DEV Community: QA Madness

Skills QA Engineers Should Have Now and in the Future

QA Madness — Mon, 01 Aug 2022 14:12:00 +0000

It is natural to think about the future, especially during turbulent times. Digitalization that gathers pace globally leads to significant changes in the job market. As technology evolves, professions keep evolving with it. In a decade or so, we may witness a considerable shift of candidate’s priorities and competencies required by employers.

We talked with our team to learn what they think about the future of tech professions and, most importantly, the skills QA specialists should possess in the future. Of course, we can’t be a hundred percent sure what comes in ten years and can only make assumptions. Here’s what we concluded.

Hard Skills that Make a Good QA Specialist

When it comes to hard skills, the demands can vary from company to company. Besides, a required skill set also depends on a particular profession. In general, the must-haves for an average candidate are:

Knowledge of software testing types, methodologies, and techniques.
Familiarity with certain bug tracking and test management tools.
Understanding of different SDLC models.
Knowledge of a particular programming language (for test automation).

To understand better what hard skills will help you get a particular job, you can simply look through job postings in the niche. HR managers keep job descriptions relevant, so you are likely to find the latest information on this. It is also a good idea to scan job offers from different regions and countries. It may help to decide where to develop professionally and what to study next.

Soft Skills that Make a Good QA Specialist

In addition to strong technical knowledge, a specialist should also possess certain personality traits to become a valuable addition to the team. We believe that the soft skills listed below will remain relevant and sought in the future.

The thing is, the active automation that already occurs in many industries will increase the significance of soft skills. People will need to cover the tasks that computers won’t be able to do. On the one hand, the demand for specialists who can create and maintain automatic solutions will increase. On the other hand, a lot of tasks computers cannot perform are related to soft skills.

A study by McKinsey predicts that around 5 million occupations will no longer exist by 2030. Robotics and AI technologies will replace human workers. Meanwhile, we can expect the emergence of new professions, where uniquely human skills will become more valuable. Accenture makes similar predictions and supports the idea to upskill staff in soft skills since they will be more in-demand in the future.

In other words, technology isn’t meant to replace or eliminate people. It is likely to make a shift in priorities, so that leadership, creativity, and other uniquely human skills will play a greater role in professional value. Ultimately, people with math and soft skills seem to get better career prospects in the future.

Let’s start with a list of the soft skills that are already a bonus for candidates looking for QA jobs.

Communication skills

Communication is everything. An ability to express one’s thoughts clearly is a key to productive cooperation. It is essential for a QA engineer to explain the nature of defects and describe the steps to reproduce them in detail. It includes both oral and written communication. Without comprehensible reports, the rest of the team would find it difficult or even impossible to implement changes.

Empathic approach

The concept of empathy is essential for a variety of industries. Basically, empathy means an ability to understand other people, to walk in one’s shoes. In the case of QA and software testing, empathy is a desire to understand client’s objectives and share their values. Once you manage to see what’s the priority for a client, you’ll be able to ask the right questions and present your ideas in a way that can benefit an end product.

Analytical skills

In their daily work, QA specialists work with software products, deconstructing their features and behavior to find flaws in the system. The ability to collect and process information is the core of such activities. A set of analytical skills include logical thinking, critical reasoning, research, data analysis, creativity, and problem-solving.

Attention to detail

A QA engineer should pay attention to ins and outs and issues that are almost imperceptible. It’s a meticulous job that requires significant concentration and a little bit of suspicion. Attention to detail allows noticing weak spots in the system that seems to work well. It encourages checking and rechecking those areas that are generally prone to defects, even if there are no evident defects at the moment.

Focus on quality

When the deadlines are tight, a QA team may be urged to check complicated functionality quickly. Even under such circumstances, a person should understand the quality implications and communicate their thoughts to a client. A QA engineer’s task is to check a product thoroughly. It is essential to estimate correctly the time required to do this and inform a client. Remember that your mission is quality assurance, and it should be the priority regardless of the situation.

Reasoning ability

Reasoning requires a solid technical understanding of the processes. When you explain the necessity of a particular procedure to other team members, you should provide relevant arguments. Telling a client something like “We need to run performance testing because it will be better this way” is something you should never do. Every piece of recommendation should come with convincing evidence. It is also necessary to be able to explain complicated things in a way people without a tech background can understand.

Diligence

Patient work and willingness to learn and develop professionally are essential for many professions. It is impossible to become good at what you do without effort and studiousness. Meanwhile, technology keeps evolving, and IT specialists should keep up with the trends and new practices. If a person likes to attend field-specific events, improve their hard skills, follow industry news, etc., they increase their value as a professional. Being stuck with one product, on the contrary, interferes with one’s skills and career prospects.

Teamwork

If an HR specialist says they are looking for ‘a team player,’ it isn’t just another cliche in a job description text. There are people with impressive skills and expertise that find it difficult to cooperate with others. Software testing is work for a team. Even if a client requires one specialist to work on a project, this person is supposed to work in close collaboration with developers and stakeholders. Depending too much on one’s individual skills can affect the result. When there are several QA specialists engaged in a project, smooth teamwork becomes even more significant.

Relating to end-users

QA engineers view every software product from a professional perspective. Looking for vulnerabilities is the primary goal that tends to become a professional hazard. Product owners view software from the business perspective. Meanwhile, end-users are likely to have yet different approaches, expectations, and experiences. Therefore, QA specialists need to abstract their minds from previous experiences and interact with a product like real users with diverse backgrounds and varying levels of digital literacy.

Commitment

Willingness to give your time and energy to improve the quality of a software product is the only way to become a good QA engineer. A person should understand their role in the process and take full responsibility for their actions and decisions. Whether we are talking about communication with a client, interaction inside a team, or personal time management, commitment and responsibility are crucial.

Essential Hard Skills of the Future

We can’t be certain about what technologies will be in demand in a decade or two. That’s why QA engineers should keep up with the market news and tech trends. For now, we can only assume that some of the domain knowledge in the following areas will be good to have featured in your CV.

Artificial intelligence

AI tech is becoming more mainstream. Apparently, the need for specialists that can work with natural language processing, speech and image recognition, and related smart technologies will keep increasing in the future. Most likely, they will become default features for the majority of applications.

Machine learning

Chatbots, smart assistants, predictive analytics tools, and a great share of smart tech rely on machine learning. Since machine learning can be applied to every industry, its possibilities are endless. Thus, the knowledge of ML technologies will be a bonus for QA engineers.

Data science

Banking, manufacturing, and governmental institutions are among those investing in data science the most. Healthcare, education, and many other niches can derive significant benefits from using these technologies, too. For as long as there is demand for data science tools, QA engineers will keep busy testing those software solutions.

Cloud computing

We don’t know yet what employment models will be dominant in the future. But even without going fully remote, companies understand the necessity of healthy cloud infrastructure that will keep the business processes functioning regardless of the team’s location. The widespread use of cloud computing tech will require proper QA expertise for maintenance and platform improvements.

Internet of Things

Smart gadgets, wearables, and home appliances have become widely used for business and personal purposes. Testing those relies on a lot of interactivity. For example, when QA engineers inspect fitness trackers, they have to run, jump, exercise, and track the measurements and showings under various real-life conditions. The same rule works for the majority, if not all IoT devices. Thus, niche expertise will be a great addition to QA engineer’s skills and career prospects in the future.

Robotics

Speaking about the interesting hardware to work with, more QA engineers can expect to get engaged with robotics. During software testing, you’ll need to learn how robots operate across a variety of terrains and environments under real-world conditions, experiment with different movement modes, etc. Whether we are talking about rethinking last-mile delivery or entertainment, the liking of robotic gadgets and their increasing popularity is undeniable.

Mobile testing

The share of mobile traffic keeps growing as well, thanks to both adaptive design and applications. People enjoy constant access to information and services and an opportunity to communicate and handle business tasks on the go. Though the influence of such a habit on our well-being is questionable, society isn’t going to give it up. The need for testing apps and digital services on mobile devices will remain among the priorities.

Network security

The more processes shift online, the more security threats will arise. Thus, network and information security practices will evolve together with digitalization. The need for security testing is likely to increase.

UI/UX design

Remember that there is a difference between these two concepts. UI is about the layout and correct functioning of the graphical elements of a user interface. UX is about the convenience of using a particular design and the emotions it causes. You don’t have to become a designer, but certainly, there will be many interfaces to test in the future.

Essential Soft Skills of the Future

It seems that the soft skills we’ve listed above will be relevant and in-demand. Meanwhile, the new technologies and realities will require some other activities in a QA engineer’s CV.

Adaptability

The pace of innovation keeps accelerating with every passing year. Nowadays, it takes less time to invent and implement new tech solutions than two decades ago. The world of the future will keep changing rapidly. It will be crucial for QA engineers to adapt to all the changes in technologies, software development methods, and related processes that are to come. Those who find it difficult to adjust to the new circumstances and realities risk ending up lagging behind.

Quick learning

As the technologies evolve, the QA methodologies, practices, and tools are to keep up. It means more learning than ever before. Many specialists already understand that continuous education is essential for professional growth. Those who can process information quickly and are eager to learn will have a considerable advantage in the future.

Cognitive flexibility

Cognitive flexibility is closely related to curiosity and desire to study. If thinking out of the box is more than another metaphor for you, you are ready for the future’s everyday work. An opportunity to look at problems from a different perspective rather than follow familiar rules will come in handy when facing future challenges. In a highly competitive environment, quality becomes the highlight for a business. An opportunity to detect the slightest drawbacks or the least likely scenarios that can break a system may become a game-changing factor. A QA specialist’s cognitive flexibility may be what helps to stand out and take a leading position.

Critical thinking

The overwhelming amount of information we are to deal with daily is likely to keep increasing. It will become even more important to distinguish between valuable insights and fake news. Critical thinking will help to keep a clear head, notice advantageous opportunities, and make correct strategic decisions in the future. Speaking specifically about QA engineers and their work routines, critical thinking will remain essential for smart prioritization and risk management.

Communication

We’ve already mentioned that communication skills are essential for QA specialists nowadays. While we expect the increase of automation and robotization across various industries, efficient collaboration and negotiation will become assets of even higher value. QA engineers will still need to communicate with developers closely and focus on releasing products of better quality.

Emotional intelligence

From empathic design to empathic banking, companies keep emphasizing how significant an ability to walk in a client’s shoes is. Understanding human beings who are going to use your products and services is key to creating exactly what the audience needs. It is especially important for quality assurance, the purpose of which is to help create usable and functional software products for vast audiences.

Creativity & innovation

The tech industry is driven by innovations. The future is likely to bring more extraordinary devices and applications. A specialist with a creative mindset will always have a competitive advantage. In fact, creativity isn’t always directly related to inventions. Being creative in quality assurance means, in particular, finding a way to work more efficiently and modeling a variety of typically occurring and unexpected use cases.

Complex problem solving

We expect known job positions to change at least a bit. New issues will require new approaches and solutions. In other words, a list of responsibilities and daily tasks of a QA engineer may go beyond software testing as we know it today. We are talking about a more balanced skill set that will come in handy since QA specialists will need to deal with more technically sophisticated tasks.

