7/28/2019 What is Fuzz Testing

1/8

What is Fuzz Testing ?

Fuzz Testing is a software testing technique. The basic idea is to attach the inputs of a

program to a source of random data. If the program fails (for example, by crashing, or by

failing in-built code assertions), then there are defects to correct.

The great advantage of Fuzz Testing is that the test design is extremely simple, and free

of preconceptions about system behavior.What is Portlet Testing ?

Portlet Testing is the process of testing a part of the website page where that particular

fragment of information (Portlet) or say some advertisement is collected from differentsource of website.What is L10 Testing ?

L10 Testing is Localization Testing, it verifies whether your products are ready for local

markets or not.What is Disaster Recovery Testing ?

Disaster Recovery Testing tests how well a system recovers from disasters, crashes,

hardware failures, or other catastrophic problems.What is Disaster Recovery Testing ?

Disaster Recovery Testing tests how well a system recovers from disasters, crashes,

hardware failures, or other catastrophic problems.What is Stochastic Testing ?

Stochastic Testing is the same as "monkey testing", but stochastic testing is a lot more

technical sounding name for the same testing process.

Stochastic Testing is black box testing, random testing, performed by automated testing

tools. Stochastic testing is a series of random tests over time. The software under test

typically passes the individual tests, but our goal is to see if it can pass a large number ofindividual tests.

Types of Black Box Testing :-

More Testing JOBS & FAQ @http://www.TestingKen.comFunctional Testing black-box type testing geared to functional requirements of an

application; this type of testing should be done by testers. This doesn't mean that the

programmers shouldn't check that their code works before releasing it (which of courseapplies to any stage of testing.)

System Testing testing is based on overall requirements specifications; covers all

combined parts of a system.

Integration Testing testing combined parts of an application to determine if they

function together correctly. The 'parts' can be code modules, individual applications,

client and server applications on a network, etc. This type of testing is especially mainlyto client/server and distributed systems.

Incremental Integration Testing continuous testing of an application as new

functionality is added; requires that various aspects of an application's functionality be

independent enough to work separately before all parts of the program are completed, orthat test drivers be developed as needed; done by programmers or by testers.

7/28/2019 What is Fuzz Testing

2/8

End-to-end Testing similar to system testing; the 'macro' end of the test scale; involves

testing of a complete application environment in a situation that mimics real-world use,

such as interacting with a database, using network communications, or interacting withother hardware, applications, or systems if appropriate.

Sanity Testing typically an initial testing effort to determine if a new software version isperforming well enough to accept it for a major testing effort. For example, if the new

software is crashing systems every 5 minutes, bogging down systems to a crawl, or

destroying databases, the software may not be in a 'sane' enough condition to warrantfurther testing in its current state.

Regression Testing re-testing after fixes or modifications of the software or its

environment. It can be difficult to determine how much re-testing is needed, especiallynear the end of the development cycle. Automated testing tools can be especially useful

for this type of testing.

Load Testing testing an application under heavy loads, such as testing of a web siteunder a range of loads to determine at what point the system's response time degrades or

fails.More Testing JOBS & FAQ @http://www.TestingKen.com

Stress Testing term often used interchangeably with 'load' and 'performance' testing.

Also used to describe such tests as system functional testing while under unusually heavyloads, heavy repetition of certain actions or inputs, input of large numerical values, large

complex queries to a database system, etc.

Performance Testing term often used interchangeably with 'stress' and 'load' testing.Ideally 'performance' testing (and any other 'type' of testing) is defined in requirements

documentation or QA or Test Plans.

Usability Testing testing for 'user-friendliness'. Clearly this is subjective, and will

depend on the targeted end-user or customer. User interviews, surveys, video recording

of user sessions, and other techniques can be used. Programmers and testers are usuallynot appropriate as usability testers.

Install/Uninstall Testing testing of full, partial, or upgrade install/uninstall processes

Recovery Testing testing how well a system recovers from crashes, hardware failures, or

other catastrophic problems.

Security Testing testing how well the system protects against unauthorized internal or

external access, wilful damage, etc; may require sophisticated testing techniques.

Computability Testing testing how well software performs in a particular

hardware/software/operating system/network/etc. environment

Acceptance Testing determining if software is satisfactory to a customer.

7/28/2019 What is Fuzz Testing

3/8

Comparison Testing comparing software weaknesses and strengths to competing

productsMore Testing JOBS & FAQ @http://www.TestingKen.com

Alpha Testing testing of an application when development is nearing completion; minor

design changes may still be made as a result of such testing. Typically done by end-usersor others, not by programmers or testers.

