KEMBAR78
Unit-5 System Testing | PDF | Software Testing | Security
0% found this document useful (0 votes)
22 views89 pages

Unit-5 System Testing

Uploaded by

om patel
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PPTX, PDF, TXT or read online on Scribd
0% found this document useful (0 votes)
22 views89 pages

Unit-5 System Testing

Uploaded by

om patel
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PPTX, PDF, TXT or read online on Scribd
You are on page 1/ 89

Unit-5 System Testing

Dr. Jigna Solanky


What is System Testing?
 System Testing is a type of software testing that involves verifying the complete
and integrated software system.
 Checking the end-to-end flow of an application or software as a user is known as
system testing.
 It is the final phase of testing, where the entire system is tested against the
requirements to ensure it functions as expected.
 It also tests for non-functional requirements like performance, security, reliability,
stress, load, etc.
 The goal is to validate the system's compliance with the specified requirements.
 In this testing only focus on the required input and output without focusing on
internal working.
 A team of the testing persons does the system testing under the supervision of a test
team leader and also review all associated documents and manuals of the software.
Why to perform System Testing?

 Validation of Complete System Functionality:


 End-to-End Testing: It validates the integrated components of a system and
checks that they work together as expected.
 This ensures that the system’s overall functionality meets the requirements
specified in the project documentation.
 Integration of Modules: System testing ensures that when various modules
are integrated, they communicate and function correctly without causing new
issues.
Why to perform System Testing?
 Verification of Requirements:
 Requirement Compliance: It checks whether the system conforms to the
functional and non-functional requirements specified by the stakeholders. This
is essential for delivering a product that meets the needs of the end-users.
 Identifying Gaps Early: By testing the system as a whole, system testing
helps in identifying any missing or incorrect functionality that may have been
overlooked during the requirements or design phases.
 Detection of Bugs in a Realistic Environment:
• Complex Interactions: Bugs that arise from the interactions between
components may not be evident during unit or integration testing. System
testing simulates the actual production environment to detect these issues.
• Holistic View: Since system testing deals with the entire application, it helps
uncover defects that affect the overall system's functionality, performance,
and reliability.
Why to perform System Testing?
 Ensuring Quality and Reliability:
• User Satisfaction: System testing ensures the system behaves as intended
and is ready for deployment, resulting in a reliable product. It helps avoid user
frustration and reduces the risk of post-deployment defects.
• Non-Functional Requirements: In addition to functionality, system testing
checks non-functional aspects like performance, security, usability, and
scalability, which are critical for a quality product.
 Risk Reduction:
• Minimizing Post-release Failures: By thoroughly testing the system in a
controlled environment, system testing reduces the likelihood of serious
issues arising after the system is deployed. This prevents costly and time-
consuming fixes in the production environment.
• Stability Check: It ensures that the system remains stable under real-world
conditions, such as high user load, network issues, or hardware failures.
Why to perform System Testing?
 Performance Evaluation:
• System Performance: Through load, stress, and performance testing,
system testing evaluates how the system behaves under different conditions,
helping to optimize resource usage and ensure good performance under
various workloads.

 Compliance with Standards:


• Adherence to Industry Standards: System testing verifies that the system
complies with industry standards, regulatory requirements, and security
protocols. This is particularly important for industries like healthcare, finance,
and government, where compliance is crucial.

 User Acceptance Testing (UAT) Preparation:


• Preparation for UAT: System testing is often a precursor to user acceptance
testing. It ensures that the system is stable and functional enough for end-
users to begin their testing, helping to streamline the UAT process.
Characteristics of system testing
 It is the first testing, that carries out the task of testing the software or system,
as a whole.
 Evaluates the functioning of the system, as per the pre-decided functional
requirement.
 It verifies and validates the business requirements and software's architecture.
 It may include, both functional and non-functional testing.
 Reduces the troubleshooting and maintenance issue, after deployment.
 Demands dedicated team of testers, independent of development team.
Prerequisites of System Testing
 Team should make sure the software is unit tested.
 Integration testing should already be implemented on the product.
 The software should be developed completely.
 Before implementing the process of system testing the team should ensure that
the testing environment is ready.
Types of System Testing
1. Functional Testing
2. Non Functional Testing
Functional Testing
 Functional testing verifies that the system’s functions work according to the specified
requirements.
 It focuses on testing the system’s inputs and outputs, without considering the internal
code structure.
 Functional testing also known as black box testing.
 This testing is not concerned about the source code of the application.
 The purpose of Functional tests is to test each function of the software application, by
providing appropriate input, verifying the output against the Functional requirements.
 This testing focuses on checking of user interface, APIs, database, security, client or
server application and functionality of the Application Under Test.
Non-functional Testing
 Non functional testing is a type of software testing that verifies non functional
aspects of the product, such as performance, stability, and usability.
 Whereas functional testing verifies whether or not the product does what it is
supposed to, non functional testing verifies how well the product performs.
Functional Testing Technique
1) Boundary value analysis
2) Equivalence class testing
3) Decision table based testing
4) Cause-effect graphing technique
Boundary Value Analysis