To Sum Up

For sure, hard skills make the backbone of a QA engineer’s skill set. However, soft skills are what often make a person a valuable asset to a team. Usually, it is easier to teach entry-level specialists theory and take time to supervise their work than to foster and nurture the essential soft skills. In a perfect case, a QA specialist should have the hard and soft skills balanced and keep improving both.

We can’t be sure about what the future holds or how it will modify professions that exist nowadays. If you are a specialist eager to move with the times, follow the industry trends and do everything in your power to become a truly competent person. Keep learning and growing professionally, and you’ll be ready for whatever changes are to come.

How to Use Python for Automation?

QA Madness — Fri, 29 Jul 2022 10:41:00 +0000

The knowledge of a programming language can help a QA specialist in different ways. On the one hand, we get access to test automation tools. On the other hand, we start to understand code, and this advances manual testing. Learning a programming language allows enhancing a person’s competencies and makes an entire software testing company a bit more prepared for the market challenges.

So the dilemma is not “to learn or not to learn” but rather what exactly to learn. There are several factors that can influence your decision – starting with resources and ending up with a range of specialists in the company. So let’s focus on Python and why it is the No.1 option to consider.

Why Is Python So Popular?

Over 70% of developers consider Python the most popular and in-demand language. In addition to being an open-source programming language, it has many libraries of ready-to-use code. Python is a time-saving solution: you don’t have to reinvent the wheel every time you start a new task.

Also, Python syntax is simple, making the language easy to learn. Last but not least, there is a strong community built around Python. You can reach out for help online anytime and receive it almost instantly.

Why You Should Learn Python

Test automation engineers often use technologies like Java, C#, C++, and Ruby. Still, Python has a number of benefits that make it an optimal solution.

- Python is easy to learn. Even the most curious QA engineer has to focus on testing first. Learning Python won’t leave you too exhausted to deal with work thanks to its simplicity. Besides, you can find a bunch of useful materials on the web.
- It has readable code. Python code is easy to understand. It is convenient for scripting and supported by numerous tools.
- Python is a multi-purpose language. It is almost universal and can solve a vast array of tasks. Python is used in web and desktop apps, data analytics, scripting, etc.
- It enhances team productivity. Java uses ten lines of code where Python needs just one. Python is concise and leaves precious time to deal with more complex tasks.
- The community is your backup. Massive code libraries help you save time. You don’t have to reinvent the wheel but use ready code for import.
- Python can automate your entire world – from the deployment of the test environment to continuous integration.

The Advantages of Automation Using Python

We’ve mentioned some of the features that make Python in-demand and popular. Here are a few more words on AT in Python.

The Zen of Python, a collection of guiding principles for writing on Python, is an ideal manual for test automation. It reminds you about the basic rules that make automated test scripts efficient. Tests should be simple and readable, obvious and relevant, complex but not complicated. Some would say these things are evident, but The Zen of Python is a manifesto that won’t let you forget the basics.
Pytest is one of the best available frameworks for automation available. It can handle any functional test, whether we’re talking about unit, integration, or end-to-end testing. Test cases are written simply as functions and can take parametrized inputs. Plugins extend pytest capabilities and allow you to cover code, run several tests simultaneously, and integrate with other frameworks, like Django and Flask.
A rich library of useful packages and ready-to-use ingredients for automation greatly facilitates testing in Python.
Python is object-oriented and functional. It allows choosing what suits your tasks better – functions or classes. Distributed functions don’t have side effects, and simple syntax makes them readable.
Command Line can drive the entire test automation workflow. Every test framework can launch a console for searching and running tests. Rich command line support greatly simplifies test management. Moreover, automation with Python supports exploratory testing. You can use Python calls to steer an app to a point when manual testing is required.
Scalability makes Python equally great for beginners and experienced users. Scalability is achievable through syntax, superb structure, modularity, and a vast ecosystem of tools. It is also possible to integrate numerous side tools and processes.

Writing Automated Tests in Python

Python comes with a set of tools and libraries that facilitate test writing. Your path in automation testing services should start with simple tests. Make sure you can execute those successfully before challenging yourself with complex tasks.

Create a file test.py that will contain your first test case. As you proceed with scripting, it will be reasonable to create a folder with separate files for tests or test groups. Otherwise, the document will become cluttered and hard to maintain. If a project is large, you can split tests into more subdirectories based on their purpose.

The primary task is to decide what exactly to test. A test structure will follow a familiar workflow: generate inputs –> execute the code –> capture outputs –> compare actual and expected results.

When you decide to automate a task, all you have to do is follow five simple steps:

Think about how you would execute it without applying any technological solutions.
List the steps and people involved.
If needed, divide the task into a number of smaller assignments.
Solve each of these tasks using an appropriate algorithm.
Convert each of those algorithms to code using Python.

Keep in mind that automated tests should be reusable. If you have spare time and a desire to level-up your scripting things, you can create tests covering anything you want. However, this is not efficient for dealing with real-life tasks.

Python Automation Frameworks

Python unittest (or PyUnit) is a framework from the standard Python library and a great solution to start with Python automation. It provides a basic set of tools that supports fixtures, test cases, test suites, and a test runner. Unittest is often used in test-driven development. To discover the full potential, you will also need nose2 with its system of plugins.
pytest – the best python testing framework for small projects. It supports compact test suites and offers quick bug fixing. It can run parallel tests and integrate with other test frameworks.
Robot – an open-source key-driven framework for acceptance testing that provides a rich collection of tools and libraries.
Behave – a widely-used behavior-driven framework. Written in semi-formal language, it is easy to read for QA team and non-technical specialists, opening opportunities for collaboration.
Jasmine – one more BDD framework. It is easily integrated into Django projects, allows parallel execution of server-side and client-side test cases, and makes tests more resilient to changes.

To Sum Up

Python solves a wide range of technical problems, is easy to learn, and makes you a part of the global community that gladly shares their experiences. Automation with Python saves you a lot of time. Besides automating QA resources in general, it provides lots of ready code and highly-functional frameworks.

If you already know some other programming language, switching to Python is unnecessary. As I’ve mentioned earlier, you can write scripts in Java and Ruby as well, and they will be equally good. If you only start learning, however, Python is definitely a go-for option.

Your Guide to Understanding Risk-Based Testing

QA Madness — Mon, 25 Jul 2022 18:21:02 +0000

The goal of risk-based testing is to concentrate testing on key functions and spend more time on them. It is possible to manage the test process through intelligent evaluation and convey the predicted implications of actions taken by combining the focused process with metrics.

Risk is the occurrence of an unknown event that has a positive or negative impact on a project's measured success criteria. It could be something that happened in the past, something that is happening now, or something that will happen in the future. These unforeseen events might have an impact on an entire project's cost, business, technical, and quality goals.

What Is Risk-Based Testing?

A risk-based testing approach is a method of software testing that is based on risk likelihood. It entails analyzing the risk based on software complexity, business criticality, frequency of use, and probable defect areas, among other factors. Risk-based testing prioritizes testing of software program aspects and functions that are more important and likely to have flaws.

A thorough plan guarantees that testing is carried out in such a way that even if a person discovers a flaw in production, it does not prevent them from using the application nor does it have a substantial impact on the business.

Product, Project, and Process Risks

Negative risks pose a threat to the project's success, and solutions to reduce or eliminate them must be implemented. Risk-based testing offers insight into these risks that will have a far-reaching effect across the product and process requirements needed to succeed.

There are three groups of risks the team may encounter during the software development process:

Product risks – lack and/or stability of requirements, complexity of the product, etc. that eventually cause a mismatch in the end functionality and the needs of users and/or stakeholders’ expectations.
Project risks – issues caused due to the external dependencies, such contractual issues, delays on the contractor’s side, personal issues, non-work related constraints, and so on.
Process risks – issues related to planning and internal management of the project, including inaccurate estimates, delays, non-negotiable deadlines, underestimation of project complexity or other important aspects, etc.

The impact of these risks can affect both the user and the business with dire consequences such as financial impact from unhappy customers, penalties, legal liabilities, losing market share, losing customers, and tainted company reputation.

Risk-Based Testing Strategy

A risk-based testing strategy uses risk as the criterion in all aspects of the testing cycle, including test planning, design, implementation, execution, and reporting. Ideally, a large number of different test case combinations would be created. The strategy involves ranking tests based on the severity of the risks to identify the most defective or risky areas that would have impact on the business.

The fundamental goal of risk analysis is to categorize high and low ranked elements related to features and functionalities. The highly ranked components become the focus of both automated and manual software testing efforts while concentrating less on lower ranked elements. This is the risk analysis, which is the first step before starting any risk-based software testing.

Benefits of Risk-Based Testing

Enhanced User Focus: Risk-based testing focuses on thoroughly testing features that directly affect customers and those that pose a higher risk. This enhances business performance, lowers the chance of bad evaluations, and lessens the overall impact of each identified risk.

Improved Quality: Risk-based testing prioritizes higher-risk areas and ensures that the most critical functions are tested first. As a result, the program can be released with the assurance that its core and customer-facing functionalities are up to par.

Better Testing Coverage: It becomes easier to decide what to test, where to start, and when to cease testing after risks have been recognized and their impact evaluated. In other words, defining the scope of testing as well as the priority of test execution within constrained deadlines becomes easy. This gives every development project the structure it needs to organize hundreds of tests that can be incorporated in automating regression testing.

When to Use Risk-Based Testing

A number of factors can increase the chances of risk occurring that includes the development team having a poor knowledge of the feature/s or resulting in an inferior design, insufficient time planning and inadequate resources. However, these are exactly the type of situations when risk-based testing should be used.

Risk-Based Testing in Agile

Risk-based testing in Agile is highly beneficial when having to complete testing within defined sprints in order to maintain software quality. It also helps establish a framework that allows testers, developers, and other stakeholders to have a clear discussion about the risks at hand. Essentially, it separates risks so that they can be identified and addressed.

It considers both consumer and development needs when determining what constitutes a risk and highlights the features that are most important to customers. Moreover, it provides a hierarchy of testing criteria for managing budgets, negotiating timeframes, and avoiding delays.

This is also in the best interests of customers and business owners, as risk-free software promotes high-quality user experiences and income streams. All of the above can be accomplished in a limited amount of time with risk-based testing, allowing the implementation of the core spirit of Agile development and testing.

Choosing What to Test

So who should evaluate the risks and how does this process go? Those who have a good awareness of the overall challenges or inadequate solution delivery are the greatest candidates for risk assessment. Product owners, solution architects, and SMEs are usually skilled at recognizing delivery risks. Those with domain or technical understanding can spot dangers associated with the solution's deficiencies.

Testers must also conduct a high-quality test assessment that specifies the testing method for the proposed solution. If the strategy is ineffective, the likelihood of serious software failure when the software goes into production rises. Testers can also effectively report on the state of the solution being tested in terms other than defects found and tests completed. With a thorough understanding of product risk, they can provide all stakeholders with an assessment of readiness to go live based on the perceived risk to the business.

Risk-based testing encompasses the planning, design, and the execution of testing operations based on the modules' priority. The focus areas for assessing the risk of an application should include:

Areas that are prone to defects.
Business critical functionality.
Frequently used features and functions.
Security functionality.
Areas of complexity.
New product changes.

