CMM (Capability Maturity Model) is a model of process maturity for software development - an evolutionary model of the progress of a companys

abilities to develop software. In November 1986, the American Software Engineering Institute (SEI) in cooperation with Mitre Corporation created the Capability Maturity Model for Software. Development of this model was necessary so that the U.S. federal government could objectively evaluate software providers and their abilities to manage large projects. Many companies had been completing their projects with significant overruns in schedule and budget. The development and Application of CMM helps to solve this problem. The key concept of the standard is organizational maturity. A mature organization has clearly defined procedures for software development and project management. These procedures are adjusted and perfected as required. In any software development company there are standards for processes of development, testing, and software application; and rules for appearance of final program code, components, interfaces, etc.

The CMM model defines five levels of organizational maturity: 1. Initial level is a basis for comparison with the next levels. In an organization at the initial level, conditions are not stable for the development of quality software. The Results of any project depend totally on the managers personal approach and the programmers experience, meaning the success of a particular project can be repeated only if the same managers and programmers are assigned to the next project. In addition, if managers or programmers leave the company, the quality of produced software will sharply decrease. In many cases, the development process comes down to writing code with minimal testing. 2. Repeatable level. At this level, project management technologies have been introduced in a company. That project planning and management is based on accumulated experience and there are standards for produced software (these standards are documented) and there is a special quality management group. At critical times, the process tends to roll back to the initial level.

3. Defined level. Here, standards for the processes of software development and maintenance are introduced and documented (including project management). During the introduction of standards, a transition to more effective technologies occurs. There is a special quality management department for building and maintaining these standards. A program of constant, advanced training of staff is required for achievement of this level. Starting with this level, the degree of organizational dependence on the qualities of particular developers decreases and the process does not tend to roll back to the previous level in critical situations. 4. Managed level. There are quantitative indices (for both software and process as a whole) established in the organization. Better project management is achieved due to the decrease of digression in different project indices. However, sensible variations in process efficiency may be different from random variations (noise), especially in mastered areas. 5. Optimizing level. Improvement procedures are carried out not only for existing processes, but also for evaluation of the efficiency of newly introduced innovative technologies. The main goal of an organization on this level is permanent improvement of existing processes. This should anticipate possible errors and defects and decrease the costs of software development, by creating reusable components for example. The Software Engineering Institute (SEI) constantly analyzes the results of CMM usage by different companies and perfects the model taking into account accumulated experience. What is System Testing? After completion of software Integration and integration testing, the development team is releasing a software build to Test engineer team. The testing team is conducting system testing on that software in two sub levels such as 1. Functional Testing 2. Non-Functional Testing Functional testing is concentrating on customer requirements and the Non-Functional testing is concentrating on customer expectations. Functional Testing: Its a mandatory testing level, during this test the testing team is validating a software build functionality in terms of below factors with respect to customer requirements. 1. Behavioral / GUI: The changes in properties of Objects OR controls in a software is called behavioral or GUI. 2. Input Domain: Whether the objects are taking correct type and size of inputs or not? 3. Error Handling: Whether our software is preventing wrong operations or not? 4. Manipulations: Whether our software is generating correct output or not? 5. Database Validity: Whether our software front end screens operations are correctly impacting on database of the software or not? 6. Sanitation: Finding extra operations in a software with respect to customer requirements. The above factors checking on a software is called as functional testing. During this checking the testers are using black box testing techniques or closed box testing techniques. Non-Functional Testing: After completion of functional testing successfully, the testing team is concentrating on non-functional testing. During non-functional testing, the testing team is concentrating on customer expectations or software characteristics. This non-functional testing is classified into below sub testing topics.

1. Usability Testing (UI Check) 2. Manual Check (Help documents testing) 3. Compatibility Testing OR Portability Testing 4. Configuration Testing 5. Inter system Testing 6. Multi languity Testing 7. Data volume Testing 8. Installation Testing 9. Performance Testing 10. Load testing 11. Stress testing 12. Endurance Testing 13. Security Testing 14. Parallel Testing 15. User Acceptance Testing (UAT) 16. Software Release and Release Testing 17. Solutions to Crazy Questions at Google Job Interview 1. How many golf balls can fit in a school bus? Solution: The point of the question isn't to see how golf balls you think are in the bus, but to see what your deduction skills are like. Do you just make a random guess or try to cop out by saying a lot, or do you actually try to come up with a legitimate answer by going through a logical series of steps. 2. You are shrunk to the height of a nickel and your mass is proportionally reduced so as to maintain your original density. You are then thrown into an empty glass blender. The blades will start moving in 60 seconds. What do you do? Solution:You simply jump out. As you are scaled down, the ratio of muscle mass to total mass remains the same. Potential energy is given by E = mgh. So, if E/m is unchanged (where E is the energy expended in expanding your leg muscles, and m is your mass), then h is unchanged. Mini-me jumps as high as me. This is the reason why grass-hoppers can jump about as high as people. 3. How much should you charge to wash all the windows in Seattle? Solution:As crazy as it might sound, questions like these demonstrate your ability to think through a complex problem with little or no information. They expect you to take an educated guess. Most of the time you can ask them questions like - how many buildings are there in Seattle. 4. How would you find out if a machines stack grows up or down in memory? Solution:Instantiate a local variable. Call another function with a local. Look at the address of that function and then compare. If the function's local is higher, the stack grows away from address location 0; if the function's local is lower, the stack grows towards address location 0. 5. Explain a database in three sentences to your eight-year-old nephew. Solution:A database is like a file cabinet. The files, or data, is stored in it and can be arranged in categories. But unlike an actual file cabinet, you can do a lot more cool stuff with a database like being able to make it accessible through the internet. 6. How many times a day does a clocks hands overlap? Solution:The Hour hand and Minute hand would be meeting exactly 11 times in 12 hours (Hour hand

would have taken 1 clockwise round and Minute hand would have taken 12 clockwise rounds, so 12 1 = 11 rounds). 18. result: First time hour and minute hands overlap will be 12 Hours / 11 = 01:05:27.27. So at this time only hour and minute hands would be overlapping and second hand will not be any near to them. Similarly for 2nd, 3rd, 4th, 5th, 6th, 7th, 8th, 9th and 10th overlap of hour and minute hand the Second hand wont be any nearby. So all 3 hands (hour, minute and Second) overlap only 2 times i.e. (0:0:0 and 12:0:0). 19. Also we all know when we get our watches repaired, normally the repairman overlaps all the three hands to 12. If we are considering that the second hand is not present, then the rest two overlaps 22 times in 24 hours. There again is a catch, if we check the angles by which the hour hand and minute hand moves. The second hand moves 6 degree in a second. In that time the minute hand will move 6/60 degrees. and the hour hand will move 6/(60*12) degrees. now taking these things in the considerations. if we check the positions of the hour and minute hand in terms of angle from the marker 12, for our first rendezvous time, i.e. 01:05:27.27 sec. first thing that comes to my mind is that, there is fraction in the seconds. So that time cant be measured. there will be no exact overlap. now lets calculate the angles: 1 hour 5 mins and 27 seconds = 3600 + 5*60 + 27 = 3927 seconds. angle of hour hand = 3927 * 6/(60*12) = 32.725 degree. angle of minute hand = 3927 * 6/60 = 392.7 degree subtracting 360 degree from it we get - 32.7 degree. So at 01:05:27 both hands dont overlap. Now for 01:05:28 : Angles : hour hand - 32.73333 minute hand - 32.8 so obviously they dont meet at 01:05:28 either. So they overlap at 12:00 and 24:00 only. So the answer is 2 only. 7. You have to get from point A to point B. You dont know if you can get there. What would you do? Solution:Utilizing a learn as you go approach and applying collected knowledge and data along the way is the best way to proceed. Lets break this down farther. Determine the amount of time you have to go from point A to point B. Spend the initial 20% of that time making a 360 search with the largest circumference possible with the in the time you have allowed. During that time, ask people, look for maps, clues, collect data, and knowledge. At the end of the initial 360 search take an objective look at all the information you have obtained and you calculate the risk of failure you are willing to live with. Create a plan and a strategy based on your assessment of where you believe point B to be. Then you proceed on implementing your plan with predetermined intervals of reassessment and strategy improvements. This is the best chance you have reaching point B if you dont know if you can get there. 8. Imagine you have a closet full of shirts. Its very hard to find a shirt. So what can you do to

