Upload
trinhnhu
View
233
Download
0
Embed Size (px)
Citation preview
2© 2016 Electric Power Research Institute, Inc. All rights reserved.
Usability Testing Sections
• Installation and Un-Installation
• Software Documentation
• Test Cases or Tutorial
• Graphical User Interface
• Stress Testing
• Security Vulnerability Testing
3© 2016 Electric Power Research Institute, Inc. All rights reserved.
Installation
EPRI Requirements: http://swdev.epri.com/req-install.asp
• Run a Virus Scan
• Verify Documentation– Network installation instructions if
necessary.
– Documentation required for Application
like Web Applications & Spreadsheets.
4© 2016 Electric Power Research Institute, Inc. All rights reserved.
• Installation Settings– Typical v. Custom Install
• Directories• Shortcuts
– Confirm successful installation & un-installation of Applications.
• Software Encryption – Input serial numbers or security
keys if necessary• Test invalid inputs for validation
Installation
5© 2016 Electric Power Research Institute, Inc. All rights reserved.
Software Documentation
EPRI Requirements: http://swdev.epri.com/req-doc.asp
• Check if the EPRI Software Manual Template was used.
– Check headers and footer
– Check for system requirements:
• Hardware and Software specifications
• Permissions such as Administrator rights
– Check application feature descriptions
– Check spelling and grammar
6© 2016 Electric Power Research Institute, Inc. All rights reserved.
EPRI Requirements: http://swdev.epri.com/req-testcase.asp
Reminder: One tutorial is required or at least three solved example problems.
• Execute & confirm all tutorials for correct inputs and outputs.
• Verify that the calculations, graphs, and screenshots match the documentation.
Note: If any inputs or results do not match, the software can not be approved to send to customers.
Test Cases
7© 2016 Electric Power Research Institute, Inc. All rights reserved.
EPRI Requirements: http://swdev.epri.com/req-gui.asp
• Check for the Preproduction Splash Screen (if preproduction
stage)
• Windows fit in the main application screen and nothing is cut-off if
windows are resized
• Make sure all information is accessible
• Internationalization
– Check compatibility
– SI Units
• Change appearance settings
• Tab order and hot-keys (alt-keys)
• Check embedded Help feature, including buttons to open the Help
feature
Graphical User Interface
8© 2016 Electric Power Research Institute, Inc. All rights reserved.
• Range checking
– Boundaries of numeric inputs
• Input type
– Numerical
– Alphabetical
– Special Characters
• Follow the solved example problems, but then skip a step or do them in a different sequence
Stress Testing
9© 2016 Electric Power Research Institute, Inc. All rights reserved.
• Check print feature• Try different login combinations• Check error messages for clarity.
– Error messages should appear when the error occurs.
• Check for spelling within the application
Stress Testing
10© 2016 Electric Power Research Institute, Inc. All rights reserved.
• For databases:– Ensure all connections through the application are valid
when accessing data– Ensure single quotes and double quotes are tested to
verify they do not corrupt the database– Add duplicate records– Delete all records to make sure it does not crash the
application• Modify data files to make sure the application gives a
correct error message
Stress Testing
11© 2016 Electric Power Research Institute, Inc. All rights reserved.
• Verify Admin privilege and how it differs from a regular user
• Check for compatibility with Microsoft Office applications if applicable (such as copy and paste features)
• Test functionalities of buttons• Check save feature
Without administrative feature
With administrative feature
Stress Testing
12© 2016 Electric Power Research Institute, Inc. All rights reserved.
• Check open file feature correct file extensions, choosing incorrect file type brings up error message, etc.)
• If there are graphs, check graph features and settings
• Check options/settings not covered in the sample problems.
• Check to make sure international units are converted correctly
The International Standard
date notation
DD-MM-YYYY
United States Standard
date notation
MM-DD-YYYY
Stress Testing
13© 2016 Electric Power Research Institute, Inc. All rights reserved.
• Maximize, minimize, and resize windows to make sure the application responds correctly.
• Check keyboard shortcuts • Check all menu items, including
the pop-up menus that come up when the user right-mouse clicks an item
• If there are hardware/software keys, check to see if the application responds when executed with the key(s), then without the key(s)
VCX
Stress Testing
14© 2016 Electric Power Research Institute, Inc. All rights reserved.
Security Vulnerability Testing
• OWASP Top Ten Web Application Vulnerabilities – http://www.owasp.org/index.php/OWASP_Top_Ten_Project
1: Injection 2: Cross-Site Scripting (XSS) 3: Broken Authentication and Session Management 4: Insecure Direct Object References 5: Cross-Site Request Forgery (CSRF) 6: Security Misconfiguration 7: Insecure Cryptographic Storage 8: Failure to Restrict URL Access 9: Insufficient Transport Layer Protection 10: Unvalidated Redirects and Forwards
15© 2016 Electric Power Research Institute, Inc. All rights reserved.
Security Vulnerability Testing
• Two vulnerabilities SQA will test for:
– Structured Query Language (SQL) Injection
– Cross-Site Scripting
• The developer is expected to address security vulnerabilities when developing an application
16© 2016 Electric Power Research Institute, Inc. All rights reserved.
Security Vulnerability Testing
• SQL Injection – Injection of a SQL Query through input data, such as a querystring or form
• Examples:– In the querystring, enter a SQL Statement, such
as " ‘; Delete from users --’ ", into a querystring variable
– Enter in " ' OR 1=1 " into a form field or querystring variable
• See the following for more information and testing examples: http://www.owasp.org/index.php/SQL_Injection
17© 2016 Electric Power Research Institute, Inc. All rights reserved.
Security Vulnerability Testing
• Cross-Site Scripting - Harmful scripts are entered into web sites via querystring or form field
• Example:– Enter in "<script type="text/javascript"> alert(‘hello’);
</script>" into a form field to check whether the form field is validated
• Allows the user to execute scripts that are harmful
• See the following for more information: http://www.owasp.org/index.php/Cross-site-scripting
18© 2016 Electric Power Research Institute, Inc. All rights reserved.
Security Vulnerability Testing
• Testing tools:– OWASP’s Web Scarab (Manual)– OWASP’s Zed Attack Proxy (Automated)– Nexpose (Automated)– Rapid 7 (Automated)
• Reference:– Open Web Application Security Project (OWASP)
http://www.owasp.org/index.php/Main_Page
19© 2016 Electric Power Research Institute, Inc. All rights reserved.
What SQA Does Not Do
SQA software usability testing does not do:– V&V (Verification and Validation) testing – Test or validate real world data (this should be
done by beta testers) – Exhaustive testing or “white box” (source code)
testing
SQA usability testing will not find all errors and is not intended to
All errors are expected to be found by developers