SHRI MATA VAISHNO DEVI UNIVERSITY

6 WEEK SUMMER
INTERNSHIP
PRESENTED BY : PRATEEK GUPTA
2013ECS38

WHERE I TOOK MY
INTERNSHIP????

Government Of India
STANDARDISATION TESTING AND QUALITY CERTIFICATION
DIRECTORATE
MINISTRY OF ELECTRONICS AND INFORMATION TECHNOLOGY
New Delhi 110 003
E-mail : stqcit@mit.gov.in

STQC

HEADQUARTERS/OFFICES
NORTH REGION
DELHI(HEADQUARTER)
JAIPUR
MOHALI

WEST REGION
MUMBAI (HEADQUARTER)
PUNE
EAST REGION
KOLKATA(HEADQUARTER)
SOUTH REGION
GUWAHATI

BENGALURU(HEADQUARTER)
CHENNAI
HYDERABAD

ABOUT STQC

Standardisation Testing and Quality Certification

(STQC) Directorate is an attached office of the
Department of Electronics and Information
Technology(DeitY), Government of India.

Itprovides quality assurance services in the area

of Electronics and Information Technology
through countrywide network of laboratories and
centres.

ABOUT STQC (cont)

STQC provides assurance services through its IT
Centres for Software Quality testing, Information
Security and IT Service Management by conducting
testing, training, audit and certifications. STQC is
responsible for maintaining eGov standards. Based
on this concept a Conformity Assessment
Framework (CAF) for e-Governance project has also
been developed and is in operation. Two IT test
laboratories, at Bangalore and Kolkata, have
received accreditation from American Association
for Laboratory Accreditation (A2LA) being the first
outside the USA.

PROJECT
ASSIGNED
SOFTWARE TESTING TECHNIQUES

PROJECT MENTORS:

A.K UPADHYAYA
DESIGNATION-SCIENTIST-E
Ministry of Electronics & Information Technology

SANJEEV KUMAR
DESIGNATION-SCIENTIST-E
Ministry of Electronics & Information Technology

WHAT IS TESTING???
Testing is the process of exercising a software
item to detect the differences between its
behavior and the desired behavior as
stipulated by the requirements specifications.
Also it is the process of executing a program
with the intent of finding errors. Testing is
obviously concerned with errors, faults, failures
and incidents. A test is the act of exercising
software with test cases with an objective of
Finding failure
Demonstrate correct execution

SOFTWARE TESTING
PROCESS
Tes t
cas es

Des ign tes t

cas es

Tes t
data

Prepare tes t
data

Tes t
res ults

Run program
with tes t da
ta

Tes t
reports

Compar
e re s ults
to tes t cas es

TYPES OF TESTING
BLACK BOX TESTING
The approach of testing where the program is considered as a Black
box. Also known as Functional Testing. The program test cases
are based on the system specification Test planning can begin early
in the software process.
Methods of Black box Testing
Equivalence class partitioning
Boundary value analysis
Comparison testing
Orthogonal array testing
Decision Table based testing
Cause Effect Graph

TYPES OF TESTING(CONT.)
WHITE BOX TESTING
Testing that takes into account internal mechanism of a
system or component. The objective of structural testing
is to exercise all program statements.
Methods of White Box Testing
Statement coverage
Branch coverage
Path coverage
Condition coverage
Mutation testing Data flow-based testing

LEVELS OF TESTING
Unit Testing
Integration Testing
System Testing
Acceptance Testing
Stress Testing
Performance Testing
Volume Testing
Configuration Testing
Recovery Testing
Security Testing

ACTIVITIES DONE IN
INTERNSHIP
ACCEPTANCE TESTING
ACCESIBILITY TESTING
FUNCTIONAL TESTING
SECURITY TESTING
PENETRATION TESTING
PERFORMANCE TESTING

ACCEPTENCE TESTING
Acceptance testing, a testing technique performed
to determine whether or not the software system
has met the requirement specifications. The main
purpose of this test is to evaluate the system's
compliance with the business requirements and
verify if it is has met the required criteria for
delivery to end users.
Types of Acceptence testing :
Alpha testing
Beta testing

ACCEPTANCE
TESTING(CONT.)
ALPHA TESTING
Alpha testing is simulated or actual operational testing by potential
users/customers or an independent test team at the developers' site.
Alpha testing is often employed for off-the-shelf software as a form of
internal acceptance testing, before the software goes to beta testing.