organize your shirts for easy retrieval? Solution:Lets suppose there are a set of attributes of each shirt you are interested in: e.g. sleeve length, color, buttons (no buttons, fully button, partially buttoned from collar to chest level). Lets say the closet is a simple wall closet with a single closet rod running the entire length of closet. On the left you put all the short sleeve shirts, and on the right the long sleeve shorts. You separate then long and short sleeve sides with a specially marked coat hanger. Then you separate each group into no buttonoed, partially buttoned, and fully button, using more specially marked hangers. Then each sub group is separated into colored and monochrome sub-sub-groups (specially marked hangers arent needed for separators unless you are color blind) Then each colored group is sorted left to right according to the color spectrum: ROYGBIV: red, orange, yellow, green, blue, indigo, violet. Each monochrome ggroup is sorted left to right: white on the left, black on the right, and shades of grey in the middle, the darker greys on the right, the lighter on the left. 9. Every man in a village of 100 married couples has cheated on his wife. Every wife in the village instantly knows when a man other than her husband has cheated, but does not know when her own husband has. The village has a law that does not allow for adultery. Any wife who can prove that her husband is unfaithful must kill him that very day. The women of the village would never disobey this law. One day, the queen of the village visits and announces that at least one husband has been unfaithful. What happens? Solution:1. There is only one cheat husband - If it is so then 99 wives knew it before. So the cheated wife got the idea from queen that her husband is cheating. So she will kill him. Next morning every wife will know there is no cheat husbands anymore. 2. There are more than one cheat husbands - In this case, all of the wives already had the idea prior to queen's information. Its just that the cheated wives knew the count which is one less than what the non-cheated wives' knew - thats all. i.e. if there were 2 cheat husbands then their wives knew the count is 1 and others knew its 2. So the queen just repeated the info saying "at least 1". Same goes to 2,3,4...100 cheat husbands. So in this case no wife kills her husband. 10. In a country in which people only want boys, every family continues to have children until they have a boy. if they have a girl, they have another child. if they have a boy, they stop. what is the proportion of boys to girls in the country? Solution:From pure probability,we get the expected number of girls born to be 1/2 with that of boys being 1.So the ratio is 2:1 11. If the probability of observing a car in 30 minutes on a highway is 0.95, what is the probability of observing a car in 10 minutes (assuming constant default probability)? Solution:If the chance to see the car is 10 percent per minute, the first minute you have 10% chance, the second minute you have 10% of 90% = 9% (so total 19%), the third minute 10% of 81% (= 8,1%, total 27,1 %) ...... As the chance for 30 minutes is 95 percent, the chance for 1 minute is 9.5% and for 10 minute 63.1 %. 12. If you look at a clock and the time is 3:15, what is the angle between the hour and the minute hands? (The answer to this is not zero!)

Solution:7.5 degrees (the hour hand is 1/4th of the way between 3 and 4, the angle measure of that is 360/12 = 30 degrees between hours / 4 = 7.5 degrees). 13. Four people need to cross a rickety rope bridge to get back to their camp at night. Unfortunately, they only have one flashlight and it only has enough light left for seventeen minutes. The bridge is too dangerous to cross without a flashlight, and it s only strong enough to support two people at any given time. Each of the campers walks at a different speed. One can cross the bridge in 1 minute, another in 2 minutes, the third in 5 minutes, and the slow poke takes 10 minutes to cross. How do the campers make it across in 17 minutes? Solution:1 and 2 cross, taking 2 minutes, 1 goes back carrying the flashlight total=3 minutes. 5 and 10 cross, taking 10 minutes totaltime now= 13 minutes, 2 goes back,total time now = 15 minutes. 1 and 2 cross again, taking 2 minutes making it 17 minutes. 14. You are at a party with a friend and 10 people are present including you and the friend. your friend makes you a wager that for every person you find that has the same birthday as you, you get $1; for every person he finds that does not have the same birthday as you, he gets $2. would you accept the wager? Solution:No. 15. How many piano tuners are there in the entire world? Solution: 1) At first list out all the piano manufacturing companies in the world. 2) Then look into their purchase records and find out the piano purchasers information. 3) i) If the purchase is made by an individual or a house hold then the piano is played at best case by all the people of the house. ii) Else if the piano is purchased for school then list out the students that opted the piano course in their music curriculum. iii) If the piano is purchased by a Church then count the no of major or minor events of the church and count the piano users. sum up all the numbers to get more or less accurate piano users count. 16.You have eight balls all of the same size. 7 of them weigh the same, and one of them weighs slightly more. How can you find the ball that is heavier by using a balance and only two weighings? Solution:choose 6 balls and weigh 3 against 3 - if they weigh the same, you have another weighing for the remaining 2 balls and you can find the heavier one - if they dont weigh the same, from the group of 3 which was heavier, choose any 2 balls and weigh them: - if they weigh the same, the remaining ball is the heavier one; otherwise you just found the heavier one by weighing the 2 chosen balls. 17. You have five pirates, ranked from 5 to 1 in descending order. The top pirate has the right to propose how 100 gold coins should be divided among them. But the others get to vote on his plan, and if fewer than half agree with him, he gets killed. How should he allocate the gold in order to maximize his share but live to enjoy it? (Hint: One pirate ends up with 98 percent of the gold.) Solution:The highest ranked pirate gets 98 gold coins

---Two pirates get 1 gold coin each ---The other 2 pirates get nothing.

Testing a withdrawal-only ATM machine - ATM Test Cases

1: ATM machine should be start by operator. 2:Insert card wrong direction: message should display please insert card properly 3:Insert card properly and on screen display please select language: either Hindi or English 4:user select hindi all transaction should display in Hindi 5: user select english all transaction should display in English 6:user select english ,an option should be display please enter 4 digit pin no. 7:user enter wrong pin no. : Message should display Sorry your pin no. is incorrect 8:user enter same as more three time :A message should display your card has been block please contact to customer care. 9:user enter valid pin number 10:select your account like current or saving account 11:user select saving account 12:an option should show please enter an amount 13:user enter amount less than or equal which is in her account, Condition is that currency should be multiple of 100 14:click on Ok button 15:message display that your transaction being processed 16user take his/her cash 17: an option should display Are you want to continue Yes or No 18:User select No 19:Card should be exit 20:User select Yes 21: System should asked please enter 4 digit pin no. and again same process exist. 22:User enter more than amount which is not in his/her account :message should display that insufficient amount in your account, please enter less amount.

When the requirement is given for you to test how will you proceed next?
Once you get the requirement: you will do the analysis of the doc..(here I assume that the Requirement document has been Base lined ) and you will prepare a Test condition document ( what needs to be tested ). then You would proceed to Set the priority that which test condition needs to be tested early ( on behalf of the risk ) In between Test procedure will also be created. And Test Specification ( Test Condition + Test Procedure + Test Design ) document will be maintained ... Entry /Exit Criteria will be set ( but don't forget here I have assumed that You are a TE so its not your Job) , If possible RTM will be maintained... 1. Now you will derive the Test Scenario from Test Spec . 2. Test cases will be derived from Test Scenario. ( test cases will be designed --> Priority will be set. ) 3. Test cases will travel through life cycle (Draft ---> Review ---> Rework ---> Baseline ). 4. Test cases will be executed (On behalf of the test Priority ) 5. Results Analysis (Maintain the Test execution log ).

6. Defect Reporting. 7. Confirmation and Regression testing will be done. (Cyclic process) 8. Exit criteria will be analyzed. (If necessary confidence has been met then Test level will be completed and Your TM or TL will be responsible for Preparing Test Summary Report) +. If Necessary Confidence has not been met (Re Designing the test cases as well as Re-Prioritization is also possible) +. If you redesign the test cases then It would once again travel the whole cycle... (Go to Step 1 ) +. If You Re-prioritize then once again Test cases will be executed on behalf of new priority .( go to Step 4 ). Priority means "Importance of the defect w.r.t customer requirement" Severity means "Seriousness of the defect w.r.t functionality"

An approach for Security Testing of Web Applications

Introduction As more and more vital data is stored in web applications and the number of transactions on the web increases, proper security testing of web applications is becoming very important. Security testing is the process that determines that confidential data stays confidential (i.e. it is not exposed to individuals/ entities for which it is not meant) and users can perform only those tasks that they are authorized to perform (e.g. a user should not be able to deny the functionality of the web site to other users, a user should not be able to change the functionality of the web application in an unintended way etc.). Some key terms used in security testing Before we go further, it will be useful to be aware of a few terms that are frequently used in web application security testing: What is Vulnerability? This is a weakness in the web application. The cause of such a weakness can be bugs in the application, an injection (SQL/ script code) or the presence of viruses. What is URL manipulation? Some web applications communicate additional information between the client (browser) and the server in the URL. Changing some information in the URL may sometimes lead to unintended behavior by the server. What is SQL injection? This is the process of inserting SQL statements through the web application user interface into some query that is then executed by the server. What is XSS (Cross Site Scripting)? When a user inserts HTML/ client-side script in the user interface of a web application and this insertion is visible to other users, it is called XSS.

What is Spoofing? The creation of hoax look-alike websites or emails is called spoofing. Security testing approach: In order to perform a useful security test of a web application, the security tester should have good knowledge of the HTTP protocol. It is important to have an understanding of how the client (browser) and the server communicate using HTTP. Additionally, the tester should at least know the basics of SQL injection and XSS. Hopefully, the number of security defects present in the web application will not be high. However, being able to accurately describe the security defects with all the required details to all concerned will definitely help. 1. Password cracking: The security testing on a web application can be kicked off by password cracking. In order to log in to the private areas of the application, one can either guess a username/ password or use some password cracker tool for the same. Lists of common usernames and passwords are available along with open source password crackers. If the web application does not enforce a complex password (e.g. with alphabets, number and special characters, with at least a required number of characters), it may not take very long to crack the username and password. If username or password is stored in cookies without encrypting, attacker can use different methods to steal the cookies and then information stored in the cookies like username and password. For more details see article on Website cookie testing. 2. URL manipulation through HTTP GET methods: The tester should check if the application passes important information in the query string. This happens when the application uses the HTTP GET method to pass information between the client and the server. The information is passed in parameters in the query string. The tester can modify a parameter value in the query string to check if the server accepts it. Via HTTP GET request user information is passed to server for authentication or fetching data. Attacker can manipulate every input variable passed from this GET request to server in order to get the required information or to corrupt the data. In such conditions any unusual behavior by application or web server is the doorway for the attacker to get into the application. 3. SQL Injection: The next thing that should be checked is SQL injection. Entering a single quote () in any textbox should be rejected by the application. Instead, if the tester encounters a database error, it means that the user input is inserted in some query which is then executed by the application. In such a case, the application is vulnerable to SQL injection. SQL injection attacks are very critical as attacker can get vital information from server database. To check SQL injection entry points into your web application, find out code from your code base where direct MySQL queries are executed on database by accepting some user inputs. If user input data is crafted in SQL queries to query the database, attacker can inject SQL statements or part of SQL statements as user inputs to extract vital information from database. Even if attacker is successful to crash the application, from the SQL query error shown on browser, attacker can get the information they are looking for. Special characters from user inputs should be handled/escaped properly in such cases.

