Simplistic understanding on what web services really are

Web Services

Web service is a technology to connect services. The technology in the web services is used to make the connection between the services.Web services are client and server applications that communicate over the World Wide Web’s HTTP. As described by the World Wide Web Consortium (W3C), web services provide a standard means of interoperating between software applications running on a variety of platforms and frameworks.Web services are characterized by their great interoperability and extensibility. Web services can be combined in a loosely coupled way to achieve complex operations. Programs providing simple services can interact with each other to deliver sophisticated added-value services. 

The primary key elements of the web services are as 

• Repository 

• Messaging 

• Service 

    

                           

Types of Web Services 

• SOAP

• REST

• JSON

SOAP 

The SOAP stands for Simple Object Access protocol developed by Microsoft .It is a protocol for exchanging the structured information in the implementation of the web service. The Soap introduces extensibility, neutrality and independence .In the soap service the XML is used as the messaging language with reliance of web protocol of HTTP or SMTP .It is more rigid kind of messaging pattern due to the rules in place which are required for standardization. Soap can be used across  platforms like windows , Linux etc…

                                                              

Soap Body 

REST 

Also referred as a RESTful web service -- is based on representational state transfer (REST) technology, an architectural style and approach to communications often used in web services development.it is a resource based.It is based on client-server architecture In a RESTful Web service, requests made to a resource's URI will return a response that may be in XML, HTML, JSON or some other defined format. 

                      

The response may confirm that some alteration has been made to the stored resource, and it may provide hypertext links to other related resources or collections of resources. Using HTTP, as is most common, the kind of operations available include those predefined by the HTTP verbs GET, POST, PUT, DELETE and so on. Each message is self-descriptive as the server here is stateless By making use of a stateless protocol and standard operations, REST systems aim for fast performance, reliability, and the ability to grow, by re-using components that can be managed and updated without affecting the system as a whole, even while it is running.

JSON

Json is referred as JavaScript object notation. Unlike the Soap and Rest service which uses XML as the messaging pattern, the JSON uses a subset of Javascript 

   

                     

The Request-Response JSON pattern is very similar to that of SOAP based web services in Application-server. The web service is implemented using a program in Application-server. The program has input and output data formats, described using language structures and Application- server is responsible for transforming incoming JSON messages into application data, and linking to the application. The application returns output data back to Application-server, and server transforms this into JSON data to return to the client.

A brief overview on Security Testing

Security Testing :- It is the testing done in order to check the security weakness of the system.The process which is done with an intend to reveal the flaws in the security mechanism of a system.The security testing, which is done in order to check the security flaws reveals the loopholes in the system doesn’t assure complete flawless system.                                                                                                                

Few Common types of Security Testing are as below

· a)    Vulnerability Assessment Test
  b)  Penetration Test
  c)  Runtime Testing
  d) Code review

Security testing the fields which are kept under check and are validated by the testing team are as follows:

• Authorization: If a user has an access to the system, access to valid users only.      
• Authentication:Identity of Person.An origin of the product.  
• Encryption or Decryption: - No third party access to enter into the system. Only client & Server
•  Confidentiality: user data and details are kept confidential and not shared with any third party.
•  Integrity:-Same data across and no modification with data  
• Availability: - Data is available whenever the need arises.

Techniques which can be used in the application assessment

Dynamic analysis: In this automated runtime testing is conducted, where-in dynamic analysis tool automatically executes the attacks on the application and analyses the results.Tools which are used for this are HP Web Inspect, IBM App scan, Accunetix

 Static Analysis -This is reviewing of code with the automated process.In this process, the tool is hooked with the compiler to understand the flow of data.This is more effective In understanding the input validation Vulnerabilities such as SQL Injection. Tools which are used for this are HP Fortify, IBM App scan.

References

https://en.wikipedia.org/wiki/Security_testing

System integration :Testing of system as one.

System Integration Testing is a process of verifying that the system meets its requirements, and validating that the system performs in accordance with the customer or user expectations.

                 System integration testing involves the overall testing of a complete system of many subsystem components or elements. The system under test may be composed of hardware, or software, or hardware with embedded software, or hardware/software with human-in-the-loop testing. The system integration process starts with assembling the constituent parts of a system in a logical, cost-effective way with an exhaustive checking of system execution including a full -functional check out

                                       

System  integration Testing is a type of black box testing technique thus the knowledge of internal code in not required. It is a high level testing always performed after integration testing. The user can perform different type of tests under System Testing which can be broadly classified as

1. Functional Testing

2. Non Functional Testing

Following points are checked and kept under consideration while doing system integration testing

Check whether the system is made according to the customer needs as per the requirements . It’s checked whether system meets both the functional and non-functional requirements of the system

In the system integration all the components/modules of the system are combined as a whole , due to this integration many errors may arise which can differ from the expectation and may not provide the expected results .hence the testing is done to find the defects or bugs in all the interfaces as well as whole system

To check if the system behaves as per the expectations, the product is checked in the production like environment so that the product behavior could be checked in the real life environment.  

