Chapter 1

Topics

 1. Introduction: Testing Definition,

 2. Initialization and termination of the testing process,
 3. Verification & Validation.
 4. Formal methods for analysis and verification.
 5. Boundary Value Analysis (Static Analysis )
 6. Software testing – myths
 7. Steps to conduct Testing, Quality Assurance, and Quality Control
Topics

 8. Audit and Inspection

 9. Testing and Debugging
 10. Software Testing Life Cycle (STLC)
 11. Testing types: Manual Testing and Automation Testing, P enetration
Testing, Vulnerability Testing 12. Software Testing Tools
Software Testing

 What is Software Testing?

 Software Testing is a process of evaluating the functionality of a software
application to find any software bugs.
 It checks whether the developed software met the specified
requirements and identifies any defect in the software in order to produce
a quality product.
 It is basically executing a system in order to identify any gaps, errors, or
missing requirements in contrary to the actual requirements.
Benefits

 Cost Effective
 Security
 Product Quality
 Customer Satisfaction
STLC
Types of Testing

 Manual  Automation
 Stryka  Selenium
 Bugzilla  TestingWhiz
 Jira  Ranorex
 Mantis  Sahi
 Trac  Waitir
 Redmine  WaitiN
 Fogbuz  Tosca TestSuite
 Lighthouse
What is Verification and Validation in
Software Testing?
 Verification: Verification is a static analysis technique. Here, testing is done
without executing the code. Examples include – reviews, inspection, and
walk through.

 Validation: Validation is a process of dynamic analysis where we perform

testing by executing the code. Examples include functional and non-
functional testing techniques.
V model
Software Testing Methods
 Black Box Testing
 White Box Testing
 Grey Box Testing
 Black Box Testing: It is a method of software testing in which the internal
structure/ design/ implementation of the item being tested is NOT known to
the tester.

 White Box Testing: It is a method of software testing in which the internal

structure/ design/ implementation of the item being tested is known to
the tester.

 Grey Box Testing: It is a testing technique performed with limited

information about the internal functionality of the system.
Software Testing levels

 Unit Testing
 Integration Testing
 System Testing
 Acceptance Testing
Software Testing Documentation Artifacts

 Test Plan
 Test Scenario
 Test Case
 Traceability Matrix
Test Scenario
 A Test Scenario is a statement describing the functionality of the application
to be tested. It is used for end-to-end testing of a feature and is generally
derived from the use cases.
test scenario

 test scenario – “Verify that the user is not able to login with incorrect
credentials”. Now, this test scenario can be further broken down into
multiple test cases like-
 Checking that a user with the correct username and incorrect password
should not be allowed to log in.
 Checking that a user with an incorrect username and correct password
should not be allowed to log in.
 Verifying that users with incorrect usernames and incorrect passwords
should not be allowed to log in.
Test Scenario Template

 A Test Scenario document can have the below fields-

 Module – The module or the component of the application.
 RequirementId – This field is optional and can be linked to the SRS.
 TestScenarioId – This field is the identifier of the test scenarios.
 Description – The description field describes the purpose of the test
scenario.
Who and When Write Test Scenarios?
 What is Test Scenario?
 Test Scenario is nothing but the function that can be tested. It is also called
Test Condition or Test Possibility. A single Test Scenario can cover one or
more Test Cases.
 Test Scenario is ‘What to be tested’ and Test Case is ‘How to be tested’.
 Typically, Testers are the ones who are responsible for creating Test
Scenarios. In case of some complex and critical applications like Banking
Softwares, Business Analysts or Test Leads provide the Test Scenarios to
Testers. But again depends, and vary from organization to organization.