4. Cross Site Scripting (XSS): The tester should additionally check the web application for XSS (Cross site scripting). Any HTML e.g. <HTML> or any script e.g. <SCRIPT> should not be accepted by the application. If it is, the application can be prone to an attack by Cross Site Scripting. Attacker can use this method to execute malicious script or URL on victims browser. Using cross-site scripting, attacker can use scripts like JavaScript to steal user cookies and information stored in the cookies. Many web applications get some user information and pass this information in some variables from different pages. E.g.: http://www.examplesite.com/index.php?userid=123&query=xyz Attacker can easily pass some malicious input or <script> as a &query parameter which can explore important user/server data on browser. Important: During security testing, the tester should be very careful not to modify any of the following:
y y y

Configuration of the application or the server Services running on the server Existing user or customer data hosted by the application

Additionally, a security test should be avoided on a production system. The purpose of the security test is to discover the vulnerabilities of the web application so that the developers can then remove these vulnerabilities from the application and make the web application and data safe from unauthorized actions.

Database Testing Practical Tips and Insight on How to Test Database

Database is one of the inevitable parts of a software application these days. It does not matter at all whether it is web or desktop, client server or peer to peer, enterprise or individual business, database is working at backend. Similarly, whether it is healthcare of finance, leasing or retail, mailing application or controlling spaceship, behind the scene a database is always in action. Moreover, as the complexity of application increases the need of stronger and secure database emerges. In the same way, for the applications with high frequency of transactions (e.g. banking or finance application), necessity of fully featured DB Tool is coupled. Currently, several database tools are available in the market e.g. MS-Access2010, MS SQL Server 2008 r2, Oracle 10g, Oracle Financial, MySQL, PostgreSQL, DB2 etc. All of these vary in cost, robustness, features and security. Each of these DBs possesses its own benefits and drawbacks. One thing is certain; a business application must be built using one of these or other DB Tools. Before I start digging into the topic, let me comprehend the foreword. When the application is under execution, the end user mainly utilizes the CRUD operations facilitated by the DB Tool. C: Create When user Save any new transaction, Create operation is performed. R: Retrieve When user Search or View any saved transaction, Retrieve operation is performed. U: Update when user Edit or Modify an existing record, the Update operation of DB is performed. D: Delete when user Remove any record from the system, Delete operation of DB is performed.

It does not matter at all, which DB is used and how the operation is preformed. End user has no concern if any join or sub-query, trigger or stored-procedure, query or function was used to do what he wanted. But, the interesting thing is that all DB operations performed by user, from UI of any application, is one of the above four, acronym as CRUD. As a database tester one should be focusing on following DB testing activities:
What to test in database testing: 1) Ensure data mapping:

Make sure that the mapping between different forms or screens of AUT and the Relations of its DB is not only accurate but is also according to design documents. For all CRUD operations, verify that respective tables and records are updated when user clicks Save, Update, Search or Delete from GUI of the application.
2) Ensure ACID Properties of Transactions:

ACID properties of DB Transactions refer to the Atomicity, Consistency, Isolation and Durability. Proper testing of these four properties must be done during the DB testing activity. This area demands more rigorous, thorough and keen testing when the database is distributed.
3) Ensure Data Integrity:

Consider that different modules (i.e. screens or forms) of application use the same data in different ways and perform all the CRUD operations on the data. In that case, make it sure that the latest state of data is reflected everywhere. System must show the updated and most recent values or the status of such shared data on all the forms and screens. This is called the Data Integrity.
4) Ensure Accuracy of implemented Business Rules:

Today, databases are not meant only to store the records. In fact, DBs have been evolved into extremely powerful tools that provide ample support to the developers in order to implement the business logic at DB level. Some simple examples of powerful features of DBs are Referential Integrity, relational constrains, triggers and stored procedures. So, using these and many other features offered by DBs, developers implement the business logic on DB level. Tester must ensure that the implemented business logic is correct and works accurately. Above points describe the four most important What Tos of database testing. Now, I will put some light on How Tos of DB Testing. But, first of all I feel it better to explicitly mention an important point. DB Testing is a business critical task, and it should never be assigned to a fresh or inexperienced resource without proper training.
How To Test Database: 1. Create your own Queries

In order to test the DB properly and accurately, first of all a tester should have very good knowledge of SQL and specially DML (Data Manipulation Language) statements. Secondly, the tester should acquire good understanding of internal DB structure of AUT. If these two pre-requisites are fulfilled, then the tester is ready to test DB with complete confidence. (S)He will perform any CRUD operation from the UI of application, and will verify the result using SQL query.

This is the best and robust way of DB testing especially for applications with small to medium level of complexity. Yet, the two pre-requisites described are necessary. Otherwise, this way of DB testing cannot be adopted by the tester. Moreover, if the application is very complex then it may be hard or impossible for the tester to write all of the needed SQL queries himself or herself. However, for some complex queries, tester may get help from the developer too. I always recommend this method for the testers because it does not only give them the confidence on the testing they have performed but, also enhance their SQL skill.
2. Observe data table by table

If the tester is not good in SQL, then he or she may verify the result of CRUD operation, performed using GUI of the application, by viewing the tables (relations) of DB. Yet, this way may be a bit tedious and cumbersome especially when the DB and tables have large amount of data. Similarly, this way of DB testing may be extremely difficult for tester if the data to be verified belongs to multiple tables. This way of DB testing also requires at least good knowledge of Table structure of AUT.
3. Get query from developer

This is the simplest way for the tester to test the DB. Perform any CRUD operation from GUI and verify its impacts by executing the respective SQL query obtained from the developer. It requires neither good knowledge of SQL nor good knowledge of applications DB structure. So, this method seems easy and good choice for testing DB. But, its drawback is havoc. What if the query given by the developer is semantically wrong or does not fulfill the users requirement correctly? In this situation, the client will report the issue and will demand its fix as the best case. While, the worst case is that client may refuse to accept the application. Conclusion: Database is the core and critical part of almost every software application. So DB testing of an application demands keen attention, good SQL skills, proper knowledge of DB structure of AUT and proper training. In order to have the confident test report of this activity, this task should be assigned to a resource with all the four qualities stated above. Otherwise, shipment time surprises, bugs identification by the client, improper or unintended applications behavior or even wrong outputs of business critical tasks are more likely to be observed. Get this task done by most suitable resources and pay it the well-deserved attention.

Desktop application testing, Client server application testing and Web application testing.
Each one differs in the environment in which they are tested and you will lose control over the environment in which application you are testing, while you move from desktop to web applications. Desktop application runs on personal computers and work stations, so when you test the desktop application you are focusing on a specific environment. You will test complete application broadly in categories like GUI, functionality, Load, and backend i.e DB. In client server application you have two different components to test. Application is loaded on server machine while the application exe on every client machine. You will test broadly in categories like, GUI on

both sides, functionality, Load, client-server interaction, backend. This environment is mostly used in Intranet networks. You are aware of number of clients and servers and their locations in the test scenario. Web application is a bit different and complex to test as tester dont have that much control over the application. Application is loaded on the server whose location may or may not be known and no exe is installed on the client machine, you have to test it on different web browsers. Web applications are supposed to be tested on different browsers and OS platforms so broadly Web application is tested mainly for browser compatibility and operating system compatibility, error handling, static pages, backend testing and load testing. I think this will have an idea of all three testing environment. Keep in mind that even the difference exist in these three environments, the basic quality assurance and testing principles remains same and applies to all.

How can a Web site be tested?

Points to be considered while testing a Web site: Web sites are essentially client/server applications with web servers and browser clients. Consideration should be given to the interactions between html pages, TCP/IP communications, Internet connections, firewalls, applications that run in web pages (such as applets, javascript, plug-in applications), and applications that run on the server side (such as cgi scripts, database interfaces, logging applications, dynamic page generators, asp, etc.). Additionally, there are a wide variety of servers and browsers, various versions of each, small but sometimes significant differences between them, variations in connection speeds, rapidly changing technologies, and multiple standards and protocols. The end result is that testing for web sites can become a major ongoing effort. Other considerations might include: What are the expected loads on the server (e.g., number of hits per unit time?), and what kind of performance is required under such loads (such as web server response time, database query response times). What kinds of tools will be needed for performance testing (such as web load testing tools, other tools already in house that can be adapted, web robot downloading tools, etc.)? Who is the target audience? What kind of browsers will they be using? What kind of connection speeds will they by using? Are they intra- organization (thus with likely high connection speeds and similar browsers) or Internet-wide (thus with a wide variety of connection speeds and browser types)? What kind of performance is expected on the client side (e.g., how fast should pages appear, how fast should animations, applets, etc. load and run)? Will down time for server and content maintenance/upgrades be allowed? how much? What kinds of security (firewalls, encryptions, passwords, etc.) will be required and what is it expected to do? How can it be tested? How reliable are the sites Internet connections required to be? And how does that affect backup system or redundant connection requirements and testing?

