Task 3

SDLC models:

Below is the list of different SDLC models:

1. Waterfall Model
2. V-Model
3. Incremental Model
4. RAD Model
5. Iterative Model
6. Spiral Model
7. Prototype Model
8. Agile Model

STLC and it's Stages:

STLC (Software testing life cycle) is sequence of specific tasks that are carried out in an order to evaluate the functionality of a software application and ensure that the application is defect free and validate that the business criteria is met.
The different stages of STLC are:

1. Requirement analysis:

This is the first phase of STLC life cycle, in this phase the testing team analyses and understands the client requirements and interacts with them incase more information is required to understand in detail about the application's functionality. In this phase the testing team prepares requirement traceability matrix and identifies the environment to execute the test cases.

2.Test Planning:
In this phase, Senior QA managers determine the test plan strategy, efforts, and cost estimates for the project. They also decide on resources, test environment, limitations, and the testing schedule.

3.Test case development:
In this phase the team comes up with all possible scenarios covering both positive and negative test cases in order to test the application

4.Test execution:
In this phase the team executes the test cases and logs defects based on the expected and actual results and verifies the bug fixes.

5.Test closure:
This is the last phase of STC where the team reviews test results, prepares test summary reports and provides QA sign off.

List of potential risk factors to consider for a web-based application:

1. Injection: Injection or SQL injection is a type of security attack in which the malicious attacker inserts or injects a query via input data (as simple as via filling a form on the website) from the client-side to the server. If it is successful, the attacker can read data from the database, add new data, update data, delete some data present in the database, issue administrator commands to carry out privileged database tasks, or even issue commands to the operating system in some cases.

2.Sensitive Data Exposure:
As the name suggests, this means that sensitive data stored is leaked to malicious attackers. This information can include personal data like name, address, gender, date of birth, personal identification numbers like Aadhaar card number or SSN, etc., financial data like account number, credit card numbers, health-related information, etc. This can result in a monetary loss if the attacker uses the financial information of users to carry out online payments (in most cases to cryptocurrency), identity theft, and reputation loss.

3.Using Components with Known Vulnerabilities
Most websites today depend on component-heavy development patterns, which means that in some cases it is possible that the development teams do not even know the internal working of the component. This means, if the component used is itself vulnerable to threats due to some broken code, incorporating it with your application can induce threat vectors as well. This also comes if you’re using older versions of the components or nested dependencies.

Difference between QA and QC:

Quality Assurance (QA):

• It focuses on providing assurance that the quality requested will be achieved.
• The aim of quality assurance is to prevent defects.

Quality Control (QC)

• It focuses on fulfilling the quality requested.
• The aim of quality control is to identify and act on fixing the defects.

Difference between Manual and Automation testing:

MANUAL TESTING:

• In manual testing, the test cases are executed by the human tester.
• Manual testing is time-consuming.
• Manual testing doesn’t use frameworks.
• Manual testing is not reliable due to the possibility of manual errors.
• There is no need for programming knowledge in manual testing.

AUTOMATION TESTING:

• In automated testing, the test cases are executed by the software tools.
• Automation testing is faster than manual testing
• Automation testing uses frameworks like Data Drive, Keyword.
• Automated testing is more reliable due to the use of automated tools and scripts.
• Programming knowledge is a must in case of automation testing as using tools requires trained staff.