Hello and welcome! My name is Alex, and I’ll be your guide to Quality Assurance in the software development world. I’ve been in testing my entire career, and I’ve had experience with a wide variety of systems, tools, companies, processes, and methodologies. I started as a manual tester out of college, and now I write automation frameworks in Java that test APIs, websites, and databases. I’ve seen the good, the bad, and the ugly in the testing world, and I hope to take that experience to write content that represents the best practices of modern software development quality assurance.
My expertise is in functional testing. This means manually testing systems from an end-user perspective, writing automated test suites that mock the flows users take while using the software, verifying APIs and web services by making calls directly and validating the responses, and analyzing data in databases for accuracy. Most of the content on this site will be centered on these topics. However, there are other important areas of testing that need to be covered, and I will attempt to go over those as much as I can. See below for the categories of testing that I believe are required in today’s software development world.
Functional Testing is done to ensure a system meets specified requirements (waterfall methodology) or acceptance criteria (agile methodology). After functional testing is complete, there should be a high degree of certainty that the system will perform correctly for end users.
Functional Testing is what people usually think of when they think of testing software. It can be as simple as a quality assurance analyst going through the system manually to simulate what a user would do, it can be a tester verifying individual API calls, and it can be performing actions and verifying output data. Functional testing can also be done via an automated test framework. In that regard, functional testing does NOT equal manual testing, but manual verification is part of the process of testing the functionality of a system.
Automated Testing is the use of software to control the execution of tests. There are many ways testing can be automated. There are keyword-driven and data-driven approaches, which focus on re-usable methods and scripts that can be easily created by someone without in-depth knowledge of coding practices. Many tools have been developed that allow a tester to record user flows and replay them. These are usually easier to use for individuals inexperienced with coding, but they are expensive and typically difficult to maintain over time. There are also programmatic approaches where someone with knowledge of coding practices can create frameworks written in languages like Java or Python to execute unit, integration, functional, and performance tests.
The approach you choose depends on many factors, such as:
Unit Testing is typically the responsibility of the developer who wrote the “unit” being tested. The unit being tested is typically a function or method that was written as part of a system feature. To ensure these individual units are working as expected, unit tests are written. Unit tests should not rely on other components to run. Mock data or objects should be created for the specific test case instead of being generated or built on the fly from the larger system. The goal is to verify only that unit and nothing else.
Integration Testing is still typically the responsibility of the development team, but the scope is expanded to include other components of the system. It will not use a fully built environment, but it may provide a database or access to another software component to automate testing on certain flows.
The main issue with unit and integration testing is if it exists or not. In software development, the focus is typically on getting new features implemented and tested at a system level instead of thoroughly verifying each unit works correctly. If unit testing and integration testing isn’t being done, the system is more likely to have defects that are hard to find or diagnose. Your company should insist on providing developers the time they need to develop a feature and write the unit and integration tests for that feature before passing it on to the QA team for system level testing.
Performance Testing verifies a system works properly when a large number of users are using the system. LoadRunner used to be the standard for testing the performance of a system, but Jmeter seems to be leading the way in the modern era of software development that is built around http and REST API requests. It is an open-source, free tool that can be used to create extremely detailed and specific tests that simulate high loads on the system. When combined with services such as BlazeMeter, it gets even more powerful for storing tests, executing tests, and reporting on the results of those tests.
Security Testing ensures that your systems are not vulnerable to attack from malicious software or data theft from unauthorized users. There are several methods available to test security. A tester could act as a potential hacker to look for security holes and vulnerabilities. It could simply be verifying the system conforms to an existing security policy, such as requiring users to have a strong password or for all systems to have valid security certificates. Another method is to institute an automated security scan that is run at regularly scheduled intervals.
Security Testing typically requires specific expertise in security. You may need to hire a specific team dedicated to security, or you may need to train existing QA personnel in new tools and methods to effectively test for security. One thing is certain… security testing is now a required part of a company’s overall quality strategy.