What processes will be required to manage updates to the web sites content, and what are the requirements for maintaining, tracking, and controlling page content, graphics, links, etc.? Which HTML specification will be adhered to? How strictly? What variations will be allowed for targeted browsers? Will there be any standards or requirements for page appearance and/or graphics throughout a site or parts of a site?? How will internal and external links be validated and updated? how often? Can testing be done on the production system, or will a separate test system be required? How are browser caching, variations in browser option settings, dial-up connection variabilities, and real-world internet traffic congestion problems to be accounted for in testing? How extensive or customized are the server logging and reporting requirements; are they considered an integral part of the system and do they require testing? How are cgi programs, applets, javascripts, ActiveX components, etc. to be maintained, tracked, controlled, and tested? Pages should be 3-5 screens max unless content is tightly focused on a single topic. If larger, provide internal links within the page. The page layouts and design elements should be consistent throughout a site, so that its clear to the user that theyre still within a site. Pages should be as browser-independent as possible, or pages should be provided or generated based on the browser-type. All pages should have links external to the page; there should be no dead-end pages. The page owner, revision date, and a link to a contact person or organization should be included on each page.

How to Test Banking Applications

Banking applications are considered to be one of the most complex applications in todays software development and testing industry. What makes Banking application so complex? What approach should be followed in order to test the complex workflows involved? In this article we will be highlighting different stages and techniques involved in testing Banking applications. The characteristics of a Banking application are as follows:
y y y y y y y y y

Multi tier functionality to support thousands of concurrent user sessions Large scale Integration , typically a banking application integrates with numerous other applications such as Bill Pay utility and Trading accounts Complex Business workflows Real Time and Batch processing High rate of Transactions per seconds Secure Transactions Robust Reporting section to keep track of day to day transactions Strong Auditing to troubleshoot customer issues Massive storage system

Disaster Management.

The above listed ten points are the most important characteristics of a Banking application. Banking applications have multiple tiers involved in performing an operation. For Example, a banking application may have: 1. 2. 3. 4. Web Server to interact with end users via Browser Middle Tier to validate the input and output for web server Data Base to store data and procedures Transaction Processor which could be a large capacity Mainframe or any other Legacy system to carry out Trillions of transactions per second.

If we talk about testing banking applications it requires an end to end testing methodology involving multiple software testing techniques to ensure:
y y y y y y

Total coverage of all banking workflows and Business Requirements Functional aspect of the application Security aspect of the application Data Integrity Concurrency User Experience

Typical stages involved in testing Banking Applications are shown in below workflow which we will be discussing individually.

1) Requirement Gathering: Requirement gathering phase involves documentation of requirements either as Functional Specifications or Use Cases. Requirements are gathered as per customer needs and documented by Banking Experts or Business Analyst. To write requirements on more than one subject experts are involved as banking itself has multiple sub domains and one full fledge banking application will be the integration of all. For Example: A banking application may have separate modules for Transfers, Credit Cards, Reports, Loan Accounts, Bill Payments, Trading Etc.
2) Requirement Review:

The deliverable of Requirement Gathering is reviewed by all the stakeholders such as QA Engineers, Development leads and Peer Business Analysts. They cross check that neither existing business workflows nor new workflows are violated.
3) Business Scenario Preparations:

In this stage QA Engineers derive Business Scenarios from the requirement documents (Functions Specs or Use Cases); Business Scenarios are derived in such a way that all Business Requirements are covered. Business Scenarios are high level scenarios without any detailed steps, further these Business Scenarios are reviewed by Business Analyst to ensure all of Business Requirements are met and its easier for BAs to review high level scenarios than reviewing low level detailed Test Cases.
4) Functional Testing:

In this stage functional testing is performed and the usual software testing activities are performed such as: Test Case Preparation: In this stage Test Cases are derived from Business Scenarios, one Business Scenario leads to several positive test cases and negative test cases. Generally tools used during this stage are Microsoft Excel, Test Director or Quality Center. Test Case Review: Reviews by peer QA Engineers Test Case Execution: Test Case Execution could be either manual or automatic involving tools like QC, QTP or any other.
5) Database Testing:

Banking Application involves complex transaction which are performed both at UI level and Database level, Therefore Database testing is as important as functional testing. Database in itself is an entirely separate layer hence it is carried out by database specialists and it uses techniques like
y y y y y y y

Data loading Database Migration Testing DB Schema and Data types Rules Testing Testing Stored Procedures and Functions Testing Triggers Data Integrity

6) Security Testing:

Security Testing is usually the last stage in the testing cycle as completing functional and non functional are entry criteria to commence Security testing. Security testing is one of the major stages in the entire Application testing cycle as this stage ensures that application complies with Federal and Industry standards. Security testing cycle makes sure the application does not have any web vulnerability which may expose sensitive data to an intruder or an attacker and complies with standards like OWASP. In this stage the major task involves in the whole application scan which is carried out using tools like IBM Appscan or HP WebInspect (2 Most popular tools). Once the Scan is complete the Scan Report is published out of which False Positives are filtered out and rest of the vulnerability are reported to Development team for fixing depending on the Severity. Other Manual tools for Security Testing used are: Paros Proxy, Http Watch, Burp Suite, Fortify tools Etc. Apart from the above stages there might be different stages involved like Integration Testing and Performance Testing. In todays scenario majority of Banking Projects are using: Agile/Scrum, RUP and Continuous Integration methodologies, and Tools packages like Microsofts VSTS and Rational Tools. As we mentioned RUP above, RUP stands for Rational Unified Process, which is an iterative software development methodology introduced by IBM which comprises of four phases in which development and testing activities are carried out. Four phases are: i) Inception ii) Collaboration iii) Construction and iv) Transition RUP widely involves IBM Rational tools. In this article we discussed how complex a Banking application could be and what are the typical phases involved in testing the application. Apart from that we also discussed current trends followed by IT industries including software development methodologies and tools.

What is actual testing process in practical or company environment?

Whenever we get any new project there is initial project familiarity meeting. In this meeting we basically discuss on who is client? what is project duration and when is delivery? Who is involved in project i.e manager, Tech leads, QA leads, developers, testers etc etc..? From the SRS (software requirement specification) project plan is developed. The responsibility of testers is to create software test plan from this SRS and project plan. Developers start coding from the design. The project work is devided into different modules and these project modules are distributed among the developers. In meantime testers responsibility is to create test scenario and write test cases according to assigned modules. We try to cover almost all the functional test cases from SRS. The data can be maintained manually in some excel test case templates or bug tracking tools. When developers finish individual modules, those modules are assigned to testers. Smoke testing is performed on these modules and if they fail this test, modules are reassigned to respective developers for fix.

For passed modules manual testing is carried out from the written test cases. If any bug is found that get assigned to module developer and get logged in bug tracking tool. On bug fix tester do bug verification and regression testing of all related modules. If bug passes the verification it is marked as verified and marked as closed. Otherwise above mentioned bug cycle gets repeated.(I will cover bug life cycle in other post) Different tests are performed on individual modules and integration testing on module integration. These tests includes Compatibility testing i.e testing application on different hardware, OS versions, software platform, different browsers etc. Load and stress testing is also carried out according to SRS. Finally system testing is performed by creating virtual client environment. On passing all the test cases test report is prepared and decision is taken to release the product! So this was a brief outline of process of project life cycle. Here is detail of each step what testing exactly carried out in each software quality and testing life cycle specified by IEEE and ISO standards: Review of the software requirement specifications Objectives is set for the Major releases Target Date planned for the Releases Detailed Project Plan is build. This includes the decision on Design Specifications Develop Test Plan based on Design Specifications Test Plan : This includes Objectives, Methodology adopted while testing, Features to be tested and not to be tested, risk criteria, testing schedule, multiplatform support and the resource allocation for testing. Test Specifications this document includes technical details (Software requirements) required prior to the testing. Writing of Test Cases Smoke (BVT) test cases Sanity Test cases Regression Test Cases Negative Test Cases Extended Test Cases Development Modules developed one by one Installers Binding: Installers are building around the individual product. Build procedure: A build includes Installers of the available products multiple platforms. Testing Smoke Test (BVT) Basic application test to take decision on further testing

Testing of new features Cross-platform testing Stress testing and memory leakage testing. Bug Reporting Bug report is created Development Code freezing No more new features are added at this point. Testing Builds and regression testing. Decision to release the product Post-release Scenario for further objectives.