Common Mistakes with Risk-Based Testing

There are several ways to isolate, analyze, and evaluate risk, which can take different forms – depending on context. But regardless, there are common mistakes to avoid.

Doing risk analysis at the end of product development process
Incorrectly determining the acceptable level of risk.
Only focusing on high-risk areas.
Not identifying risks that affect future performance.
Those involved in the risk assessment don’t have experience or knowledge in fully understanding the impact of results.

It's critical to start the risk analysis during planning and development to appropriately analyze the application and develop an effective approach. And with the right resources in place, you will be able to effectively execute a well-defined testing strategy that covers vulnerable points.

Conclusion

When done effectively, risk-based assessment and testing can quickly deliver important outcomes for an organization. Because skilled specialists assess risk at each stage of delivery, the quality of deliverables starts with the requirements. The efficiency of risk-based testing and deployment will be determined by a number of important factors: a rigorous and well-structured analysis and testing plan and execution with proper communication to all project stakeholders.

Any software application's success is determined on its functionality and usefulness. Software must be secure and work properly in a variety of environments, which necessitates comprehensive testing. QA Madness provides software testing services that offer best practice in testing methodologies that ensures higher quality assurance.

15 E-Commerce Test Cases to Include in Your Test Suite

QA Madness — Fri, 22 Jul 2022 12:58:23 +0000

Good testing documentation is as important as a QA engineer's meticulousness and reasoning ability. That’s why we pay so much attention to teaching our Junior QAs how to prepare test cases, checklists, bug reports, and other artifacts.

Our team has been working with the e-commerce niche since the early days of QA Madness. In this article, you will find some sample test cases for e-commerce websites and apps you can use during work – as ready artifacts or as a background/examples for your own test cases.

Test Cases in a Nutshell

A test case is a set of actions executed to verify a particular feature or functionality of your software application.

A test case is a set of actions executed to verify a particular feature or functionality of your software application.

QA engineers can use valid or invalid inputs during testing. Based on that, we distinguish positive and negative test cases.

The format and structure of a test case can vary from project to project and even specific features of a product. For example, there are mandatory elements, such as summary and steps to reproduce, and optional elements, such as preconditions and postconditions.

15 E-Commerce Test Cases Examples for Web and Mobile Testing

We decided to share some manual test cases for an e-commerce website and app a beginner QA can find useful. We included test cases for both online stores and marketplaces.

All of the screenshots in this article are used as examples only. Our QA team hasn’t tested the mentioned services. The majority are familiar to a wide audience, and that’s what makes them great illustrative material.

And once again: these are sample artifacts. Their purpose is to explain the structure of test cases and show how they work in practice.

1. User Registration

Let’s start our list with negative test cases for an e-commerce website (or e-commerce app, it will work for both). As you may remember, a negative test case uses invalid inputs to check if the software doesn’t do something it is not supposed to. During registration, such invalid inputs can include incorrect user information in all or at least one of the required fields.

ID: TC-1.1

Summary: Check the registration with empty required fields.

Steps to reproduce:

Open the Homepage: https://www.bookdepository.com/.
Click the “Sign in/Join.”
Click the “Create your account.”

Expected result: A user cannot register. The error message is displayed.

Screenshot: Book Depository

When filling in the “expected result,” make sure to look up the requirements. In this case, the button is active even with empty fields. Some platforms, however, choose a foolproof strategy: the button is inactive if some information is missing. Thus, the test case will look different, too:

ID: TC-1.2

Summary: Check the registration with empty required fields.

Steps to reproduce:

Open the Homepage: https://www.ebay.com/.
Click the “register.”
Click the “Create account.”

Expected result: A user cannot register. The button is inactive.

Screenshot: eBay

A few more words about this foolproof UX. If a user places a cursor in a field and then clicks somewhere else without entering any data, the fields will be highlighted red, and texts with explanations will pop up.

Screenshot: eBay

Once again, that’s why you need to refer to the specification requirements for the platform under test.

2. Signing In

Another important test case focuses on registration. As you may already know, test cases for e-commerce websites are often universal and reusable. Here’s an example that is universal and can be suitable not only for e-commerce but also for platforms from other niches.

ID: TC-2

Summary: Check signing in with valid data.

Pre-conditions: The user is already registered.

Priority: High.

Steps to reproduce:

Open the website: leave the link to the website.
Proceed to the login page.
Fill the required fields with valid data.
Submit the form.

Expected result: The user is logged in. My account page is displayed.

As you can see, this test case features more fields. There are two reasons for this: teams use different formats (“Priority”), and some cases require more information to execute (“Pre-conditions”).

3. UI Test Case

UI test cases go hand in hand with functional cases. To the great extent, these two groups overlap and cover the same elements. Back to registration and login: we test functionalities, but we do it through the means of the user interface. So, there is usually no need to divide test cases into categories strictly.

ID: TC-3

Summary: “Keep me signed in” checkbox is checked.

Steps to reproduce:

Open the Homepage: https://www.bookdepository.com/.
Click the “Sign in/Join.”
Verify that the “Keep me signed in” checkbox is checked.

Expected result: The box is checked by default. The color of the checkmark is E77808 / RGB(231,120,8).

Screenshot: Book Depository

4. Editing Account Data

It doesn’t matter if a person has made a mistake during registration or changed their name or address. It is essential to provide users an opportunity to update their personal data and make sure it actually works. Here’s a sample e-commerce test case for that.

ID: TC-4

Summary: Edit user name in “My Account.”

Priority: High.

Steps to reproduce:

Open My Account: https://www.bookdepository.com/account.
Go to “Personal Details” > “Name, Email & Password.”
Click the “Edit” in the “Name” field.
Click the “Save changes.”

Expected result: The success message is displayed.

Post-conditions: Go to “Name, Email & Password” to look if the changes have been applied.

Screenshots: Book Depository

As always, it is necessary to run a negative test case for this functionality and check saving the information with the empty field. You already know how to write this one on your own.

5. Search Results

Search is one of those features that make navigation on an e-commerce platform faster and easier, especially if we are speaking about a marketplace or a large merchant.

ID: TC-5

Summary: Check the search suggestions.

Priority: Medium.

Steps to reproduce:

Open the website: https://www.etsy.com/.
Start typing the keyword in the search row.
Check the list of the results in the dropdown list.

Expected result: All of the results in the dropdown list start with the letters already entered.

Screenshots: Book Depository

Some platforms offer to search for an item in a specific category. On some, the matches are not direct – the queries only contain some of the letters, like on the screenshot below:

Screenshot: Book Depository

If you are working with some other variations of the search suggestions, the test case (and the expected result, in particular) will go a bit differently.

6. Product Filtering

The bigger the selection is, the more important the filters are. Just like with the search algorithm, it is essential to display the relevant results that meet the set parameters. Here’s a sample test case to check it.

ID: TC-6

Summary: Check the product’s filtering on the category page.

Pre-conditions: The user has chosen their location.

Steps to reproduce:

Go to a category page: https://www.ikea.com/us/en/cat/standing-desks-55008/.
Apply the filters: price range, features, color, and availability. Keep in mind that it might be better to check each filter individually first and then check the combination of several.
Check the results displayed.

Expected result: The results displayed should update automatically and immediately and match the applied filters.

Screenshot: IKEA

We applied sorting by customer rating, which can be tested individually, too. Also, some platforms display results after a user clicks on a button that confirms the choice – “Apply,” “Refine results,” etc. Remember to adjust your test case accordingly.

7. Shopping Cart

A user has found everything they were looking for and added the items to a cart. At some point, a user changes their mind and decides to remove one or several items. It can be to prevent an impulsive purchase or because of finding a better alternative. Just like the reason, the actual name for a cart can differ, but the test case covering this functionality will look quite similar.

ID: TC-7

Summary: Remove a product from the cart.

Priority: High.

Steps to reproduce:

Go to the website: https://www.sephora.com/.
Add products to “Basket”.
Click the basket icon.
Click the “Remove.”

Expected result: The product is no longer displayed in the basket.

Screenshots: Sephora

If a user can view and manage a basket by hovering over the icon, like on this website, the basket scenarios for this option should be described in the dedicated test cases.

Screenshot: Sephora

QA specialists may add the information about total price changes in the “Expected Results.” Some prefer to include this in a separate set of test cases. It depends on the approach a particular team uses or the required level of detalization.

8. Checkout Process

How about some negative test cases of an e-commerce website or (mobile app) to our collection of sample artifacts? Similarly to user registration, the checkout process requires filling in some obligatory fields.

On the one hand, if a user forgets to leave their delivery address, a customer support representative can give a call and specify it. But online shopping was invented to minimize the number of interactions, right? On the other hand, what if a user forgets to leave their phone number, too?

ID: TC-8

Summary: Check if a user can proceed to the payment without selecting a shipment address.

Steps to reproduce:

Open the website: leave the link to the website.
Add any product to the cart.
Proceed to the checkout.
Choose a shipment method.
Indicate a billing address.
Proceed to the payment step.

Expected result: A user doesn’t have a possibility to proceed to choose the payment method without indicating their shipping address.

Depending on the requirements specification, a button taking a user to the next step can be inactive or a user will see a corresponding error message.

9. Payment Gateway

Our content team doesn’t have a test entity to illustrate this one (and doesn’t need to buy anything online at the moment). So, this test case will be more abstract, meaning there are no names of the website sections or buttons. You can specify those when preparing real test cases to use on a client’s e-commerce website.

ID: TC-9

Summary: Place an order via Visa payment method.

Priority: High.

Steps to reproduce:

Open the website: leave the link to the website.
Add an item to the basket.
Proceed to the checkout page.
Fill in the required information: leave the credentials used for testing.
Choose Visa as the payment method.
Enter card data.
Finish the purchase.

Expected result: The transaction is successful. A user gets a confirmation message.

You will need to test all of the available testing methods in this set. Thus, the test case will be reusable – just change the name of the payment system. And once again, be more specific with the names of the site sections and buttons if needed. The main rule is to provide enough data to make a test case easy to understand and execute while avoiding redundancies and too-obvious directions.

10. Installation / Uninstallation

You can use all of the previous artifacts in both e-commerce website testing and mobile application testing. Maybe, it’ll be necessary to change a few details, but nevertheless. Meanwhile, there are some mobile-specific test cases for e-commerce apps.

First, you’ll need to check if an app installs on a mobile device.

ID: TC-10.1

Summary: Install the application on iPhone 11.

Priority: High.

Steps to reproduce:

Download the build.
Install the application.
Launch the application.

Expected result: The application is installed and works correctly.

After all the tests, you should check if it is possible to delete the application.

ID: TC-10.2

Summary: Check the app uninstalling.

Priority: High.

Steps to reproduce:

Open device settings.
Open application settings.
Uninstall the application.

Expected result: The application is uninstalled. The app’s icon isn’t displayed on the device’s OS.

11. Localization Test Case

When a user types “nike.com” in a browser, they go to a website and see a popup with a list of locations. After choosing the relevant one, a user proceeds to the website in their country. Right, that’s localization. Interestingly, some regions appear twice: countries can have several locales with different languages.

