Software Quality and Test

Software Quality & Testing techniques

1. Selenium(Selenium automates browsers) - Selenium IDE, Selenium WebDriver, Selenium client API, Selenium Grid, Selendroid, Appium

2. Unit Testing - JUnit, NUnit etc.

3. Mutation testing

   Mutation tests your suite rather than your application. Introducing small errors (called mutations) into your application (errors that are not supposed to fix bugs or provide new functionality) to see if your test suite picks them up.

4. Mockito

5. SoapUI (REST & SOAP Testing Tool)

6. TestNG

7. Browser debugging (Console, Firebug etc.)

8. Postman

9. Fiddler

10. Refactoring

11. Debugging

12. Serenity (Automated Acceptance testing)

13. FindBugs

14. Java Performance Optimization

15. JRat

16. JMock

17. SonarQube (Code Quality)

18. Cucumber

19. Test Automation

20. Whitebox testing (Test source code flow)

21. Blackbox testing (Test UI functionality of application)

22. Boundary conditions

23. Acceptance testing

24. System testing

25. Integration testing

Integration tests demonstrate that different pieces of the system work together. Integration tests cover whole applications.

26. Unit Testing
27. Regression testing

The idea of regression tests is to make a change to your application as required for bug fixing or new functionality, and regression testing will hopefully catch any problems (or regressions) with your changes.

28. Apache JMeter
29. GUI testing
30. TestFX
31. MSTest, JBehave, Karma, Protractor and Microsoft UI Automation
32. REST Assured
33. DBUnit
34. cURL
35. Arquillian
36. Cypress
37. QTP (Automated Functional Testing tool)
38. Capybara (Web-based test automation software that simulates scenarios for user stories)
39. Fundamentals of software testing and quality
40. Logs
41. Test Containers
42. WireMock
43. Lombok: Introduction to Project Lombok by baeldung

Penetration Security Testing

Ethical Hacking: Ethical hacking is legal since the purpose is to find weakness in the system or network. It recovers lost information, especially in case you lost your password and puts adequate preventative measures in place to prevent security breaches.

Penetration testing: Penetration testing try to exploit the vulnerabilities in a system. Penetration testing involves network penetration testing and application security testing. It also controls and processes around the networks and applications.

Penetration testing is a usually a form of black box security testing. In a pen test you are trying to break into the server as many times as possible and report back on how they where able to break in. This is often done multiple times to make sure that the patches hold water. This is an important type of security testing because its as real world as it gets. Regular penetration testing is a requirement of the PCI-DSS. Common tools for web application penetration testing are Acunetix($), NTOSpider($$$), w3af(open source) and Wapiti(Open Source). For other types of penetration testing it is common to use Metasploit(open source), OpenVAS(open source), NMAP and THC-Hydra.

By contrast in it white box testing you have full access to the source code. You can enable drugging on the application to get better test results from scanners like Acuenetix. You can also use Source Code Analysis Tools such as RATS(Open Source) and Coverity($$$$$).

There are 2 different forms of Denial Of Service attacks. The most simple is a Distributed Denial of service attack in which the hacker is using a bot net to flood your server with traffic. This traffic could be an ICMP Ping, or even a simple HTTP GET request. Cisco has a number of very expensive products to help prevent this type of attack.

Another form of Denial Of Service is when there is a problem with the server its self. When this type of security flaws are found its often given a CVE number becuase it is a violation of CWE-400. This is commonly due to an arithmetic overflow or stack/heap based memory corruption (a buffer overflow or dangling pointer). To prevent these types of attacks you should make sure that your software is up to date. Its not often that an 0-day DoS attack is used in the wild.

Monitoring and Performance tools

1. JConsole (Packaged with JDK)
2. Apache JMeter
3. Java Performance Optimization
4. Java Mission Control (JMC)
5. VisualVM

Frameworks (A framework is simply a set of libraries that are used to develop code on a particular platform or on multiple platforms)

1. Selenium (Selenium automates browsers) - Selenium IDE, Selenium WebDriver, Selenium client API, Selenium Grid, Selendroid, Appium
2. Spock Framework
3. Spring Test
4. Robot Framework

Design Patterns

1. Strategy Pattern(Dependency Injection)
2. Observer Pattern(Event Listener)
3. Builder Pattern( While Writing Unit Tests )
4. Factory Pattern(Web framewroks)
5. Facade(REST)
6. Singleton
7. Software Testing Anti-patterns

Design Principles

1. SOLID

Tutorials & Training

1. Using Cucumber with Selenium
2. On Test Automation (Bas Dijkstra)
3. Page Object Model (POM) & Page Factory in Selenium: Complete Tutorial
4. Understand Stub, Mock and Fake in Unit Testing (C#)
5. Test Automation Guru

• Selenium WebDriver – Scriptless Page Object Design Pattern

6. ToolsQA

Interesting Articles % Sites

1. 10 Essential Unit and Integration #Testing #tools for #Java Programmers
2. Must Read, Great Read: Software Testing Anti-patterns
3. Application Security Testing on Cloud and the Future of Penetration Testing
4. 37 Most Powerful Penetration Testing Tools (Security Testing Tools)
5. Fundamentals of Testing
6. Using Mockito with JUnit 5
7. Test automation training is broken. Here's how to fix it
8. Software testing as a career
9. Periodic Table of Testing
10. Top 10 Websites Every Software Tester Should Follow in 2018
11. Top 5 Java Test Frameworks For Automation In 2019

Video

1. Simon Stewart, Selenium State of the Union (Youtube)
2. ToolsQA (Youtube)

Books

1. Growing Object-Oriented Software, Guided by Tests (Beck Signature)
2. Selenium Design Patterns and Best Practices
3. Pragmatic Unit Testing in Java with JUnit

Certification

1. ISTQB foundation level
2. ISTQB sample papers