 As, Test Scenarios tell us what needs to be tested, therefore always written
before test cases.
Steps to writing Test Scenarios:

 As a tester, you can follow these five steps to create a test scenario:

 Go through all the requirement documents available like BRD, SRS, and FSD
to understand the functionalities of the application to be tested.
 For each requirement, find out possible actions and goals of the user.
 List down all the possible functionalities/scenarios that need to consider for
each requirement. (Test Scenarios Template is provided to download)
 Once all possible test scenarios are listed, create a Traceability Matrix to
ensure that all requirements have a corresponding test scenario.
 Review the Test Scenario document and Traceability Matrix with Test Lead
/ Business Analyst
Test Case

 A test case is a set of conditions for evaluating a particular feature of a

software product. Basically test cases help in determining the compliance
of an application with its business requirements.
Test Scenario Vs Test Cases
Test Scenario
Test Cases
Quality

 What is Quality?
 Quality is meeting the requirement, expectation, and needs of the
customer is free from the defects, lacks and substantial variants.
 There are standards needs to follow to satisfy the customer requirements.
What is Assurance?

 Assurance is provided by organization management, it means giving a

positive declaration on a product which obtains confidence for the
outcome. It gives a security that the product will work without any glitches
as per the expectations or requests.
What is Quality Assurance?

 Quality Assurance is known as QA and focuses on preventing defect.

Quality Assurance ensures that the approaches, techniques, methods and
processes are designed for the projects are implemented correctly.
 Quality assurance activities monitor and verify that the processes used to
manage and create the deliverables have been followed and are
operative.
 Quality Assurance is a proactive process and is Prevention in nature. It
recognizes flaws in the process. Quality Assurance has to complete before
Quality Control.
What is Control?
 Control is to test or verify actual results by comparing it with the defined
standards.
 Quality Control is known as QC and focuses on identifying a defect.
 QC ensures that the approaches, techniques, methods and processes are
designed in the project are following correctly.
 QC activities monitor and verify that the project deliverables meet the
defined quality standards.
 Quality Control is a reactive process and is detection in nature. It
recognizes the defects. Quality Control has to complete after Quality
Assurance.
Testing and Debugging
 Software testing is a process of identifying defects in the software product. It
is performed to validate the behavior of the software or the application
compared to requirements.

 Debugging is the action where the development team or a developer

implements after receiving the test report related to the bugs in the
software from the testing team.
 In the software development process, debugging includes detecting and
modifying code errors in a software program.
Software testing – myths
Types of
Myths

Customer
Myths

Management
Myths

Practitioners
myths
Management Myths:

 We have all the standards and procedures available for software

development
 The addition of the latest hardware programs will improve the software
development
 With the addition of more people and program planners to Software
development can help meet project deadlines (If lagging behind)
Customers Myths:

 A general statement of intent is enough to start writing plans (software

development) and details of objectives can be done over time.
 Software requirements continually change, but change can be easily
accommodated because software is flexible
Practitioner’s Myths:

 They believe that their work has been completed with the writing of the
plan
 There is no other way to achieve system quality, until it is “running”.
 An operating system is the only product that can be successfully exported
project.
 Engineering software will enable us to build powerful and unnecessary
document & always delay us.
Boundary Value Analysis (Static Analysis )

 Boundary Value Analysis is based on testing the boundary values of valid

and invalid partitions. The behavior at the edge of the equivalence
partition is more likely to be incorrect than the behavior within the partition,
so boundaries are an area where testing is likely to yield defects.
 It checks for the input values near the boundary that have a higher chance
of error. Every partition has its maximum and minimum values and these
maximum and minimum values are the boundary values of a partition.
Boundary Value Analysis (Static Analysis )

 A boundary value for a valid partition is a valid boundary value.

 A boundary value for an invalid partition is an invalid boundary value.
 For each variable we check-
 Minimum value.
 Just above the minimum.
 Nominal Value.
 Just below Max value.
 Max value.
Limitation of Boundary Value Analysis:

 It works well when the product is under test.