 Boundary Value Analysis (BVA) is a software testing technique that


focuses on testing the boundary values or edge cases of input domains.
 It is based on the idea that errors are more likely to occur at the
boundaries of input ranges rather than in the middle.
 Testers select values that are at the lower, upper, and just inside and
outside the boundary limits to ensure the system behaves correctly
when handling edge cases.
Key Concepts in Boundary Value
Analysis:
 Boundary Values:
 The minimum, maximum, just below the minimum, just above the maximum,
and sometimes values in between the extremes.
 Typical Boundaries:
 Lower Bound (min)
 Lower Bound + 1
 Upper Bound – 1
 Upper Bound (max)
Example

 Age Validation for Voting Eligibility


 Voting system allows individuals to vote if they are between 18 and 60 years
of age, inclusive.
 Lower Bound:
 Minimum valid age = 18
 Boundary values to test: 17 (just below the lower bound),
 18 (on the boundary)

 Upper Bound:
 Maximum valid age = 60
 Boundary values to test: 60 (on the boundary),
 61 (just above the upper bound)
Equivalence Class Testing

 Equivalence Class Testing (also known as Equivalence Partitioning) is


a software testing technique that divides input data into partitions or
groups where test cases are designed to cover each partition at least
once.

 The idea is that all values within an equivalence class should be treated
the same by the system, so testing just one value from the class should
be enough to verify the system’s behavior for the entire class.
Key Concepts

 Equivalence Class:
 A set of input values that are treated the same way by the system.
 Valid Class:
 A range of input values that are expected to be accepted by the system.
 Invalid Class:
 A range of input values that are expected to be rejected or handled as errors
by the system.
Steps in Equivalence Class Testing:

 Identify input conditions (ranges, categories, or specific values).


 Divide input data into equivalence classes—both valid and invalid.
 Select representative values from each equivalence class.
 Design test cases using values from each class.
Example: Password Validation System

 System that requires users to create a password according to the


following rules:
• Password length must be between 8 and 12 characters.
• Password must contain only alphanumeric characters.
• Password cannot contain any spaces.
Cont..
 For this scenario, the equivalence classes could be divided as follows:
 Valid Equivalence Class:
 Passwords with a length between 8 and 12 characters and containing only
alphanumeric characters.
 Example: Test1234
 Invalid Equivalence Classes:
 Class 1: Passwords with fewer than 8 characters.
 Example: Test1
 Class 2: Passwords with more than 12 characters.
 Example: TestPassword1234
 Class 3: Passwords containing special characters or spaces.
 Example: Test@123 or Test 123
Test Cases Based on Equivalence
Classes:
 Test Case 1 (Valid Class) :
 Input: Test1234
 Expected Outcome: Password is accepted (valid).
 Test Case 2 (Invalid Class 1):
 Input: Test1 (Password with fewer than 8 characters)
 Expected Outcome: Password is rejected (invalid).
 Test Case 3 (Invalid Class 2):
 Input: TestPassword1234 (Password with more than 12 characters)
 Expected Outcome: Password is rejected (invalid).
Cont..

 Test Case 4 (Invalid Class 3):


 Input: Test@123 (Password with special characters)
 Expected Outcome: Password is rejected (invalid).