Screenshot: Nike

Software localization goes beyond translations. It can include an adaptation of assortment, imagery, and even colors that would work better in a particular region. For example, the majority of locales have a banner with a Phil Knight’s quote.

Screenshot: Nike

However, there are some local sites with different banners. You can see several examples below.

Screenshot: Nike – Japanese locale

Screenshot: Nike – Canada, Australia, New Zealand

Screenshot: Nike – Southeast Asia

Screenshot: Nike – Mexico

Screenshot: Nike – China

Long story short, it all depends on the requirements. So we’ll share a simple test case for Nike's store.

ID: TC-11

Summary: Check the russian locale.

*Steps to reproduce: *

Open the russian locale: https://www.nike.com/ru/
Check the main banner.

Expected result: Items are not available for purchase. The corresponding message is displayed.

Screenshot: Nike – Russia

As you can see, the actual result corresponds to the expected one. “Currently, Nike cannot guarantee the delivery of items for russian customers. Due to this, purchases on the website nike.com and Nike app are temporarily unavailable in this region.”

12. Popup Elements

When a user chooses their location and scrolls down the homepage on Nike’s website, they see the following message:

Screenshot: Nike

It is essential to make sure that a user can close this popup window. Otherwise, shopping will be impossible.

ID: TC-12

Summary: Closing the popup on the homepage.

Priority: High.

Steps to reproduce:

Open the homepage https://www.nike.com/.
Choose a location and scroll down until a popup form appears.
Close the popup.

Expected result: The popup is no longer displayed. A user can continue interacting with the website.

You should also check the functionality of the popup:

if a user can sign up;
if all the fields are working correctly;
if the links are clickable;
if there is a confirmation message on the email, etc.

13. Real-Device Testing

It’s not a secret that the share of mobile traffic keeps increasing. E-commerce is not an exception. Thus, it is likely that QA engineers will eventually receive more e-commerce apps for testing.

We always emphasize the importance of real-device testing since it is the only way to check software in an environment that closely imitates real-life conditions. Here’s one more mobile-specific test case for this.

ID: TC-13

Summary: Application’s functioning during accepting the incoming call.

Pre-conditions: The application is installed.

Steps to reproduce:

Launch the application.
Start using the app.
Accept the call on the screen of the incoming call.

Expected result: After the end of the call app maximizes and works correctly.

Similarly to installation/uninstallation, you can reuse this test case in test suites for different products and industries. An app’s functioning during declining the call should be tested separately.

14. Navigation

Some platforms allow making quick purchases without user registration. Some require registration. Regardless of the case, registered and unregistered users have access to the different parts of the functionality, and it is reflected by the site navigation.

ID: TC-14

Summary: Check top navigation for a logged-in user.

Pre-conditions: The user is already logged in.

Priority: High.

Steps to reproduce:

Go to the website: https://www.bookdepository.com/.
Check navigation at the top of the page.

Expected result: “Hello username,” “Order Status,” “Wishlist,” “My account,” and “Sign out” are displayed in the upper right corner.

Screenshot: Book Depository

In contrast, this is how the navigation looks for unlogged users.

Screenshot: Book Depository

15. Website UX and Content

You must already know that UX testing isn’t a task solely for a QA team. It focuses on emotions as much as a convenience and relies on marketing research. Nevertheless, there are some UX bugs specialists log during UI testing or documentation review.

The situation is similar with content bugs. Often, a Content Manager or Product Owner is responsible for the product descriptions, their correctness and relevance. Still, there are some aspects a QA team can check as a part of their work scope.

ID: TC-15

Summary: Check a product description.

Steps to reproduce:

Open the website: https://www.ikea.com/us/en/.
Open any product.
Check if all sections of the product description contain the texts.

Expected result: There are no empty fields or text sections.

Screenshot: IKEA

If you are on IKEA’s website, you’ll need to click on “Materials & care,” “Safety & compliance,” and so on to check if all of the mentioned webpage sections feature the descriptions.

To Sum Up

These are just a few of the e-commerce website testing test cases a QA team normally includes in a test suite. Even the smallest and simplest online shopping platforms feature a bunch of standard functionalities – registration, category and product pages, checkout, payment, wishlists, coupons, etc. – that will take time to check properly. And to do it efficiently, you always need to prepare test documentation first 😉

A Brief Guide to QA Automation for Taxi and Delivery Apps

QA Madness — Mon, 18 Jul 2022 10:42:23 +0000

Logistics is often mentioned on the list of industries greatly affected by the pandemic, finding its place among businesses that are the most resilient or even flourishing. The reason lies in the segmentation and diversity of the logistics market. Along with the global supply chain and freight forwarding, it encompasses local transportation and delivery service that have been on the rise lately.

Lockdown, however, isn’t the only factor that increased the demand for food delivery and taxi services. E-commerce and last-mile delivery trends are driving the development of digital logistics. Moreover, restaurant operators admit that off-premises business has become a strategic priority before the lockdown.

Restaurants that invest in delivery apps or join delivery providers invest in increased visibility, better user experience, and customer feedback. Taxi services that have applications get better monitoring tools and enhanced user service.

A couple of months ago, digital capabilities helped local logistic businesses to survive. When the situation stabilized a bit, the competition in the segment started to get harsh, and high product quality turned into a competitive advantage. It means that your app needs a thorough quality checkup, and mobile app automated testing can play a significant role in it.

Benefits of QA Automation for Taxi and Delivery Apps

Automated software testing is surrounded by many myths that tend to exaggerate either its benefits or downsides. Well, automation does require more initial investment compared to hiring a manual QA engineer. Also, creating an automated test suite isn’t a one-time activity. Only with proper maintenance, it will remain relevant and efficient.

The truth is, only when it is relevant for the project automation will come with a list of benefits.

By automating regression testing, you can cover the full functionality instead of prioritizing features for manual tests.
The ability to schedule tests and run them without supervision and in parallel significantly reduces software delivery time.
Automation of repeated time-consuming scenarios leaves more time for exploratory testing, ensuring broader test coverage in general.
There is no need to enter complex data every time, and that helps to reduce human error (in addition to being a time-saver).
Reports are generated automatically after every run, and a QA team can provide valuable feedback with minimum effort.
Automation is more cost-efficient in the long run since new features require new tests and more people to cover the testing.

Simply put, automation helps to meet the primary business tasks — timely releases and close-to-flawless functionality. And that’s what adds up to brand credibility.

When to Go for Automation?

Stable functionality and manual test suite are the background for automated testing. Before you have a stable software build, automation is useless. As for the test suite, it becomes the basis for future scripts.

So the two things mentioned above make test automation possible, but they don’t make it essential. It is rational to engage automation testing services in your project in the following cases:

There are sets of tests that are repeated during each testing session.
The software has a complex architecture with many features.
Tests execute the same workflow but use different data for inputs.
QA engineers frequently have to enter complex data manually.
The functionality isn’t large, but you need to test it across numerous environments.

These are the main reasons to go for automation, though there might be additional arguments for specific cases. A software testing company/team can answer whether there’s a need for automated testing after they learn more about your product.

What to Automate in Taxi and Delivery Apps?

In general, you should automate any tests performed repeatedly, like the regression testing suite. Core functionality and business-critical paths should be automated in the first place. But let’s back up the theory with some examples.

Our team has a wealth of experience in testing taxi and delivery apps. We’ve learned that each project comes with its particularities, so the automation strategy for each has some nuances. Stills, there are some basic things you can automate probably for each app in this category.

Smoke and regression tests for user interface and API. Depending on the stage of development, the mechanics may differ. For example:

Developers release a feature or a build on a sandbox environment, and we run smoke tests to verify that new functionality hasn’t broken anything.
Then, this new feature proceeds to regression — that’s the time for broader automated UI testing, also in a test environment.
Working functionality in a sandbox environment doesn’t equal working functionality on prod. Thus, after the release, we run smoke API tests once more to make sure all the systems communicate as supposed on production.

Integration tests covering all the business-critical features, including:

Order placement.
Payment flow.
Adding payment methods.
Tariffication and price calculation.
Sign-up & sign-in features for clients and drivers.
Driver’s balance.

If a client plans scaling their business, performance testing becomes one more area of high priority. Automation makes it easier to check how the system responds to different kinds of loads. By measuring response and wait times, error rate, requests per second, CPU utilization, etc. we can detect the areas that require improvements. Depending on the company’s business goals, a product may require some or all of the following checkups:

Load tests.
Stress tests.
Spike tests.
Endurance tests.
Scalability tests.

Usually, a QA team focuses on the ‘client’s’ part of an application, that is frontend components end-users are going to interact with. In some cases, however, we need to go beyond that and test some backend functionality as well. It happens when developers add many custom solutions that require inspection on the component level.

Bottom Line

The benefits of automation for logistic apps are evident: it is a way to spend less time, money, and effort on routine tasks prone to human error. Besides, you may be able to cover even broader functionality than we’ve just described. For example, functional, acceptance, and accessibility testing can also be automated — the need differs for every project.

In one of the earlier posts, we talked about how to build a test automation strategy. It may be helpful if your in-house specialists don’t have much experience with automation. Another option is to outsource this scope of software testing tasks to a QA company. If you need someone to set up the process, QA Madness provides automation testing services, and you can always reach out to discuss the details.

Why Automated Testing Is a Game-Changer In Quality Assurance for Healthcare

QA Madness — Fri, 15 Jul 2022 10:05:53 +0000

The healthcare industry has a complex ecosystem that requires advanced tech solutions to both simplify the daily routines and deal with more complex tasks. These technologies, in their turn, take careful designing and testing.

When it comes to complex architecture and frequent updates - a typical case for healthcare software - test automation becomes a game-changer. Automated testing helps to minimize human error and run checkups of the entire system after the smallest code iteration without spending days for this.

Our team has some experience in testing healthcare systems and applications. And as it turns out, automation is helpful not for testing large applications only. Whenever a set of complex data comes in, automation testing services become feasible and reasonable. So I decided to tell you more about the benefits and nuances of automated testing for healthcare software.

Specific Features of Healthcare Software

Complex architecture is what makes testing the healthcare system complicated. As a rule, an application integrates several pieces of software, including at least a member system & portal and provider system & portal. Often, they should interact with the finance, broker, and claims parts.

On the other hand, healthcare software that has a less ramified structure prioritizes accuracy and preciseness. Whenever a system deals with dosage calculations, diagnosis parameters, etc., even the slightest departure is harmful to a patient's life.

Benefits of Test Automation in the Healthcare Sector

The value automation brings usually varies depending on a particular project, but there are some features all cases have in common. Therefore, automation allows a team to do the following:

Set up data-driven testing.
Increase the team's productivity.
Get faster feedback & better insights.
Speed up product updates & releases.
Make testing more cost-efficient.

Now, let's take a closer look at each of these points.

Set Up Data-Driven Testing

Healthcare applications deal with lots of personal data. From the point of view of a QA Automation specialist, all the names, phone numbers, emails, insurance numbers, etc. are nothing else than varying inputs.

Instead of entering every small piece of data manually for every test case, it makes more sense to create automated scripts using a data-driven framework that reads data from an external file. Thus, you will be able to minimize human error and achieve higher accuracy. You can also create extended data sets to apply multiple times.