 It cannot consider the nature of the functional dependencies of variables.
 BVA is quite rudimentary.
 Testing in Software Engineering

 As per ANSI/IEEE 1059, Testing in Software Engineering is a process of

evaluating a software product to find whether the current software product
meets the required conditions or not.
 The testing process involves evaluating the features of the software product
for requirements in terms of any missing requirements, bugs or errors,
security, reliability and performance.
Types of Software Testing
 Here are the software testing types:
 Typically Testing is classified into three categories.
 Functional Testing
 Non-Functional Testing or Performance Testing
 Maintenance (Regression and Maintenance)
Testing Category Types of Testing

•Unit Testing
•Integration Testing
•Smoke
•UAT ( User Acceptance Testing)
Functional Testing
•Localization
•Globalization
•Interoperability
•So on

•Performance
•Endurance
•Load
Non-Functional Testing •Volume
•Scalability
•Usability
•So on

•Regression
Maintenance
•Maintenance
Penetration Testing

• 1. Introduction: Penetration Testing

• 2. Initialization Steps of Penetration Testing Method
• 3. and termination of the testing process,
• 4. Penetration Testing Vs. Vulnerability
• 5. Types of Penetration Testing
• https://www.softwaretestinghelp.com/penetration-testing-guide/
• Identifying security vulnerabilities in an application
• The weak points of a system are exploited in this process through an
authorized simulated attack.
• secure important data from outsiders like hackers who can have
unauthorized access to the system.
• Once the vulnerability is identified, it is used to exploit the system to
gain access to sensitive information.
• A penetration test is also known as a pen test and a penetration
tester is also referred to as an ethical hacker.
What Is Penetration Testing?

• We can figure out the vulnerabilities of a computer system, a web

application or a network through penetration testing.
• A penetration test will tell whether the existing defensive measures
employed on the system are strong enough to prevent any security
breaches. Penetration test reports also suggest countermeasures
which can be taken to reduce the risk of the system being hacked.
Causes of Vulnerability

• Design and Development Errors

• Poor System Configuration
• Human errors
• Connectivity
• Complexity
• Weak Passwords
• User Input
• Management
• Lack of training to staff
Penetration testing phases
Penetration Testing Tools and Companies

• Automated tools can be used to identify some standard

vulnerabilities present in an application.
• Pentest tools scan code to check if there is malicious code present
which can lead to a potential security breach.
• Pentest tools can verify security loopholes present in the system by
examining data encryption techniques and figuring out hard-coded
values like usernames and passwords.
Criteria for selecting the best penetration tool:
• It should be easy to deploy, configure and use.
• It should scan your system easily.
• It should categorize vulnerabilities based on severity that need an
immediate fix.
• It should be able to automate the verification of vulnerabilities.
• It should re-verify the exploits found previously.
• It should generate detailed vulnerability reports and logs.
• Once you know what tests you need to perform you can either train your
internal test resources or hire expert consultants to do the penetration task
for you.
Open source tools for Pen testing
• Nmap
• Nessus
• Metasploit
• Wireshark
• OpenSSL
• Burpsuite
Penetration Testing Types

• Social Engineering Test

• Web Application Test
• Physical Penetration Test
• Network Services Test
• Client-side Test
• Remote dial-up war dial
• Wireless Security Test
Comparison
• Black Box Penetration Testing: In this approach, the tester assesses the
target system, network or process without the knowledge of its details.
They just have a very high level of inputs like URL or company name using
which they penetrate the target environment. No code is being examined
in this method.
• White Box Penetration Testing: In this approach, the tester is equipped
with complete details about the target environment – Systems, network,
OS, IP address, source code, schema, etc. It examines the code and finds
out design & development errors. It is a simulation of an internal security
attack.
• Grey Box Penetration Testing: In this approach, the tester has limited
details about the target environment. It is a simulation of external security
attacks.
Social Engineering Test