 Test Case 5 (Invalid Class 3):


 Input: Test 123 (Password with spaces)
 Expected Outcome: Password is rejected (invalid).
Benefits of Equivalence Class Testing

 Reduces Redundancy:
 Instead of testing all possible inputs, testers only need to check one value
from each class, significantly reducing the number of test cases.
 Better Coverage:
 Ensures that all classes of input are tested, both valid and invalid.
 Improves Efficiency:
 Helps testers focus on critical input variations, improving the testing process's
efficiency.
Decision Table based Testing

 Decision Table Testing is a black-box testing technique used to deal


with complex business logic or scenarios involving multiple conditions
and actions.
 It systematically represents combinations of inputs (conditions) and
their corresponding outputs (actions) in a tabular format, helping to
ensure all possible combinations are considered.
Key Concepts in Decision Table
Testing
 Conditions:
 These are the inputs or factors that determine the actions to be taken.

 Actions:
 These are the outcomes or results based on the conditions.

 Rules:
 These represent the combination of conditions that lead to a specific action.
When to Use Decision Table Testing?

 When you need to test different combinations of conditions leading to


different actions.

 When you need to ensure that all possible combinations of inputs are
covered.
Steps in Decision Table Testing

 Identify all the input conditions that can affect the system’s behavior.
 Identify the corresponding actions for each set of conditions.
 Create a decision table where each column represents a unique
combination of conditions.
 Identify test cases that cover all the rules from the table.
Example: Loan Approval System

 Loan approval system works based on three conditions:


1. Credit Score: High or Low
2. Income Level: High or Low
3. Employment Status: Employed or Unemployed

 The business rules for approving or rejecting a loan might be:


• If the credit score is high and income is high, the loan is approved.
• If the credit score is low and income is high, the loan is conditionally approved
if employed.
• If the credit score is low and income is low, the loan is rejected.
• If unemployed, the loan is rejected regardless of the other conditions.
Decision Table

Credit Score Income Level Employment Loan Decision


Status
High High Employed Approve
Conditionally
Low High Employed
Approve
Low Low Employed Reject
Conditionally
High Low Employed
Approve
High High Unemployed Reject
Low Low Unemployed Reject
Test Cases Based on Decision Table

 Test Case 1: High credit score, high income, employed → Loan should be
approved.
 Test Case 2: Low credit score, high income, employed → Loan should be
conditionally approved.
 Test Case 3: Low credit score, low income, employed → Loan should be
rejected.
 Test Case 4: High credit score, low income, employed → Loan should be
conditionally approved.
 Test Case 5: High credit score, high income, unemployed → Loan should
be rejected.
 Test Case 6: Low credit score, low income, unemployed → Loan should be
rejected.
Benefits of Decision Table Testing

 Comprehensive Coverage:
 Ensures that all possible combinations of inputs are considered, helping to
prevent missing out on edge cases.
 Structured Approach:
 Organizes complex business rules into a clear, manageable structure, making
it easier to understand the relationships between inputs and outputs.
 Effective for Complex Logic:
 Particularly useful when there are multiple conditions leading to different
actions, as it helps systematically check each possibility.
Cause Effect Graphing Technique

 Cause-Effect Graphing is a black-box testing technique used to


identify the causes (inputs) and their effects (outputs) in a system and
to model the relationship between them.

 This method helps in designing concise test cases by visualizing all


possible combinations of causes and their corresponding effects.
Key Concepts

 Cause: A condition or input that can affect the system's behavior.

 Effect: The outcome or result produced by the combination of causes.

 Graph: A visual representation where causes and effects are nodes, and
edges represent the relationships between them.
Steps in Cause-Effect Graphing

 Identify Causes and Effects: List all the possible inputs (causes) and
their expected outcomes (effects).
 Develop a Cause-Effect Graph: Create a graph connecting causes to
effects, showing how different inputs influence the system's behavior.
 Convert the Graph into a Decision Table: Translate the graph into a
decision table to identify all possible test cases.
 Generate Test Cases: Create test cases based on the decision table,
ensuring that all cause-effect combinations are tested.
Example: ATM Withdrawal System

 An ATM system where a user can withdraw cash based on the following
conditions:
1. Valid PIN: The PIN entered is correct.
2. Sufficient Balance: The account has sufficient balance.
3. Daily Limit Not Exceeded: The withdrawal does not exceed the daily
limit.