CAPGEMINI INTERVIEW QUESTIONS

1) Diff between functional, system testing ? 2) What are the six Microsoft rules for user interface testing? 3) What is the diff between GUI, UI 4) When do you go for automation ? 5) Diff between QTP 8.2 and 9.0 6) Types of testing? 7) Regression testing ? 8) Defect profile document? 9) Test cases( dd\mm\yyyy) 10) Bug life cycle? 11) What will do testing. When u are given an application to test? 12) Team member? 13) Quqlity- test engineer? 14) What if your team member doesnt work with properly? 15) What is test life cycle? 16) Is test plan necessary for preparing test cases? 17) On what basis you prepare test cases? 18) What is test strategey? 19) Do submit test strategy to customer, if yes what time ? 20) Draw v- model ? 21) Difference between v-model and water fall model? 22) Regression and integration testing? 23) Is integration testing is conducted by only development team ? 24) Why you adopt testing and what is the need of testing ? 25) What do you learn doing testing course? 26) Write a test case for pen? 27) Do you prepare test case with out test plan? 28) What is the difference bet error and defect ? 29) What are the documents require to prepare the test plan?

What is database testing?

Data base testing basically include the following: 1)Data validity testing: - For doing data validity testing you should be good in SQL queries

2)Data Integritity testing: - For data integrity testing you should know about referintial integrity and different constraint. 3)Performance related to data base: - For performance related things you should have idea about the table structure and design. 4)Testing of Procedure,triggers and functions: - For testing Procedure triggers and functions you should be able to understand the same.

Data Validation and Data Integration

Data Validation: cross verifying the data from UI to DB Data Integrity: Changes made to the data from UI/DB shall be persistent. I assume having access to Gmail and Gmail Users DB. 1) Data Validation: Receive an Email from Hotmail user, Gmail Inbox (UI) shall be updated and Inbox Table in the Gmail User's DB shall be updated with a record 2) Data Integration: Delete the recieved Email (record) from Hotmail user of the Gmail User's DB. Verify the Trash Table of Gmail user's DB is updated with the deleted record; verify the same in Trash UI of Gmail.

Difference between Application and Product?

Software Application: A software developed depending on a specific customer requirements is called as application or project. Examples: Any application that will be used only in that organization. OR Software developed to use with in the organization only. They wont share it to out side world. Software Product: A software developed depending on overall requirements in market is called as software product. Examples: SQL Server, Visual Studio, Adobe Photoshop, Google search engine, Gmail and etc which will be accessible to the outside world. SDLC (Software Development Life Cycle) Models After accepting a software proposal, the corresponding project managers should one of the available 5 sdlc model to follow in the development cycle. There are 5 SDLC models available currently.They are 1. 2. 3. 4. 5. Waterfall Model Prototype Model Incremental Model Spiral Model V-Model

Waterfall Model: When the customer requirements are clear and complete Requirements Gathering>Analysis & Planning> Design> Coding> Testing> Release & Maintenance

Prototype Model: When the customer requirements are unclear and confusing Incremental Model: When the customer requirements are clear but not complete, because client is giving requirements in installment basis. Spiral Model: When the customer requirements are clear and complete but enhancing in future Note: In above 4 SDLC models the testing is available as one stage and the stage was also conducted by same developers.Due to this the organizations are concentrating on multiple stages of testing and separate testing teams for quality software development. V-Model: V- stands for Verification and Validation
y y

It is a recognized model by organizations This model defines the mapping in between multiple stages of development and multiple stages of testing

To decrease project cost, the organizations are maintaining the separate testing team only for system testing. Because the system testing stage is working as bottle neck stage in software development.

Software Testing Interview Question & Answers at Capgemini

Questions:
1. 2. 3. 4. What is Log sheet? and what are the components in it? what are the types of priority and severity? Give me some example for high severity and low priority defect? Imagine a form with 2 check boxes, 2 list boxes, 2 combo boxes & 2 integer fields. If i want you to write Test cases for this form, how much time it will take and how many cases will you be able to generate? 5. What is positive and negative testing.Explain with example? 6. What is meant by the Logical name of the object?

Answers: 1. A log sheet is generally a defect Report.Server logs are also attached to the defect,for the developers to check ,what is the behavior of the Application, request and response of the remote server when the defect has occurred.By reading that log sheet,a programmer or developer can understand,why that defect has occurred.This log sheet consists of lines of code according to the series of events that made the defect to occur. 2. Priority: How fast the bug should be resolved. Severity: How badly it effected the application. P1 > Fatal - S1 > Critical P2 > Major - S2 > High P3 > Minor - S3 > Medium P4 > Suggestion S4 > Low 3. If suppose the title of the particular concern is not spelled correctly, it would give a negative impact.eg ICICC is spelled as a title for the project of the concern ICICI.then it is a high severity, low priority defect. 4. These questions are called dynamic questions and you need to be spontaneous to answer this type of questions. Just draw the form immediately on a paper and tell the approximate time of 5 - 7 min and 8 - 10 test cases. 5. Positive Testing - testing the system by giving the valid data. Negative Testing - testing the system by giving the Invalid data. For Exam application contains a textbox and as per the users Requirements the textbox should accept only Strings. By providing only String as input data to the textbox & to check whether its working properly or not means it is Positive Testing. If giving the input other than String means it is negative Testing. 6. An objects logical name is determined by its class. In most cases, the logical name is the label that appears on an object.

What is Defect/Bug Leakage?

If the client/customer/end user finds a defect while using the released Application/Product. Then it is called as Defect Leakage or bug leakage. OR in other words After the release of the application to the client, if the end user gets any type of defects by using that application then it is called as Defect leakage. This Defect Leakage is also called as Bug Leak.

What Does Capital Dividend Mean?

A type of payment by a firm to its investors that is drawn from a company's paid-in-capital or shareholders' equity, rather than from the company's earnings, as with regular dividends. Such a dividend is often paid out in instances where a dividend payment is required, but company earnings cannot facilitate such a cash payment. Also known as a "return of capital".

Investopedia explains Capital Dividend A capital dividend is typically not taxable for shareholders, as it is viewed as a return of the capital paid in by investors. Capital dividends are not a preferred form of dividend payment for firms or investors, as they are often seen as a sign of a company struggling to generate earnings and free cash flow. Additionally, by paying out dividends from retained earnings, a company's struggles may worsen as its capital base shrinks, limiting investment and business opportunities in the future.

Will automated testing tools make testing easier?

Possibly. For small projects, the time needed to learn and implement them may not be worth it. For larger projects, or on-going long-term projects they can be valuable. Test automation can add a lot of complexity and cost to a test teams effort. In addition problems like including unrealistic expectations, poor testing practices, a false sense of security, maintenance costs, and other technical and organizational problems might arise. But it can also provide some valuable assistance if its done by the right people, in the right environment and done where it makes sense to do so. Automated testing is an expensive process. Studies show that it can take between 3 to 10 times longer to develop automated Test Suite than to create and execute manual test cases. Costs of test automation include personnel to support test automation for the long term, dedicated test environment as well as the costs for the purchase, development and maintenance of tools. A common type of automated tool is the record/playback type. For example, a tester could click through all combinations of menu choices, dialog box choices, buttons, etc. in an application GUI and have them recorded and the results logged by a tool. The recording is typically in the form of text based on a scripting language that is interpretable by the testing tool. If new buttons are added, or some underlying code in the application is changed, etc. the application can then be retested by just playing back the recorded actions, and comparing the logging results to check effects of the changes. The problem with such tools is that if there are continual changes to the system being tested, the recordings may have to be changed so much that it becomes very time-consuming to continuously update the scripts. Additionally, interpretation of results (screens, data, logs, etc.) can be a difficult task. Note that there are record/playback tools for textbased interfaces also, and for all types of platforms.

Can anyone tell what testing is most important to be done on insurance project? And how it is done?
Typically, insurance carriers have a common policy lifecycle that can consist of: -clearance of applicant -submission of applicant -quote(s) (including output of quote document) *this is where rating comes into play* -acceptance/rejection of quote -if acceptance - binding (including output of a binder document) -policy creation/issuance (including output of Declaraions page and associated wordings/forms/endorsements) -endorsement of policy (including output of policy change notice and associated wordings/forms/endorsements) -cancellation of policy (including output of cancellation notice, etc) -reinstatement of policy (including output of reinstatement notice, etc) and then there is the potential claims lifecycle which potentially consists of the following: -first notice of loss

-reservation of rights -capture of associated parties (claimant, attorneys, adjusters both internal and external, etc) -adjustment of claim (creating expense and/or indemnity reserves, making payments against reservers, creating recoveries, recovering money via subro, salvage, etc) -litigation management -closing claim -reopening claim Obviously, this can change for any given insurer based on the coverages they write and the busienss processes they have defined and these may or may not be covered by the application you are testing. Without further detail it is difficult to determine what scenarios would be appropriate. I would suggest getting a copy of the specification and potentially discuss with a SME what the application you are working on is intended to cover.

