'
-- Use an asterisk character to retrieve all records of a table


SELECT * FROM sql

The Where clause is used with DML statements to check for a condition being met in row.

SELECT * FROM sql where age > 12 and age < 16;

-- Another way
SELECT * FROM sql where age between 12 and 16;

SELECT * FROM sql where name like 'R%'
-- Query above uses the like predicate along with a wildcard
-- The result will retrieve all names starting with character 'R'

The Group By statement in SQL is used for aggregation, which means that the result that is returned is based on grouping of results based on a column aggregation.

SELECT Roll_No, SUM(Marks) FROM sql
WHERE Class = 5
GROUP BY Roll_No

The Having statement in SQL makes sure that an SQL SELECT statement should only return rows where aggregate values match conditions that are stated.

SELECT student_id, SUM(Marks) FROM sql
WHERE Admission_Date = '01-Apr-2009'
GROUP BY student_id
HAVING SUM(Marks) > 500

The Order By clause in SQL is used to set the sequence of the output in terms of being alphabetical, magnitude of size, order of date. It may accompanied by an 'asc' or 'desc' clause so as to specify whether the results are in ascending or descending order. Note: The results of a select query that does not use asc or desc is in ascending order, by default.

SELECT fname, lname FROM sql ORDER BY fname ASC;

INSERT : This command is used to add record(s) to a table. While inserting a record using the insert statement, the number of records being entered should match the columns of the table. In case the number of items being entered are less than the number of columns, in that case the field names also need to be specified along with the insert statement. See code example below:

Consider a table named t_employees with the following fields:
Emp_Id, FirstName, LastName, Height, Weight
The syntax to insert a record in this table will be:

INSERT INTO T_EMPLOYEES VALUES ('445','Amitabh','Bachan','6ft','85kg');

What if not all the items need to be insert? Do the following:

INSERT INTO T_EMPLOYEES (Emp_Id, FirstName, Height)
VALUES ('445','Amitabh','6ft');

Further, an Insert statement can also be used in combination with Select statement. What we can do is that the result of the Select statement may be used as the values to be inserted in a table. See code example below:

INSERT INTO T_EMPLOYEES
SELECT * FROM T_SOME_OTHER_EMPLOYEE_TABLE
WHERE FirstName IN ('Pappu', 'Ramu','Kallu','Gabbar');

You may even insert specific columns like below:

INSERT INTO T_EMPLOYEES (Emp_Id, FirstName)
SELECT Emp_Id, FirstName FROM T_SOME_OTHER_EMPLOYEE_TABLE
WHERE FirstName IN ('Mogambo', 'Dr. Dang','Shakaal','Gabbar','Ajgar
Jurraat','Bhaktawar','Bad Man', 'Prem','Billa Jilani');

UPDATE : This command is used to edit the record(s) of a table. It may be used to update a single row based on a condition, all rows, or a set of rows based on a condition.

It is used along with the set clause. Optionally, a where clause may be used to match conditions. See code example below:

UPDATE TABLE T_EMPLOYEES SET FIRSTNAME = 'Anthony'
WHERE EMP_ID = '445';

More examples below:

Update the value of a column

UPDATE TABLE T_EMPLOYEES SET AGE = AGE + 1;

Update multiple columns in one statement

UPDATE TABLE T_SALARY SET
BONUS = BONUS + 10000,
BASIC = BASIC + (0.2 * BONUS);

DELETE : This command is used to remove record(s) from a table. All records may be removed in one go, or a set of records may be deleted based on a condition. See code example below:

DELETE FROM T_VILLAINS WHERE FIRSTNAME = 'Pappu';

Code below deletes record(s) based on a condition

DELETE FROM T_VILLAINS WHERE AGE < 18 ;


Delete may also be done based on the result of a sub query:

DELETE FROM T_VILLAINS WHERE AGE IN
(SELECT AGE FROM T_VILLAINS WHERE AGE < 18)

Open Source Test / Bug Management Tools

Bugzilla Testopia

Description:

Testopia is a test case management extension for Bugzilla. It is designed to be a generic tool for tracking test cases, allowing for testing organizations to integrate bug reporting with their test case run results. Though it is designed with software testing in mind, it can be used to track testing on virtually anything in the engineering process.