 The possible outcomes (effects) could be:


1. Dispense Cash: The ATM dispenses the requested amount.
2. Display Error Message: The ATM displays an error message.
Step 1: Identify Causes and Effects

 Cause 1: Valid PIN


 Cause 2: Sufficient Balance
 Cause 3: Daily Limit Not Exceeded
 Effect 1: Dispense Cash
 Effect 2: Display Error Message
Step 2: Develop a Cause-Effect Graph

 If Cause 1 (Valid PIN) AND Cause 2 (Sufficient Balance) AND Cause 3


(Daily Limit Not Exceeded) are all true, then Effect 1 (Dispense Cash)
occurs.

C1

AND
E1
C2 ^

C3
Notations used in the Cause-Effect Graph

 AND - E1 is an effect and C1 and C2 are the causes. If both C1 and C2


are true, then effect E1 will be true.

 OR - If any cause from C1 and C2 is true, then effect E1 will be true.


Cont..

 NOT - If cause C1 is false, then effect E1 will be true.

 Mutually Exclusive - When only one cause is true.


Example

 Causes are:
 C1 - Character in column 1 is A
 C2 - Character in column 1 is B
 C3 - Character in column 2 is digit!

 Effects:
 E1 - Update made (C1 OR C2) AND C3
 E2 - Displays Massage X (NOT C1 AND NOT C2)
 E3 - Displays Massage Y (NOT C3)
Cont..
Step 3: Convert the Graph into a
Decision Table
Effect 1: Dispense Effect 2: Display
Causes
Cash Error Message
Valid PIN Yes No
Sufficient Balance Yes No
Daily Limit Exceeded No Yes
Step 4: Generate Test Cases

 Test Case 1: Valid PIN, Sufficient Balance, Daily Limit Not Exceeded →
Result: Dispense Cash.
 Test Case 2: Invalid PIN → Result: Display Error Message.
 Test Case 3: Valid PIN, Insufficient Balance → Result: Display Error
Message.
 Test Case 4: Valid PIN, Sufficient Balance, Daily Limit Exceeded →
Result: Display Error Message.
Benefits of Cause-Effect Graphing

 Comprehensive Coverage: Ensures all possible cause-effect


combinations are considered.

 Efficiency: Reduces redundancy in test cases by focusing only on


significant combinations.

 Visual Clarity: Helps testers and developers understand the logic


behind the system’s behavior.
Types of Non-functional Testing

1. Regression 7. Usability
2. Performance 8. Installability
3. Scalability and Resource Utilisation 9. Maintainability
4. Security 10. Localisation
5. Recovery 11. Reliability
6. Compatibility
Regression Testing

 Definition:
 Regression testing verifies that recent code changes have not negatively
affected the existing functionality of the system.
 It ensures that new features or bug fixes don’t introduce new defects.
 Example:
 In a social media app, after adding a new feature like "stories," regression
testing ensures that the core features such as posting updates, liking, and
commenting still work without issues after the update.
Performance Testing
 Definition: This type of testing checks the system's performance under
expected and peak loads, ensuring it meets performance criteria such as
response time, throughput, and resource utilization.
 Types of Performance Testing:
 Load Testing: Determines how the system performs under expected load.
 Stress Testing: Examines the system’s behavior under extreme load
conditions (overload).
 Scalability Testing: Tests the system’s ability to scale up or down based on
user load.
 Example:
 In a ticket booking system for concerts, performance testing ensures the
website remains responsive when thousands of users attempt to buy tickets
simultaneously during a sale.
Security Testing

 Definition:
 Security testing identifies vulnerabilities in the system that may expose it to
attacks.
 It ensures that the application is secure from threats like unauthorized access,
data breaches, or cyberattacks.
 Example:
 In an online banking application, security testing would validate features like
encryption of sensitive data (e.g., customer information and financial
transactions), secure login with multi-factor authentication, and proper access
control.
Recovery Testing

 Definition:
 This type of testing checks the system’s ability to recover from crashes,
hardware failures, or other critical issues.
 It ensures the system can return to a stable state after an unexpected failure.
 Example:
 In a cloud-based data storage service, recovery testing would verify whether
the system can recover user data in the event of a server crash, network
failure, or accidental data deletion. Backup and restoration processes are key
aspects of recovery testing.
Compatibility Testing

 Definition:
 Compatibility testing ensures that the system works across different
environments, including various operating systems, browsers, hardware
configurations, and network environments.
 Example:
 A video conferencing app like Zoom must be tested across different platforms
(Windows, macOS, Android, iOS), browsers (Chrome, Firefox, Safari), and
hardware setups (laptops, tablets, smartphones) to ensure consistent
functionality and user experience.
Usability Testing