Increase Team's Productivity

With automation, you will be able to spend less time on repetitive tests. The users of healthcare applications and systems perform pretty much the same action repeatedly, so the tests often focus on repetitive behaviors. Automating repeated user actions allows you to both save time and check the system dependability objectively.

Also, automation makes it possible to schedule overnight checks as well as run tests on multiple platforms in parallel. That saves a lot of time and helps to allocate QA resources smartly. Although you cannot cover all the features by automated tests, you can free up specialists to run exploratory testing and inspect those parts that require manual intervention.

Get Faster Feedback and Better Insights

Test automation helps to reduce the feedback cycle, in particular, thanks to the detailed automatically generated reports. These reports feature all the test-related data, gathering which manually would take much time. Shared access to documentation gives a team a better idea of what areas require increased attention.

Test automation tools provide better insights when a test fails. During manual testing, you need to do more of the detective work. Software for test automation shows memory contents, data tables, all the internal program states, and other statistics that make it easier to determine what exactly goes on.

Speed Up Updates & Releases

Faster feedback means faster fixes and releases. Also, it is crucial to run regression tests for all the features after the slightest changes in code. We never know how new elements will affect the rest of the functionality. In healthcare, the cost of a mistake is higher than in many other fields. It does not just profit a software bug can affect - it's human health and lives.

For example, the regression cycle may be the most time-consuming part of the check, but it's the part we cannot neglect. Thus, automating regression testing will facilitate checkup. And since the team will be able to verify the existing features alongside the new code at a faster pace, it will accelerate the release and updates.

Make Testing More Cost-Efficient

Automation of testing for healthcare products has a high ROI. Setting up the process requires higher investments, but it is a money-saving strategy in the long term. Firstly, automation speeds up software testing, and saving time means lower expenses as well. Secondly, the ability to perform tests faster results in quicker fixes and less expensive bugs.

What to Automate: Features & Types of Testing to Cover

A good manual test suite is always a background for successful test automation. Thus, aim to automate the tests that are valuable but difficult to run manually, tests that are repetitive, error-prone, and/or time-consuming. Below are some examples of such cases.

Smoke Testing

Regular smoke tests help to save a lot of time, so it is a highly recommended practice. By creating an automated smoke test suite, you will be able to determine if a build is stable and can proceed to further testing. A quick verification can run unsupervised while you deal with other tasks.

Functional Testing

The first thing that comes to mind when you speak about functional testing in healthcare is calculations. They can relate to bill generation, insurance, dosage, diagnostics, etc. QA specialists can enter several sets of data to use as inputs on a regular basis and minimize human errors during testing.

It is also a common practice to automate verifications and validations. For example, you can create reusable scripts for authorization and authentication, which come hand in hand with error messaging. Again, test automation engineers can use two sets of data - one with valid inputs and the other one with improper inputs for positive and negative testing accordingly. Thus, you will be able to check how an application behaves when it receives data that shouldn't be proceeded and with what messages it reacts to each issue.

Integration Testing

Since healthcare software consists of numerous sub-systems, it is essential to make sure all the separate components communicate with each other properly before developers connect them into a wholesome system. At this stage, we check, in particular, how member & provider apps synchronize data, how separate sequences of features work when joined together, etc.

Interoperability Testing

Unlike integration, interoperability focuses on external integrations. In other words, it checks how a healthcare system interacts with third-party software - payment systems, external databases, etc. Healthcare systems are highly configured and customized to the environment they are deployed in, so test automation helps to determine whether the actual outcomes match the predicted ones across numerous configurations and scenarios faster.

Cross-Platform Testing

Automated verification of multi-platform support is more conclusive compared to manual testing. Since a QA team can run parallel tests in different environments, the chances to reveal OS-dependent and browser-dependent bugs are higher.

Performance Testing

Performance testing encompasses several types of checkups, including essential load tests. It is critical to check how a healthcare system behaves when during peak usage and accumulating lots of data.

Compliance Testing

Healthcare software has to meet specific legal requirements to be released. It means that every change in code requires a validation analysis as well as the analysis of its impact on the rest of the functionality. It is possible to automate the process and run the tests after every change. The recordings of test results can pass for the evidence of compliance, and you won't need to print out a compliance report after each session. You can also use test reports signed with an electronic signature.

To Sum Up

Using automated testing in healthcare QA allows you to obtain highly accurate results and reduce the risks to patient safety. You get the software tested quickly across a variety of environments and released timely. The system is examined under user peaks and in conditions of data accumulation and, thus, is ready for scaling. In short, test automation helps to deliver software that is less error-prone and promises higher accuracy faster. What's that if not a game-changer?

This Is Why a Professional QA Team Should Test a Banking App

QA Madness — Mon, 11 Jul 2022 10:40:58 +0000

Every banking app has a multifaceted structure. It’s a maze of functions, policies, regulations, and designs. To ensure the accuracy of fintech applications, a company should entrust testing to a professional QA team.

The QA process is an essential part of the Software Development Life Cycle, not just a “nice to have” option. And though the majority understand this, the responsibilities of a QA engineer can sometimes fall on someone else’s shoulders, especially if we are speaking about an Agile team. However, there are many reasons why a team should not do it.

What Does Banking App Testing Cover?

As a rule, a software testing company can offer a vast test coverage or even a full cycle of QA services. That’s one of the few advantages of starting a cooperation with a professional QA provider. Depending on the particularities of a service, a QA team will suggest the ultimate coverage and prepare the right strategy.

In general, any banking app, fintech app or home bank app requires a thorough check of the following aspects:

Functionality: core user flows, user interface, business-critical features. Integration, smoke tests, UI, regression tests etc. allow verifying the features per requirements.
Security: user verification, data integrity, account protection, etc. It’s one of the key things to pay attention to in fintech and banking apps.
Availability: easy access to the core functionalities for different user groups. It implies both compatibility testing (to ensure support by different browsers and OS) and accessibility testing (to ensure that the service is suitable for users with disabilities).
Digital convergence: verification of the system as a whole. As a rule, a banking app has a complex infrastructure with multiple components included – web & mobile platforms, digital wallets, and numerous third-party services.

Why Is Banking App Testing a Task for Professional QA?

Each of the above aspects reveal the specific features of banking apps and, probably, challenges that come with quality assurance for such products. QA professionals are aware of those things and have experience of dealing with them successfully.

1. Team Members Should Remember About their Roles and Responsibilities

Every member of the team has a specific role and responsibilities based on their competencies, skills, and experience.

Developers are responsible for writing code for the future app or website, selection of the architecture’s type, analyzing feasibility of the tasks, and time estimation for implementing a particular solution.
QA engineers analyze the requirements, check the readiness and correctness of the project and its parts from the end-user perspective.
Managers monitor deadlines and team performance, and act as a key link in the communication.

So, for a QA specialist, testing is a direct responsibility. Developers and managers perform other duties in this work chain and have other tasks to focus on. Similarly, QA specialists have domain knowledge and proper training to prepare a testing strategy and run tests. The price of an error in an end-product is too high, especially when we are talking about banking software. When everyone does what they do best, the risks of slipping up are minimized.

2. Everyone in a Team Should Get an Adequate Scope of Work

Combining two or three types of work that focus on totally different things usually result in a low-quality implementation of a certain part of the project. The fact that there are different specialists in a development team speaks for itself. Moreover, QA experts can have different proficiencies and specializations within a QA team. Working with mobile applications, web apps and websites, billing, transaction systems, etc. requires a completely different approach and knowledge.

3. Specific Knowledge and Skills Help to Meet the Set Deadlines

QA engineers have the necessary skill sets for carrying out in-depth testing – from writing basic test cases to detecting unobvious errors. They check how end-users would interact with the product at greater length and in more detail.

When it comes to the development team, writing test cases for every new addition will slow down the whole process and plunge productivity (needless to mention the efficiency of such testing and employee motivation). Usually, software developers are not so enthusiastic about testing a code that they have written before.

4. Expertise & Experience Are What Makes Testing Efficient

Software testers can distinguish a bug from a feature and an issue from the requirements. Not every manager or even a developer of the highest level can do it. Moreover, an experienced QA engineer is able to detect problems before development and thus, save time on the very same development.

Developers and managers simply don’t know how to test a product as thoroughly and properly as a professional QA team (and that’s perfectly okay). They won’t run tons of different checks unlike software testers.

One more point is testing documentation. Neither developers nor managers can write test cases or checklists that will be that efficient. It is likely that managers write test cases using personal preferences instead of technical requirements. As you can guess, that is not always correct and it delays the process significantly.

In addition to that, QA engineers create test data and entities (users, products, etc.) that allow them to save time in the long run and check some points much faster.

5. Attention to Details Is Essential for Testing

One of the funny cases our QA team shared was a ticket with a localization bug. As learned from the description, the data was displayed in, let’s say, Japanese instead of English. It would be a problem if a manager who reported it hadn't forgotten to change the locale before proceeding to the functionality.

Technical requirements for a project are likely to change during coding. So, a developer can end up writing test cases for specifications that already are not relevant. That’s never going to happen if you have a QA engineer on the project. A QA team works only with up-to-date documentation and writes test cases using the latest technical requirements.

Another case is when a developer and a manager remember to check new features or parts of code but forget or are unaware of the particularities of a product’s interaction with the new code. So, the new functionality can work as expected when tested isolated and cause the failure of other features.

6. Domain Knowledge Is a Key to Quality Improvement

One more benefit of using a professional QA team for fintech apps is the recommendations on product design and functionality you can get in the process.

Stakeholders often ask to do something that:

is already implemented, but a bit differently;
won’t work due to the existing add-ons;
doesn’t make sense due to some previous implementations.

With high probability, a manager cannot understand the problem since it requires knowledge of the technical side of the product implementation.

7. Professional QA Comes with Time & Cost Efficiency

Firstly, as we mentioned before, banking app testing is not the job of developers and managers. They have their own responsibilities and KPIs. Secondly, even if they start manual testing of an app or a website, the same task for a manager would take much longer time than for a QA specialist. Thirdly, bearing in mind the tight schedule, there won’t be a possibility to test carefully and scrupulously.

As a result, we get less efficient inspection with higher probability of serious bugs on production. And as you already know, such mistakes can be pricey. Finally, developers usually have higher hourly rates. It means the expenses for testing are also higher, while the outcome is far from perfect.

8. Cooperation with a QA Provider Results in a Streamlined Process

A QA company knows how to deal with a mess in the testing or development processes that inevitably occurs in teams that lack QA resources. For example, creating tickets is one thing but providing accurate STR and expected results is totally different. And it all affects the quality of testing and an end-product.

When you are done with the mess in a QA process, you notice enhanced productivity shortly. There is a real case to support this claim. A company had a plan for six software products. While only developers and managers covered testing, the team was able to work on only two of these projects. After adding QA specialists, the team got to proceed with the rest of the initiatives in a few months.

Final Thoughts

As you can see, there is a difference between professional and amateur QA engineers. While developers and managers focus on checking how a banking app should work, the experience and ingenuity of QA engineers allow even going beyond the expected features and user’s behavior. QA specialists know the whole project in detail, see the whole picture, and can consult the clients, conduct onboarding of new employees, etc.