Requirement:

Bugzilla

Data Generator

Description:

The Data Generator is a free, open source script written in JavaScript, PHP and MySQL that lets you quickly generate large volumes of custom data in a variety of formats for use in testing software, populating databases and more.

Requirement:

All

Fitnesse

Description:

FitNesse is a collaborative testing and documentation tool. It provides a very simple way for teams to collaboratively create documents, specify tests, and run those tests.

Requirement:

Mac, Wnidows, POSIX

Incremental Scenario Testing

Description:

IST supports the test teams in managing their complexity and adaptively select and prioritize the tests according to the past test results. The Incremental Scenario Testing Tool (ISTT) guides the testers through a test session with high-level test scenarios generated on the fly.

Requirement:

Platform independent

Litmus

Description:

Litmus is an integrated testcase management and QA tool that is designed to improve workflow, visibility and turnaround time in the QA process.

Requirement:

Apache, mod_perl, MySQL

MTS: Multi-TeSTer

Description:

MTS: Multi-TeSTer: a simple domain-specific language for maintaining tests that supports two desirable properties: - single source: the command, input, and expected output are all in one file. - controlled experimentation: multiple slightly different tests can be generated from the same source with different expected outputs.

Requirement:

Unix command line tool; written in Perl

qaManager

Description:

qaProjectManager is a web based application used for keeping track of engineering and customer releases of Software Projects, Resource allocations and related information. It helps QA Managers to keep track of releases effectively.Powered by OpenXava and Java.

Requirement:

Platform Independent

R.T.M.R

Description:

R.T.M.R stands for "Requirements and Test Management Repository". This is a test tool software which allows to manage software requirements and describe the scenarios and associated test cases and run them through targeted campaigns. In addition, it provides precise management of software evolution through a versioning system for projects, requirement and test case.

Requirement:

All

Radi

Description:

Radi-testdir is a lightweight test director. Radi supports test director features like configuring the test plan, updating (create/edit) the test results for the test image/build stores in the image results set.

Requirement:

All POSIX (Linux/BSD/UNIX-like OSes)

rth

Description:

web-based tool designed to manage requirements, tests, test results, and defects throughout the application life cycle. The tool provides a structured approach to software testing and increases the visibility of the testing process by creating a common repository for all test assets including requirements, test cases, test plans, and test results.

Requirement:

All 32-bit MS Windows (95/98/NT/2000/XP), All POSIX (Linux/BSD/UNIX-like OSes), IBM AIX

RTH-Turbo

Description:

RTH Turbo is optimized version of RTH, a testing management tool, that allows: requirement management; test case management; defect tracking; create test plans; analyze your test results. This project was originally created from RTH version 1.2, and this new branch and version is more powerful and optimized.

Requirement:

PHP, MySql and Apache

Salome-TMF

Description:

Salome-TMF is an independent Test Management Tool, which helps you to manage your entire testing process ? by creating tests, executing manual or automatic tests, tracking results, managing requirements and defects and producing HTML documentation. Salome-TMF is compatible with Junit, Abbot and Beanshell to define your automatic tests, and with Bugzilla and Mantis to manage your defects. Salome-TMF can also be extended by plug-in according to your requirements.

Requirement:

Java

Speed Test

Description:

Speed Test is an open source test case management software that features a desktop GUI and runs on a PostGreSQL database. It is still a work in progress, but development is nearing completion and any feedback would be appreciated.

Requirement:

Windows

TCW

Description:

Test Case Web (TCW) is an online TCM system built with PHP and a SQL backend. It provides an efficient means for generation, organization, and execution reporting of test cases among projects and by multiple testers and versions. It provides various at-a-glance views of the test suite for easy status determination and test suite navigation. TCW also provides basic reporting capabilities and per-project access control.