Difference between System Integration testing and Integration testing  

                                

             System  integration Testing                       Integration testing

Test cases are based on real life scenarios.	Test cases are developed to check the interaction between the modules.
Completed product is tested in order to check if it meets requirements	Modules / components are checked  to   see if they give the expected results
It is black box testing technique	It is a combination of both black box and white box testing technique
Testing is done as whole including all the external interfaces wherein any defects found is regarded as the defect in the whole system	The testing is performed on interface between individual module so any defect found is module specific
High level testing is done in this , where in testing types like sanity, usability, maintenance regression are done	Integration testing include low level testing with techniques approaches like top down , bottom up sandwich and big bang.

Integration Testing in Software Engineering

Integration testing is a logical extension of unit testing. In its simplest form, two units that have already been tested are combined into a component and the interface between them is tested. A component, in this sense, refers to an integrated aggregate of more than one unit. In a realistic scenario, many units are combined into components, which are in turn aggregated into even larger parts of the program. The idea is to test combinations of pieces and eventually expand the process to test your modules with those of other groups. Eventually all the modules making up a process are tested together. Beyond that, if the program is composed of more than one process, they should be tested in pairs rather than all at once.

Integration testing identifies problems that occur when units are combined. By using a test plan that requires you to test each unit and ensure the viability of each before combining units, you know that any errors discovered when combining units are likely related to the interface between units. This method reduces the number of possibilities to a far simpler level of analysis.

 we can do integration testing in a variety of ways but the following are common strategies:

• The top-down approach to integration testing requires the highest-level modules be test and integrated first. This allows high-level logic and data flow to be tested early in the process and it tends to minimize the need for drivers. However, the need for stubs complicates test management and low-level utilities are tested relatively late in the development cycle. Another disadvantage of top-down integration testing is its poor support for early release of limited functionality.

• The bottom-up approach requires the lowest-level units be tested and integrated first. These units are frequently referred to as utility modules. By using this approach, utility modules are tested early in the development process and the need for stubs is minimized. The downside, however, is that the need for drivers complicates test management and high-level logic and data flow are tested late. Like the top-down approach, the bottom-up approach also provides poor support for early release of limited functionality.

• The third approach, sometimes referred to as the umbrella approach, requires testing along functional data and control-flow paths. First, the inputs for functions are integrated in the bottom-up pattern discussed above. The outputs for each function are then integrated in the top-down manner. The primary advantage of this approach is the degree of support for early release of limited functionality. It also helps minimize the need for stubs and drivers. The potential weaknesses of this approach are significant, however, in that it can be less systematic than the other two approaches, leading to the need for more regression testing.

• Big Bang is an approach to Integration Testing where all or most of the units are combined together and tested at one go. This approach is taken when the testing team receives the entire software in a bundle. So what is the difference between Big Bang Integration Testing and System Testing? Well, the former tests only the interactions between the units while the latter tests the entire system.

• When is Integration Testing performed?

        Integration Testing is performed after Unit Testing and before System Testing.

•  Who performs Integration Testing?

   Either Developers themselves or independent Testers perform Integration Testing.

• Method :- Black Box Testing, White Box Testing, and Gray Box Testing methods can be used.

• Tasks involved in integration Testing:-

           Integration Test Plan/ Integration Test Cases/Scripts

• Prepare 
• Review
• Rework
• Baseline

Unit Testing - First cry of the product life cycle

A unit is the smallest testable part of an application like functions, classes, procedures, interfaces. Unit testing is a method by which individual units of source code are tested to determine if they are fit for use.

The primary goal of unit testing is to take the smallest piece of testable software in the application, isolate it from the remainder of the code, and determine whether it behaves exactly as you expect. Each unit is tested separately before integrating them into modules to test the interfaces between modules. Unit testing has proven its value in that a large percentage of defects are identified during its use.

The most common approach to unit testing requires drivers and stubs to be written. The driver simulates a calling unit and the stub simulates a called unit. The investment of developer time in this activity sometimes results in demoting unit testing to a lower level of priority and that is almost always a mistake. Even though the drivers and stubs cost time and money, unit testing provides some undeniable advantages. It allows for automation of the testing process, reduces difficulties of discovering errors contained in more complex pieces of the application, and test coverage is often enhanced because attention is given to each unit.

The goal of unit testing is to segregate each part of the program and test that the individual parts are working correctly.This means that for any function or procedure when a set of inputs are given then it should return the proper values. It should handle the failures gracefully during the course of execution when any invalid input is given.

