adam's notes

Quality Assurance (QA)

Quality assurance (QA) is…

  • often a combination of automated and manual validation techniques
  • System quality control goes beyond debugging
    • includes improving procedures and developing training for employees
  • overall goal is to ensure that software meets standards or requirements
  • involves:
    • reviews
    • testing
    • reporting
    • etc.

ISO 9000

ISO 9000 is a series of standards for quality management systems (QMS) to help organizations ensure their products and services meet customer and regulatory requirements.

  • address industrial activities such as design, production, installation, and servicing

Functional and Nonfunctional Testing

Functional testing tests software to determine if it meets the specification for the software.

  • tests business requirements
  • can be conducted many ways:
    • integration testing
      • validates whether components work together
    • regression testing
      • validates whether bugs were introduced between versions
    • user acceptance testing (UAT)
      • tests how users interact with and operate software

Nonfunctional testing focuses on testing the quality of the software, such as stability and performance.

  • tests performance and customer expectations
  • e.g.,
    • load testing
    • stress testing

Types of Testing

Basis Path Testing

Basis path testing develops a set of test data that ensures each instruction in the software is executed at least once.

White-box Testing

White-box testing is conducted with full access to and knowledge about the systems, code, and environment.

  • aka glass-box testing or full knowledge testing
  • includes having developers test internal structures of software

Black-box Testing

Black-box testing is conducted as an external attacker would access the code, systems, or environment, without full knowledge.

  • does not rely on the tester’s knowledge of the system’s structure
    • focused on the user experience (UX)
  • aka zero knowledge testing
  • 3 types
    • Alpha testing
      • Internal users (developers and UX team) test the software
    • Beta testing
      • aka pilot testing
      • Small segment of end users test the software
    • User acceptance testing (UAT)
      • Users test the system in an operational setting to ensure software meets the objectives and goals

Static Application Testing

  • involves reviewing source code
  • requires knowledge of:
    • how to read the program code
    • secure coding

Dynamic Application Testing

  • uses actual running code or application
  • can be automated and manual
  • validates functionality of code and performance in real world
  • tests the presentation of application to users

Interactive Application Security Testing (IAST)

Interactive Application Security Testing (IAST) analyzes code for vulnerabilities while it is being used and focuses on real-time reporting to optimize the testing and analysis process.

  • often associated with CI/CD processes
    • can be built into SDLC as part of automated release testing
  • analyzes the internal functions of the application while it is running

Software Composition Analysis (SCA)

Software Composition Analysis (SCA) is used to track the components of a software package or application.

  • frequently used with open-source components
  • helps identify vulnerabilities in components and dependencies

Abuse Case Testing

Abuse Case Testing focuses on using features in ways that weren’t intended by the developer.

Graph View

Backlinks