• Social engineering penetration testing is the technique of

conducting common social engineering scams on workers of a
company in order to determine the organization’s level of weakness
to that sort of exploit.
• What is social engineering penetration testing? (linkedin.com)
• Ex. Phishing attacks. Testers may send an email purporting to be from
someone in management, requesting that the employee open an
unexpected attachment, submit sensitive information, or visit an
unauthorized website.
Web application penetration testing
• Web application penetration testing is a process by which Cyber
Security Experts simulate a real-life cyber-attack against web
applications, websites, or web services to identify probable threats.
• This is done in a bid to determine the current vulnerabilities that
would be easily exploitable by cybercriminals. Within an
organisation, web servers available locally or on the cloud are at
high risk of a potential attack from malicious sources.
• With penetration testing, Cyber Security Experts conduct a series of
simulated attacks that replicate actual unauthorised cyber-attacks,
check the vulnerability’s extent, and identify loopholes and the
efficacy of overall application security posture of the organisation.
• Web Application Penetration Testing: Steps, Methods, and Tools
(securetriad.io)
Physical Penetration Test

• A physical penetration test assesses all physical security controls,

including locks, fences, security guards, cameras, and other security
measures.
• During a physical penetration test, attempts to thwart these controls
to gain physical access to restricted areas, identify sensitive data, and
gain an entry to a network.
• While many businesses do an excellent job of protecting their
network and applications against the threat of a virtual cyber-attack,
many organizations don't consider the risk associated with a possible
physical attack on their locations.
Benefits of physical pen testing
• Expose weak physical barriers
• Understand the risks
Network Services Test
• Network penetration testing is the process of simulating a hacker-
style attack on your network assets to detect and exploit security
misconfiguration, network vulnerabilities, and threats like open ports,
vulnerable devices, or outdated software running on the network.
• The goal of a network pentest is to detect security vulnerabilities in a
network and help the target organization strengthen its defenses
against cyber threats
What is the Purpose of Network Pentest?

• 1. Protect your data

• 2. Ensuring overall security
• 3. Compliance requirements
• 4. Continued maintenance
Chapter 3
• Vulnerability Assessment
• 1. Types of Vulnerability Assessments
• 2. Network-based scans
• 3. Host-based scans
• 4. Wireless network scans
• 5. Application Scans
• 6. Database Scans
Vulnerability scanning or vulnerability
assessment
• It is a way of identifying the gaps in the security of your website,
application, or network.
• The process is meant to find common, publicly recognized
vulnerabilities in your system before the hackers do the same and
exploit those vulnerabilities.
Types of Vulnerability Scanning
1. Host-based vulnerability scanning
• As you may be aware, a host is a device on a TCP/IP network that
connects with other devices, sends and receives data.
• It has the ability to provide access to a network through a user
interface, specialized software, among other means.
• In the open systems interconnection model, the host communicates
with other hosts with transport layers protocols.
• For companies with a website, the host is a web server that stores
and transmits data. If the company uses cloud hosting, then multiple
servers located at different locations are responsible for the
functionality of their website.
• Similarly, there are other virtual hosts and remote hosts.
What is host-based security?

• Host-based security refers to the creation of a perimeter around each

user workstation, server, or other network hosts, that interact with
the IT network.
• It means installing firewalls and intrusion prevention systems and
patching up software on a regular basis to avoid vulnerabilities.
• host-based security not only prevents a host from being infected but
also ensures that if a host is infected, it doesn’t spread the infection
across the neighboring hosts.
What is host-based vulnerability scanning?

• Host-based vulnerability scanning is the process of scanning a

network host for security loopholes. A scan of this kind can reveal
• The history of security patches in said host
• Vulnerabilities incurred through outdated patches
• The damage that can be caused by the detected vulnerabilities
• The level of access a hacker can gain by infecting the said host
• Possible ways of mitigating the situation.
Network Scanning

• This is one of the most vital among all the vulnerability scanning
types. Network vulnerability scanning is the process of identifying the
security vulnerabilities in an organization’s network infrastructure.
• What does network vulnerability scanning entail?
• It Identifies all systems and devices operating in your network
infrastructure
• Then it determines how the different devices and systems are connected
• After preparing an inventory of all the devices and systems under
consideration, the scanner analyzes the said assets to detect common
vulnerabilities.
• Then it scans for exploitable ports and services
• It identifies the weak passwords and authentication errors
3. Database vulnerability scanning
• The ultimate goal of most malicious actors is to get access to the
database where you store all sensitive information.
• Hence, the importance of securing databases is immense.
• Database security involves multiple measures taken to ensure
confidentiality, integrity, and availability of databases along with the
database management systems.
• A hacked database can be devastating for a business as it impacts
business continuity, brand value, finances, intellectual property, and
may incur fines and penalties.
What is a database vulnerability scanner?