Q. What is difference between Performance Testing, Load Testing and Stress Testing?
1) Performance Testing:

Performance testing is the testing, which is performed, to ascertain how the components of a system are performing, given a particular situation. Resource usage, scalability and reliability of the product are also validated under this testing. This testing is the subset of performance engineering, which is focused on addressing performance issues in the design and architecture of software product. Performance Testing Goal: The primary goal of performance testing includes establishing the benchmark behaviour of the system. There are a number of industry-defined benchmarks, which should be met during performance testing. Performance testing does not aim to find defects in the application, it address a little more critical task of testing the benchmark and standard set for the application. Accuracy and close monitoring of the performance and results of the test is the primary characteristic of performance testing. Example: For instance, you can test the application network performance on Connection Speed vs. Latency chart. Latency is the time difference between the data to reach from source to destination. Thus, a 70kb page would take not more than 15 seconds to load for a worst connection of 28.8kbps modem (latency=1000 milliseconds), while the page of same size would appear within 5 seconds, for the average connection of 256kbps DSL (latency=100 milliseconds). 1.5mbps T1 connection (latency=50 milliseconds) would have the performance benchmark set within 1 second to achieve this target. For example, the time difference between the generation of request and acknowledgement of response should be in the range of x ms (milliseconds) and y ms, where x and y are standard digits. A successful performance testing should project most of the performance issues, which could be related to database, network, software, hardware etc
2) Load Testing:

Load testing is meant to test the system by constantly and steadily increasing the load on the system till the time it reaches the threshold limit. It is the simplest form of testing which employs the use of automation

tools such as LoadRunner or any other good tools, which are available. Load testing is also famous by the names like volume testing and endurance testing. The sole purpose of load testing is to assign the system the largest job it could possible handle to test the endurance and monitoring the results. An interesting fact is that sometimes the system is fed with empty task to determine the behaviour of system in zero-load situation. Load Testing Goal: The goals of load testing are to expose the defects in application related to buffer overflow, memory leaks and mismanagement of memory. Another target of load testing is to determine the upper limit of all the components of application like database, hardware and network etc so that it could manage the anticipated load in future. The issues that would eventually come out as the result of load testing may include load balancing problems, bandwidth issues, capacity of the existing system etc Example: For example, to check the email functionality of an application, it could be flooded with 1000 users at a time. Now, 1000 users can fire the email transactions (read, send, delete, forward, reply) in many different ways. If we take one transaction per user per hour, then it would be 1000 transactions per hour. By simulating 10 transactions/user, we could load test the email server by occupying it with 10000 transactions/hour.

3) Stress testing

Under stress testing, various activities to overload the existing resources with excess jobs are carried out in an attempt to break the system down. Negative testing, which includes removal of the components from the system is also done as a part of stress testing. Also known as fatigue testing, this testing should capture the stability of the application by testing it beyond its bandwidth capacity. The purpose behind stress testing is to ascertain the failure of system and to monitor how the system recovers back gracefully. The challenge here is to set up a controlled environment before launching the test so that you could precisely capture the behaviour of system repeatedly, under the most unpredictable scenarios. Stress Testing Goal: The goal of the stress testing is to analyse post-crash reports to define the behaviour of application after failure. The biggest issue is to ensure that the system does not compromise with the security of sensitive data after the failure. In a successful stress testing, the system will come back to normality along with all its components, after even the most terrible break down. Example: As an example, a word processor like Writer1.1.0 by OpenOffice.org is utilized in development of letters, presentations, spread sheets etc Purpose of our stress testing is to load it with the excess of characters. To do this, we will repeatedly paste a line of data, till it reaches its threshold limit of handling large volume of text. As soon as the character size reaches 65,535 characters, it would simply refuse to accept more data. The result of stress testing on Writer 1.1.0 produces the result that, it does not crash under the stress and that it handle the situation gracefully, which make sure that application is working correctly even under rigorous stress conditions.

1.differentiate between QA and QC? QA:It is process oriented it envolve in entire process of software developement. Preventin oriented. QC: It is product oriented. work to examin the quality of product. Dedection orientd. 2.what is a bug? A computer bug is an error, flaw, mistake, failure, or fault in a computer program that prevents it from working correctly or produces an incorrect result. 3.what is a test case? Testcase is set of input values, execution preconditions,expected results and execution postconditions, developed for a particular objective or test conditons, such as to exercise a paticular program path or to verify compliance with a specific requiremnt. 4.What is the purpose of test plan in your project? test plan document is prepared by the test lead,it contains the contents like introduction,objectives,test stratergy,scope,test items,program modules user procedures,features to be tested features not to tested approach,pass or fail criteria,testing process,test deliverables,testing,tasks,responsibilities,resources,schedu le,environmental requirements,risks & contingencies,change management procedures,plan approvals,etc all these things help a test manager undersatnd the testing he should do & what he should follow for testing that particular project. 5.When the relationship occur between tester and developer? developer is the one who sends the application to the tester by doing all the necessary code in the application and sends the marshal id to the tester.The tester is the one who gives all the input/output and checks whether he is getting reqd output or not.A developer is the one who works on inside interfacing where as the tester is the one who works on outside interfacing 6.when testing will starts in a project? the testing is not getting started after the coding.after release the build the testers perform the smoke test.smoke test is the first test which is done by the testing team.this is according to the testing team.but, before the releasing of a build the developers will perform the unit testing. 7.If a bug has high severity then usually that is treated as high priority,then why do priority given by testengineers/project managers and severity given by testers? High severity bugs affects the end users ....testers tests an application with the users point of view, hence it is given as high severity.High priority is given to the bugs which affects the production.Project managers assign a high priority based on production point of view. 8.what is the difference between functional testing and regresion testing functional testing is a testing process where we test the functionality/behaviour of each functional component of the application...i.e.minimize button,transfer button,links etc.i.e we check what is each component doing in that application... regression testing is the testing the behaviour of the application of the unchanged areas when there is a change in the build.i.e we chk whether the changed requirement has altered the behaviour of the unchanged areas.the impacted area may be the whole of the application or some part of the application...

10.do u know abt integration testing,how do u intregate diff modules? integration testing means testing an application to verify the data flows between the module.for example, when you are testing a bank application ,in account balence it shows the 100$as the available balence.but in database it shows the 120$. main thing is "integration done by the developers and integration testing done by the testers" 11.do u know abt configuration management tool,what is the purpose of maintaining all the documents in configuration manage ment tool? It is focused primarily on maintaining the file changes in the history. Documents are subjected to change For ex: consider the Test case document . Initially you draft the Test cases document and place it in Version control tool(Visual Source Safe for ex).Then you send it for Peer Review .They will provide some comments and that document will be saved in VSS again.Similary the document undergoes changes and all the changes history will be maintained in Version control. It helps in referring to the previous version of a document. Also one person can work on a document (by checking out) at a time. Also it keeps track who has done the changes ,time and date. Generally all the Test Plan, Test cases,Automation desgin docs are placed in VSS. Proper access rights needs to be given so that the documents dont get deleted or modified. 12.How you test database and explain the procedure? Database Testing is purely done based on the requirements. You may generalize a few features but they won't be complete. In general we look at 1. Data Correctness (Defaults) 2. Data Storage/Retreival 3. Database Connectivity (across multiple platforms) 4. Database Indexing 5. Data Integrity 6. Data Security 13.suppose if you press a link in yahooshopping site in leads to some other company website?how to test if any problem in linking from one site to another site? 1)first i will check whether the mouse cusor is turning into hand icon or not? 2)i will check the link is highlingting when i place the curosr on the link or not? 3)the site is opening or not? 4)if the site is opening then i will check is it opening in another window or the same window that the link itself exitst(to check userfriendly ness of the link) 5)how fast that website is opening? 6)is the correct site is opening according to the link? 7)all the items in the site are opeing or not? 8)all other sublinks are opening or not? 14.what are the contents of FRS? F &#8594; Function Behaviours R &#8594; Requirements (Outputs) of the System that is defined. S &#8594; Specification ( How, What, When, Where, and Way it behavior's. FRS &#8594; Function Requirement Specification. This is a Document which contains the Functional behavior of the system or a feature. This document is also know as EBS External Behaviour Specification Document. Or EFS External Function Specification. 15.what is meant by Priority nad severity? Priority means "Importance of the defect w.r.t cutomer requirement" Severity means "Seriousness of the defect w.r.t functionality"

16.what is meant by Priority nad severity? Severity: 1. This is assigned by the Test Engineer 2. This is to say how badly the devation that is occuring is affecting the other modules of the build or release. Priority: 1. This is assigned by the Developer. 2. This is to say how soon the bug as to be fixed in the main code, so that it pass the basic requirement. Eg., The code is to generate some values with some vaild input conditions. The priority will be assigned so based on the following conditions: a> It is not accepting any value b> It is accepting value but output is in non-defined format (say Unicode Characters). A good example i used some unicode characters to generate a left defined arrow, it displayed correctly but after saving changes it gave some address value from the stack of this server. For more information mail me i will let you know. 17.give me some example for high severity and low priority defect? if suppose the title of the particular concern is not spelled corectly,it would give a negative impact.eg ICICC is spelled as a tittle for the project of the concern ICICI.then it is a high severity,low priority defect. 18.what is basis for testcase review? the main basis for the test case review is 1.testing techniques oriented review 2.requirements oriented review 3.defects oriented review. 19.what are the contents of SRS documents? Software requirements specifications and Functional requirements specifications. 20.What is difference between the Web application testing and Client Server testing? Testing the application in intranet(withoutbrowser) is an example for client -server.(The company firewalls for the server are not open to outside world. Outside people cannot access the application.)So there will be limited number of people using that application. Testing an application in internet(using browser) is called webtesting. The application which is accessable by numerous numbers around the world(World wide web.) So testing web application, apart from the above said two testings there are many other testings to be done depending on the type of web application we are testing. If it is a secured application (like banking site- we go for security testing etc.) If it is a ecommerce testing application we go for Usability etc.. testings. 21.Explain your web application archtechture? web application is tested in 3 phases 1. web tier testing --> browser compatibility 2. middle tier testing --> functionality, security 3. data base tier testing --> database integrity, contents 22.suppose the product/appication has to deliver to client at 5.00PM,At that time you or your team member caught a high severity defect at 3PM.(Remember defect is high severity)But the the client is cannot wait for long time.You should deliver the product at 5.00Pm exactly.then what is the procedure you follow? the bug is high severity only so we send the application to the client and find out the severity is preyority or not. if its preyority then we ask him to wait. Here we found defects/bugs in the last minute of the deliveryor realese date