Requirement:

Any (PHP/SQL/Apache)

Tesly

Description:

Tesly is a Web application written in PHP that helps you create, execute, and report on test plans. QA leaders can track the progress of testing as testers use the interface to report completion of test cases.

Requirement:

OS Independent

Test Analytics

Description:

Test Analytics is a web application that provides an alterative to a test plan that is faster to create and of more practical value. It allows a easy way to visualize project risk across project capabilities. In addition, Test Analytics supports importing quality signals -- tests, code changes, and bugs -- to quantify risk and map it across your projects model. This gives a birds eye view of the risk associated with all areas of your project, and a way to assess what portions of your project need additional testing.

Requirement:

Web application

Test Environment Toolkit

Description:

Open source version of TETware, a proprietary multi-platform test framework for test suite management (administration, reporting and sequencing of tests). This open-source version is for Linux and UNIX system users only. The differences between the open source version and the other version for which a commercial support offering is available is in platform support (WIN32 and Java) rather than functionality.

Requirement:

Linux or Unix

TestAutomation

Description:

Test Automation is a C#-based application that manages projects, requirements, defects, test cases, test case run history, and facilitates automated testing.

Requirement:

Windows

Testitool

Description:

Testitool is a Web-based application for QA test planning. It creates a test plan and populates it with test cases, maps test cases to functional requirements, instantiates a test plan, begins executing test cases and marks them as successful or failed, generates reports on your test plans, copies test plans and test cases, and tailors test plan instances by adding and removing test cases from them.

Requirement:

Apache, PHP, MySQL

TestLink

Description:

TestLink is a web based Test Management and execution system. The tool includes test specification, planning, reporting, requirements tracking and collaborate with well-known bug trackers.

Requirement:

Apache, MySQL, PHP

TestMaster

Description:

A testcase management, logging, reporting and test automation tool, similar to the commercial product Test Director. Features: Progress stats, reports, test case import from CSV,doc,web or SQL, STAF plugin.

Requirement:

Linux, Apache, PostgreSQL

Vibz Automation Utility

Description:

Vibz Automation Framework is an infrastructure that provides the solution where different tools can plug itself and do their job in an unified manner. Hence providing a common platform to the automation engineer doing their job.

Requirement:

Windows

Vienna 2

Description:

V2 can be utilised for Test Management, User Acceptance Testing, Training, Requirements Management, Defect Management and more. V2 can be integrated with automation testing applications and also provides some ground breaking innovations.

Requirement:

Microsoft Windows XP, Vista and 7

XStudio

Description:

XQual Studio (XStudio) is a FREE 100% graphical test management application that handles the complete life-cycle of your QA/testing projects from A to Z: users, requirements, specifications, SUTs, dev. project, tests, testplans, test reports, test campaigns and defects. Using a MySQL database as principal storage, XStudio allows you to schedule or run fully automated or manual test campaigns. XStudio itself is free but NOT open-source. The launchers (drivers to interface with any kind of test) are under GPL license.

Requirement:

Windows, Linux, MacOSX, Web (through JavaWebstart deployment)

 

Data Driven Testing for Finance Application Software

                           Firms in the financial industry (banking, insurance, equities/stock brokerage, and transaction services companies) are increasingly moving services to the Web as technology becomes cheaper and consumer demand for Web-enabled solutions grows. Offering services such as online checking and bill payment, online insurance quoting, and online stock trading gives such companies a way to expand sales channels and expose new and existing products. With Web sites becoming mission critical, Web development (and consequently Web testing) is quickly becoming a core competency of financial services companies. That's where automated testing with the IBM® Rational® Software Development Platform comes in.
Automated testing can reduce the complexity of Web development, reduce the costs of testing in an iterative environment, speed up the detection of meaningful bugs, and help to increase communication between developers and testers. Furthermore, it can help financial services companies avoid financial losses related to Web sites that are hard to use or unreliable. According to Michal Blumenstyk in his article Web Application Development -- Bridging the Gap between QA and Development, financial services companies could lose up to "$6.5 million per hour in brokerage operations, and $2.4 million per hour in credit card sales applications" due to "poorly functioning" Web sites.
Both functional and performance testing play crucial roles in creating a well-functioning Web site. In this article, we'll focus on functional testing of financial services applications with IBM® Rational® Functional Tester. In particular, we'll look at uses of data-driven functional testing and ways to use functional tests to check security.
Editor's note: This article is based on version 6.0 of the IBM Rational Software Development Platform.
About functional testing and Rational Functional Tester
Functional test automation is an easy way to lower the costs of test execution over time. The same test can be reused multiple times, saving tester resources and allowing fast turnaround. Automation done right is worth the effort, as shown in the abundant literature on the topic of return on investment (ROI) for automation.
For financial services applications, there's often a lot of low-hanging fruit for automated test suites.

