International Journal of Applied Engineering Research ISSN 0973-4562 Volume 9, Number 21 (2014) pp. 10463-10472 © Research India Publications http://www.ripublication.com
Design and Implementation of Integrated Testing Tool based on Metrics and Quality Assurance Marri. Rami Reddy1*, Dr. Prasanth Yalla2, J. Vijaya Chandra3 1*
Research Scholar, Department of Computer Science and Engineering, KL University, Guntur Dist., A.P, India. 2 Professor, Department of Computer Science and Engineering, KL University, Guntur Dist., A.P, India 3 Research Scholar, Department of Computer Science and Engineering, KL University, Guntur Dist., A.P, India E-mail:
[email protected],
[email protected], 3
[email protected]
Abstract Testing Tools help in improving quality, maintainability, testability and stability of the software. They assist software engineers in increasing the quality of the software by automating the mechanical aspects of the software-testing task. Different tools have a different approach, software testing is a process that detects the defects and minimizes the risk associated with the defects within the software. Security Testing Tool is Software Metrics provide information to support the quantitative managerial decision making of the test managers. Among the various metrics, the code coverage metric is considered to be the most important, and is often used in the analysis of software projects in the industries. The Paper Focuses on Designing Automated Software Testing Tool and also Implementation of different methods at different areas where general tools will not support automatically. Most of the Testers are depending on the manual testing due to difficulty in identifying the appropriate tool for the application to be tested; it is easier using network methodologies and algorithms automatic implementation of tools at different coverage software tests. The tool also covers the job of test manager in selecting appropriate tool from the designed pack of Testing Tool. Keyword: Software Metrics, Testing Tool, Metrics, Code Coverage.
Paper Code: 27230–IJAER
10464
Marri. Rami Reddy et al
1. Introduction Testing helps to measure the quality of the software, it identifies the number of defects, when these defects are fixed and these fixations are carried out using different tools. The software metrics helps us in measuring size, quality, complexity and schedule. Error or mistake is the most common while developing software, where software is not a piece of code it is a solution for a problem, there are different ways in solving the problem, but the best way of development involves in space and time complexity. A software should be an error free, then only a customer can reliable on it, It is a difficult task to identify the mistakes at the development time, while testing to improve the quality these are identified, these defects some time called as bugs or faults. Risk assessment and Management is one of the major task involved at the time of design, develop, test and implementation. Testing is not a single task; it is a series of activities involved both in static and dynamic for achieving similar test objectives which include finding defects and gaining confidence in providing information about the quality and preventing defects. Focusing on defects helps in planning tests, as software code is complex and logic oriented, risk assessment plays a great role for planning the tests. Planning, analysis, design, implementation and execution are the basic steps where as evaluating exit criteria and reporting, test closure activities are most important based on these retesting will be done for better results[1].
2. Related Work Metrics related to measurement in the field of software testing, it involves in estimation, project control, productivity assessment and quality control. The metrics for quality software provides regular feedback to the individuals and teams; it uses commonsense, artificial intelligence and techniques of neural networks which provides organizational sensitivity. Error guessing is an informal technique which depends on the skill of a tester, there are no rules for guessing an error, it purely based on experience and it might be a good idea to test based on assumptions. Minimum planning and maximum test execution is possible in Exploratory testing. It checks formal testing process to ensure and identify most serious defects, also involves about exploring and finding out about the software. A state transition testing is to find boundary defects which include level of risks, risk types, test objective, documentation available, tester’s knowledge, budget and time, development life cycle, use case models and previous experience of types of defects found. Every company emotionally feels better consider that the data is secure. Security Testing offers potential benefits including cost saving and improved business where as security is the major factor, information security risks need to be carefully considered. Risks vary based on the sensitivity of the data to be stored or processed. Authentication is the process by which people prove that are who they say they are. At the basic level the system use username and password combinations, including Kerberos. At next level Systems that use certificates or tokens and Finally Biometrics. The counter part of authentication is authorization, where authentication establishes who the user is; authorization specifies what that user can do. Confidentiality, privacy, integrity, availability and non-repudiation are the basic principles of data security.