• A database vulnerability scanner is a tool specially designed for

scanning your database for vulnerabilities like faulty security
configuration, and lack of encryption.
• Database vulnerability scanning helps you evaluate the overall data
security health of your organization, detect vulnerabilities, and
mitigate them before they are exploited by hackers.
4. Cloud vulnerability scanning
• The process of scanning a cloud deployment for common vulnerabilities is
called cloud vulnerability scanning.
• Cloud vulnerability scanning is a part of the holistic cloud security strategy
that can be implemented to monitor, manage, and improve the overall
security of cloud infrastructure.
• What are some cloud-related vulnerabilities?
• Server misconfigurations such as misconfigured S3 buckets are one of the
most common cloud vulnerabilities.
• Using weak passwords can expose your cloud accounts to brute force
attacks.
• SQLi, XSS, and CSRF bugs are quite common in cloud-based applications,
and they can be exploited easily by hackers.
• Running outdated, unpatched software on your cloud platform can
compromise the cloud services.
5. Application Vulnerability Assessment
• Application vulnerability scanning is one of the most widely used
vulnerability scanning types. It involves scanning your web apps and
mobile apps for security vulnerabilities.
• Both web applications and mobile applications are updated with new
features on a regular basis.
• New vulnerabilities may creep in with each new code update. That
aside, an application needs various external components like themes
and plugins to function properly.
• These external components may also incur exploitable vulnerabilities.
• It is essential to incorporate a security regime in your application
development lifecycle and an application vulnerability scanner plays a
vital role in it.
Application vulnerability assessment helps you
assess –
• The current state of security of your application
• The existing vulnerabilities and the risk posed by them
• The amount of potential damage caused by the vulnerabilities.
What is authenticated and unauthenticated
vulnerability scanning?
• In the case of an authenticated scan, the scanner is configured with
credentials to conduct the scan on the privilege level granted to
authenticated users.
• In simpler terms, the authenticated vulnerability scanner can scan
behind the logged-in pages. We can also call it an internal
vulnerability scan.
• An unauthenticated scanner scans for perimeter threats from the
point of view of an outsider as it does not have privileged access. This
is also called an external vulnerability scan.
Defect Tracking
Introduction to the Defect Life Cycle
• A Defect, in simple terms, is a flaw or an error in an application that is
restricting the normal flow of an application by mismatching the
expected behavior of an application with the actual one.
• The defect occurs when any mistake is made by a developer during
the designing or building of an application and when this flaw is found
by a tester, it is termed as a defect.
Introduction to the Defect Life Cycle
• It is the responsibility of a tester to do thorough testing of an
application to find as many defects as possible to ensure that a
quality product will reach the customer.
Defect Life Cycle
• The Defect Life Cycle, also known as the Bug Life Cycle, is a cycle of
defects from which it goes through covering the different states in its
entire life.
• This starts as soon as any new defect is found by a tester and comes
to an end when a tester closes that defect assuring that it won’t get
reproduced again.
Defect Workflow
Defect States