 Definition:
 This testing focuses on evaluating the user interface (UI) and overall user
experience (UX).
 It checks how easy and intuitive it is for users to interact with the system.
 Example:
 For a food delivery app, usability testing may involve assessing whether users
can quickly navigate menus, place orders, and track their deliveries with
minimal effort.
 It tests the app’s ease of use, design, and user satisfaction.
Installation Testing

 Definition:
 Installation testing checks whether the system can be installed and
uninstalled correctly.
 It ensures that the installation process is smooth and that the system works
as expected after installation.
 Example:
 When installing a video editing software like Adobe Premiere, installation
testing ensures that the software installs correctly, all necessary files are
copied, and the program functions after installation without errors.
Localization Testing

 Definition:
 Localization testing ensures that the system works correctly in different
regions with various languages, date formats, currencies, and cultural
settings.
 Example:
 A global e-commerce platform like Amazon would undergo localization testing
to ensure the UI correctly displays in multiple languages, supports various
currencies, and handles local payment methods in each region it serves (e.g.,
Europe, Asia, North America).
Performance testing
 Performance testing is a testing measure that evaluates the speed,
responsiveness and stability of a computer, network, software program or
device under a workload.
 The goal of performance testing is to evaluate the application’s performance
with respect to real world scenarios.
 The following issues must be addressed during performance testing:
(i) Performance of the system during peak hours (response time, reliability and
availability).
(ii) Points at which the system performance degrades or system fails.
(iii) Impact of the degraded performance on the customer loyalty, sales and
profits.
 Several factors that may influence performance include:
(i) Response time
(ii) Memory available
(iii) Network bandwidth
(iv) Number of users
(v) User type
(vi) Time to download
(vii) Varied client machine configurations
Types of Performance testing
1) Load testing
Checks the application’s ability to perform under anticipated user loads.
The objective is to identify performance bottlenecks before the software application goes
live.
2) Stress testing
Involves testing an application under extreme workloads to see how it handles high traffic
or data processing.
The objective is to identify the breaking point of an application.
3) Endurance testing
Used to make sure the software can handle the expected load over a long period of time.
Load Testing

 It involves testing the web application under real-world scenarios by


simulating numerous users accessing it simultaneously.
 It tests the web application by providing it maximum load.
 It follows the following steps to ensure reasonable performance during
peak hours:
 Defining the environment for a load test
 Defining the testing strategy and determining the number of users
 Identifying potential metrics
 Choosing the right tool and executing the load test
 Interpreting the results
Cont..

 Defining the environment for a load test


 Set up the testing environment, which should closely resemble the production
environment in terms of hardware, software, and network configurations.

 Defining the testing strategy and determining the number of


users
 Determine what you want to achieve with the load test (e.g., maximum
concurrent users, response time under load, etc.).
 Develop test scenarios that simulate real-world usage, including the expected
number of users, their actions, and the load patterns.
Cont..

 Identify the potential metrics


Sr.No Metric Description
Scalability and Usage
1. Web page views per week It counts the no of web pages viewed
per week
2. Web page views per hour It counts the no of web pages viewed
per hour
3. Web page views per It counts the no of web pages viewed
second per second
4. Web pages hits per week It counts the no of web pages hit per
week
5. Web pages hits per hour It counts the no of web pages hit per
hour
Cont..
 Identify the potential metrics
Sr.No Metric Description
Scalability and Usage
6. Web pages hits per second It counts the no of web pages hit per
second
7. Average hits per web page It is the ratio of the number of web
pages hits to the number of web
page views
8. Cycles It counts the number of times the
test is executed
Performance
9. Number of concurrent It counts the number of simultaneous
users users accessing a web page within a
specified time interval
Cont..
 Identify the potential metrics
Sr.No Metric Description
Performance
10. Response Time It measures the total time it takes
after sending the request till the first
response is received.
11. Wait Time It measures the time between which
the request was sent till the first byte
is received.
12. Throughput It provides the amount of data sent
by the application to the virtual
users, measured in bytes.
13. Elapsed Time It measures the time elapsed to
complete a transaction measured in
seconds.
Cont..
 Identify the potential metrics
Sr.No Metric Description
Performance
14. Minimum web page run It measures the minimum time taken
time by a web page to execute in second.
15. Maximum web page run It measures the maximum time taken
time by a web page to execute in second.
Failure
16. Failed hits per second It counts the number of requests that
fail per second.
17. Connections failed It counts the number of connections
that could not be established during
the test.
18. Failed Cycles per second It tests the number of rounds that
failed per second.
Cont..
 Identify the potential metrics

Sr.No Metric Description


Failure
19. Maximum wait time before It specifies the maximum time the
failure user will wait before abandoning the
web site.

