Monday, September 5, 2016

What is Usability Testing

Usability testing is a technique to evaluate a product by testing it on users. Since the end user has to work on product ultimately it is best to do a usability testing before releasing the product to mass.

Usability testing measures the usability, or ease of use, of a specific object or set of objects, whereas general human-computer interaction studies attempt to formulate universal principles.


Goals
Usability testing is a black-box testing technique. The aim is to observe people using the product to discover errors and areas of improvement. Usability testing generally involves measuring how well test subjects respond in four areas: efficiency, accuracy, recall, and emotional response. The results of the first test can be treated as a baseline or control measurement; all subsequent tests can then be compared to the baseline to indicate improvement.

Four Areas 
Efficiency -- How much time, and how many steps, are required for people to complete basic tasks? (For example, find something to buy, create a new account, and order the item.)

Accuracy -- How many mistakes did people make? (And were they fatal or recoverable with the right information?)

Recall -- How much does the person remember afterwards or after periods of non-use?

Emotional response -- How does the person feel about the tasks completed? Is the person confident, stressed? Would the user recommend this system to a friend?

How to perform Localization Testing


Localization means translating your product or website to local language of that country. As companies grow their business in various countries, they make a localized version of their website.


Prepare and use the required test environment
If a web site is hosted in English and Japanese languages, it is not enough to simply change the default browser language and perform identical tests in both the languages. Depending on its implementation, a web site may figure out the correct language for its interface from the browser language setting, the regional and language settings of the machine, a configuration in the web application or other factors. Therefore, in order to perform a realistic test, it is imperative that the web site be tested from two machines – one with the English operating system and one with the Japanese operating system. You might want to keep the default settings on each machine since many users do not change the default settings on their machines.


Get correct translation
A native speaker of the language is usually the best resource to translate the text. However it is not easy to find a multi-lingual tester or have different people from different countries sit in one office.
In that case you might have to depend on translations tools available online like google translate wordreference.com and dictionary.com.


Start with testing control labels
Labels are the static content in the web site. English labels are usually short and translated versions tend to expand or contract in length depending on target language. It is important to spot any issues related to label truncation, overlay on/ under other controls, incorrect word wrapping etc.


Test error messages
It is important that the web site provides correct error messages in the other language. Most of the times error messages are hard coded in english language and while translating, developers forget to translate them.


Do test the data
Usually, multi-lingual web sites store the data in the UTF-8 Unicode encoding format. To check the character encoding for your website in mozilla: go to View -> Character Encoding and in IE go to View -> Encoding. Data in different languages can be easily represented in this format. Make sure to check the input data. It should be possible to enter data in the other language in the web site. The data displayed by the web site should be correct. The output data should be compared with its translation.


Be aware of cultural issues
A challenge in testing multi-lingual web sites is that each language might be meant for users from a particular culture. Many things such as preferred (and not preferred) colors, text direction (this can be left to right, right to left or top to bottom), format of salutations and addresses, measures, currency etc. are different in different cultures. Not only should the other language version of the web site provide correct translations, other elements of the user interface e.g. text direction, currency symbol, date format etc. should also be correct.


Saturday, July 2, 2016

Quality Attributes

What is Quality? 
Quality can be define in different manner. Quality definition may differ from person to person. But finally there should be some standards. So Quality can be defined as

Degree of excellence – By Oxford dictionary
Fitness for purpose – By Edward Deming
Best for the customer’s use and selling price – By Feigenbaum

Now lets see how can one measure some quality attributes of product or application. These attributes can be used for Quality assurance as well as Quality control. 


Reliability 
Measure if product is reliable enough to sustain in any condition. Should give consistently correct results.
Product reliability is measured in terms of working of project under different working environment and different conditions.


Maintainability 
Different versions of the product should be easy to maintain. For development its should be easy to add code to existing system, should be easy to upgrade for new features and new technologies time to time. Maintenance should be cost effective and easy. System be easy to maintain and correcting defects or making a change in the software.