• #1) New: This is the first state of a defect in the Defect Life Cycle.
When any new defect is found, it falls in a ‘New’ state, and validations
& testing are performed on this defect in the later stages of the
Defect Life Cycle.
• #2) Assigned: In this stage, a newly created defect is assigned to the
development team to work on the defect. This is assigned by the
project lead or the manager of the testing team to a developer.
• #3) Open: Here, the developer starts the process of analyzing the
defect and works on fixing it, if required.
• Duplicate, Deferred, Rejected, or Not a Bug
• #4) Fixed: When the developer finishes the task of fixing a defect by making the
required changes then he can mark the status of the defect as “Fixed”.
• #5) Pending Retest: After fixing the defect, the developer assigns the defect to
the tester to retest the defect at their end, and until the tester works on retesting
the defect, the state of the defect remains in “Pending Retest”.
• #6) Retest: At this point, the tester starts the task of retesting the defect to verify
if the defect is fixed accurately by the developer as per the requirements or not.
• #7) Reopen: If any issue persists in the defect, then it will be assigned to the
developer again for testing and the status of the defect gets changed to ‘Reopen’.
• #8) Verified: If the tester does not find any issue in the defect after being
assigned to the developer for retesting and he feels that if the defect has been
fixed accurately then the status of the defect gets assigned to ‘Verified’.
• #9) Closed: When the defect does not exist any longer, then the tester changes
the status of the defect to “Closed”.
Deferred
• Rejected: If the defect is not considered a genuine defect by the
developer then it is marked as “Rejected” by the developer.
• Duplicate: If the developer finds the defect as same as any other
defect or if the concept of the defect matches any other defect then
the status of the defect is changed to ‘Duplicate’ by the developer.
• Deferred: If the developer feels that the defect is not of very
important priority and it can get fixed in the next releases or so in
such a case, he can change the status of the defect as ‘Deferred’.
• Not a Bug: If the defect does not have an impact on the functionality
of the application, then the status of the defect gets changed to “Not
a Bug”.
Guidelines for Implementing a Defect Life Cycle
• It is very important that before starting to work on the Defect Life Cycle, the
whole team clearly understands the different states of a defect (discussed above).
• Defect Life Cycle should be properly documented to avoid any confusion in the
future.
• Make sure that each individual who has been assigned any task related to the
Defect Life Cycle should understand his/her responsibility very clearly for better
results.
• Each individual who is changing the status of a defect should be properly aware
of that status and should provide enough details about the status and the reason
for putting that status so that everyone who is working on that particular defect
can understand the reason of such a status of a defect very easily.
• The defect tracking tool should be handled with care to maintain consistency
among the defects and thus, in the workflow of the Defect Life Cycle.
• Error – Bug – Defect –fault – failure
Severity and Priority in testing

• Severity and Priority in Software Testing Examples ❤ 2022

(softwaretestingo.com)
• Severity
• It is an indicator of the impact of the defect on the software. For
example, let us assume you have a web application where the user
clicks on a rarely used link and it crashes. Then, the defect is said to
be having high severity even though the chances of the user clicking
on the link are rare.
Different Severity Levels
• Critical: If a defect causes the termination or complete shut-down of the
application, then it is “Critical”.
• Major: If the defect results in the termination of the system but there exist
one or more alternative methods to achieve the desired results or use the
system, then the defect is said to have the level “Major”.
• Moderate: The bug will be marked as “Moderate” when the defect in the
system does not cause the program to terminate but produces results that
are not correct or inconsistent.
• Minor: A defect is marked as “Minor” when the usability or functionality of
the system is not affected much but must be fixed. The results are obtained
by small corrections and there is no breakdown of the system caused by
the defect.
• Cosmetic: Defects that are related to the look and feel of the system are
given the severity “Cosmetic”.
Different Severity Levels
• Critical: If a defect causes the termination or complete shut-down of the
application, then it is “Critical”.
• Major: If the defect results in the termination of the system but there exist
one or more alternative methods to achieve the desired results or use the
system, then the defect is said to have the level “Major”.
• Moderate: The bug will be marked as “Moderate” when the defect in the
system does not cause the program to terminate but produces results that
are not correct or inconsistent.
• Minor: A defect is marked as “Minor” when the usability or functionality of
the system is not affected much but must be fixed. The results are
obtained by small corrections and there is no breakdown of the system
caused by the defect.
• Cosmetic: Defects that are related to the look and feel of the system are
given the severity “Cosmetic”.
What is Priority?

