Doing testing* is not my favorite part in the process of software development but, it is a very important one. Therefore, every well rounded developer should know at least the basics of QA/QC and testing.
Understanding the testing process also gives insights to develop better software.
For these reasons I got interested in software testing and wrote this little memo based on a few resources listed in the references section.
*Testing here refers to user level testing. It should be noted that I am fan of BDD and I love writing unit tests, integration tests and automatizing tests.
There is often confusion in the IT industry regarding the difference between quality control
and quality assurance. Many “quality assurance” groups, in fact, practice quality control.
Quality methods can be segmented into two categories: preventive methods and detective
methods. This distinction serves as the mechanism to distinguish quality assurance activities
from quality control activities.
Quality Assurance is preventive and inspects the process
Quality Control is detective and inspects the product
Quality has two working definitions:
• Producer’s Viewpoint – The quality of the product meets the requirements.
• Customer’s Viewpoint – The quality of the product is “fit for use” or meets the
Software Quality Factors
•Correctness – Extent to which a program satisfies its specifications and fulfills the
user’s mission objectives.
• Reliability – Extent to which a program can be expected to perform its intended
function with required precision.
• Usability – Effort required learning, operating, preparing input, and interpreting
output of a program.
• Maintainability – Effort required locating and fixing an error in an operational
• Interoperability – Effort required to couple one system to another.
Your organization must define quality before it can be achieved…this applies everywhere
Testing is a measurement process. It attempts to measure the implemented software against
either or both specifications and user needs.
Software testing does not add a lot of value to the business if all they
are doing is validating that incorrect requirements are implemented correctly.
Adequacy of users to use the technology
There are two components to any professional process. The components are the process itself,
and the competency of the process user to use that process effectively. The two components
must be properly coordinated for the new technology governed by that process to be used
Figure 1-10 The Five Levels of Process Maturity
Relationship of the competency of the user technology to the process
controlling the use of that technology. The figure shows the five levels of technology process maturity, and the competency of the user to use the technology from high to low.
When resources are very limited, we should focus on finding critical bugs, verifying that specs are meet, and verifying basic functionality.
Lacking or Poorly Written Requirements
If requirements are lacking or poorly written, then the test team must have a defined method
for uncovering and defining test objectives.
Computer System Verification Example
About the execution of the test plan
The test plan should be executed as designed. If the plan cannot be executed as
designed it should be changed, or notations made as to what aspects of the plan were
The Differences Between Programmers and Testers
Testers, have learned that their job is testing for compliance to a specification.
Programmers have been trained that a problem is to be analyzed in depth and a perfect solution designed before any coding begins.
Testers are to make the software better not to find programmers’ mistakes.
Learn to Start Without a Specification,specifications by example,
Succeeding with Agile Software Development Using Scrum Chapter, Chapter 13
Kind of same concept used in RSpec.
Agile Software Development Using Scrum
On a Scrum project, testers and programmers need to unlearn these behaviors.
Testers learn that testing is also about conformance with user needs. Programmers
learn that a fully considered design is not always necessary (and sometimes not
even desirable) before coding begins.
Succeeding with Agile Software Development Using Scrum Chapter 1, 8
Assessment: is the thoughtful analysis of testing results, and then taking
corrective action on the identified weaknesses.
Process: A process can be defined as a set of activities that represent the way work is performed. The outcome from a process is usually a product or service. Both software development and software testing are processes.
Quality Assurance: is preventive and inspects the process.
Quality Control: is detective and inspects the product.
Regression testing: Regression testing is retesting unchanged segments of the application system. It normally involves re-running tests that have been previously executed to ensure that the same results can be achieved currently as were achieved when the segment was last tested.
Una vulnerabilidad que según afecta desde el 2.6.17 al 184.108.40.206 me ha hecho reflexionar sobre calidad en software y full-disclosure, aunque supuestamente se hizó saber a algunos cuantos de esta vulnerabilidad antes de hacerse pública no deja de ser muy peligrosa.
Lo gravísimo de esta vulnerabilidad radica en que permite a un usuario común convertirse en root en menos de un minuto.
¿Así o más fácil?
Supuestamente la vulnerabilidad está en
La probe en fedora 7 con SELinux enforcing y
* hard core 0 en limits.conf en el kernel 220.127.116.11-custom-24-09-2007 en una 686 y el exploit funcionó a la perfección, depués en el mismo sistema con 18.104.22.168-64.fc7 funcionó en dos de seis ocaciones. Para estas pruebas compile el exploit en el mismo kernel que lo probé.
Después ejecuté el exploit que previamente había compilado en el 22.214.171.124-custom-24-09-2007 sobre el 126.96.36.199-64.fc7 y el exploit sigue funcionando a la perfección.
Ya con 188.8.131.52-80.fc7 parece que esta vulnerabilidad ha quedado solucionada.
Algo que es de reconcer de la comunidad de software libre es lo rápido que ha actuado en esta ocasión y otras similares.
¿Y todo para qué? ¿Y todo para qué? Intocable