Whitepapers

A New Approach to Application Security Testing Tool Design

Testing web applications for security is fundamentally harder than testing them for functional correctness . Furthermore, since web application security testing is a recent concern, its automated tools are relatively immature. While it is true that automated testing is only one element of a multi-pronged approach towards ensuring application security (that also includes threat modeling, code scanning and code reviews) it is also true that the availability of effective automation tools can make a huge difference in the quality of security testing possible. It therefore makes sense to examine the current limitations of automated security testing tools and consider how they can be improved and made more relevant to the problem they aim to solve.

By Rajendra Gokhale and Madhura Halasgikar - Aztecsoft itest

Download a PDF of this whitepaper
Download Whitepaper
Agile Methodology

By various authors at Aztecsoft

The term 'agile' is a philosophy and is a conceptual framework for undertaking software engineering projects.Most agile methods attempt to minimize risk by developing software in short time boxes, called iterations. Each iteration is like a miniature software project of its own, and includes all of the tasks necessary to release the mini-increment of new functionality: planning, requirements analysis, design, coding, testing, and documentation. While an iteration may not add enough functionality to warrant releasing the product, an agile software project intends to be capable of releasing new software at the end of every iteration.

Download PDF
Download Whitepaper
Are We Done Yet?

During the release process of a software development project, every test manager will be asked to answer the question, "Are we done yet?" several times. More often than not, important stakeholders pay scant attention to this question until it's very difficult to expand the test effort. Stakeholder views vary widely, all the way from "All we need is one more smoke test by the whole team" to "we can't even call this a beta yet".

By Sanjay Jejurikar, CTO, Aztecsoft itest

Download PDF
Download Whitepaper
Challenges In Security Testing Of Web Applications

By Rajendra Gokhale and Susheel Kumar Sharma, Aztecsoft itest

Security testing for web-based applications is fundamentally different from functional testing in a number of ways. This fact should impact how we test web applications for security. In order to devise an effective methodology for Web Application Security Testing, we must first understand its unique challenges. This paper attempts to identify these challenges in the hope that this information will serve as useful input for developers of security testing tools and test managers for security projects.

Download PDF
Download Whitepaper
How to Design Test Strategies that Support Business

How do we determine the value of a business objective (and its correlating quality objectives)? That depends on how the designers, marketing managers, and other stakeholders look at it. But the value of a given business objective depends a great deal on our confidence that we can ship the product that fulfills it.

By John Scarborough, Vice President, Technology Solutions Group

Download a PDF of this whitepaper
Download Whitepaper
Interoperability Testing for Web Services

Dow Jones, the publisher of The Wall Street Journal and Barron's, uses XML and Web services to weave together the daily data-feeds from over 100 sources like Morningstar, the Associated Press, and Lipper to produce the intricate tabular formats of its newspapers' financial reports. The 15 disparate legacy systems whose output Dow Jones used to coordinate manually are still in service, but the coordination is now handled by a "content acquisition platform" that is maintained by several Web services running on Microsoft BizTalk servers. Such a complex system needs systematic testing. Web services' use of standard Internet protocols makes them accessible to any computer on the Internet, but those standards are frequently updated, are open to interpretation by developers, and are deployed differently by tools that develop Web services.

John Scarborough, Vice President, Technology Solutions Group

Download a PDF of this whitepaper
Download Whitepaper
Managing QA for Software Patches

Whereas version updates of software may include feature enhancements as well as several bugfixes, patches typically include only one bugfix or at the most a cluster of bugfixes addressing a single defect. Vendors are willing to undertake comprehensive quality assurance for version updates. But the same vendors assume that a patch requires much less effort, because its scope of impact is presumed to be restricted. They may only require that new code pass its unit tests, or a few hours of ad hoc testing. From the standpoint of best practices in QA, though, this is very risky. We propose that risk mitigation be as carefully considered for software patches as for version updates, up to and including the identification of software metrics by which the quality of software patches can be confidently assessed.

By various authors at Aztecsoft itest

Download a PDF of this whitepaper
Download Whitepaper
Methodical Approach to Creating a Test Automation Strategy

In today's environment of plummeting cycle times and mounting budget pressures, test automation has become an increasingly critical and strategic necessity. Software test automation has the capability to decrease the overall cost of testing, and improve software quality. Test automation raises people's hopes yet it often frustrates and disappoints them.

In this paper we will discuss Aztecsoft' iTest's Test Automation Strategy Service which offers a complete solution to this challenge. We have a rich experience of executing product focused test automation, and have carried out Test Automation projects for a number of very demanding situations. Using this practical experience we have designed a systematic methodology for Test Automation.

By Abhijit Nadgonda, Abhay Joshi and Ramanath Shanbhag - Aztecsoft itest

Download a PDF of this whitepaper
Download Whitepaper
Multimedia Interface Testing - Aztecsoft Recommended Approach and Execution Model

The purpose of this document is to provide an approach to Customer Inc. to help test their new platform/framework for multimedia on mobile devices. The approach is based along three lines of action:

By Vishal Talreja

Download a PDF of this whitepaper
Download Whitepaper
Performance Testing for AJAX-based Applications

The AJAX model of development for Web applications has rapidly gained a lot of popularity because of its promise of bringing the richness and responsiveness of desktop applications to the web. AJAX implementations are fundamentally different from other web implementations in two respects - they make asynchronous requests for parts of the web page. Techniques routinely used for performance testing of traditional web applications need to be modified and enhanced to suit the needs of AJAX-based applications. Using Google's "Google Select" service as a case study we examine the unique challenges of carrying out performance testing of AJAX-based applications and offer suggestions for overcoming them.

By Rajendra Gokhale, Aztecsoft itest

Download a PDF of this whitepaper
Download Whitepaper
Practical measurement of Outsourced Product Testing
This paper won the Testing Leadership Award at QAI Software Testing Conference 2007

The success of an outsourced product testing effort is a function of a number of factors, not all of which are easily measurable. Traditional metrics used for this have tended to focus on objective attributes such as 'productivity per tester' but have generally ignored more subjective factors such as 'quality of communication between client and vendor teams'. This paper describes a methodology used at Aztecsoft named 'Service Measurement Methodology' that seeks to address these shortcomings of traditional approaches. We outline limitations of traditional approaches and describe the 'Test Quality Index (TQI)', a metric that addresses many of these limitations.

Over the past few years we have collected large quantities of data to test the efficacy of the approach described here. We conclude by presenting this data and comparing the efficacy of our approach with that of traditional approaches such as the 'Customer Satisfaction Index'.

By Sanjay Kulkarni, Aztecsoft itest

Download a PDF of this whitepaper
Download Whitepaper
Scalability Factors of JMeter In Performance Testing Projects

Various flavors of load generation tools are available to simulate the expected load levels on servers, network or web application to test their ability to sustain concurrent heavy load under realistic conditions. In order to carry out effective performance testing of web applications one has to ensure that sufficiently powerful hardware is used to generate required load levels.

The Performance Engineering group from Aztecsoft's Expert Services Group attempted to create such a model for Performance testing tool "JMeter". We have created an experimental setup wherein we measured the sensitivity of JMeter performance to some of the factors described above and used this data to construct the model.

By Budhaditya Das and Priyanka Mane - Aztecsoft itest

Download a PDF of this whitepaper
Download Whitepaper
Web 2.0

By various authors at Aztecsoft

Web 2.0 is the business revolution in the computer industry caused by the move to the internet as platform, and an attempt to understand the rules for success on that new platform. Chief among those rules is this: Build applications that harness network effects to get better the more people use them.


Download PDF
Download Whitepaper