  • Simple data-entry screens without many complex controls or much graphics processing are ideal candidates for automated testing because most automation tools interface nicely with the technologies used to develop them.
  • Straightforward business models lend themselves to scenario-based testing, ideal for automation.
  • Report-oriented or quote-oriented results lend themselves to automation because automated scripts can interface directly with the application and the databases to verify accuracy.

In particular, using data-driven techniques (discussed below) is one of the most effective ways to increase ROI for automation on financial applications. These techniques allow you to turn one test into many.
IBM Rational Functional Tester is an object-oriented automated testing tool that you can use to test a variety of applications. Rational Functional Tester's object-oriented technology makes it possible for you to identify objects by their internal object properties, not their screen coordinates, when you generate scripts by recording against the application under test. This means you can test any object in the application under test, including the object's properties and data. In the financial services industry, you can easily extract data from controls and fields in order to verify its accuracy or to store it for comparison at a later point in the test. You can test IDE-specific test objects in .NET, Java, and Web-based applications, whether they're visible or hidden in the interface.
Rational Functional Tester offers you a choice of scripting language and editor -- Java in Eclipse or Microsoft Visual Basic .NET in Visual Studio .NET. That means that regardless of the language or development platform your development staff has chosen, you should be able to integrate with them and leverage some of their expertise as you develop your automated tests. For more a more detailed look at Rational Functional Tester and the differences between the Java and Visual Basic .NET implementations, see my article Introduction to IBM Rational Functional Tester.

Applying data-driven testing to financial services applications
Data-driven testing is a technique where a single test script is used repeatedly with varying input and response data that comes from a predefined data set. The nature of the data used by financial services applications lends itself nicely to data-driven techniques. We'll take a look at one example of using data-driven testing in the financial services world and then discuss how to select the data to use. I'll also show you how useful it can be to separate default data from test data. For more information on implementing data-driven testing, see "Resources" at the end of this article.
An example of data-driven testing
Suppose your financial services site presents the credit card application shown in Figure 1.

Figure 1. A credit card application on a financial services site
A credit card application on a financial services site
If you wanted to test different scenarios based on age, state, income, and years with employer, you could generate a large number of test cases.

  • To test all 50 states, you would have 50 values for state.
  • To test valid and invalid ages, you would have two values (above 18 and below 18 to keep it simple).
  • To test different incomes, you would develop brackets based on your business rules -- say four income brackets, giving four possible value ranges for income.
  • To test years with employer (again based on your business rules), you'd again have to use value ranges -- say under a year and over a year.

Combining all of these variables in all possible ways would give you something like 800 test cases (50 x 2 x 4 x 2). While you would most likely use some technique to reduce the number of test cases you would execute, if you used a data-driven technique you could use the same set of test scripts to execute all 800 test case variations (or whatever number of data variations you decided on).
In Rational Functional Tester, data-driven testing can be implemented via datapools. A datapool is a collection of related data records that supplies values for the variables in a test script during script playback. When you use datapools, Rational Functional Tester delivers a different set of test data to a script each time you play it back. You use datapools to supply realistic data and to stress an application with a variety of data and with a realistic amount of data. Figure 2 shows an example of a datapool that you could use to test your credit card application.

