Some interview questions(Part 1)

1. What is Alpha & Beta Testing?

Alpha: Testing of a release of a software product conducted by Testers.

Beta: Testing of a release of a software product conducted by customers.

These above two are types of Acceptance testing

2. What is Acceptance Testing?

Testing conducted to allow a customer to decide whether to accept a software product. Usually performed to confirm the software meets a set of decided acceptance criterion.

3. What is Black Box Testing?

This is the testing based on an analysis of the requirement of a piece of software without reference to its inside workings.

The purpose is to test how well the components conform to the published requirements for the component.

4. What is Ad Hoc Testing?

This is basically the testing performed beyond the specified set of requirements/test cases/use cases.

OR

A testing period where the tester tries to “shatter/break” the system by randomly trying the application’s functionality. It can include both positive and negative testing.

5. What is Boundary Testing?

The Testing that focus on the boundary/limit conditions of the application being tested.

6. What is Agile Testing?

Testing practice for projects using agile methodologies, treating development as the customer of testing and emphasizing a test-first design paradigm. See also Test Driven Development.

7. What is Application Binary Interface (ABI)?

A specification defining the requirements for portability of applications in binary form across different system platforms and environments.

8. What is Application Programming Interface (API)?

A formalized set of software calls and routines that can be referenced by an application in order to access supporting system.

9. What is Automated Software Quality (ASQ)?

The use of software tools, such as automation tools (like QTP, Selenium), to improve the software quality.

10.What is Automated Testing?

The testing using software tools which execute tests without manual involvement. Can be applied in User interface, API’s, performance, etc.

The exercise of software to control the execution of test cases/tests, the setting up of test pre-conditions, the evaluation of actual outcome to the predicted outcome, other test control & test reporting functions.

11. What you will do during the first day of job?

Just prepare this question before interview. Every person is different, think what you will do?

12. What would you like to do five years from now?

Just prepare this question before interview. Think of your priorities in the coming years.

13. What is Basic Block?

A progression of one or more successive, executable statements containing no branches or nodes.

14. What is Accessibility Testing?

To verify that a product is accessible to the people having disabilities (blind, deaf, mentally disabled).

15. What is the difference between a bug and a defect?

Bug: A mistake in a program which cause the program to perform in an unintentional/surprising manner.

Defect: If software misses some attribute/feature or function/functionality from what is there in requirement then it is called as defect.

Difference between Priority and Severity

Let’s go by the dictionary definitions:
Severity – dangerous, causing fear or anxiety by threatening great harm, a dangerous operation, a grave situation, a grave illness etc
Priority - An item's relative importance, A goal of a person or an organization, Prior or antecedent in time, or preceding something else.

We can see that the two words have completely dissimilar meanings. But still there is a lot of confusion between them?

The priority is the domain of the Client and should be entered by them against each defect showing the importance of the change to them. The severity is the domain of the tester and they should be able of recording this.

The severity to the testers is the impact of the defect on the application and reflects that whether further testing could be done or not. For example, a spelling error would be deemed as a low severity by the tester (Mostly Cosmetic), but if this error occurs in the corporation name or address, this would be classed as high priority (Important) by the business point of view.
An inability to access an infrequently used menu option may be of low priority to the business, but the severity is higher since many of the important scenarios cannot be executed, and are dependent on access to the option. The mistake that we very often make many times is to suppose that the tester is also capable of recording the priority.

It may be possible for the tester to make an educated assessment, testers who have been involved with a particular application for some period of time may be able to do this, but it is necessary to have involvement in the life-cycle of a defect. When a project enters test execution, the spotlight will be on fixing defects of the highest priority.

This means that the application will be released with the minimum amount of priority defects unsolved. Care should be taken by the Project Manager to ensure that severity is not ignored. So a balanced approach is needed, which favors the business priority. At the end of the project the quantity of high severity and high priority defects should have at least been reduced, if not removed.

To summarize:
Priority = Business = Order of Fixing
Severity = Tester = Failure of Application

Requirements and Certification process

Secure Software Lifecycle Professional (CSSLPCM) - How to Certify

There are four processes an aspirant must successfully complete to become a certified CSSLP:

1. Examination
2. Certificaton
3. Endorsement
4. Audit

Examination

• Sign up for the examination date and location
• Submit the examination fee
• Declare that you minimum a 4 years of professional experience in the software development life cycle (SDLC) field or three years plus a college degree
• Complete the Testing contract, attesting to the actuality of your assertions regarding professional experience, and lawfully committing to the obedience of the (ISC)² Code of Ethics
• Successfully satisfy 4 questions regarding illegal account and relevant scene

Certification

To be issued a certificate, an aspirant must:

• Overtake the CSSLP examination

• Submit a correctly completed and executed Endorsement Form

• Successfully enact an audit of their assertions regarding professional experience, if the aspirant is selected for audit

Endorsement

• An aspirant that passes the CSSLP Experience Assessment must be authorized by other (ISC)² certified professional in acceptable standing before the credential can be awarded.

• The endorser faculty testify that the aspirant's assertions regarding professional experience are truthful to the best of the admirer's knowledge, and that the aspirant in good status within the information security industry.