 Choosing the right tool and executing the load test


 Run the load test using tools like Apache JMeter, LoadRunner, BlazeMeter, or
Gatling.
 Monitor system performance in real-time.

 Interpreting the results


 Analyze the data collected during the test to identify performance bottlenecks,
resource utilization, and system behavior under load.
Stress Testing

 Stress testing involves the execution of a web application with more


than maximum and varying load for long periods.
 The goal is to identify the breaking point, measure system performance
under high stress, and ensure that the software doesn't crash or fail in
unexpected ways.
 Stress testing often involves increasing the load on the system (e.g.,
more users, more transactions, or larger data sets) until it breaks or
performs poorly.
 By doing this, developers and testers can identify bottlenecks,
performance limits, and potential points of failure.
Key Objectives of Stress Testing

 Determine System Limitations: Understand the maximum load a


system can handle before it breaks or becomes unresponsive.

 Evaluate Stability: Ensure that the system can recover gracefully after
encountering extreme conditions.

 Identify Bottlenecks: Pinpoint areas where performance degrades or


crashes occur under stress.

 Check Data Integrity: Ensure that, even under extreme conditions,


data remains intact and there are no security breaches.
Types of Stress Testing
 Application Stress Testing: Targets specific application components such as
databases, APIs, or web servers.

 System Stress Testing: Tests the entire system by stressing multiple


applications or subsystems at the same time.

 Transactional Stress Testing: Focuses on transactions or interactions within


the system under stress.

 Distributed Stress Testing: Applies load across multiple systems to test


network and infrastructure stress.

 Exploratory Stress Testing: Combines various unpredictable stress scenarios


to see how the system reacts.
Examples of Stress Testing: E-
commerce Platforms on Black Friday
 Scenario: During Black Friday, e-commerce websites experience a
massive spike in traffic. In stress testing, the website's ability to handle
thousands or millions of concurrent users is tested to ensure that it
doesn’t crash under such high loads.

 Stress Test Goal: Simulate the peak load of users placing orders,
searching for products, and processing payments.

 Outcome: Identify whether the website remains responsive if there are


any server downtimes, if the payment system crashes, and if the
databases can handle the increased traffic without slowing down.
Steps in Stress Testing

 Identify the Objective: Determine which part of the system needs to be


stress-tested (e.g., application, server, database, etc.).
 Define the Load: Establish the extreme conditions that will be applied (e.g.,
10x or 100x the normal user traffic).
 Simulate Load: Use automated testing tools to simulate the defined stress
(e.g., JMeter, LoadRunner, etc.).
 Monitor Performance: Track system performance metrics like response time,
CPU and memory usage, server latency, database queries, and transaction
success rate.
 Identify Weaknesses: Look for failure points, such as server crashes,
slowdowns, or data inconsistencies.
 Analyze and Optimize: Use the data collected to improve the system,
optimize performance, and resolve any identified bottlenecks.
Tools for stress testing

 Apache Jmeter
 LoadRunner
 Gatling
 BlazeMeter
Benefits of Stress Testing

 Helps prevent system crashes during high-traffic periods.


 Ensures that the system can handle unexpected spikes in load.
 Identifies potential weaknesses and bottlenecks that could be
catastrophic if left unaddressed.
 Improves the system’s ability to recover from extreme conditions.
Security Testing

 Security testing is a type of software testing performed to identify


vulnerabilities, threats, risks, or flaws in a software application
and to ensure that the system is protected from malicious attacks.
 The goal of security testing is to safeguard data integrity,
confidentiality, and availability, ensuring that both the system and its
data are protected from potential breaches or unauthorized access.
 Security testing typically focuses on various aspects such as
authentication, authorization, data protection, encryption, and
overall system behavior in the presence of malicious activities.
 By uncovering potential security issues, it helps prevent data breaches,
information theft, and unauthorized access to sensitive data.
Key Objectives of Security Testing