Figure 2. A datapool to use in testing the credit card application
A datapool to use in testing the credit card application
Let's look now at how you might use a datapool to do functional testing of some aspect of your financial services site. Listing 1 is a sample functional test script that tests the credit card application shown in Figure 1 with values from the datapool shown in Figure 2.

Listing 1. A sample script testing our credit card application

{ public void testMain(Object[] args)
   {
      //First Name
      fnametext().click(atPoint(60,6));
      submitAnApplicationwindow().inputChars(dpInt("FirstName"));

      //MI
      mnametext().click(atPoint(60,6));       submitAnApplicationwindow().inputChars(dpInt("MI"));

      //Last Name
      lnametext().click(atPoint(60,6));       submitAnApplicationwindow().inputChars(dpInt("LastName"));

      //Sfx
      sfxComboBoxcomboBox().click(atPoint(56,14));
      sfxComboBoxcomboBox().click(atText(dpInt("Sfx")));

      //SSN
      ssntext().click(atPoint(60,6));       submitAnApplicationwindow().inputChars(dpInt("SSN"));

      //etc...
   }
}


When you run this script, Rational Functional Tester will enter each of the values from the current row of the datapool into the appropriate fields of the application. Every time the script is executed, assuming the datapool cursor is advanced, the next row of data will be entered. Ideally, your script will stop executing once the datapool no longer contains data that hasn't been entered.
Selecting data to use
Data selection is the first step down the road of data-driven testing. You'll need to select the data that either drives the navigation of your application, represents the data that gets entered into your application, or both. Here we'll quickly examine five different ways to select data for testing: based on risk, based on requirements, based on availability, using production data, or using randomly generated data.
Selecting data based on risk. The number one criterion for test data selection should be risk. When you identify risks, you consider what can go wrong. You're looking for the events that might occur that would decrease the likelihood that you'll be able to deliver the project with the right features and the requisite level of quality on time and within budget. There are three ways to categorize risks:

  • By the impact of the risk -- the deviations of schedule, effort, or cost from plan if the risk materializes
  • By likelihood of occurrence -- the probability that the risk will materialize (usually expressed as a percentage)
  • By risk exposure -- the impact multiplied by the likelihood of occurrence

Selecting data based on requirements. You can also select data that will allow you to test a requirement or a set of requirements explicitly. Look for data that will allow you to exercise feature sets, capabilities, and security features in your application. If your application has different roles, what data would you need to exercise each role? What features do you want to include in your test coverage and what data do you require to use them? In addition, consider what impact the various target deployment environments will have on the elements to be tested. Your list of selected data should include data for both the application under test and the target environment(s). What data will you need to test hardware devices, device drivers, operating systems, network and communications software, third-party base software components (for example, e-mail software, Internet browsers), and various configurations and settings related to the possible combinations of all these elements? When dealing with financial applications, what data will you need to test internationalization?
Selecting data based on availability. You may want to select data that's readily available. This could be production data (discussed in depth below) that's in an easy-to-access format, data from past iterations, spreadsheets used by manual testers for your project, data from other projects or teams in your company, or data from some data generation source (also discussed below). The idea here is that if the data is easily accessible, as well as usable and meaningful, including this data in your testing can save time and money. I emphasize usability and meaningfulness because it's important that you don't select data just because it's there and ready to be used.
Using production data. Another strategy to gather test data is to use production data. Although you shouldn't rely solely on this type of data, it can be one of the richest sources of scenarios for automated testing, both because the data is representative of real scenarios the application will face and because it will most likely provide a high number of different scenarios. On a recent project, we read production data from a holding table about once a week, and we were rewarded with 300 to 500 scenarios with little to no effort. You can load the data straight into the test environment, read it into data files for processing later, or read it in real time and convert it as you use it. Production data is also an excellent source for parallel testing. If you use production data in the system you're developing, you'll quickly know if that system works like the system in production. With financial applications, this can especially help in finding problems with floating-point values, conversion ratios, and lengths associated with data types.
There are some caveats about using production data, however. Production data will most likely not contain many of the special cases you'll want to test for, and it's not a replacement for well-thought-out test scenarios. There are also potentially some legal issues surrounding use of production data (for more on this, see "Resources" at the end of this article). Especially if you outsource some of your testing, you'll want to be sure to check your company's policies on the use of production data; if no formal policy exists, consult someone in your legal department. Even if you can't directly use production data, odds are you'll be able to change some values (names, social security numbers, and such) and use the rest of the data.
Using random data generation. Many tools include test data generators, and Rational Functional Tester is one of them. Random data generators can be especially helpful in generating large sets of financial data or customer data. For example, if you need to test for rounding errors on financial information (and I'm guessing you do), you can randomly generate a large set of data, run the data through your application, run it through the Windows calculator (assuming the Windows calculator has no rounding errors) simulating the same calculations, and then compare the results to make sure they match. Or if you need to generate a set of 500 different customer names and addresses, you can have a generator create a table of names and addresses.
One last note: You should avoid trying to select data for all test cases at once. Instead, take an incremental and iterative approach to working with test data, focusing your efforts on the data that you think is most likely to produce useful evaluation information for the given test cycle. This helps to mitigate the risk of devoting too much time to a single set of data or type of testing, to the neglect of other data or testing tasks, and minimizes the risk of expending effort on data for test ideas that may later prove of little interest.
Separating default data from test data
By separating default data from test data, you can save space and time as well as simplify the test data set, making it easier to read and troubleshoot. To illustrate this concept, let's go back to the example of the credit card application shown in Figure 1. Say you're in New York and want to test the processing of out-of-state applications. Your test data for the Address Information section may look something like the data shown in Table 1.
Table 1. Test data for the Address Information section of the credit card application