BETA TESTING
Beta testing comes after alpha testing and can be considered a form
of externaluser acceptance testing. Versions of the software, known
asbeta versions, are released to a limited audience outside of the
programming team known as beta testers. The software is released to
groups of people so that further testing can ensure the product has
few faults orbugs. Beta versions can be made available to the open
public to increase thefeedbackfield to a maximal number of future
users and to deliver value earlier, for an extended or even indefinite
period of time.

ACCESIBILITY TESTING
Accessibility testing is a subset of usability testing
where in the users under consideration are people
with all abilities and disabilities. The significance of
this testing is to verify both usability and
accessibility.
Accessibility aims to cater people of different abilities
such as:

Visual Impairments
Physical Impairment
Hearing Impairment
Cognitive Impairment
Learning Impairment

ACCESIBILITY
TESTING(CONT.)
Type of Disability it should support
Disability Description
Vision Disability
Complete Blindness or Color Blindness or Poor Vision
Visual problems like visual strobe and flashing effect problems
Physical Disability
Not able to use the mouse or keyboard with one hand.
Poor motor skills like hand movements and muscle slowness
Cognitive disability
Learning Difficulties or Poor Memory or not able to understand more complex
scenarios
Literacy Disability
Reading Problems
Hearing Disability
Auditory problems like deafness and hearing impairments
Cannot able to hear or not able to hear clearly

ACCESIBILITY
TESTING(CONT.)
How to do accessibility testing?
Accessibility Testing can be performed in 2 ways, and they are:
Manual
Automated
Following are the point's needs to be checked for application to be used by
all users. This checklist is used for signing off accessibility testing.
Whether an application provides keyboard equivalents for all mouse operations and
windows?
Whether instructions are provided as a part of user documentation or manual? Is it
easy to understand and operate the application using the documentation?
Whether tabs are ordered logically to ensure smooth navigation?
Whether shortcut keys are provided for menus?
Whether application supports all operating systems?
Whether response time of each screen or page is clearly mentioned so that End
Users know how long to wait?
Whether all labels are written correctly in the application?
Whether color of the application is flexible for all users?

ACCESIBILITY
TESTING(CONT.)
(PREVIOUS PAGE CONTINUES..)
Whether images or icons are used appropriately, so it's easily understood
by the end users?
Whether an application has audio alerts?
Whether a user is able to adjust audio or video controls?
Whether a user can override default fonts for printing and text displays?
Whether user can adjust or disable flashing, rotating or moving displays?
Check to ensure that color-coding is never used as the only means of
conveying information or indicating an action
Whether highlighting is viewable with inverted colors? Testing of color in
the application by changing the contrast ratio
Whether audio and video related content are properly heard by the
disability people ? Test all multimedia pages with no speakers in websites
Whether training is provided for users with disabilities that will enable
them to become familiar with the software or application?

FUNCTIONAL TESTING

Functional testingis a quality assurance

(QA) process and a type of black-box
testingthat bases itstestcases on the
specifications of the software component
undertest.
Functional testing has many types:

Smoke Testing
Sanity Testing
Regression Testing
Usability Testing

FUNCTIONAL
TESTING(CONT.)
Functional testing typically involves six steps
The identification of functions that the software is
expected to perform
The creation of input data based on the function's
specifications
The determination of output based on the function's
specifications
The execution of the test case
The comparison of actual and expected outputs
To check whether the application works as per the
customer need.

SECURITY TESTING
Security testing is a testing technique to
determine if an information system protects data
and maintains functionality as intended. It also
aims at verifying 6 basic principles as listed
below:

Confidentiality
Integrity
Authentication
Authorization
Availability
Non-repudiation

SECURITY TESTING(CONT.)
WHAT IS OWASP TOP 10???
It isOpen Web Application Security Project(OWASP).
TheOWASP Top Tenis a powerful awareness
document for web application security. The OWASP
Top Tenrepresents a broad consensus about what
the most critical web application security flaws are.

Other Web Application security documents:

SANS Top 20
SANS Top 25
NIST Top 20 (Generally Used by US Defence)

SECURITY TESTING(CONT.)
Owasp Top 10 Vulnerability:

Injection
Broken Authentication and Session Management
Cross-Site Scripting (XSS)
Insecure Direct Object References
Security Misconfiguration
Sensitive Data Exposure
Missing Function Level Access Control
Cross-Site Request Forgery (CSRF)
Using Components with Known Vulnerabilities
Unvalidated Redirects and Forwards.