Design and Implementation of Integrated Testing Tool based on Metrics
10465
Confidentiality means keeping secrets by disguising them, hiding them, or making them indecipherable to others, this practice is known as cryptography where different algorithms and keys are used. Service and Security are the two major responsibilities of the cloud vendors. Impersonation attempts, software vulnerability exploits, password cracking, installation of Root-kits, buffer overflows, rogue commands, protocol attacks, malicious code like viruses, worms and Trojans, illegal data manipulation, unauthorized file access and other different attacks cause security breaches. SQL Injection attack is the major threat in Software Engineering Projects Security, it is a technique to inject crafted SQL into user input fields that are part of web forms used in cloud computing, to gain malicious access to resources, applications and databases, it is mostly used to bypass custom logins to websites regarding security Authentication. However, SQL injection can also be used to log in to or even to take over a website, so it is important to secure against such attacks. The most advanced attacks are automated exploit tools, which can spread of malware and enable data manipulation.
3. Test Management Test Management involves in Test Plans, Estimates and Strategies. Testing is a quality assessment. A black box tester can find more defects than a white box tester. Sometimes black box testers also called as independent testers. Test leaders are involved in Monitoring, planning and test control activities. Usual task of testers is writing and executing the test cases and log the defects. Tester must have the complete knowledge on intended behavior of the system being developed. Test leads guide the testers. They do the analysis monitoring, helps in designing the test cases and its implementation and execution. A test plan is must for every project to be tested, which is written by test lead/Manager. Test plan contains the overall estimation of the project about estimation like time, resources, possibilities of different types of tests applied for the project, which features can be tested, which cannot be tested, test approach, test suspension and it’s resumption criteria, entry and exit criteria. Focused and short test plan can be considered as good test plan. There are some common metrics and techniques which are used in monitoring preparation of tests and their execution. There are different levels of testing the project. Every project must undergo the manual testing. If the project is a long run and the size of the project is big (more number of modules), then the manually tested modules are automated. There is another kind of test which is a performance test, in which we measure the performance of the application under test.
Fig. 1: Testing Process for Security Testing.
10466
Marri. Rami Reddy et al
Automation testing metrics are used in repetitive testing of particular task(s). Performance Metrics are used in load testing shows the performance measurement from user perspective. Graphical usage of performance can be depicted by volume graphs generated by load test tools. Performance Metrics is classified into different stages where these stages give us a baseline against which to measure revisions and changes and reaches their milestones. For example average response time, error rate; minimum response time, maximum response time, request for second, through put and connected users. Security testing is intended to find flaws in security mechanisms of information system which protects data while maintaining functionality as required. In general security requirements include confidentiality, authentication, integrity, authorization, availability, and non-repudiation. Testing Tools: As software projects become larger and more complex, large teams are used to design, encode and test the software. Automated testing tools facilitate several users to access the information while ensuring proper management of information. Possible methods may include automated generation of reports to inform other testers about the outcome of the current test and different levels of access[2]. Major Types of Testing 1. Regression Testing 2. Security Testing 3. Performance Testing 1. Regression Testing: Regression testing activity is performed, when we are confident that future changes do not impact the existing functionality. Regression testing purpose is to have confidence that the newly introduced functionality / changes do not affect the existing functionality. 2. Security Testing: It is performed to reveal the flaws in mechanism of security in an information system, which protects complete data and maintain its functionality. Typical security requirements include authentication, integrity, confidentiality, authorization and availability. 3. Performance Testing: It is performed to determine the performance of a system in terms of its stability and responsiveness under a particular workload. It is also useful to validate other attributes of the system like reliability, scalability and resource usage. A testing tool must be easy to use to ensure timely, adequate and continual integration into the software development process. For different types of testing we are in need of different testing tools, designing and implementation of a Hybrid Testing Tool, with all the good qualities of the regression, security and performance tool, bringing all the testing abilities into one umbrella.