Usability
This can be measured in terms of ease of use. Application should be user friendly. Should
be easy to learn. Navigation should be simple.
The system must be:
  Easy to use for input preparation, operation, and interpretation of output.
  Provide consistent user interface standards or conventions with our other frequently used systems.
  Easy for new or infrequent users to learn to use the system.


Portability
This can be measured in terms of Costing issues related to porting, Technical issues related to porting, Behavioral issues related to porting.


Correctness
Application should be correct in terms of its functionality, calculations used internally and the navigation should be correct. This means application should adhere to functional requirements.


Efficiency
To Major system quality attribute. Measured in terms of time required to complete any task given to the system. For example system should utilize processor capacity, disk space and memory efficiently. If system is using all the available resources then user will get degraded performance failing the system for efficiency. If system is not efficient then it can not be used in real time applications.

Integrity or security
Integrity comes with security. System integrity or security should be sufficient to prevent unauthorized access to system functions, preventing information loss, ensure that the software is protected from virus infection, and protecting the privacy of data entered into the system.

Testability
System should be easy to test and find defects. If required should be easy to divide in different modules for testing.


Flexibility
Should be flexible enough to modify. Adaptable to other products with which it needs interaction. Should be easy to interface with other standard 3rd party components.


Reusability
Software reuse is a good cost efficient and time saving development way. Different code libraries classes should be generic enough to use easily in different application modules. Dividing application into different modules so that modules can be reused across the application.


Interoperability
Interoperability of one system to another should be easy for product to exchange data or services with other systems. Different system modules should work on different operating system platforms, different databases and protocols conditions.


Appreciate your feedback/comments!!!

Friday, June 3, 2016

Testing for security attack

In my earlier post Security Testing I have explained what is security testing and what are different types of attacks that can occur on a website.

Now let's see what are different security testing approaches -


1. Test Password cracking
Most web applications use log-in screens to authenticate users. In password cracking tester should for password complexity enforced by website.
If username and password are stored in cookie make sure they are highly encrypted as without encrypting attacker can use different methods to steal the cookies.

2. Test URL manipulation 
The tester should check if the application passes important information in the query string (url). As url is easily accessible attacker can steal data from url. Tester can modify a parameter value in the query string to check if the server accepts it. Also test for the url entered directly in address bar without navigating from previous page.

3. Test SQL Injection
In UI controls like textboxes enter SQL statements which are always true like '1=1' (with quotes).
Make sure textbox does not accepts ('). If some database error is thrown after insterting above data that means application accepted the input, executed the statement on server. This is highly vunerable.

4. Cross Site Scripting (XSS)
The tester should also test for XSS (Cross site scripting). Any HTML code or any script code should not be accepted by the application. Many web applications use variables in url to pass data to server. E.g.:
http://www.mysite.com/Home.aspx?query=abcd
Attacker can easily pass some <script> code as a ‘query’ parameter. When page is sent, malicious <script> is executed on server.


Note - In order to perform a useful security test of a web application, the tester should have good knowledge of the HTTP protocol. It is important to have an understanding of how the client (browser) and the server communicate using HTTP. Additionally, the tester should at least know the basics of SQL injection and XSS.

Did you like the post? Please share your feedback!

Security Testing

Security testing is a testing process which tests an application for confidentiality, integrity, authentication, availability, authorization and non-repudiation.

In short words we can say verifying that data is available and accessible to authentic users only and amount of data available to any user is as per their authorization level.

As more and more online transaction being performed online through website, proper security testing of web applications is becoming very important.

Below are various type of popular security attacks - 

URL manipulation - 
Some web application send user data to server after appending to the url. This gives hacker a chance to manipulate the data and send wrong information.


SQL injection
In this process SQL statement are inserted into UI controls of the application. When the page is submitted to server, those statements are executed on server causing attack on user data.


Spoofing
Attacking users by creating hoax look-alike websites or emails. So user navigates to their site thinking it is the original site and enters sensitive data.


Attacking XSS
Cross-site scripting allows attackers to inject client side script and bypass access controls.

In next post we will look at different approaches to test website for security attacks.

Please let me know your feedback about this post.