005 – Basic Testing Types in Software Testing - rkb-sdet/SoftwareTesting GitHub Wiki

Session 5 – Basic Testing Types in Software Testing (Enhanced: Performance & Security Included)

Note: Added enhanced sections for Performance Testing and Security Testing using the same examples and declarations from the class (Amazon/Flipkart load example; hacker/SQL-injection login example). Everything is formatted for quick copy-paste.

1. Manual Testing

  • Definition: Testing performed by a real person without automation tools.
  • How: Tester interacts with the app (clicks, types, inspects UI) and looks for defects.
  • When to use: Exploratory testing, UI/UX checks, ad-hoc/one-off validations.
  • Example from class: A software tester sits at the machine and checks forms, buttons, alignment, text, etc.

2. Automation Testing

  • Definition: Tests executed by an automation tool using scripts (code).
  • How: Write test scripts in a programming language → run them in an automation framework (tool executes steps).
  • When to use: Repetitive regression tests, large suites, cross-browser checks.
  • Example from class: Use Selenium (or similar) scripts to automatically log in and validate results.

Quick comparison

  • Manual: human-driven, no code.
  • Automation: tool-driven, requires code, faster at scale.

3. Testing by Application Type

  • Desktop App Testing: Apps installed and run locally (e.g., Eclipse, MS Office).
  • Web App Testing: Apps running in a browser (e.g., e-commerce sites).
  • Mobile App Testing: Apps on mobile devices / tablets (e.g., WhatsApp, Google Pay).
  • Goal: Validate functionality & compatibility per platform and device.

4. Testing by Application Layer

Applications typically have three layers:
UI (what user sees) → Business Logic (backend code / APIs) → Database (data store)

UI Testing

  • Focus: visual defects (alignment, overlap, colors, spelling).
  • Example from class: Photo/text overlapping a Follow button.

API Testing

  • Focus: business logic via request/response (no UI).
  • How: call API endpoints directly (Postman/cURL/etc.) and validate responses.
  • Example from class: Hitting the login API and validating the JSON response.

Database Testing

  • Focus: data integrity & persistence.
  • How: run SQL queries to retrieve stored values and compare with the input.
  • Example from class: Verify registration details saved in DB match the input.

5. Functional vs Non-Functional Testing

  • Functional: Verifies what the application does (login, registration, search).
    • Example: Login accepts valid credentials and rejects invalid ones.
  • Non-Functional: Verifies how the application behaves (performance, security, usability).

6. Performance Testing (Enhanced)

Class declaration & example preserved:

Performance testing checks speed, load handling, and whether an application can handle high traffic (e.g., Amazon or Flipkart during big sales like Black Friday).

What it checks

  • Response time / latency (how fast a request completes)
  • Throughput (requests per second)
  • Concurrency / Load (how many users can use the app simultaneously)
  • Resource usage (CPU, memory, network on server)
  • Stability / endurance (behavior over long durations)
  • Error rate (how many requests fail under load)

Common test types

  • Load Testing: simulate expected user load (e.g., 10 → 100 → 1,000 concurrent users).
  • Stress Testing: push beyond normal capacity to find breaking point.
  • Spike Testing: sudden large increase in load.
  • Endurance (Soak) Testing: long-running load to find memory leaks or degradation.

Practical (class-style) scenarios

  • Start with 10 users, then 100, then 1,000 to observe behavior.
  • Reproduce sale-day conditions (peak concurrency) — e.g., Black Friday spike for Amazon/Flipkart.
  • Measure: average response time, 95th / 99th percentile latency, error percentage.

Tools (examples)

  • Apache JMeter, Gatling, k6, LoadRunner (choose based on team/stack).

What to record & act on

  • If response time grows linearly with users → capacity issues.
  • If error rate spikes at a threshold → bottleneck (DB, network, app server).
  • Remediation ideas: scale horizontally, add caching, optimize DB queries, use CDNs.

7. Security Testing (Enhanced)

Class declaration & example preserved:

Security testing finds vulnerabilities so hackers can't exploit the app (example: an attacker using a SQL injection or crafted input to log in with invalid credentials).

What it checks

  • Authentication & authorization weaknesses
  • Injection flaws (e.g., SQL injection)
  • Broken access controls
  • Sensitive data exposure
  • Session management issues
  • Common web flaws (e.g., OWASP Top 10 categories)

Practical (class-style) example

  • A hacker inputs malicious payloads into the login fields (e.g., SQL injection).
    If the app logs in with invalid credentials because of that input → security bug.

Test strategies

  • Static analysis: scan source code for vulnerabilities.
  • Dynamic testing / Penetration testing: attempt to exploit app like an attacker.
  • Automated scans: SAST/DAST tools.
  • Secure code reviews and dependency vulnerability checks.

Tools (examples)

  • OWASP ZAP, Burp Suite, automated security scanners, static analysis tools.

What to record & act on

  • For every vulnerability: record impact, reproduction steps, severity.
  • Remediation ideas: parameterized queries / prepared statements (prevent SQL injection), input validation, proper session handling, patch dependencies.

8. Quick Practical Checklists

Performance quick checklist

  • Define realistic & peak user scenarios (10 → 100 → 1000+).
  • Capture baseline (response times under normal load).
  • Run load & stress tests; capture 95th/99th percentiles.
  • Monitor server resources (CPU, memory, DB connections).
  • Report thresholds where errors begin; recommend scaling/optimization.

Security quick checklist

  • Validate input handling (no direct DB concatenation).
  • Verify authentication & session controls.
  • Run automated scans, then manual pentests for critical flows.
  • Document vulnerabilities and fix timeline.

9. Summary Table (focused additions)

Topic Purpose Class Example / Note
Performance Testing Speed, load, scalability Amazon/Flipkart on sale days; simulate 10 → 100 → 1000 users
Security Testing Prevent exploits & vulnerabilities Hacker uses injection to log in with invalid credentials → security bug

Key Takeaways

  • Functional testing ensures the app works (UI/API/DB).
  • Performance testing ensures the app performs under expected/peak loads (prevent Black Friday outages).
  • Security testing ensures the app resists attacks (prevent SQL injection and other vulnerabilities).
  • Use the right mix of manual, automation, layered (UI/API/DB), functional, and non-functional tests to comprehensively validate software.

If you want, I can:

  • Convert the Performance and Security sections into a one-page checklist you can print, or
  • Provide sample JMeter scenarios (CSV+script) that replicate the 10 → 100 → 1,000 user example.