Tuesday, July 27, 2010

Quality Assurance VS Quality Control


In simple words when we compare quality assurance with quality control the quality will be the defects prevention and the goal will be the zero defects for Quality Assurance where as quality will be defect identification and goal will be the process of control to reduce the defects for Quality Control.
§  In Quality Assurance deliverables are created which is performed by a manager or client. Checklist, project audits and methodology and standards are example of QA. Quality control is only about requirements. Quality assurance is basic and does not concern the specific requirements of the product being developed.
§  Whereas Quality Control is a process in which quality related activities are associated with the creation of project deliverables. Quality control is basically used to verify that deliverables are completed and correct. Inspections, deliverable peer reviews and the testing processes are the examples of quality control. Quality assurance actions are determined before production work begins and these activities are performed while the product is being developed. In contrast, Quality control actions are performed after the product is developed.

QA actions ensure that the process is defined and proper. Methodology and standards development are examples of QA activities. QA would focus on the process elements of a project and requirements are being defined at the proper level of detail. QC activities focus on the finding defects in the deliverables.

 Typical QC steps:
·         Problem Identification
The main outcome of the Problem Identification stage is to set the overall purpose and objectives of the risk assessment and to determine the likely data requirements
·         Problem Analysis
To gather information that helps you determines the nature of a problem encountered on your system.
·         Problem Correction
To correct the problem identified in QC process.
·         Feedback To QA
Process of control to reduce the defects for Quality Control.



Typical QA steps:
·         Data gathering
It is a frequent part of solving problems and satisfying curiosity
·         Problem Trend Analysis
Based on number of problems occurring in the area under study 
·         Process Identification
Each process is identified with a unique name/number.
·         Process Analysis
A process can be defined as "a logical series of related transactions that converts input to results or output" (Andersen 1999)
·         Process Improvement
It is a series of actions taken by a Process Owner to identify, analyze and improve existing processes


QC Vs QA - Examples


QC
QA
Walkthrough
Quality Audit
Testing

Defining Process
Inspection
Selection of tools
Checkpoint review
Training

Is Testing a QA or a QC Activity?
Testing is an example of a QC activity, but there are others such as inspections.
The difference is that QA is process oriented and QC is product oriented.
Testing therefore is product oriented and thus is in the QC domain. Testing for quality isn't assuring quality, it's controlling it.
Quality Assurance makes sure you are doing the right things, the right way. Quality Control makes sure the results of what you've done are what you expected.

Example:
Let us consider an example to understand difference between software quality assurance and software control:

“Consider a software project that includes requirements, user Interface design and a SQL database implementation.
The SQA team would produce a quality plan that would specify any standards, processes and procedures that apply to the example project. These might include, by way of example, IEEE xyz specification layout (for the requirements), Motif style guide abc (for the user interface design) and Open SQL standards (for the SQL implementation). All of the standards processes and procedures that should be followed are identified and documented in the quality plan, this is done by SQA.

When the requirements are produced (in this example) the Software Quality Control team would ensure that the requirements did in fact follow the documented standard (in this case IEEE xyz). The same task, by SQC, would be undertaken for the user interface design and the SQL implementation, that is they both followed the standard identified by SQA. Later the SQA team could make audits to verify that IEEE xyz and not IEEE abc was indeed used as the requirements standard”.

In this way a difference between correctly implemented by SQA and followed by SQC can clearly be drawn.

The SQC definition implies software testing, as this is part of the project produces the required internal and external (deliverable) products definition for SQC. The term required refers not only to the functional requirements but also to the non-functional aspects of supportability, performance and usability etc. All of the requirements are Verified or Validated by SQC. For the most part, however, it is the distinction around correctly implemented and followed for standards, processes and procedures that gives the most confusion for the SQA and SQC definitions. Testing is normally clearly identified with SQC, although it is usually only associated with functional requirement testing.





Reference links:




Tuesday, July 13, 2010

Database Testing

Now a day’s databases are an important part of any software that is being developed. In order to communicate with a database we have to write queries. For complex or large software require certain level of expertise to perform complex tasks like

· Database monitoring

· Database auditing

· Database optimization

· Database models (database schema) etc.