Street # Street Name Apart # City State Zip Code Phone Status
1234 Washington Blvd   Penn Yan NY 14527 555-345-4776 Owner
1234 Washington Blvd   Berne IN 46711 555-345-4776 Owner
1234 Washington Blvd   Big Lake TX 76932 555-345-4776 Owner
1234 Washington Blvd   Yakima WA 98901 555-345-4776 Owner
1234 Washington Blvd   Wellston OH 45692 555-345-4776 Owner

The default data set, as shown in Table 2, consists of one full entry. For each column in the table (or each field on the screen), there's a value.
Table 2. Default data set

Street # Street Name Apart # City State Zip Code Phone Status
1234 Washington Blvd   Penn Yan NY 14527 555-345-4776 Owner

The test data set, shown in Table 3, contains only the data that varies from entry to entry. If a value doesn't differ from the value in the default data set, you don't include it in the test data set.
Table 3. Test data set

Street # Street Name Apart # City State Zip Code Phone Status
               
      Berne IN 46711    
      Big Lake TX 76932    
      Yakima WA 98901    
      Wellston OH 45692    

Looking at these tables, you can very quickly see what's being tested and what values are used. If this were a much larger table (containing all the states, more cities per state, and so forth), you would more readily appreciate what a difference the simplification makes.
When implementing this model, you'll need a process that reads from both the test and the default data set. That process should populate data using the default data whenever it encounters an empty cell (or null value) in the test data set. The pseudocode in Listing 2 illustrates this process.

Listing 2. A simple process for populating data using the default and test data sets

Get the value from the TestDatapool

If the value returned from the TestDatapool is NULL Then
   Get the value from the DefaultDatapool
   Return the DefaultDatapool value
Else
   Return the TestDatapool value
End If

 

Testing the security of a financial services site
Security testing is intended to ensure confidentiality (privacy, authorization, and exclusivity), integrity (correctness, completeness, validity, authenticity, and auditability), and availability (continuity, timeliness, contingency, reliability, and robustness). The nature of financial applications makes security testing particularly important. No one tool will automate security testing -- if one existed, hackers would be using it to get at your financial information -- but functional and performance testing tools can find many security-related bugs.
The best investment in security testing you can make is to learn how to think like a security tester. As you're scripting something ask yourself, "How can I vary this code to test some aspect of security?" Following is a short list of techniques you can apply using Rational Functional Tester with data-driven testing.

  • Test fields at the boundaries and test with bad data.