The unit testing is done before the integration testing as shown in the image below

                                          

 Unit testing helps in maintaining and changing the code. This is possible by making the codes less interdependent so that unit testing can be executed. Hence chances of impact of changes to any other code gets reduced. Since the bugs are found early in unit testing hence it also helps in reducing the cost of bug fixes. Just imagine the cost of bug found during the later stages of development like during system testing or during acceptance testing.

Life cycle of Software testing process

Testing is a process rather than a single activity. It is a process which is executed in systematic and planned manner wherein various activities are carried out in order to improve the overall quality of the product .This process starts from Requirement analysis, Test planning then designing test cases, preparing for execution and evaluating status till the test closure. 

The generic processes involved in the testing life cycle are as

• Requirement analysis
• Testing planning 
• Test analysis
• Test Design 
• Test construction and verification 
• Test execution and bug reporting 
• Final Testing and implementation 
• Post implementation 

Requirement analysis

It is very important to start Testing activities from the requirements phase itself  because the cost of fixing defects is very less if found in requirement phase rather than in the future phases. In this phase, testers analyze the customer requirements.

Test Planning

 In this phase, all the planning about the testing is done like what needs to be tested. The test planning phase includes details about various steps which are as

• How the testing will be done 
• Test Strategy to be followed 
• Test environment 
• Methodologies to be followed 
• Resources 

Test Analysis

Test analysis phase starts once planning phase is over .in this phase a with better understanding of the project, how much testing is required  and how much needs to be carried out in each software development phase. It is in this phase decision is taken regarding the automation process of the project wherein how the automation process will be done , time factor and the modules to be automated is decided

Test Design  

 In this phase various test design techniques (white box and black box) are used to design the test cases for testing.  By using these test designs techniques, testers start writing test cases.  If in the analysis phase automation of the process/module has been decided. The automation testing scripts are also written in this phase.

Test Construction and verification:

In this phase, testers prepare more test cases by keeping in mind the positive, negative and end user scenarios. In this test plan document is also finalized and verified by reviewers.

  

Test execution and bug reporting

The test cases are executed and defects are reported in bug tracking tool. Testing is an iterative process wherein if a bug is found in a program and it is fixed. Testing needs to be done after every defect fix.

Final Testing and implementation:

In this phase the final testing is done for the Software, Non-Functional testing like stress, load and Performance testing are performed in this phase. Final test execution reports and documents are prepared in this phase.

Post implementation

The process review meetings are done and lesson learned are documented. The document is prepared to cope up similar problems in future releases. 

LIFE CYCLE OF SOFTWARE PRODUCT DEVELOPMENT

 Software development life cycle (SDLC) describes the phases and the sequence in which they will be executed in the life cycle. The software development life-cycle process is a sequential process where  the end result of one phase acts as starting point for the next process .The processes in the life cycle begin with the requirement gathering, Design, development /coding, testing wherein the requirement becomes the basis for the design. On basis of the design, the complete product development/coding phase is carried .On basis of coding and development phases, testing is done which thereby verifies the product and its acceptance.

Some of the types of SDLC process are as under:

•          Waterfall model
•          Incremental model
•          V-model
•          Iterative model
•          RAD model
•          Agile model
•          Spiral model
•          Prototype model

                                     

Phases in every Software development life cycle model:

• Requirement gathering and analysis
• Designing process
• Implementation or coding phase (Development)
• Testing phase
• Production mode
• Maintenance

Requirement gathering and analysis:

Business requirements are gathered in this phase. This phase is the main focus of project Developing organization and stakeholders. This is the phase wherein the discussion is conducted and decisions are made as in what goes into requirement depending upon end user, Data inputs to the system , Data output by the system .once the Requirement gathering  process is completed the requirements are analyzed  for their validity and possibility of the requirements to be included in the system 

Designing process:

On the basis of requirement gathering,  the system and software design is prepared. On basis of system Design, the system hardware, system requirements and overall architecture of System is defined.

Implementation or coding phase (Development)

On the basis of system design document the system is designed into modules and coding is started .It is the main phase wherein code is produced by the developers .Since this is the main phase for the developers wherein they produce the code, this phase is longest phase in the development life cycle .

Testing phase

Once the coding phase is completed and the developers have produced the actual code it is tested by the Testers. It is checked whether code produced is as per requirement specifications and make sure that the product is actually solving the needs addressed and gathered during the requirements phase.

Production mode:

Once the product is tested and verified against the requirements the product is delivered to the customer for beta testing. If any changes are required or bugs caught it is reported to the engineering team. Once those changes are made or the bugs are fixed then the final deployment will happen and the product goes into production mode.

Maintenance: 

A process where care is taken for the Released product is known as maintenance. Once the customers start using the developed system , Problems which show up in real time  need to be resolved from time to time.