Beta Testing testing when development and testing are essentially completed and finalbugs and problems need to be found before final release. Typically done by end-users or

others, not by programmers or testers.What is Security / Penetration testing ?

Security / Penetration testing is testing how well the system is protected against

unauthorized internal access, external access, or willful damage. Security/penetrationtesting usually requires sophisticated testing techniques.

Security Testing: Process to determine that an IS (Information System) protects data andmaintains functionality as intended.

The six basic security concepts that need to be covered by security testing are:

confidentiality, integrity, authentication, authorization, availability and non-repudiation.

Confidentiality

* A security measure which protects against the disclosure of information to parties other

than the intended recipient(s).

* Often ensured by means of encoding the information using a defined algorithm andsome secret information known only to the originator of the information and the intended

recipient(s) (a process known as cryptography) but that is by no means the only way ofensuring confidentiality.

Integrity

* A measure intended to allow the receiver to determine that the information which itreceives has not been altered in transit or by other than the originator of the information.

* Integrity schemes often use some of the same underlying technologies as confidentiality

schemes, but they usually involve adding additional information to a communication toform the basis of an algorithmic check rather than the encoding all of the communication.

Authentication

* A measure designed to establish the validity of a transmission, message, or originator.

* Allows a receiver to have confidence that information is receives originated from a

specific known source.

Authorization

7/28/2019 What is Fuzz Testing

4/8

* The process of determining that a requestor is allowed to receive a service or perform

an operation.

* Access control is an example of authorization.

Availability

* Assuring information and communications services will be ready for use when

expected.

* Information must be kept available to authorized persons when they need it.

Non-repudiation

* A measure intended to prevent the later denial that an action happened, or acommunication that took place etc.

* In communication terms this often involves the interchange of authentication

information combined with some form of provable time stamp.What is Open box and Closed box testing ?

Open box testing is same as White box testing. It is a testing approach that examines the

application's program structure, and derives test cases from the application's program

logic.

Closed box testing is same as Black box testing. It is a testing approach that considers

only externally visible behavior. Black box testing considers neither the code itself, nor

the inner working of the software.What is Product metrics ?

Product metrics is a metric used to measure the characteristic of the documentation &code characteristic.What are different types of metrics used in testing ?

1. User Participation : used to find the involvement of the tester= Participation test time Vs Total test time

2. Path testing = Number of path tested / total number of paths

3. Acceptance criteria tested = Acceptance criteria verified Vs total Acceptance criteriaThis meets identifies the number of user that were evaluated during the testing process

4. Test cost : used to find resources consumed in the testing= test cost Vs total system cost

This meets identifies the amount of resources used in testing process

5. Cost to locate defect = test cost / number of defects located in the testingThis metrics shows the cost to locate a defect

6. Detected production defect = number of defects detected in production / Applicationsystem size

7. Test automation = Cost of manual test effort / Total test cost

7/28/2019 What is Fuzz Testing

5/8

8. Schedule variance = (Actual time taken - Planned time) / Planned time * 100

9. Effort variance = (Actual effort - Planned Effort)/Planned effort * 100

10. Test case efficiency = (Total STRs - STRs not mapped)/Total STRs * 100

11. Test case coverage = (Total Test cases - STRs that cannot be mapped to test cases)/

Total Test Cases * 100Re: What are different types of metrics used in testing ?

MetricCalculation

Unit

Frequency of UpdatesRemarks

Effort Variation (%)= ((Actual Effort) - (Planned Effort)) / (Planned Effort)

x 100

%

WeeklyActual and Planned Effort as of the date of the report

should be used.

Schedule Variation (%)

= ((Actual Duration) - (Planned Duration)) / (Planned

Duration) x 100%

Upon completion of each milestone or Monthly, whichever iscrossed first.Actual and Planned Duration expended to achieve latest

milestone should be used if update is upon completion of

milestone. If update is upon completion of a month since

the last update, the Actual and Planned Duration expendedto complete the planned scope of work at that point in time

should be used.

Resource Utilization

= (FTE Used) / (FTE Billed) x 100

%Weekly

Rework Effort= (Effort for Reviews and Rework on Test Cases) / Effort

for Test Case Preparation) x 100

%

7/28/2019 What is Fuzz Testing

6/8

Weekly

Effort for Test Case Preparation includes Effort for

Reviews and Rework.

Test Cases Prepared per Person Hour

= (Number of Test Cases Created)/(Effort for Test CasePreparation)

/FTE/hr

WeeklyEffort for Test Case Preparation includes Effort for

Reviews and Rework.