Audit

Passing aspirants will be arbitrarily selected and audited by (ISC)² Services preceding to issuance of any certificate. Quaternary certifications may result in a nominee being audited more than once.

Maintenance Requirements

• Recertification is also required every 3 years, with ongoing requirements to hold your credentials in good status. This is primarily realized finished through continuing professional education [CPE], 90 credits of which are required every 3 years. An extreme of 15 CPEs must be posted during each year of the 3 year certification cycle.

• CSSLPs must also pay an year book fixture fee of $100 per year.

What is Certified Secure Software Lifecycle Professional?

Certified Secure Software Lifecycle Professional (CSSLP) is a new vendor-neutral application security certification governed by the non-profit International Information Systems Security Certification Consortium (commonly recognized as ISC2) intended to validate secure software development knowledge and top practices. As of October 10, 2008, (ISC)² has reported certifying 61,763 information security professionals in 133 countries. A range of organizations have expressed their support for the CSSLP, including Microsoft, Symantec, Cisco, SANS, DSCI (NASSCOM), SRA International, Software Assurance Forum for Excellence in Code (SAFE Code), Xerox, ISSA, BASDA (Business Application Software Developers’ Association), and Frost & Sullivan.

Scope of CSSLP Certification

It's no top Secret that security is not being addressed from a holistic appearance all through the software lifecycle. Whatever 80% of all security breaches are application correlate equating to more 226000000 records state unconcealed and fines movement massive amounts.

The following domains modify up the CSSLP CBK center on the requirement for building security into the SDLC:

1. Software Concepts - security implications in software development
2. Software Requirements - capturing security requirements in the requirements gathering phase
3. Software Design - translating security requirements into application design elements CSSLP Man
4. Software Implementation/Coding - unit testing for security functionality and backlash to attack, and developing secure code and use alleviation
5. Software Testing - Desegregated QA testing for security functionality and resiliency to bother.
6. Acceptance - Security suggestion in the software Acceptance phase
7. Deployment, Dealing, Repair and Disposal - security issues around steady state transaction and management of software

Why do I need to Certify?

There are no safeguards that the software we all rely on is secure. An ontogeny figure of world organizations and experts consider the enterprise is at odd risk because the applications being accessed on a laptop could be entrance points for possible Hack or Bug. The Gartner Group estimates that over 70% of security vulnerabilities live at the application layer.

Benefits of Certification to the Professional

A broad formation of respected organizations has uttered their backing for the CSSLP and are sending their eligible software staff through the training and examination process


Benefits of Certification to the Enterprise

Because security is often “bolted on " at the end of the SLC as a response to a threat or after an exposure, higher production costs and delays can ensue. Straitlaced education and certification are far less pricey than hiring more employees to sewing problems.

Introduction to White Box Testing process

Test Plan

The test plan should manifest the test strategy. The primary reason of having a test plan is to prepare the ulterior testing process. It includes test areas enclosed, test technique execution, test case and data selection, test results validation, test cycles, and substance and exit criteria based on coverage metrics.

In common, the test plan should compound both a high-level abstract of which areas are to be tested and what methodologies are to be worn and a systemic statement of test cases, including prerequisites, setup, process, and a statement of what to care for in the test results. The high-level outline is usable for establishment, planning, and news, spell the writer elaborate descriptions are helpful to get the test process go easily.

While not all testers suchlike using test plans, they offer a quantity of benefits:

• Test plans offer a handwritten of what is to be done.
• Test plans ply a way to gauge growth. This allows testers to shape whether they are on schedule, and also provides a crisp way to report growth to the stakeholders.
• A test manager (or alike position) is liable for processing and managing a test plan. The development managers are also component of test plan development, since the schedules in the test plan are closely fastened to that of the development schedules.
• Test plans afford project stakeholders to sign off on the knowing testing sweat. This helps assure that the stakeholders agree with and faculty hold to reinforcement the test effort
• Test plans support fantabulous proof for testing following releases-they can be used to evolve regression test suites and/or offer management to develop new tests.
• Due to time and budget constraints, it is often unattainable to test all components of a software system. A test plan allows the analyst to succinctly trace what the testing priorities are.

Test Automation

Test automation provides automated reinforcement for the process of managing and executing tests, especially for continuation previous tests. All the tests formulated for the system should be collected into a test suite. Whenever the system changes, the suite of tests that correspond to the changes or those that say a set of regression tests can be run again to see if the software behaves as anticipated. Test drivers or suite drivers support executing test suites. Test drivers essentially exploit in setup, execution, statement, and teardown for each of the tests.

In addition to driving test execution, test automation requires any automated mechanisms to create test inputs and authorise test results. The nature of test data generation and test results validation largely depends on the software under test and on the testing intentions of particular tests. In component to test automation exercise, stubs or scaffolding development is also required. Test scaffolding provides whatever of the infrastructure required in dictate to test expeditiously.

White box testing mostly requires any software usage to sustain executing meticulous tests. This software establishes environs around the test, including states and values for data structures, runtime error solution, and acts as stubs for many outside components. Untold of what system is for depends on the software under test. Yet, as a primo preparation, it is desirable to distinguish the test data inputs from the code that delivers them; typically by swing inputs in one or writer break data files.