SECURITY TESTING(CONT.)
Tools used for Security Testing:
Open Source tool:
OWASP Zap
Paros
Burp Suite

Licensed tool:
IBM Security AppScan

SECURITY TESTING(CONT.)
Other tools used for specific vulnerability:

XSS Me
Cross-Site Scripting (XSS) is a common flaw found
in todays web applications. XSS flaws can cause
serious damage to a web application. Detecting
XSS vulnerabilities early in the development
process will help protect a web application from
unnecessary flaws. XSS-Me is the Exploit-Me tool
used to test for reflected XSS vulnerabilities.

SECURITY TESTING(CONT.)

SQL Inject me
SQL Injection vulnerabilites can cause a lot of
damage to a web application. A malicious user
can possibly view records, delete records, drop
tables or gain access to your server. SQL Inject-Me
is Firefox Extension used to test for SQL Injection
vulnerabilities.

PENETRATION TESTING
Apenetration test, informallypen test, is
an attack on a computer system that looks
for security weaknesses, potentially gaining
access to the computer's features and data.
Security issues that the penetration test
uncovers should be reported to the system
owner.Penetration test reports may also
assess potential impacts to the organization
and suggest countermeasures to reduce risk.

PENETRATION
TESTING(CONT.)
The goals of penetration tests are:
Determine feasibility of a particular set of attackvectors
Identify high-risk vulnerabilities from a combination of
lower-risk vulnerabilities exploited in a particular sequence
Identify vulnerabilities that may be difficult or impossible
to detect with automated network or application
vulnerability scanning software
Assess the magnitude of potential business and
operational impacts of successful attacks
Test the ability of network defenders to detect and
respond to attacks
Provide evidence to support increased investments in
security personnel and technology

PENETRATION
TESTING(CONT.)
TOOLS :
Specialized OS distributions
Popular penetration testing OS examples
include:
Kali Linuxbased on Debian Linux
Pentoobased on Gentoo Linux
WHAXbased on Slackware Linux

OS we used:
Kali Linux

PENETRATION
TESTING(CONT.)
Software frameworks

Metaspoilt Project
nmap
w3af
OWASP ZAP
Burp suite

Software we used
OWASP ZAP
Burp suite

PERFORMANCE TESTING
Load the system with activity that
simulates legitimate user activity. Statistics
collected to predict what performance and
response times users are likely to get.
Procedure: conduct load test by creating
virtual users. Use a load test tool and create
typical scenarios to simulate load. Use think
times to simulate authentic user behaviors.

TOP PERFORMANCE TESTING

WebLOAD
TOOLS

LoadComplete
Apache JMeter
LoadRunner
Appvance

NeoLoad
LoadUI
WAPT
Loadster
LoadImpact

TOOL WE USED
LOADRUNNER
HPELoadRunneris a software testing tool from Hewlett Packard
Enterprise. It is used to test applications, measuring system
behaviour and performance under load. HPE
acquiredLoadRunneras part of its acquisition of Mercury
Interactive in November 2006.

INTERNSHIP EFFECT

It taught me about various Automated tools

used for testing softwares, web applications
such as:

OWASP ZAP
IBM security Appscan
IBM Rational Policy Tester
SQL Inject me
XSS me
Burp suite
Paros
Load Runneretc.

INTERNSHIP
EFFECT(CONT.)
Came to know about various testing
techniques
Taught me about various standards of
testing such as IEEE 829,IEEE 730, ISO/IEC
9126 etc
It taught me about 115 guidelines for Indian
Government websites etc.

CAREER IN SOFTWARE TESTING

FIELD
The profession of software test is undergoing heavy
changes at the moment: Agile teams erase the
border between developers and testers, technology
changes with growing speed and system get more
complex with each release.
A demanding environment with customers calling for
shorter time to market. Some might say that test is
dead but if you look at it the tester is the protector of
the brand so it is a profession with a future.
Development and test will move closer to the
business units and you will need to communicate and
team work a lot. Don't look at testing as a technical
thing. Also see it from the business view.

THANK YOU
ANY QUESTIONS ???