4. Designing of Integrated Testing Tool In testing methodology there are tons of different tools for testing, but according to the situation and requirement of the project needs for testing tools can be selected the most common and popular tools which are open source are taken for the experiment and designing the integrated testing tool where JMeter and Badboy are used for the performance testing, Selenium and Worksoft are used for the Regression testing, where
Design and Implementation of Integrated Testing Tool based on Metrics
10467
as the security testing for the Wireshark and Open Source Security Testing Methodology[3].
Table 1: Different Tools for Integrated Testing. S. No Tools 1 JMeter
2
3 4
5 6
Type Performance Testing
Description Used to measure different servers such as application server, web servers and databases Badboy Performance Testing Used to measure cpu process activites and memory consumption, no of processes etc., Selenium Regression Testing Correctness of program and tracking quality output Worksoft Regression Testing Tests complete program with various inputs and exercises individual functions, subroutines and object methods Wireshark Security Network Checks the Network packet flow, Testing network scanning OSSTM Security Testing Checks vulnerability scanning, authorization and authentication, log review, Integrity checkers, virus detection.
5. Metrics for Quality Specification: Evaluation of the mathematical and logical model for Quality Specification is mentioned as nr =nf + nnf …………………… ……… (I ) where nr=requirements in a specification nf=number of functional requirements nnf=number of non-functional requirements Characteristics for Metrics for Quality Specification are
6. Specificity In order to determine the specificity of requirements, a metric based on the consistency of the reviewer’s understanding of each requirement has been proposed. This metric is represented as
Q1 =
n ui nr
10468
Marri. Rami Reddy et al
nui=number of requirements for which reviewers have some understanding. Ambiguity of the specification depends on the Q1. If the value of Q1is close to (I ) then the probability of having any ambiguity is less. 1. Completeness Completeness of the functional requirements can be calculated by the following
nu ni x ns
Q2 =
where nu=number of unique function requirements
ni=number of inputs defined by the specification ns=number of specified state 2. Correctness Q2 in the given equation considers only functional requirements and ignores nonfunctional requirements. In order to consider non-functional requirements, it is necessary to consider the degree to which requiements have been validated. This can be represented by the following equation
nc n c n nv
Q3 =
nc=number of requiements validated as correct nnr=number of requiements, which are yet to be validated 3. Modifiability Modifiability of the functional requirements can be calculated by the following
Q4 =
nm nr
nm=number of requiements to be modified nr=number of total requiements 4. Traceability Traceability of the functional requirements can be calculated by the following
Q5 =
n t! nr
nt !=number of requiements to be traceable nr=number of total requiements OR
Q5 =
nt! n t n nt
Design and Implementation of Integrated Testing Tool based on Metrics
10469
nt !=number of requiements to be traceable nt=number of traceable requiements nnt=number of non traceable requiements 5. Consistancy Consistancy of the functional requirements can be calculated by the following r
n ict
Q6 =
i 1
nr
6. Achievability Achievability of the functional requirements can be calculated by the following
na
Q7 = cnr 7. Reusability Reusability of the functional requirements can be calculated combining Q4
, Q5 &
Q7 the following equation is obtained
Q8 =
nre na nt nm
8. Experimental Analysis In Software Testing Tools Lab for the Experiment we created a lab environment, where we used the JMeter: JMeter is a load testing tool. It is used to test the performance of an application under many virtual users. We cannot hire thousands of users to test online, hence we test using the virtual users in JMeter. Performance testing is categorized into load testing and stress testing. There are three typical parameters– Users, Data and Time. Longer you test and more data you use, its problem for the server. More the users are it all the problem we get. So we need a tool, so which limits users, pumping data and that can test it without any hectic, so JMeter solves this problem. It is a open source tool. We can test various applications designed with multiple protocols and also with JDBC connection and many more features. Disadvantage of this tool is it does not have browser and we have to set the proxy every time. JMeter results analyses is based on the No.of sample, throughput and their deviation and median.