Engaging QA engineers at the planning and design stages allows creating good documentation that will include testing artifacts and guidelines for clients. Software testers check each task and each new feature more meticulously and efficiently. And while they are busy with what they do best, developers and managers can proceed with their own tasks.

What Is Penetration Testing and Why Is It Important?

QA Madness — Thu, 23 Jun 2022 14:58:42 +0000

Have you heard about a fish tank helping to hack a casino? Seeing something like this in a movie might have seemed like a contrived plot twist and that’s-too-much vibe. However, it happened in real life, reminding companies about the importance of security testing once again.

The Value of Security Testing

People globally have become more dependent on various digital services – from entertainment apps to video conferencing tools, telehealth services, and much more. And the more digitized the world gets, the more dangers await users online.

Engaging security testing providers in the software development process allows building a reliable infrastructure that can withstand a variety of potential dangers. Security testing goes beyond ethical hacking. It entails a quality audit of the SDLC pipeline, revision of company processes and infrastructure, and much more.

In this article, you will learn about one of the popular security testing requests – penetration testing. With penetration testing, companies can:

Detect issues and bottlenecks in working processes.
Optimize the SDLC for flawless software delivery.
Avoid data breaches or leakages and associated reputation risks.
Develop and maintain a highly secure business environment.

So let’s find out a bit more about the particularities of penetration testing and how this process goes.

What Is Penetration Testing?

Penetration testing, or simply pen testing, is a cyberattack simulation conducted with some restrictions by ethical hackers. These restrictions are what make a pentest different from an actual attack. They include:

Law (how much a team can break without breaking the law).
Time (the tests have a set timeline).
Budget (it usually depends on the time and effort required for testing).
Depth (how far the team will go to break into the system).

So technically, penetration testing is a rather careful and compromising approach to hacking. Since the specialists don’t pursue malicious purposes, they don’t go all out and respect the organization's boundaries.

Pentest Profile

Definition: a pentest (short for penetration test) is an attempt to break into a company's network to exploit its weaknesses related to technology used, established processes, and a human factor.

Provider: often an external contractor – an outsourced QA company specializing in security testing.

Purpose: to detect vulnerabilities, evaluate the potential risks cybersecurity incidents can cause, and validate the efficiency of the current security measures.

Peculiarities: the team relies on business intelligence and product peculiarities to prepare attack scenarios.

When to run:

On a regular basis to ensure efficient security management.
After modifying or upgrading software infrastructure.
Following the changes in end-user policies.
When opening a new branch office or after relocation.
After changes in a company’s business processes.

Outcomes: gathering actionable insights to prepare countermeasures for real-life attacks – prevent incidents, reinforce security, mitigate the effects of a potential threat, etc.

Value: engaging ethical hackers in testing allows companies to detect different kinds of vulnerabilities and fix these issues before attackers discover and exploit them.

What Is Not Penetration Testing?

People tend to use the term “penetration testing” as a synonym for security testing, often implying a vast range of other checks. Let’s focus on what doesn’t fall under this category (though can be equally significant for a company).

Cybersecurity technical audit – a structured process of reviewing the entire system (software and hardware configurations, company processes) according to the defined regulations and compliance standards.
App security testing – testing mobile/web applications for technical vulnerabilities (security biases) and business logic weaknesses.
Vulnerability scanning – a quick check performed using special tools and followed by automated report generation. It gives an outlook on vulnerabilities and potential security issues. Unlike pentests, it doesn’t provide sufficient information about the context and does not account for individual environments.
Red-blue teaming – cybersecurity lessons that involve two teams: offensive and defensive. The Red Team consists of external security professionals. They prepare a plan of attack based on the weaknesses in technology, processes, and people and try to access valuable assets. The Blue Team is an internal team that has to strengthen its cybersecurity strategies, identifying the critical assets and protecting them.
Internal penetration testing – a pentest performed from the company’s internal network. It doesn’t provide the full picture of vulnerabilities but shows how much damage a dissatisfied or careless employee can cause.
Bug bounty – recognition and compensation for third-party specialists detecting vulnerabilities in a system. Bug bounty is a practice used by a large number of companies, including Microsoft and Google.

Each of the mentioned cyber security checks has its value and place in the testing pipeline. Usually, one type of security check complements the other, working best in combination.

If you have a general request for security testing, ask for details – what services a company can provide and what will work best for your case.

If you come with a more specific request – for vulnerability scanning, SAST, compliance check, risk assessment, SDLC audit, or something else – make sure the activity you imply is what actually comes in this service and will be sufficient to assure security at this stage.

Penetration Testing Process

To get a better understanding of the penetration testing process, let’s look into approaches to this quality inspection and a typical workflow.

Approaches to Penetration Testing

There are several approaches to penetration testing, classified based on the testing specialist’s perspective. To be clearer, a white hat hacker can work with different levels of awareness of the system:

Zero knowledge – testing as attackers. A person hasn’t used the software before but is eager to break it, relying on the available data and experience with technologies they already have.
Full knowledge – testing as developers. People who coded the product already suspect what areas are prone to vulnerabilities. They can try to verify a hypothesis by experiment or reject it.
Some knowledge – testing as users with some data. Users are familiar with the system on the front end and use this knowledge to dig deeper into the backend.

You might have heard about similar approaches in relation to other types of testing – black box, white box, and gray box testing. Which one to use, depends on the approach a security testing provider can offer and/or how much of the information you are willing to share.

How Is It Different from a Real Attack?

Since penetration testing recreates a real attack with some limitations, the focus and mechanics of these two events will differ. As a result, the stages each process goes through are also different.

Stages of penetration testing:

Reconnaissance – exploring software and/or processes to obtain information.
Information analysis and planning attack scenarios.
Attack attempts – putting the scenarios in action.
Report – sharing the result gathered during the attack.

Stages of real cyberattacks (kill-chain):

Reconnaissance – exploring software systems and/or processes.
Weaponization – developing malware to target the discovered vulnerabilities.
Delivery – delivering weaponized malware through a phishing email or other medium.
Exploitation – breaching the system and exploiting an organization’s resources.
Installation – installing a backdoor that provides access for the intruder.
Command & control – gaining control over an organization’s network.
Exfiltration – extracting confidential data from the system.

The differences in execution, however, aren’t a reason to question the efficiency of pentests. Penetration testing enables you to work in proactive mode. Obviously, the cyber security specialists won’t deliver the attack and exfiltrate data. Still, they allow detecting areas prone to breaches, potential delivery scenarios, and ways to protect valuable data.

Documentation and Deliverables

The findings are concluded and shared with a client’s team. There are several types of documents that provide clear explanations for both technical and non-technical specialists:

Summary (for non-tech managers).
General report (for tech team).
Tech details (main source for tech specialists).
Raw data (for tech specialists).

Thus, everyone authorized to access the findings will have a report with the necessary information and relevant commentaries to get a clear picture of the company's security state.

To Sum Up

Even not-so-obvious weaknesses and vulnerabilities can lead to significant damage if explored by a malicious user. With well-planned security testing, you get an opportunity to minimize the risks of hacking software or company infrastructure. In the end, taking a proactive approach without having an immediate risk of cyber attack is always a better decision than dealing with the consequences.

How to Prevent a DDoS Attack

QA Madness — Wed, 22 Jun 2022 11:49:25 +0000

It can take ten years to build a reputation and only a few-minute cyber incident to ruin it. That's the whole concept of the significance of security testing in a single sentence. Cyber security is one of the main concerns for every digital service.

Let’s take, for instance, DDoS attacks. There are numerous services for DDoS attack prevention. However, those working to carry out the attacks are way too creative in finding new approaches.

So, by understanding what DDoS attacks are, why they happen, and what defensive measures are available, you can decrease the likelihood of your business becoming a victim of one. And this article is a good place to start.

What Is a DDoS Attack?

DDoS stands for “Distributed Denial of Service”. It’s a malicious attempt to disturb the regular server, service, or network traffic by overwhelming the target with a flood of simultaneous requests. The result is hampering an organization’s usual business operations.

DDoS attacks are more than just a bit of extra traffic. They can involve a botnet to take advantage of malware installed on the computers of unsuspecting internet users. In doing so, they co-opt thousands, even millions of computers to attack in huge numbers, far more than a website would normally be prepared to deal with.

On the other hand, tech minds have learned to create scripts and entire platforms that make DDoSing easier. One of the latest cases is the Ukrainian IT Army which has created a tool for coordinated DDoS attacks on Russian digital infrastructure. And it’s got a pretty epic name – Death by 1000 Needles. Before that, the IT specialists from Ukraine launched a couple of casual games that allowed DDoSing while playing.

DoS and DDoS Attack – The Difference

Before moving on to the Distributed Denial of Service attack prevention, let’s learn about different types of DDoS attacks.

There are DoS and DDoS attacks; one letter but many differences. The key thing to remember about DoS (Denial-of-Service) attack is that it uses only one computer. The computer labeled as the attacker sends a flood of connections to the victim. It overloads the server memory, increases CPU utilization, or uses up all its bandwidth.

In DDoS, instead of using just one computer, an attacker can have hundreds or even thousands of devices (that’s an above-mentioned botnet). Then, the hacker can start sending TCP, UDP, or ICMP connections hurtling toward a web server. This is a much more devastating attack than DoS. Moreover, it’s much tougher to withstand.

Another difference is the speed of an attack. DoS is slower compared to DDoS because the DoS attack originates from a single location while DDoS comes from multiple ones. DoS attacks can be deployed much faster. You can trace them more easily. However, you can’t say that about DDoS attacks.

Types of DDoS Attacks

There are three types of DDoS attacks: volumetric, application-layer, and protocol attacks.

Volumetric Attack

This is the most common type of DDoS attack. Bots overwhelm the network’s bandwidth by flooding it with numerous fake requests on every available port. It prevents legitimate requests to get through. As a result, the network rejects regular legitimate traffic.

Application-Layer Attack

This type of attack is hard to troubleshoot and fix since it imitates real online traffic very closely. Instead of the entire network, it targets the web application, Internet-connected apps, or cloud services.

The application-layer attack focuses on specific vulnerabilities or issues. As a result, an app cannot display content to the user. It directly affects web traffic by targeting the HTTP, HTTPS, DNS, or SMTP protocols.

Protocol Attack

Protocol attacks are typically directed at network components that validate connections – syn-flood, ping-of-death, smurf DDoS, fragmented packet. They work by delivering pings that are intentionally sluggish or faulty. It causes the network to consume a lot of memory during the verification process. Protocol attacks can also target firewalls by transmitting massive amounts of purposely erratic data.

How a DDoS Attack Can Affect Your Business

Financial Damages

While a platform is down, people cannot use it. The purchases and the flow of users stop. The consequences can be different. In the best-case scenario, a business loses only the income it could have earned during the downtime. However, an attack can cause an outflow of clients, which is really bad in the long run.

Reputational Risks

When a case goes public, users become concerned about other, more serious, issues: potential data breaches, loss of sensitive data, etc. It all tends to cause dissatisfaction with the service. Thus, preventing a DDoS attack is always about protecting your brand.

