Choose prosperity in love
8 months ago
Friday, February 20, 2009
Friday, January 30, 2009
Friday, January 23, 2009
OWASP Testing project
The OWASP Testing Project has been in development for many years. With this project, we wanted to help people
understand the what, why, when, where, and how of testing their web applications, and not just provide a simple checklist
or prescription of issues that should be addressed. The outcome of this project is a complete Testing Framework, from
which others can build their own testing programs or qualify other people’s processes. The Testing Guide describes in
details both the general Testing Framework and the techniques required to implement the framework in practice.
More on http://www.owasp.org/
15 QTP sites/blogs/groups/forums
 QTP on Easy way to automate testingThere are a lot of QTP videos. Each QTP text tutorial contains screen shots. So, this is a well-illustrated blog containing interesting info for QTP newcomers and professionals. You can find here different QTP videos and tutorials. Example QTP video #1, #2, #3, #4, etc. To get new QTP videos and articles automatically, you can subscribe to blog. |
 QTP Google groupThis is a moderated QTP group. A great place for newcomers and professionals to improve knowledge and experience in QTP. This is a very big QTP group - more than 1250 members as at Jan 19th, 2009. So all issues will be resolved quickly. You can subscribe to this group here. Before posting, please read Rules, FAQ, and others pages. |
 Quality Center on HP ForumsOffice HP forum for all questions related to HP Quality Center. Unfortunately, there is no subbranch of QTP-related questions. There are a lot highly professional specialists on this forum, so visit this forum from time to time to improve your professional skills. |
 QTP on SQAForumsThis is a QTP branch of SQAforums site. Moderated forums where you can find solutions to different QTP questions. As a bonus, several HP QTP Support engineers share their knowledge and experience. Before posting, please read forum guidelines. |
 AdvancedQTP siteGreat site containing unique and interesting information about QTP. Authors publish periodically articles about non-documented QTP features, investigations, books, etc. Site contains internal forum. |
 KnowledgeInbox by Tarun LalwaniTarun Lalwani is well-known in QTP global community as a highly professional QTP engineer. His site contains a lot of artciles about different QTP features and topics - Descriptive Programming, VBScript, and even original QTP tools. |
 Software Iinquisition siteAmazing site! Definetely, you will like their simple and clear QTP articles. Authors (Marcus Merrell & Will Roden) describe parts of their Software Inquisition Foundation Library for QTP (a kind of QTP Framework), and many others interesting things. |
 Stefan Thelenius' blogDon't want to waste your time developing and implementing Test Automation report, Test Suite Driver Script, and others interesting things? Read Stefan's blog. |
 HP QuickTest Professional Software siteOfficial HP QTP's site. There is a lot of related information - documentation, demos, guides, downloads, news, and so on. |
 'Automated Chaos' blogThe blog does not contain too many QTP articles, but all of them are interesting and unique. Use this practical experience to save your time while debugging your QTP script or implementing QTP framework. |
 Ankur Jain's blogYet another great blog about QTP and QTP-related issues. Ankur has the ability to describe complex things in simple terms. Also, it's possible to ask questions in comments or on local forum. |
 Theo Moore's blogTheo Moore is a man who knows everything :) As for QTP, readers will find different articles to extend their theoretical knowledge and improve their practical experience. |
 HP Advanced Self-Solve Knowledge Search'Knowledge Base' of QTP-related articles, manuals, documents, webinars, and others extremely useful documents. Many artciles contains 'must know' technical information. Greate place to prepare for QTP certifications. This site requires HP login. |
 QTP on tdforumsThere is another good forum about QTP. Also, TDForum contains great info about working and tuning of Quality Center. Site requres registration from corporate (not public) email account. |
 Mohan Kumar Kakarla's QTP blogSite contains QTP scripts which can be a core of QTP Functions library. Real-life examples. |
Other Blogs
http://quicktesthp.blogspot.
http://
http://qtp.blogspot.com/
Thursday, September 11, 2008
Useful website on Interview questions for Testing
Listed based on categories.
http://interview-questions.googlemashups.com/
Thursday, September 4, 2008
Fuzz Testing
Fuzz testing or fuzzing is a software testing technique used to discover coding errors and security loopholes in software, operating systems or networks by inputting massive amounts of random data, called fuzz, to the system in an attempt to make it crash. If a vulnerability is found, a tool called a fuzz tester (or fuzzer), indicates potential causes. Fuzz testing was originally developed by Barton Miller at the University of Wisconsin in 1989.
Fuzzers work best for problems that can cause a program to crash, such as buffer overflow, cross-site scripting, denial of service attacks, format bugs and SQL injection. These schemes are often used by malicious hackers intent on wreaking the greatest possible amount of havoc in the least possible time. Fuzz testing is less effective for dealing with security threats that do not cause program crashes, such as spyware, some viruses, worms, Trojans and keyloggers.
Fuzz testing is simple and offers a high benefit-to-cost ratio. Fuzz testing can often reveal defects that are overlooked when software is written and debugged. Nevertheless, fuzz testing usually finds only the most serious faults. Fuzz testing alone cannot provide a complete picture of the overall security, quality or effectiveness of a program in a particular situation or application. Fuzzers are most effective when used in conjunction with extensive black box testing, beta testing and other proven debugging methods.
____________________________________________________________________
A fuzzer is a program that attempts to discover security vulnerabilities by sending random input to an application. If the program contains a vulnerability that can leads to an exception, crash, or server error (in the case of web applications), it can be determined that a vulnerability has been discovered. Fuzzers are often termed Fault Injectors for this reason, they generate faults and send them to an application. Generally, fuzzers are good at finding buffer overflow, DoS, SQL Injection, XSS, and Format String bugs. They do a poor job at finding vulnerabilites related to information disclosure, encryption flaws, and any other vulnerability that does not cause the program to crash.
Tools like iDefence ComRaider can help you to do this job. Install it from
http://labs.idefense.com/software/fuzzing.php#more_comraider
Thursday, January 3, 2008
Web Testing Tools
This tools listing has been organized into the following categories:
- Load and Performance Test Tools
- Java Test Tools
- Link Checkers
- HTML Validators
- Free On-the-Web HTML Validators and Link Checkers
- PERL and C Programs for Validating and Checking
- Web Functional/Regression Test Tools
- Web Site Security Test Tools
- External Site Monitoring Services
- Web Site Management Tools
- Log Analysis Tools
- Other Web Test Tools
What to Measure In Software Testing
There are well defined quantified metrics and metrics systems available today in software testing. Following are few metrics to measure in software testing.
1. Test Coverage: (Tests Conducted / Total Tests) * 100
2. Test Effectiveness: (Bugs Found in Test / Total Bugs Found) * 100
3. Team Test Effectiveness: (Bugs Found by Team / Total Bugs Found) * 100
4. Automation %: (Tests Automated / Total Tests) * 100
5. Automation Effectiveness: (Automated Tests Not needing maintenance / Tests Automated) * 100
6. Automation test coverage: (Automated Tests Conducted / Total Automated Tests) * 100
Subscribe to:
Posts (Atom)
Posts