 Identify Security Vulnerabilities: Detect weak spots in the system where


attackers could gain unauthorized access or execute malicious code.
 Protect Data Integrity and Confidentiality: Ensure that sensitive data
(e.g., personal information, payment details) is kept secure and is not
compromised.
 Ensure System Resilience: Test the system's ability to resist attacks and to
recover quickly after potential threats.
 Enforce Access Controls: Verify that users can only access the parts of the
system they are authorized to, and no one can exceed their permission levels.
 Prevent Exploitation: Identify and resolve flaws that could be exploited by
attackers to perform malicious actions like SQL injection, cross-site scripting
(XSS), and denial of service (DoS) attacks.
Examples of Security Testing:Online
Banking Applications
 Scenario: An online banking application handles millions of sensitive
transactions daily, such as money transfers, payments, and account
management. If a hacker breaches the system, they could steal financial
data or manipulate transactions.

 Security Testing Goal: Ensure that the system is protected against


unauthorized access and that the application can prevent attacks like
SQL injection, phishing, and unauthorized transactions.
Cont..

 Techniques Used:
 Penetration testing is done to simulate attacks like brute force login
attempts or injection attacks.
 Vulnerability scanning is used to identify weak configurations or unpatched
software.
 Encryption testing ensures that all financial and personal data is properly
encrypted, both in transit and at rest.
 Outcome: The bank ensures that all user accounts and transactions are
secure, minimizing the risk of fraudulent activity or data breaches.
Security Testing Tools

 OWASP ZAP: Open-source tool for finding security vulnerabilities in


web applications.
 Burp Suite: Popular penetration testing tool used to identify security
flaws in web applications.
 Nessus: A vulnerability scanner used to identify network
vulnerabilities and potential attack vectors.
 Metasploit: A penetration testing framework for discovering and
exploiting vulnerabilities.
 Wireshark: A network protocol analyzer used to detect security
vulnerabilities related to network communication.
 Kali Linux: A distribution packed with numerous security testing tools for
penetration testing and vulnerability assessment.
Benefits of Security Testing

 Protects sensitive data from breaches, theft, or exposure.


 Ensures compliance with legal and regulatory standards (e.g., GDPR,
HIPAA).
 Prevents financial losses from attacks or security incidents.
 Enhances trust in the system by ensuring that user data and application
security are prioritized.
 Reduces potential downtime by mitigating risks before they can be
exploited by attackers.
System Test Suite Design for Web
Applications
 Key Considerations:
 Browser Compatibility: Web applications must function correctly across
multiple web browsers (Chrome, Firefox, Safari, Edge) and versions.
 Responsive Design: The app must adapt to different screen sizes and
resolutions.
 Backend Integration: Proper interaction with APIs, databases, and third-party
services.
 Security: Address potential vulnerabilities like SQL injection, cross-site scripting
(XSS), and cross-site request forgery (CSRF).
 Performance Testing: Load handling, latency, and resource usage on the server
side.
 Accessibility: Web content must be accessible to people with disabilities (WCAG
compliance).
Components of the Test Suite

 Functional Testing:
 UI/UX Testing: Ensure that all user interface elements (buttons, forms,
navigation) function as expected.
 Form Validation: Check that all form inputs handle data correctly, provide
feedback, and reject invalid inputs.
 Database Testing: Validate that data storage, retrieval, and integrity in the
backend database are functioning correctly.
 Cross-Browser Testing:
 Test the application in different browsers and versions to ensure consistent
behavior and appearance.
Cont..
 Security Testing:
 Conduct penetration testing and vulnerability scans.
 Ensure proper user authentication, data encryption (HTTPS), and secure
session management.
 Performance and Load Testing:
 Use tools like Apache JMeter or LoadRunner to simulate user loads and test
the web app's ability to handle peak traffic.
 Measure response time, throughput, and server resource usage.
 Usability and Accessibility Testing:
 Test against accessibility standards (WCAG 2.0/2.1) using screen readers and
keyboard navigation to ensure that users with disabilities can access the
website.
Test cases