More Serious Potential Threats

Quite often, a DDoS attack is not a one-time campaign. It can be a smokescreen for other attack vectors such as malware infestation, breaches that cause data leakage, or something more serious.

The Reasons for DDoS Attacks

Now, when the implications of DDoS attacks are well-understood, we’re going to answer the eternal question of “why”.

Unfair play by competitors. The legitimate ways to knock out competitors exhaust themselves. Some take more extreme measures, choosing DDoS attacks today. So, someone hacks your site, you lose SERPs positions and user trust, while rivals get more room for maneuvers.

Political manifestation. Oftentimes, these attacks are conducted by hacktivists with a clear civil position. Now, a particularly striking example is the Russian invasion of Ukraine. The Ukrainian IT Army uses any vectors of DDoS attacks on Russian business corporations like Gazprom, Lukoil, Magnet, and different government services. The aims are:

to inform Russians who are blinded by fake-news Russian media about all terrible murders of civilians in Ukraine and bombed cities;
to contribute petitions to defend Ukrainians who are fighting for the freedom of all European people;
to stop the Kremlin's propaganda that justifies the war.

The hacker group Anonymous is known for using digital tools to undermine companies and governments, encouraging them to leave the dark side.

Fraud. Very often, hackers organize their own DDoS attacks to gain access to a computer and block the system. If the user doesn't have a DDoS protection service installed, the hacker can paralyze the system completely and then demand a certain amount of money to unlock it.

How to Know Your Service Is Under Attack

The hard part about a DDoS attack is that there are no warnings at all. Usually, customers’ complaints make business owners realize something is wrong with a website. At first, it seems the problem lies with the server or hosting. The tech team starts checking. Occasionally, they notice a huge amount of network traffic with resources maxed out. In total, it can take several hours to realize it’s a DDoS attack.

The most effective way to mitigate a DDoS attack is to determine that your service is attacked at the outset. There are some signals to indicate a DDoS attack:

the server responds with a 503 error;
too many requests for one IP;
TTL (time to live) times out;
a huge spike in traffic during log analysis solutions.

Most of these signs can be used to automate a notification system that sends an email or text to your administrators.

How to Protect Your Platform from a DDoS Attack

The best DDoS protection is to be ready for one, just in case. You need to think about the security of the site even at the early stages of software development. Check the requirements carefully. Test the software thoroughly for bugs and vulnerabilities. That’s what QA services are for, and they allow preventing plenty of risks.

1. Have a Response Plan

Prepare an incident plan to respond to DDoS attacks as promptly as possible. It should include:

clear instructions on how to react to any type of hacker attack with a step-by-step guide;
a list of all the necessary tools that can be used during a DDoS attack;
teams responsibilities;
escalation protocols;
a list of mission-critical systems.

2. Secure Your Network

Install threat monitoring systems and tools to protect your network infrastructure. Firewalls, antivirus and antimalware apps, and network monitoring software can help you keep track of the network’s baseline traffic and set up alarms during threat detection.

AWS Shield and Azure DDoS protection are two widely-used services that can help with this. They are managed DDoS protection services that can safeguard you from layer 3, 4, and 7 attacks at no additional cost. To take advantage of AWS DDoS protection, you need to make sure that you are routing your traffic through Route53 or CloudFront.

3. Mitigate Escalation

What’s important here is to leverage machine learning to understand patterns in a particular service and be able to see outliers. Those could be things like deviations from a rate perspective (gigabit for a second) or deviations from a request per second. It also can be an inability of a DDoS pot to be able to answer a challenge during a DDoS attack.

4. Have a Backup Server

Having multiple distributed servers makes it hard for hackers to attack all servers simultaneously. While they can launch a successful DDoS on a single hosting device, the rest will remain unaffected and able to take on extra traffic until the system is up.

5. Adopt Cloud-based Service Providers

Now, even though adopting the cloud will not completely prevent DDoS attacks, it will help to alleviate them. It is because the cloud has more bandwidth than on-premise resources and its structure means that many servers are not in the same location.

To Sum Up

This is the basic info about DDoS attacks you need to know. Hopefully, it will help you secure your platform and system against any ill-doings. But still, we would recommend involving QA professionals who have security testing expertise – it would be much wiser than relying on the DDoS attack prevention manuals only.

Quality Assurance, Quality Control, and Quality Management: The Must-Knows

QA Madness — Fri, 03 Jun 2022 10:28:17 +0000

Quality Control (QC), Quality Assurance (QA), and Quality Management (QM) – it can be difficult to figure out the difference between these terms. In fact, it’s one of the often-asked questions on the job interview and nuances explained to project teams members and stakeholders.

Well, it’s no wonder that people consider QC, QA, and QM the same thing. But is it really so? Or are they fully separate processes?

Apparently, all three of these terms are related to a product’s quality assurance. However, they cover it in different ways. Figuring out the QA and QC differences will help you better understand the place of a software tester in the process of quality assurance.

In addition, understanding the value of each of these strategies will help you make better business decisions – in particular, knowing for sure implementing which one will work best for your project.

QA vs QC

In a nutshell, both QC and QA focus on ensuring that software works well and optimizing the processes within your team. Besides, these terms are not unique to software development. They are also applied in project management, healthcare, manufacturing, etc. How come? We’ll take this hill one inch at a time, focusing on an explanation of the broader meaning.

What Is QC?

Quality Control is the process of monitoring and recording results of the executed quality activities to assess performance and recommend necessary changes. QC estimates if the quality of a product or service meets customer’s expectations. For this, QC specialists look for defects, identify them, and share recommendations on eliminating these defects. Quality control management includes testing but is not limited to it.

Quality control is a reactive approach focused on the end product, its functionality, performance, design, etc. It implies checking the quality after the product development but before it is packaged – whether it is an application or a chocolate bar.

What Is QA?

QA is a broader term. It’s the process of auditing the quality requirements and the quality control results to ensure that appropriate quality standards and operational definitions are used.

Quality Assurance means maintaining an intended quality level in the product or services, from the beginning of the production process to its delivery. The aim is to prevent the defects or set up the whole process in a way that allows finding these defects at the earliest stages, before the product is on the development stage. So, QA is a proactive approach intended to prevent issues before they are detected in the product.

Difference Between QA and QC in Software Testing

Now, let’s figure out the more specific differences between quality control and quality assurance. Are they that similar? We bet you won’t say so after reading the following paragraphs.

1. Scope

QA is focused on primary production. For software testers, it means that functionality, performance, and other aspects of the product meet the specification requirements. QC takes into account secondary factors such as hardware differences, API compatibility, etc.

2. Goals

QA goals are user-driven. They include minimizing the number of unexpected issues, improving the efficiency of development, and increasing the testing speed.

QC goals, in turn, are product-driven. Here, we are talking about reaching goals, making sure that the product works on different devices, checking compliance with the requirements, documenting all the processes, validating UX, etc.

Measurement & Statistics

A QA team can use check sheets, control starts, pareto charts, stratifications, as well as diagrams to measure the efficiency of the testing and development process. Meanwhile, QC teams would rather use statistical quality control techniques to measure the quality of the end product.

Summing up the quality assurance and quality control differences, you get the following:

Quality Management

For you to have a full picture of what’s going on, recall any image using an iceberg analogy. We started with the pick of the iceberg – QC. Then, we moved to its foundation – QA. Now, we are on the iceberg’s largest, most comprehensive part. Right, it’s Quality Management.

QM covers all the organizational processes. Its goal is to ensure the quality of every aspect that has a direct or indirect impact on customer satisfaction. In other words, QM covers both QC and QA.

Quality management is a structured collection of policies, procedures, and processes integrated to work harmoniously as a single system. They make it easier for the staff to achieve quality goals and objectives.

QA vs QM

QM establishes processes that are pivotal to an organization’s growth and success. It addresses quality from all possible angles, including planning, control, and improvement. Some of the most common Quality Management activities include:

Establishing sound hiring and training practices.
Carefully designing the company’s product or service.
Creating detailed problem-solving plans.
Reviewing and revising processes to ensure they yield expected results.

As you see, some of these points intersect with the QA and QC strategies. So, what's the catch? After discussing quality assurance and quality control differences, we can say that:

QC are the steps you take post factum to assure that you have met your quality goals.
QA implies, in addition to what is mentioned in the QC definition, the plans and requirements you create to provide quality products or services.
QM encompasses both of these processes.

Quality Management identifies potential for improvement while Quality Assurance checks the potential negative influences on quality. The framework QM creates will ensure a structured approach for all the QA and QC procedures.

Undoubted Advantages of Quality Management

Why would an organization want to focus on Quality Management rather than Quality Assurance or just Quality Control? It is to simplify, clarify, and control the development process.

In a nutshell, QM:

Helps you to take a structured approach to defect management. Corrective and preventive actions (also known as CAPA) are consistently undertaken based on a priority and diligence driven by risk.
Ensures that high-risk problems and issues are properly dealt with and won’t occur again. It means fewer defects and less rework at the various points of the quality control process.
Gives form and substance to your organization’s commitment to a vision and mission, linking what you aim to achieve with “who” and “how'' of your processes.

Final Thoughts

Quality Control and Quality Assurance are integral parts of Quality Management. So basically, if you decide to choose QM as the main strategy for your organization, team, or a particular product, it means all the benefits of QC and QA are already included in the package.

Quality Management is a more comprehensive, far-reaching process. Rather than relying on occasional checks and fixes, QM helps you get a view of the potential issues and risks. Thus, it enables you with tools that make it easier to forecast and prevent such issues and risks.

QC means you are ready to review the product, development strategies, and current processes. QA means you are willing to implement changes, even before you know if there are any issues. QM means you establish a foolproof strategy for the processes, and it will come with a strong guarantee that the majority of issues and risks will be prevented long before they can arise.

API Testing: A Cheatsheet for Development Teams

QA Madness — Tue, 31 May 2022 12:52:27 +0000

It won’t be right to say that some QA and software testing activities are more important than others. But if there’s something you should never skip, that’s API testing.

Being an agreement between two or more functionalities, an API can be used to enable communication between both external and internal subsystems. And the more functions communicate via APIs, the more significant it is to pay sufficient attention to the mentioned type of tests.

In this article, we’ll explain what issues API testing helps to reveal, its benefits for different team members, and the types of API testing your product may need.

What Is an API?

Just in case this topic is new for you, an API is an abbreviation for an application programming interface. It is a contract introduced by a software program that allows using any features of a particular system in a different place.

Technically, one software system agrees to address the other in a specific way. In turn, this other system guarantees to respond with the necessary information or process this data in a specified way.

Some say the best analogy to an API is an agreement. The others explain its role as an intermediary that enables clear communication between the parties. If we are to draw a parallel between an API and something familiar from our daily routines, the closest example would be ordering a meal at a restaurant.

A visitor sees a menu, chooses something, and informs a waiter. The waiter communicates it to the kitchen and comes back with the food. A guest doesn’t go to see the kitchen staff in person. Instead, there is a third party that enables their interaction and communication. That’s what an API does for software systems.

Why Do We Need API Testing?