This simplifies test fixing and allows for reuse of test code. The members of the testing group are liable for test automation and activity software development. Typically, a member of the test a group is dedicated to the development endeavor

Test Environment

Testing requires the existence of a test environment. Establishing and managing a correct test environment is grave to the efficiency and powerfulness of testing. For articulate application programs, the test environment generally consists of a one computer, but for enterprise-level software systems, the test environs is some much difficult, and the software is ordinarily tight joined to the environment.For security testing, it is often necessary for the tester to feature many control over the environment than in many other testing activities. This is because the tester must be fit to examine and maneuver software/environment interactions at a greater level of detail, in hunt of weaknesses that could be misused by a wrongdoer.

The tester must also be competent to control these interactions. The test environment should be isolated, especially if, for lesson, a test technique produces potentially destructive results during test that might invalidate the results of any concurrent test or other action. Testing malware (spiteful software) can also be treacherous without severe isolation.The test manager is trusty for coordinative test environs thought. Depending on the type of environment required, the members of the development, testing, and build management teams are encumbered in test environs preparation.

Test Execution

Test process involves flowing test cases developed for the system and reporting test results. The prototypal measure in test execution is generally to confirm the infrastructure needed for functioning tests in the first place. This stock primarily encompasses the test environment and test automation, including stubs that might be requisite to run several components, polysynthetic data utilized for testing or populating databases that the software needs to run, and separate applications that act together with the software.The issues being wanted are those that present forbid the software under test from being executed or else make it to change for reasons not affiliated to faults in the software itself.

The members of the test squad are accountable for test execution and reportage.

Importance of Risk Analysis in White Box Testing

Security is ever congener to the information and services being bastioned, the skills and resources of adversaries, and the costs of possibility sureness remedies; security is an lesson in risk management. The object of risk analysis is to resolve precise vulnerabilities and threats that subsist for the software and assess their effect.

White box testing should use a risk-based approach, grounded in both the system's exploit and the attacker's mindset. White box testing should be based on structure and design-level risk analysis. This content region gift plow how to use the results of risk analysis for white box testing, while the Architectural Risk Analysis proportionality region discusses risk analysis in detail. Risk analysis should be the guiding obligate downs all white box testing allied activities.

The pursuing paragraphs shortly innovate how the risk analysis results are utilized in white box testing. The succeeding sections deal the activities in portion. The risk analysis report, in combining with a useable rotting of the application into solon components, processes, data stores, and data communication flows, mapped against the environments crosswise which the software instrument be deployed, allows for a desktop recitation of threats and latent vulnerabilities. The risk analysis report should serve refer

• The threats submit in each tier (or components).
• The form of vulnerabilities that mightiness exist in apiece component.
• The business impact (effect and outlay of failure of software) of risks.
• The chance (probability) of the risks state realized.
• Existing and advisable countermeasures to mitigate identified risks.

Use the above information from the effort reasoning report to

Grow a test strategy: Thoroughgoing testing is seldom cost-effective and often times not conceivable in finite time. Proposed testing is thus selective, and this action should be supported on risks to the system. The antecedence (or superior) of risks from the risk analysis should be the guiding determine for the focus of testing, just because highly threatened areas should be tested good. The test strategy captures all the decisions, priorities, activities, and direction of testing supported on the significance of failure of software. The succeeding divide discusses test strategy in detail.

For careful research on risk-based test planning:

Conclude test coverage: The higher the issue of unfortunate of certain areas (or components), the higher the test reportage should be in those areas. Risk-based testing allows for justifying the rigor of testing in a part expanse. For example, a special ingredient or functionality may feature steep danger to untrusted inputs, hence warranting unnecessary testing tending.

Develop test cases: While a test strategy targets the coverall test activities supported on risks to the system, a test case can take special concerns or risks based on the threats, vulnerabilities, and assumptions unclothed during the analysis. For monition, tests can be formed to formalize controls (or safeguards) put in abode to mitigate a certain danger.

Efforts to White Box testing

Many of the artifacts germane to white box testing permit source code, a risk analysis report, security specification/requirements proof, organization certification, and quality assurance consanguine validation.

• Plan documentation is requisite to turn program faculty and to produce impressive test cases that confirm program decisions and assumptions.
• Architectural and design risk analysis should be the guiding oblige behind all white box testing correlative activities, including test planning, test case creation, test information selection, test technique selection, and test exit criteria selection. If a risk analysis was not realized for the system, this should be the best process performed as construct of white box testing. The pursuing divide discusses risk analysis.
• Source code is the most consequential object required to action white box testing. Without access to the code, white box testing cannot be performed, since it is based on testing software lettered how the system is implemented.
• Security testers should bed right to quality assurance documentation to understand the quality of the software with tenderness to its willful functionality. Quality assurance documentation should allow a test strategy, test plans, and defect reports. Load and performance tests are essential in apprehension the constraints settled on the system and the behavior of the system under stress.
• Security specifications or requirements are a must, to see and pass the security functionality of the software under test.
• Any unit pertinent to performance faculty should be open to white box testers.