For example, you might have a datapool that looks like the one shown in Figure 3 to test the boundaries of a birthdate field on a credit card application. (Assume that this datapool was created on 11/04/2004. Actually, a better strategy would be to use dates that don't age in the datapool.)

Figure 3. A datapool to test boundaries
A datapool to test boundaries

  • Test common user IDs and passwords.

You might have a datapool that contains common user IDs and passwords that you can use to log in with. Or if you're more devious, use a datapool to test to ensure that when you create a user ID it conforms to minimum standards for user IDs and passwords, such as the password standards for West Chester University. To test these password standards, you might create the datapool shown in Figure 4.

Figure 4. A datapool to test password standards
A datapool to test password standards

  • Test for buffer overflows.

Create datapools (or perhaps here it would make sense to use some other storage method due to string size -- or even perhaps to create the string programmatically) with very long strings of data. In their book How to Break Software Security, Whittaker and Thompson go into detail on this type of "attack" and show you sample strings that you can use as well as give you tips on how to select meaningful values for this type of testing.

  • Create tests that use alternate routes for the same (or similar) tasks.

If there are multiple ways to navigate to a particular page on your site, make sure you're testing all of them and not just the one that you think will be used most often.

  • Create tests that force all error messages.

If you have rules in your application that are associated with error messages, create test cases to exercise those messages. For example, if your application requires a user to log in, your tests might force error messages such as these:
You have entered an invalid user ID.
You have entered an invalid password.
You have exceeded the maximum number of login attempts.
You can also use the other IBM Rational tools to test security. With IBM® Rational® Performance Tester, you can do the following:

  • Modify the GET and POST commands for the Web site and change values, paths, and data to see if you can bypass security.
  • Create a load and then perform security testing on the application while it's under stress.
  • Review scripts to see if you can find any security problems contained in the GET and POST commands.

With one of the scripting tools, you can test security in these ways:

  • Parse Web page source code looking for information leaks (paths, IDs, protected information, and so on).
  • Enter predefined SQL injection attacks into various input fields.
  • Replace files that the application uses at run time.

Software Testing Techniques on Banking application

Banking applications are considered to be one of the most complex applications in today’s software development and testing industry. What makes Banking application so complex? What approach should be followed in order to test the complex workflows involved? In this article we will be highlighting different stages and techniques involved in testing Banking applications.

The characteristics of a Banking application are as follows:

  • Multi tier functionality to support thousands of concurrent user sessions

  • Large scale Integration , typically a banking application integrates with numerous other applications such as Bill Pay utility and Trading accounts

  • Complex Business workflows

  • Real Time and Batch processing

  • High rate of Transactions per seconds

  • Secure Transactions

  • Robust Reporting section to keep track of day to day transactions

  • Strong Auditing to troubleshoot customer issues

  • Massive storage system

  • Disaster Management.

The above listed ten points are the most important characteristics of a Banking application.

Banking applications have multiple tiers involved in performing an operation. For Example, a banking application may have:

  1. Web Server to interact with end users via Browser

  2. Middle Tier to validate the input and output for web server

  3. Data Base to store data and procedures

  4. Transaction Processor which could be a large capacity Mainframe or any other Legacy system to carry out Trillions of transactions per second.

If we talk about testing banking applications it requires an end to end testing methodology involving multiple software testing techniques to ensure:

  • Total  coverage of all banking workflows and Business Requirements

  • Functional aspect of the application

  • Data Integrity

  • Concurrency

  • User Experience

  • Security aspect of the application

Typical stages involved in testing Banking Applications are shown in below workflow which we will be discussing individually.

 

 

1) Requirement Gathering:

Requirement gathering phase involves documentation of requirements either as Functional Specifications or Use Cases. Requirements are gathered as per customer needs and documented by Banking Experts or Business Analyst. To write requirements on more than one subject experts are involved as banking itself has multiple sub domains and one full fledge banking application will be the integration of all. For Example: A banking application may have separate modules for Transfers, Credit Cards, Reports, Loan Accounts, Bill Payments, Trading Etc.