Then we have two options 1.explain the situation to client and ask some more time to fix the bug. 2.If the client is not ready to give some some time then analyse the impact of defect/bug and try to find workarounds for the defect and mention these issues in the release notes as known issues or known limitations or known bugs. Here the workaround means remeady process to be followed to overcome the defect effect. 3.Normally this known issues or known limitations(defects) will be fixed in next version or next release of the software 23.Give me examples for high priority and low severity defects? Suppose in one banking application there is one module ATM Facility. in that ATM facility when ever we are dipositing/withdrawing money it is not showing any conformation message but actually at the back end it is happening properly with out any mistake means only missing of message . in this case as it is happenig properly so there is nothing wrong with the application but as end user is not getting any conformation message so he/she will be confuse for this.So we can consider this issue as HIGH Priority but LOW Severity defects.. 24.Explain about Bug life cycle? 1)tester-> 2) open defect-> 3)send to developer 4)->if accepted moves to step5 else sends the bug to tester gain 5)fixed by developer -> 6)regression testing-> 7)no problem inbuilt and signoff 8)->if problem in built reopen the issue send to step3 25.How can you report the defect using excel sheet? To report the defect using excel sheet Mention : The Feture that been effected. mention : Test Case ID (Which fail you can even mention any other which are dependency on this bug) Mention : Actual Behavior Mention : Expected Behavior as mentioned in Test Case or EFS or EBS or SRS document with section Mention : Your Test Setup used during Testing Mention : Steps to Re-Produce the bug Mention : Additional Info Mention : Attach a Screen Shot if it is a GUI bug Mention : Which other features it is blocking because of this bug that you are unable to execute the test cases. Mention : How much time you took to execute that test case or follow that specific TC which leaded to bug 26.If you have executed 100 test cases ,every test case passed but apart from these testcase you found some defect for which testcase is not prepared,thwn how you can report the bug? While reporting this bug into bugtracking tool you will generate the testcase imean put the steps to reproduce the bug. 27.what is the diffn betn web based application and client server application The basic difference between web based application & client server application is that the web application are 3 trier & client based are 2 trier.In web based changes are made at one place & it is refelected on other layers also whereas client based separate changes need be installed on client machine also.

28.what is testplan? and can you tell the testplan contents? Test plan is a high level document which explains the test strategy,time lines and available resources in detail.Typically a test plan contains: -Objective -Test strategy -Resources -Entry criteria -Exit criteria -Use cases/Test cases -Tasks -Features to be tested and not tested -Risks/Assumptions. 29.How many testcases can you write per a day, an average figure? Complex test cases 4-7 per day Medium test cases 10-15 per day Normal test cases 20-30 per day 30.Who will prepare FRS(functional requirement documents)? What is the importent of FRS? The Business Analyst will pre pare the FRS. Based on this we are going to prepare test cases. It contains 1. Over view of the project 2. Page elements of the Application(Filed Names) 3. Proto type of the of the application 4. Business rules and Error States 5. Data Flow diagrams 6. Use cases contains Actor and Actions and System Responces 31.How you can decide the number of testcases are enough for testing the given module? The developed test cases are coverd all the functionality of the application we can say testcases are enough.If u know the functionality covered or not u can use RTM. 32.What is the difference between Retesting and Data Driven Testing? Retesting:it is manual process in which apllication will be tested with entire new set of data. DataDriven Testing(DDT)-It is a Automated testing process inwhich application is tested with multiple test data.DDT is very easy procedure than retesting because the tester should sit and need to give different new inputsmanually from front end and it is very tedious and boring prodedure. 33.what is regression testing? After the Bug fixed ,testing the application whether the fixed bug is affecting remaining functionality of the application or not.Majorly in regression testing Bug fixed module and it's connected modules are checked for thier integrity after bug fixation. 34.how do u test web application? Web applicatio testing web application shold have the following features like 1.Attractive User Interface(logos,fonts,alignment) 2.High Usability options 3.Securiry features(if it has login feature)

4.Database(back end). 5.Perfromance(appearing speed of the application on client system) 6.Able to work on different Browers(Browser compatibility) ,O.S compatibility(technicalled called as portability) 7.Broken link testing.........etc so we need to follow out the following test strategy. 1.Functionality Testing 2.Performance Testing(Load,volume,Stress,Scalability) 3.Usability Testing 4.User Interface Testing(colors,fonts,alignments...) 5.Security Testing 6.Browser compatibility Testing(differnt versions and different browser) 7.Brokenlink and Navigation Testing 8.Database(backend)Testing(data integrity) 9.Portability testing(Multi O.s Support)....etc

35.how do u perform regression testing,means what test cases u select for regression Regression testing will be conducted after any bug fixedor any functionality changed. During defect fixing procedure some part of coding may be changed or functionality may be manipulated.In this case the old testcases will be updated or completely re written according to new features of the application where bug fixed area.Here possible areas are old test cases will be executed as usual or some new testcases will be added to existing testcases or some testcases may be deleted. 36.what r the client side scripting languages and server side scripting languages client side scripting langages are javascript,VbScript,PHP...etc Server side Scripting languages are Perl,JSP,ASP,PHP..etc Clent side scipting languages are useful to validate the inputs or user actions from userside or client side. Server side Scripting languages are to validate the inputs at server side. This scripting languages provide security for the application. and also provides dynamic nature to web or client server application cleint side scripting is good because it won't send the unwanted input's to server for validation.from frontend it self it validated the user inputs and restricts the user activities and guides him 37.if a very low defect (user interface )is detected by u and the developer not compramising with that defect what will u do? user interface defect is a high visibility defect and easy to reproduce. Follow the below procedure 1.Reproduce the defect 2.Capture the defect screen shots 3.Document the proper inputs that you are used to get the defect in the derfect report 3.send the defect report with screen shots,i/ps and procedure for defect reproduction. before going to this you must check your computer hard ware configuration that is same as developper system configuration.and anlso check the system graphic drivers are properly installed or not.if the problem in graphic drivers the User interface error will come. so first check your side if it is correct from your sidethen report the defect by following the above method.

38.if u r only person in the office and client asked u for some changes and u didn,t get what the client asked for what will u do? Onething here is very important.Nobody will ask test engineer to change software that is not your duty,even if it is related to testing and anybody is not there try to listen care fully if you are not understand ask him again and inform to the corresponding people immediately. Here the cleint need speedy service,we(our company) should not get any blame from customer side. 39.how to get top two salaries from employee tables Select * from emp e where 2>=(select count(*) from emp e where sal>e.sal) order by desc sal. 40.How many Test-Cases can be written for the calculator having 0-9 buttons, Add,Equalto buttons.The testcases should be focussed only on add-functionality but mot GUI.What are those testcases? Test-Cases for the calculator so here we have 12 buttons totalie 0,1,2,3,4,5,6,7,8,9,ADD,Equalto -12 buttons here u can press atleat 4 buttons at a time minimum for example 0+1= for zero u should press 'zero' labled buttonfor plus u should press '+' labled buttonfor one u should press 'one' labled buttonfor equalto u should press 'equalto' labled button 0+1=here + and = positions will not varyso first number position can be varied from 0 to 9 i.e from permutation and combinations u can fill that space in 10 waysin the same waysecond number position can be varied from 0 to 9 i.e from permutation and combinations u can fill that space in 10 ways Total number of possibilities are =10x10=100 This is exhaustive testing methodology and this is not possible in all cases. In mathematics we have one policy that the the function satisfies the starting and ending values of a range then it can satisfy for entire range of values from starting to ending. then we check the starting conditions i.e one test case for '0+0=' (expected values you know thatis '0')then another testcase for '9+9='(expected values you know thatis '18')only two testcases are enough to test the calculator functionality. 41.what is positive and negative testing explian with example? Positive Testing - testing the system by giving the valid data. Negative Testing - testing the system by giving the Invalid data. For Ex,an application contains a textbox and as per the user's Requirements the textbox should accept only Strings.By providing only String as input data to the textbox & to check whether its working properly or not means it is Positive Testing.If giving the input other than String means it is negative Testing.. 42.How will you prepare Test plan. What are the techniques involved in preparing the Test plan. Test plan means planning for the release. This includes Project background Test Objectives: Brief overview and description of the document Test Scope: setting the boundaries Features being tested (Functionalities) Hardware requirements Software requirements Entrance Criteria (When to start testing): Test environment established, Builder received from developer, Test case prepared and reviewed. Exit criteria (when to stop testing): All bug status cycle are closed, all functionalities are tested, and all high and medium bugs are resolved. Project milestones: dead lines 43.What are the Defect Life Cycle? Defect life cycle is also called as bug life cycle. It has 6stages namely 1.new: found new bug 2.assigned: bud assigned to developer 3.open : developer is fixing the bug