10470
Marri. Rami Reddy et al
Fig. 1: JMeter Performance Testing Tool to analyze the performance of an application Badboy: Badboy is an open source elementary load testing tool, we need much more to do real load testing. Badboy can go easily with another open source tool called JMeter. As Badboy integrates with Jmeter, we save the scripts in Jmete file format, which we can open and run in Jmeter, which is flexible to use the full power of Jmeter. It avoids the problem of the lack of browser in Jmeter and proxy problem.
Fig. 2: Badboy Performance Testing Tool to analyze the performance of an application. Selenium: Selenium is an open source automation testing suite for web application across different platforms and browsers. It is not a single tool, but it is a suite of softwares, each one fulfills the different testing purposes of an organization. It is
Design and Implementation of Integrated Testing Tool based on Metrics
10471
primarily created by Jason Huggins, and there are group of developers contributed for its development. Selenium does not support non web based applications. As it is an open source tool, for any issues, we need to rely on the community of selenium forums to get the issues resolved. And a tester should know at least one of the languages supported by Selenium for successful automation of an application. It needs Test NG and JUnit as test reports as the Selenium has no inbuilt reporting capability. It is most friendly with the Mozilla Firefox and has several challenges with other browsers like IE.
Fig. 3: Selenium Automated Testing Tool to perform the regression testing of an application.
Fig. 4: Wireshark Security Testing Tool to analyze the flow of packets Worksoft Certify: It is the tool specially designed for automating the SAP applications. But also works well for the web applications. Worksoft is a It is a
10472
Marri. Rami Reddy et al
solution for several testing challenges like multiple implementation types, numerous iterations Intricate business and data rules, end to end business processes tedious and labor intensive, tight integration increases exposure. It is easy to automate the apps using its Web learn, java learn and the most easy feature livetouch. Wireshark: For continuous monitoring the network environment, and to receive the notification of changes of interests. It is a vulnerability scanning service tool, which is easy to deploy and cost-effective solution set that discovers and asses the vulnerabilities, it is the ideal solution for scanning remote locations in Software Testing. It is an easy-to-use-Integrated Testing Tool-based scanning solution that enables internal and perimeter scans and requires no hardware or complex software deployment. It is a host based monitoring system for intrusion detection; these are installed on host they are intended to monitor.
9. Conclusion Integrated Testing Tool enables Testers to process entire testing procedure easily with Quality Assurance. The Tools are based on Criteria Such as the performance speed, throughput and efficiency. The Goal of the Integrated Testing Tool is to analyze the performance of testing different tools that aid minimizing the resource program maintenance and increases efficiency for program reuse. The Goal of security testing is to protect the software from different malwares and hackers. It scans and informs the possibilities of the Intrusion. A perfect Intrusion detection system can be implemented. The Goal of Regression Testing is to test complete program as well as the individual functions, subroutines and objects with various inputs. The Goal of Performance Testing is to test application itself, cpu and memory consumptions, number of processes etc., It also tests different servers and databases.
References [1] [2] [3] [4]
[5]
[6]
A Novel Risk Assessment Model for Software Projects, Uzzafer, M.; Dept. of Comput. Sci., Univ. of Nottingham, Nottingham, UK,IEEE- May 2011. Software Testing and Practice , Antonia Bertolino-IEEE 2013 A Software Platform for Testing Intrusion Detection Systems, Nicholas Puketza, Mandy Chung, Ronald A Ollson-IEEE 2012 A Systematic Approach to Collaborate Quality Assurance Approaches, Adesh patel and Surendra pal Singh–International Journal of Advanced Research in Computer Science and Software Engineering, Volume 3, Issue 8, August 2013. Design and Implementation of Fast Dynamic Packet Filter, Zhenyu Wu, Mengjun Xie; Haining Wang, Networking–IEEE, Volume 19, issue 5, October 2011. Jmeter-based aging simulation of computing system, You Jing, Zhang Lan, Wang Hongyuan, Sun Yuqiang, IEEE August 2010.