• Priority is considered from the customer’s point of view.

• Priority indicates how soon the defect needs to be fixed by the
developer.
• Priority is set by the product manager/customer and it determines
the time frame given to the developer to fix the bug.
Different Levels of Priority

• Low: A defect that can be deferred or fixed in the later stages once the
higher priority ones are fixed, as it is not serious from the requirement
point of view is of low priority.
• Medium: A defect that needs to be fixed during the normal course of
development activity is given the status as “Medium”. Such defects occur
when a particular feature cannot be used the way it should be because of
some environmental issue, defect in the program, or some code that has
to be added. Usually, these defects are fixed and delivered to the testing
team as a part of a new release.
• High: Those defects that need to be fixed as soon as possible so that the
testing team can continue with the testing are said to be of high priority.
The core functionality fails as a result of such defects and the system
cannot be tested or used until the defect is fixed.
Who decides the Severity and Priority of a Defect?

• The organization decides the standards regarding who sets the

priority and severity of a defect. However, in most cases, the severity
type of a defect is set by the tester based on the product functionality
and the written test cases. The priority is decided by the product
manager based on customer requirements.
Common scenarios related to Severity and Priority
• Consider a defect that does not permit the tester to continue with
the testing at any cost or causes the application to crash. Even the
basic/main functionality does not work as expected. Such a defect is
considered a High Priority with High Severity.
• A defect that is visible to the customer but is not likely to affect the
functionality of the app as an issue with the logo or a spelling mistake
is considered a High Priority defect with Low Severity.
• A defect that causes the system to crash and makes the system
unusable but happens only when the user clicks on any link
that is not used normally are considered as defects with High Severity
but Low Priority.
• A cosmetic error that is not visible during normal use is considered as
a Low Priority defect with Low Severity.
Example of High Severity and Low Priority

• Suppose the tester clicks on the “Privacy Notice” hyperlink at the

bottom of the amazon.com homepage and the page is not displayed.
This defect will be of high severity because the functionality is not
working. The priority is low because people do not normally spend
time reading the privacy notice.
• For example: having multiple flows of one task but one of that which
is rarely used, is not working.
High Severity and High Priority

• You log in to your amazon.com account, add items to the cart and
click the “Proceed to Checkout” button. You make the payment and
the system crashes. This defect makes the whole buying functionality
unusable and so the severity is high.
• The basic purpose of amazon.com is to buy and sell products and
most of the customers are affected by this. So, this defect is of high
priority which must be fixed immediately for the buying process to
work.
Low Severity and High Priority

• Suppose, that in the amazon.com website, the logo is displayed as

”amazn.com” with the letter “o” missing. This defect does not affect
the buying/selling or any other functionality in any way.
• So, the severity of this defect is low. But, a mistake in the company
logo affects the brand identity and impacts the user experience. So,
the defect is of high priority.
Low Severity and Low Priority

• Suppose the tester clicks on the “Conditions of Use” hyperlink at the

bottom of the amazon.com homepage. If there is an alignment issue
in the text displayed or if there is a spelling mistake in the content
displayed, the defect is said to be of low priority because people
rarely read this page and it does not impact the user experience. The
severity is also low because the functionality of the application is not
affected.
Defect in Software Testing
• The bug announced by the programmer and inside the code is called a
• In other words, we can say that when the application is not working as per
the requirement is knows as defects.
• It is specified as the irregularity from the actual and expected result of the
application or software.
• The Defect is the difference between the actual outcomes and expected
outputs.
• The Test engineercan identify the defect, and it was fixed by the developer
in the development phase of the software development life cycle.
• When a test engineer tests a piece of code, he/she comes across
differences in expected output to the existing output, which is known as
a defect. And the substitute of defect can be further known as issues, bugs,
and incidentsin software testing.
What is Defect Management Process?

• The defect management process is the core of software testing.