 Test whether the website maintains functionality when accessed through


a slow network.
 Verify if forms properly handle edge cases, such as special characters or
oversized inputs.
 Check whether user sessions timeout after inactivity for a specified
duration.
System Test Suite Design for Mobile
Applications
 Key Considerations:
 Device Fragmentation: The app must work across different devices with
various screen sizes, operating systems (iOS, Android), and hardware
configurations.
 Performance and Resource Usage: The mobile app should perform well
under limited device resources (CPU, memory, battery).
 Connectivity: Mobile apps need to handle different network conditions (Wi-Fi,
4G, 5G, offline).
 Mobile-Specific Features: Features like GPS, camera, sensors (accelerometer,
gyroscope), push notifications, and biometrics should work seamlessly.
 UI/UX Consistency: The app's user interface and experience should be
consistent across different devices and screen sizes.
Components of the Test Suite

 Functional Testing:
 Navigation Flow: Ensure that users can navigate through the app smoothly,
with no broken links or dead ends.
 Feature Testing: Test features like camera integration, file uploads, or push
notifications.
 Offline Mode: Test app functionality without an internet connection or with
intermittent connectivity.
 Device Compatibility Testing:
 Perform testing on a range of real devices (or emulators) with different OS
versions, screen sizes, and hardware capabilities.
Cont..
 Performance Testing:
 Measure how well the app performs under different conditions, such as low
memory, heavy CPU load, and poor network connectivity.
 Test battery consumption and resource usage while using the app.
 Network Connectivity Testing:
 Simulate different network conditions (slow, fast, intermittent) to test how
well the app handles poor connectivity.
 Verify how the app handles network transitions (switching between Wi-Fi and
mobile data).
Cont..

 Security Testing:
 Test for vulnerabilities specific to mobile apps (e.g., insecure data storage,
improper session management, weak encryption).
 Verify secure communication over HTTPS and proper encryption of sensitive
data stored on the device.
 Interrupt Testing:
 Test how the app behaves during interruptions like incoming calls, SMS, or low
battery alerts.
Test Cases

 Test the app's behavior when the device switches from Wi-Fi to mobile
data.
 Verify how the app handles location services (GPS) when they are
disabled.
 Measure app response times under different network conditions (4G, 3G,
or offline).
System Test Suite Design for IoT
Applications
 Key Considerations:
 Device Interoperability: IoT systems consist of a network of devices,
sensors, gateways, and cloud platforms that need to communicate
effectively.
 Real-Time Data Processing: The system must handle large volumes of
real-time data and ensure that communication between devices is accurate
and timely.
 Network Latency: IoT devices often operate in environments with varying
network stability and connectivity (Wi-Fi, Bluetooth, Zigbee).
 Security and Privacy: Ensuring secure communication between IoT
devices, preventing data tampering, and maintaining user privacy are
critical.
 Scalability: The system should be able to scale efficiently with the
addition of new devices without performance degradation.
Components of the Test Suite

 Functional Testing:
 Device Connectivity: Test whether devices connect correctly to the network
and communicate as expected.
 Data Flow: Verify that data collected by sensors or devices is transmitted
and processed accurately by the cloud or backend.
 Command Execution: Ensure that commands sent from the app or cloud to
devices are executed correctly.
 Interoperability Testing:
 Test the ability of different devices, using different communication protocols
(e.g., MQTT, HTTP, CoAP), to work together seamlessly.
 Validate cross-device functionality, such as controlling one device via another.
Cont..

 Real-Time Performance Testing:


 Test real-time data streaming from devices to ensure there’s no latency, data
loss, or timing issues.
 Measure response times for commands sent to IoT devices.
 Security Testing:
 Perform tests for device authentication, secure firmware updates, and
encryption of data in transit and at rest.
 Ensure there are no security loopholes like hardcoded passwords, unsecured
communication channels, or weak access control policies.
Cont..

 Scalability Testing:
 Simulate adding more devices to the IoT ecosystem and observe how the
system handles the increased load.
 Test the system’s ability to handle large amounts of data being sent from
multiple devices simultaneously.
 Network and Connectivity Testing:
 Test device connectivity under various conditions, such as weak signals,
network drops, or high latency.
 Validate how the system handles network congestion or device
disconnections.
Test cases

 Verify how an IoT-enabled home lighting system responds to changes in


network connectivity (e.g., Wi-Fi dropout).
 Test whether a healthcare monitoring IoT device accurately transmits
patient data to the cloud and triggers alerts in real-time.
 Check if an industrial IoT system can scale up and continue to operate
when additional devices are introduced into the network.

You might also like