All types of testing are meant to prevent critical bugs in production. So let us paraphrase the question: what types of mistakes does API testing help detect? This list includes:

Data transferred incorrectly and error condition failures.
Missing or duplicate functionality that affects system efficiency.
Security breaches and potential threats of various complexity and severity.
Issues with connecting to other systems through an API or receiving a response.
Slow request processing that makes it difficult or impossible to complete an action.
Multithreading issues that slow down the system.

Benefits of API Testing

As you can see from the list above, API testing allows us to detect serious issues that interfere with business performance. However, API testing also has specific advantages for different members of a project team.

For developers, it becomes much easier to find the root cause of the problem.

When a software tester sends a request to an end-point during API testing, they receive an error with a code and descriptions and see a stack trace. This information is key to solving the problem. By sharing the findings, a QA specialist points out a problematic part of the code to a developer.

Meanwhile, when testing the same functionality through a user interface, it is not always possible to understand what exactly causes the problem. Maybe a client doesn’t gather the data correctly. Maybe a server doesn’t read it properly. As a result, the team cannot be sure whether the problem lies in the API while the interface works perfectly or vice versa.

For software testers, it takes less time to prepare test data.

Let’s say a QA engineer needs to prepare specific datasets before test execution – fill in the 40-row table with specific data or something like that. Usually, in API testing, they need to do it just once. Then, a QA specialist can look at where a browser sends the test data and automate the tests. Thanks to API automation testing, it becomes much easier to work with large data sets.

For stakeholders, it becomes possible to speed up the release thanks to the early testing.

A development team creates and finalizes a user interface at the later stages after the infrastructure and back-end are ready. Meanwhile, we all know about the benefits of early testing. It helps speed up the development, refine the code, and reduce the price of mistakes. Luckily, API testing doesn’t rely on the graphical user interface. Thus, a QA specialist can work with APIs even before the front-end is ready.

Types of API Testing

There are several types of testing to run for an API. Each of them focuses on a different aspect and is equally important. Below are brief explanations you may find useful when considering the development timeline or planning the QA activities.

Functional testing, as you may already know, is meant to verify the features of the tested software against the requirements. In this case, we are speaking specifically about API functionality. Therefore, this group of tests should cover a set of API calls to check the overall system health. In the end, why do we need an API that doesn’t perform an intended function?
Security testing focuses on authentication details and data encryption. Sometimes it turns out that an API is not protected at all. As a result, an end-user can easily modify system data using an unprotected API’s endpoint, causing serious problems. This is where a security audit comes in handy, helping to detect and fix the vulnerabilities.
Documentation testing means checking the consistency, completeness, and clarity of the documentation that describes API functions. You can often find documentation testing on the list of QA services offered by software testing companies. A thorough check of the specifications can help detect issues even before the implementation, once again making the development process more efficient.
Usability testing is all about the convenience of the API interface. We don’t run the full-scale UX testing, but even a quick basic overview of UI elements that enable an API allows us to learn whether it will be convenient to operate for end-users.

API Automation & API Testing Tools

API testing is a perfect candidate for automation. By preparing the scripts and setting up applications to run the repeated tests, QA engineers can spare time for other tasks and increase the accuracy of the testing results. It is especially important if you have to deal with large datasets, which is a usual situation for APIs.

The selection of tools for API automation depends on the tech stack of the discussed project. While the most common cases are working with REST API and Postman API testing, our QA engineers always discuss the preferred solutions with the client’s tech team.

To Sum Up

You can’t say API testing is more essential than other QA activities, but it is certainly one of those you shouldn’t consider skipping. Even if you have the most talented and attentive dev team, creating a bug-free product from the first take sounds more like a fantasy than a real scenario. Defects are unpredictable. They are an unknown variable in every development process. And they tend to pop up at the seams, where smaller components and subsystems are integrated – by APIs as one of the means to connect the functionalities.

Mobile Application Testing Process: Step-By-Step Explanation

QA Madness — Wed, 18 May 2022 15:42:14 +0000

As the internet penetration increases and smartphones become more affordable, the use of mobile applications globally also increases. Probably, there’s an application for everything nowadays – from government and banking services to fitness, learning, games, and much more. And if you are planning to add a new title to this collection, it’s still a good idea. With research and careful planning, it is possible to find the right audience for a product in no time.

There is one thing we keep emphasizing when it comes to planning. It is crucial to remember about the QA part and always count for the application testing process in the estimates. Software testing is essential if you want to release a product that works as supposed. However, some teams rely on developers testing their code, which isn’t the best solution. Those who understand the significance of professional expertise sometimes start looking for QA resources after coding is finished, forgetting that testing can be a lengthy process.

We decided to break down the mobile app testing process to help you get a better understanding of how it goes and what happens at each stage. Hopefully, project planning will become more clear with this information.

Step 1. Discussing the details.

Every partnership begins with discussing the common goals. This rule works for software testing as well. Companies contact us while they are doing research on mobile app testing providers. At this stage, you can have a call with our QA specialists. You can tell about your project and learn more about the services and solutions we offer.

Then, it will take a day or two to prepare an estimate of the project. If it meets your technical requirements, cost, and deadlines, we can move on to signing an agreement (MSA, NDA, or other documents you prefer). However, testing doesn’t always start immediately. It may take time to finish the current projects and have free testers to start working with your app. Therefore, it makes sense to start looking for a QA partner in advance.

Step 2. Assigning specialists and onboarding.

After the agreements are signed, we select a person (or a QA team) that will work with your mobile app. When choosing candidates for your project, we look for someone with relevant skills and domain knowledge in your niche. Clients can view portfolios and interview each person before deciding who will get to test your mobile application. Then, we will need to agree on bug tracking, communication, and project management tools. The specialists joining the project may need access to your Jira, Slack, etc.

Step 3. Defining the test scope.

We can run a variety of testing activities. However, companies don’t always need the full package when it comes to testing a specific product. The essentials of mobile QA include functional, UI, compatibility, and regression testing.

Functional testing verifies that actual software features meet the initial requirements – in other words, work as expected.
UI testing focuses on layout and graphical elements that enable interaction with backend functionality (everything you can click).
Compatibility testing allows learning how a mobile application works on various devices by installing it on smartphones with different software and hardware.
Regression testing takes place after the defect fixing. It is essential to make sure that the recent changes haven't affected the bug-free functionality.

Depending on the type of application, its complexity, target audience, and some other factors, you will need to add several other testing activities to this list. The software testing specialists will probably recommend running some of the following types of testing:

Performance testing helps to discover the potential flaws in software performance, like slow loading, inability to withstand intense traffic, abnormal utilization of CPU, etc.
Integration testing is a way to ensure that different parts of the application work normally together. We run this one after developers add new features.
Accessibility testing allows us to learn if a mobile application is digitally inclusive. In other words, we check if the app is easy to use for people with different disabilities.
Localization testing verifies that an application is adjusted for audiences in different countries by reviewing content and settings in different locales.
Acceptance testing occurs at the final stages when we already have an app potentially ready for the release and need to learn how users feel about it.
Security testing allows you to verify that all user data is safe and no unauthorized access is possible. It is of great importance since even entertainment apps often require and process payments, needless to mention financial and healthcare applications that deal with lots of sensitive data.
Exploratory testing is a type of manual testing that aims to check an application without relying on pre-written cases or other documents. QA engineers rely on their experience and intuition to find defects while modeling various user paths.

Some clients come with a clear vision of the scope of services they need. The others don’t know much about software testing and QA activities. And it’s all okay. We always make sure to help you figure out the important details. Also, we recommend only those things your project needs at the moment and don’t offer something extra just for the sake of selling.

Automated Testing Process

The need for automation arises later during the project. To proceed to automated testing, an app needs to have at least some stable functionality. If you are not sure if test automation is going to benefit your project, our team can analyze the situation and say for sure.

As for the process, test automation specialists discuss coverage with a client and prepare test scripts for the agreed functionality. With time, the AT test suite can grow or change if the product keeps developing.

User Testing

By user testing, people mean UAT, which is short for user acceptance testing. There’s a slight difference between these two processes. The service we provide implies that the QA Madness team acts as a group of alpha or beta testers. Meanwhile, UAT means assembling a focus group of random target users that will interact with the application and provide feedback.

As a rule, acceptance testing by a QA company is enough to learn whether a product is ready for launch. Acting as a third party, we provide an unbiased opinion on the product quality and through careful analysis and detailed reporting share conclusions on how to improve the product.

Step 4. Defining device coverage.

After discussing what to test, it is essential to finalize the list of devices that will be used during the process – on what to test. Again, a client can request specific devices the team should use or leave this decision for the QA team.

When making up this list, it is significant to choose smartphone combinations that will vary based on the following criteria:

Device manufacturers.
Screen sizes.
OS and their versions.
Browser versions.

It makes sense to test on devices and software that are popular in the target market since the dominant smartphones vary based on user geography.

Step 5. Preparation of test artifacts.

The next step is to create testing documentation, or test artifacts. The documentation helps to structure the testing process. While QA engineers have a plan and a strategy to follow, stakeholders understand the scope of work and the sequence of events better. There are several documents that can regulate the testing process.

QA Strategy describes all the quality-related procedures that will take place during the project. It goes beyond software testing, usually including business analysis and audit as well.
Test Plan includes all information related to the testing of a specific product – from goals and objectives to the detailed description of the testing activities that will take place.
Test Strategy serves as a guideline for a QA team. It states the purpose of testing, lists types of testing that will be applied, environments and tools to use, and explains such important moments as the general approach, issue severity and priority, defect life cycle management, etc. It features only a part of the information provided in a Test Plan and can be included in the plan.
Test Case describes a set of actions a QA engineer should execute to verify a particular feature. The document also features a summary of the case, preconditions, and expected and actual results.
Checklist is a document with a brief description of the functionality that should be checked. It doesn’t describe a step-by-step procedure but rather provides summaries of all actions.

These documents help to keep the testing process well-organized. Not all of them are essential per se. We decide which to use depending on the need for testing and project particularities.

Step 6. Running tests.

So the documents are ready, and the QA specialists can start scrutinizing the mobile app functionality. We have a scope of prepared test cases and set deadlines, so all that’s left to do is start checking the agreed aspects one by one. The QA specialists find, record, and track defects to provide the reports that will be helpful for the development team.

Step 7. Reporting and deliverables.

The list of deliverables is discussed by the parties and stated in the test documentation. Usually, a specialist logs bugs in a project management system (Trello, Jira, etc.) or records in a document (Spreadsheets, etc.). We always discuss what would be more convenient for a client.

In addition, we can provide test reports, test cases, and checklists. You already know what checklists and test cases are (we’ve explained it when talking about the test artifacts). The final version of a checklist and test cases that will be sent to clients always includes the status of each position: passed, failed, or other options specified in the documentation.

As for the test reports, they summarize the results of the testing activities. Such document will feature an objective and summary, activities, and defect information. The latter specifies different aspects of a defect. For example, you can indicate how many bugs of each severity level have been detected, specify the number of defects found at each phase, and so on.

Bottom Line

After we finish mobile application testing and provide the deliverables, your development team can start working on fixing the defects. The duration of the entire testing process always varies depending on the complexity of an application and the scope of work. The only thing that remains the same is the positive outcome. Software testing isn’t the only thing that determines a product’s success after the release. However, it gives you confidence in the final product and becomes a competitive advantage for the product.