Test Cases Executed per Person Hour= (Number of Test Cases Executed)/(Effort for Test Case

Execution)

/FTE/hr

WeeklyEffort for Test Case Execution includes effort for

reporting.

Defect Detection Effectiveness (%)

= (Number of Defects Reported by Test Team) / (TotalNumber of Defects Reported) x 100

%

Weekly

Total Number of Defects Reported includes defects reportedby any party other than the test team, including post-

delivery defects.

Defect Acceptance Ratio

= (Number of Defects Accepted as Valid ) / (Number of

Defects Reported by Test Team)%

WeeklyWhat is Process metrics ?

Process metrics is a metric used to measure the characteristic of the methods, techniques

& tools employed in developing implementing & maintaining the software system.What are two types of Metrics ?

Metrics are classified into 2 types :-

1. Process metrics : A metric used to measure the characteristic of the methods,

techniques & tools employed in developing implementing & maintaining the software

system.

2. Product metrics : A metric used to measure the characteristic of the documentation &

code characteristic.What is Metrics ?

7/28/2019 What is Fuzz Testing

7/8

Metrics is a mathematical number that shows a relation ship between two variables.

Software metrics are measure that are used to quantify the software, softwaredevelopment resources & software development process.What is Testware ? How Testware Produced ?

As we know that hardware development engineers produce hardware, Software

development engineers produce software.

Similar to this, Software Test Engineers produce Testware.

Testware is produced by both verification and validation testing methods.Testware includes test cases, test plan, test report etc.

Testware also includes software written for testing.Do all testing projects need tester ?

This depends on the type of the project. For simple projects, developers can take care

testing activities also. But for medium & large projects, a separate tester is desired.What is considered successful testing ?

It is really difficult to have 100% successful testing. As human beings tend to makemistakes, we may miss some bugs. We may normally fix all visible bugs but difficult to

fix the invisible bugs.

So if bug rate falls below a certain level (normally defined at project level), then we may

consider it successful testing and stop further testing.What if there is not enough time for thorough testing ?

Most of the times, it's not possible to test the whole application within the specified time.

In such situations, Tester needs to use the commonsense and find out the risk factors inthe projects and concentrate on testing them.

Here are some points to be considered when you are in such a situation:

# What is the most important functionality of the project ?

# What is the high-risk module of the project ?

# Which functionality is most visible to the user ?# Which functionality has the largest safety impact ?

# Which functionality has the largest financial impact on users ?

# Which aspects of the application are most important to the customer ?# Which parts of the code are most complex, and thus most subject to errors ?

# Which parts of the application were developed in rush or panic mode ?

# What do the developers think are the highest-risk aspects of the application ?

# What kind of problems would cause the worst publicity ?# What kind of problems would cause the most customer service complaints ?

# What kind of tests could easily cover multiple functionalities ?

Considering these points, you can greatly reduce the risk of project release failure under

strict time constraints.What is the most important thing in testing ?

The most important thing in testing is to fulfill all the requirements of the client and

getting the client acceptance. Quality is one more important thing in testing.

7/28/2019 What is Fuzz Testing

8/8

3 C's are also very important :

# Correctness

# Completeness

# ComprehensivenessWhat is QA ? What is Testing ? Are both same ?

Quality Assurance (QA) is the activity of providing evidence needed to establish quality

in work, and that activities that require good quality are being performed effectively.

Software Testing is the process used to assess the quality of computer software.Software testing is an empirical technical investigation conducted to provide stakeholders

with information about the quality of the product or service under test, with respect to the

context in which it is intended to operate.

Software Testing is the process used to measure the quality of developed computer

software. Usually, quality is constrained to such topics as correctness, completeness,security, but can also include more technical requirements as described under the ISO

standard ISO 9126, such as capability, reliability, efficiency, portability, maintainability,

compatibility, and usability. Testing is a process of technical investigation, performed on

behalf of stakeholders, that is intended to reveal quality-related information about theproduct with respect to the context in which it is intended to operate. This includes, but is

not limited to, the process of executing a program or application with the intent of finding

errors. Quality is not an absolute; it is value to some person. With that in mind, testingcan never completely establish the correctness of arbitrary computer software; testing

furnishes a criticism or comparison that compares the state and behavior of the product

against a specification.

An important point is that Software Testing should be distinguished from the separatediscipline ofSoftware Quality Assurance (SQA), which encompasses all businessprocess areas, not just testing.

In short, QA and Testing are integral part of the system. Testing is one of the phases in

QA. In Testing, one deals with the detecting errors in behavior and structure of thecoding. QA ensures desired output of product meeting all the required specifications of

the project.