Database Testing is an important aspect that a “Software Tester” should be aware of. We will discuss some important aspects of database testing over here.

Why do we test database?
It's important to test the database that the software applications use. Database holds confidential and valuable information which is not liked to be compromised in any case. Testing the database provides us with a solid feedback essential for identifying defects and fixing them.

What to test in database testing?
We need to consider the threats within the database (White box Testing) as well as at the interface level (Black Box Testing).

Black Box testing
Input data
Output Data (from queries, views, stored procedures)

White Box testing(Clear box testing)
Unit tests for Stored Procedures / functions
Triggers / Views code
Referential Integrity

Database Testing

Database security is the system, processes, and procedures that protect a database from unintended activity. Unintended activity can be categorized as authenticated misuse, malicious attacks or inadvertent mistakes made by authorized individuals or processes. “Database security” is also a specialty within the broader discipline of computer security.

Traditionally databases have been protected from external connections by firewalls or routers on the network perimeter with the database environment existing on the internal network opposed to being located within a demilitarized zone. Additional network security devices that detect and alert on malicious database protocol traffic include network intrusion detectionsystems along with host-based intrusion detection systems.

Database security is more critical as networks have become more open.

Databases provide many layers and types of information security, typically specified in the data dictionary, including:

§ Access Control

§ Auditing

§ Authentication

§ Encryption

§ Integrity controls

Database security can begin with the process of creation and publishing of appropriate security standards for the database environment. The standards may include specific controls for the various relevant database platforms; a set of best practices that cross over the platforms; and linkages of the standards to higher level polices and governmental regulations.6

SQL injection is a code injection technique that exploits a security vulnerability occurring in the database layer of an application. The vulnerability is present when user input is either incorrectly filtered for string literal escape characters embedded in SQL statements or user input is not strongly typed and thereby unexpectedly executed. It is an instance of a more general class of vulnerabilities that can occur whenever one programming or scripting language is embedded inside another. SQL injection attacks are also known as SQL insertion attacks.7










Figure 1[2]


How to test?
When we want to test our database, we would need test databases that are copy (replica) of the original database. These are sometimes called as 'sandboxes' in agile terms.
In this test database (sandbox) you will rebuild your system and then run all the tests to ensure you haven't broken anything (if so, then back to the development sandbox). Occasionally, at least once an iteration/cycle, we'll deploy our work to the level (demo and pre-production testing), and rerun our test suite (including database tests) each time that we do so to ensure that our changes integrate with the changes made by other developers in our organization working on the same database.
We need to create database tests based on either rebuilding the existing database or starting afresh with creation of database and related schema. Identifying Test Data is an important task here. Once the tests are ready, we would execute them and check the results. We rate the tests pass or fail according to the standards we have set in.

Some tools available for the Db testing are:

· CompuWare DevPartnerDB

DevPartnerDB simplifies rapid, high-quality application development by helping developers debug stored procedures and tune SQL statements. DevPartnerDB has support for Oracle, Microsoft SQL Server and Sybase, and also supports the development of applications in Visual Studio .NET.

· ScandiaSoft DbValidator

DbValidator, was designed to simplify the creation of automation tests for SQL Server database schemas.

· dbUnit SourceForge

DbUnit is a JUnit extension (also usable with Ant) targeted at database-driven projects that, among other things, puts your database into a known state between test runs. This is an excellent way to avoid the myriad of problems that can occur when one test case corrupts the database and causes subsequent tests to fail or exacerbate the damage.

Reference links

1. http://en.wikipedia.org/wiki/Database

2. http://www.agiledata.org/essays/databaseTesting.html

3. http://www.dbunit.org/

4. http://scandiasoft.com/products.html

5. http://www.embeddedstar.com/software/content/c/embedded529.html

6. http://en.wikipedia.org/wiki/Database_security

7. http://en.wikipedia.org/wiki/SQL_injection


Shoaib Shafique

Serving as,

Testing QA Engineer

Kualitatem Pvt Ltd.