4.fixed : developer has fixed the bug 5.retest: tester retests the application 6.closed/reopened: if it is ok tester gives closed stauselse he reopens and sends back to developer. 44.Expalin about metrics Management? Metrics: is nothing but a measurement analysis.Measurment analysis and Improvement is one of the process area in CMM I L2. 45.What is performance Testing and Regression Testing? Performance Testing:-testing the present wroking condition of the product Regression Testing:-Regression Testing is checking for the newly added functionality causing any erros interms of functionality and the common functionality should be stable in the latest and the previous versions 46.How do you review testcase?? Type of Review... types of reviewing testcases depends upon company standards,viz.., peer review,team lead review,roject manager review. Some times client may also review the test cases reg what is approach following for project 47.In which way tester get Build A, BUild B, ....Build Z of an application, just explain the process.. After preparation of testcases project manager will release software release note in that Document there will be URL path of the website link from from that we will receive the build In case of web server projects, you will be provided with an URL or a 92.168.***.*** (Web address) which will help you access the project using a browser from your system. In case of Client server, the build is placed in the VSS (Configuration tool) which will help you get the .exe downloaded to your computer. 48.apart from bug reporting wat is ur involvement in projectlife cycle As a Test engineer We design test cases,prepare testcases Execute Testcases, track the bugs, analyse the results report the bugs. invovled in regression testing, performance of system testing system intergration testing At last preparation of Test summary Report 49.contents of test report There are two documents,which should be prepared at particual phase. 1.Test Results document. 2.Test Report document. Test Results doc will be preapred at the phase of each type of Testing like FULL FUNCTIONAL TEST PASS,REGRESSION TEST PASS,SANITY TEST PASS etc...Test case execution againest the application.Once you prepared this doc,we will send the doc to our TL and PM.By seeing the Test Results doc ,TL will come to know the coverage part of the testcase.Here I am giving you the contents used in the Test Results doc. 1.Build No 2.Version Name 3.Client OS 4.Feature set 5.Main Feature 6.Defined Testcases on each feature. 7.QA engineer Name 8.Test ecases executed.(Includes pass and fail) 9.Testcases on HOLD(Includes blocking testcases and deferred Testcases)

10.Covereage Report(Which includes the coverage ratings in % ,like % of testcases covered,% of testcases failed) Coming to Test report,generally we will prepare Test report ,once we rolled out the product to our client.This document will be prepared by TL and delivered to the client.Mainly,this document describes the what we have done in the project,chievements we have reached,our learnings in throughout the project etc...The other name for Test report is Project Closure Report and we will summerize the all the activities,which have taken place in through out the project.Here I am giving your the contents covered in the Test Report. 1.Test Environment(Should be covered the OS,Application or webservers,Mahchine names,Database,etc...) 2.Test Methods(Types of Tests,we have done in the project like Functional Testing,Platform Testing,regression Testing,etc.. 3.Major areas Covered. 4.Bug Tracking Details.(Includes inflow and outflow of the bus in our delivered project) 5.Work schedule(When we start the testing and we finished) 6.Defect Analasys 6.1 Defects logged in different types of tests like Funcational Test,regressiion Test as per area wised. 6.2 State of the Defects at end of the Test cycle. 6.3 Root cause analysys for the bugs marked as NOT A BUG. 7.QA observations or learnings throught the life cycle. 50.write high level test cases Write all the testcases under high level TC,which can be covered the main functionalities like creation,edition,deletion,etc....as per prescribed in the screen. Wrtie all the testcases under low level TC,which can be covered the screen,like input fields are displayed as per the requirements,buttons are enabled or disabled,and testcase for low priority functionalities. Example a screen contains two edit boxes login and password and a pust buttons OK and Reset and check box for the label "Remember my password".Now let us write high level TC and low level test cases. HIGH LEVEL TC 1.Verify that User is able to login with valid login and valid password. 2.Verify that User is not able to login with invalid login and valid password. etc... .. 3.Verify that Reset button clears the filled screen. 4.Verify that a pop up message is displayed for blank login. etc... etc.. LOW LEVEL TC 1.Verify that after launching the URL of the application below fields are displayes in the screen. 1.Login Name 2.Password.3.OK BUTTON 4.RESET button etc.. 5.check box,provided for the label "remember my pwd" is unchecked. 2.Verify that OK button should be disabled before selecting login and passwrod fields. 3.Verify that OK button should ne enabled after selecting login and password. 4.Verify that User is able to check the check box,providedfor the label "remember my pwd". etc.. In this way,we can categorise all the testcases under HIGH LEVEL and LOW LEVEL. 51.wat is test scenario

Test scenario will be framed on basis of the requrement,which need to be checked.For that,we will frame set of testcases,in other terms,we can say all the conditions,which can be determined the testing coverage againest business requirement. Please see the below example,which is exactly matched to my explanation. As we know all most all the application are having login screen,which contains login name and password.Here is the test scenario for login screen. Scenario: USER'S LOGIN Condtions to be checked to test the above scenario: ---------------------------------------------------1.Test login field and Password fields indicisually. 2.Try to login with valid login and valid password. 3.Try to login with invaling login and valid pwd. etcc........................................ 52.wat is build duration it is a tine gap between old version build and new version build in new version build some new extra features are added 53.wat is test deliverables Test deliverables are nothing but documents preparing after testing like test plan document testcase template bugreport templateTest deliverables will be delivered to the client not only for the completed activities ,but also for the activites,which we are implementing for the better productivity.(As per the company's standards).Here I am giving you some of the Test deliverables in my project. 1.QA TestPlan 2.Testcase Docs 3.QA Testplan,if we are using Automation. 4.Automation scripts 5.QA Coverage Matrix and defect matrix. 6.Traceability Matrix 7.Test Results doc 8.QA Schesule doc(describes the deadlines) 9.Test Report or Project Closure Report.(Prepared once we rolled out the project to client) 10.Weekly status report(sent by PM to the client) 11.Release Notes. 54.wat is ur involvement in test plan Test lead is involved in preparing test plan test entgineers are no way related in preparing test plan role TE is testcase design ,and execution and bugtraking and reporting them Genarally TL is involed in preparation of the TestPlan.But it is not mandatory only TL will take main part in the preparaion of the TP.Test engineer can suggest to TL,if he(or) she has good understanding on project and resources,if he or she has more exp with the project,if TL is wrongly given deadlines.If your suggestions are valid,TL will incorporate all of them to the TestPlan.But in most of the companies Test engineers are just audians. 55.which test cases are not to be automated All the test cases which are related to a feature of the product, that keeps on changing (there are always some or the other enhancements in it). Frequent enhancements may change the UI, add/remove few controls. Hence such cases, if automated, would involve lot of a intenance 56.if a project is long term project , requirements are also changes then test plan will change or not?why Yes..definitely. If requirement changes, the design documents, specifications (for that particualr module which implements the requiremnts) will also change. Hence the test plan would also need to be updated. This is because "REsource Allocation" is one section in the test plan. We would need to write new test cases,review, and execute it. Hence resource allocation would have to be done accordingly. As a result the Test plan would change

57.explain VSS Virtual Sourse Safe... After complition of all phages From devolopment side devoloper store the code in devolopment folder of VSS,Testing team copying code from that folder to testing folder, after compliting above phages from testing, testers put the build in base line folder.It is version contrrole Tool Mainly useful to devoloper, to storing code and maintains version Copying a code from VSS By devoloper is called CHECK-IN Upload the code in to VSS is called CHECK-OUT. 58.who will assign severity & priority the tester/dev should give the priority based on severity of the bug Severity means: is the impact of the bug on the app.i.e seriousness of the bug interms of the functionality. Priority means: is how soon it should get fixed i.e importance of the bug interms of customer 59.What is the Difference between Stub Testing and Driver Testing? stub testing: In top down approach,a core module is developed.to test that core module, small dummy modules r used.so stubs r small dummy modules that test the core module. Driver testing: in bottom up approach, small modules r developed.to test them a dummy core module called driver is developed. 60.What is a "Good Tester"? Is one who tries to break the developers software and in a position to venture the bugs. so that atleast 80% bugs free software can deliver. What is Database testing? Data bas testing basically include the following. 1)Data validity testing. 2)Data Integrity testing 3)Performance related to data base. 4)Testing of Procedure, triggers and functions. for doing data validity testing you should be good in SQL queries For data integrity testing you should know about referential integrity and different constraint. For performance related things you should have idea about the table structure and design. for testing Procedure triggers and functions you should be able to understand the same. What we normally check for in the Database Testing? In DB testing we need to check for, 1. The field size validation 2. Check constraints. 3. Indexes are done or not (for performance related issues) 4. Stored procedures 5. The field size defined in the application is matching with that in the db. How to Test database in manually? Explain with an example Observing that operations, which are operated on front-end is effected on back-end or not. The approach is as follows: While adding a record thru' front-end check back-end that addition of record is effected or not. So same for delete, update,...... Ex:Enter employee record in database thru' front-end and check if the record is added or not to the back-end(manually).

Difference between "version" and "build"

Version is a overall release of a application to the client Build is a release to the testing team by the development team