• Once the defects have been identified, the most significant activity
for any organization is to manage the flaws, not only for the testing
team but also for everyone involved in the software development or
project management process.
Various Stages of Defect Management Process
• Defect Prevention
• Deliverable Baseline
• Defect Discovery
• Defect Resolution
• Process Improvement
• Management Reporting
Software Testing Tools
Chapter 6
Test Management Tool
• Test management tools are used to keep track of all the testing
activity, fast data analysis, manage manual and automation test cases,
and various environments, and plan and maintain manual testing as
well.
• The test management tool is connected with the automation
software. These types of tools had various strategies for testing and
multiple sets of features. Some of the test management tools had
capabilities to design the test case with the help of requirements.
• It is best for test managing, scheduling, defect logging, tracking, and
analysis.
• Some of the most commonly used test management tools are as
follows:
Defect/Bug tracking tool

• We have various types of bug tracking tools available in software testing

that helps us to track the bug, which is related to the software or the
application.
• Some of the most commonly used bug tracking tools are as follows:
• Jira
• Bugzilla
• BugNet
• Redmine
• Mantis
• Trac
• Backlog
Automation testing tool

• The automation testing is used to change the manual test cases into a test script
with the help of some automation tools.
• We have various types of automation testing tools available in the market. Some
of the most commonly used automation testing tools are as follows:
• Selenium
• Watir
• QTP
• Telerik Studio
• Testim
• Applitools
Performance testing tools (Load testing tools)

• When we have to measure the load, stability, response time of the application, we
required some performance (load) testing tools, which help us to test the performance
of the software or an application. Performance testing tools can be open-source and
commercial.
• We have various types of performance testing tools available in the market; some of the
most used performance (load) testing tools are as follows:
• Apache JMeter
• LoadRunner[HP]
• LoadNinja
• WebLOAD
• LoadComplete
• NeoLoad
• LoadView
Cross-browser testing tools

• When we have to test our application on multiple browsers, we need

cross-browser testing tools. These tools will help us to ensure that our
web application is working fine across the various browsers. This tool
will take place when both server-side and client-side are accessing the
web application in multiple web browsers.
• With the help of these tools, we can perform compatibility testing
through various browsers for our application. Sometimes, testing a
software in a single web browser is not enough; that's why we need
the cross browsers testing tools.
• We have various cross-browser testing tools available in the market.
Cross browser
• LambdaTest
• Sauce Labs
• CrossBrowser Testing
• BrowserStack
• GhostLab
• Browsera
Mobile Testing Tools
• To test the mobile application, we need these types of tools, which help us to
check the usability, functionality, security, and consistency of the application. In
the current scenarios, the mobile applications are widely used over the android
and iOS platforms, which enhances the client's reliability towards the
applications.
• So, here we will understand some of the best tools of mobile testing, which are as
follows:
• Appium
• Calabash
• Testdroid
• Kobiton
• TestComplete
• TestingBo
GUI testing tools

• GUI (Graphical User Interface) testing tool is used to find the defects that
happened in the design phase, which enhance the quality of the software.
With the help of these tools, we can identify the loopholes quickly rather
than performing GUI testing manually. We will test the application based
on application performance, which is related to mouse and keyboard
actions, and some of the GUI items like buttons, toolbars, Dialog boxes,
Menu bars, and the edit fields.
• Following are some essential strategies that we can perform under GUI
testing:
• Navigation validation, verify the check screens, data integrity validation,
verification of usability situations, and also check the numeric, date field
formats.
• Some of the following GUI testing tools are as follows:
GUI testing tools

• Eggplant
• AutoIT
• Ranorex Studio
• Squish
• RIATest
•
Penetration Testing Tools

• Computer programs used to search for cyber vulnerabilities are

penetration testing techniques.
• Some specific advantages are given by each application on this list. A
simple comparison allows you to decide if the program is the right
option for your organization. Let's explore to find the latest choices
for security apps on the market.
Penetration Testing Tools

• Wireshark
• Netsparkar
• Metasploit
• Aircrack
• Burp Suite Pen Tester
• Kali Linux
• Burp Suite Pen Tester