2) Requirement Review:

The deliverable of Requirement Gathering is reviewed by all the stakeholders such as QA Engineers, Development leads and Peer Business Analysts. They cross check that neither existing business workflows nor new workflows are violated.

3) Business Scenario Preparations:

In this stage QA Engineers derive Business Scenarios from the requirement documents (Functions Specs or Use Cases); Business Scenarios are derived in such a way that all Business Requirements are covered. Business Scenarios are high level scenarios without any detailed steps, further these Business Scenarios are reviewed by Business Analyst to ensure all of Business Requirements are met and its easier for BAs to review high level scenarios than reviewing low level detailed Test Cases.

4) Functional Testing:

In this stage functional testing is performed and the usual software testing activities are performed such as:

Test Case Preparation:
In this stage Test Cases are derived from Business Scenarios, one Business Scenario leads to several positive test cases and negative test cases. Generally tools used during this stage are Microsoft Excel, Test Director or Quality Center.
Test Case Review:
Reviews by peer QA Engineers
Test Case Execution:
Test Case Execution could be either manual or automatic involving tools like QC, QTP or any other.

5) Database Testing:

Banking Application involves complex transaction which are performed both at UI level and Database level, Therefore Database testing is as important as functional testing. Database in itself is an entirely separate layer hence it is carried out by database specialists an

Read the rest of this post »

Jackie Chan

Normal 0 false false false MicrosoftInternetExplorer4

Chan was born on 7 April 1954, in Hong Kong, China, as Chan Kong-sang, to Charles and Lee-Lee Chan, refugees from the Chinese Civil War. He was nicknamed Paopao (Chinese: 炮炮, literally meaning "Cannonball") because the high-energy child was always rolling around.[4] Since his parents worked for the French Consul to Hong Kong, Chan spent his formative years within the grounds of the consul's residence in the Victoria Peak district.[5]

Chan attended the Nah-Hwa Primary School on Hong Kong Island, where he failed his first year, after which his parents withdrew him from the school. In 1960, his father immigrated to Canberra, Australia, to work as the head cook for the American embassy, and Chan was sent to the China Drama Academy, a Peking Opera School run by Master Yu Jim-yuen. Chan trained rigorously for the next decade, excelling in martial arts and acrobatics.[7] He eventually became part of the Seven Little Fortunes, a performance group made up of the school's best students, gaining the stage name Yuen Lo in homage to his master. Chan became close friends with fellow group members Sammo Hung and Yuen Biao, the three of them later to be known as the Three Brothers or Three Dragons.[8]

At the age of 8, he appeared with some of his fellow "Little Fortunes," in the film Big and Little Wong Tin Bar (1962), with Li Li Hua playing his mother. Chan appeared with Li again the following year, in The Love Eterne (1963) and had a small role in King Hu's 1966 film, Come Drink with Me.[9] In 1971, after an appearance as an extra in another Kong Fu film, A Touch of Zen, Chan began his adult career in the film industry, initially signing to Chu Mu's Great Earth Film Company.[10] At the age of 17, he worked as a stuntman in the Bruce Lee films Fist of Fury and Enter the Dragon under the stage name Chan Yuen Lung (Chinese: 陳元龍).[11] He received his first starring role later that year, in Little Tiger of Canton, which had a limited release in Hong Kong in 1973.[12] Due to the commercial failures in his early ventures into films and trouble finding stunt work, in 1975 Chan starred in a comedic adult film, All in the Family, which features Jackie Chan's first and possibly only nude sex scene filmed to date. It is also the only film he has made to date that did not feature a single fight scene or stunt sequence.[13]

Chan joined his parents in Canberra in 1976, where he briefly attended Dickson College and worked as a construction worker.[14] A fellow builder named Jack took Chan under his wing, earning Chan the nickname of "Little Jack" which was later shortened to "Jackie" and the name Jackie Chan stuck with him ever since.[15] In addition, in the late 90s, Chan changed his Chinese name to Fong Si-lung (Chinese: 房仕龍), since his father's original surname was Fong.