軟體測試
軟體測試
2021/10/23 (增加連結)
2022/01/05 (增加連結)
軟體測試
軟體測試是個很重要也很複雜的工作 (詳參:Software testing),有不同種類的測試,目前大部分的測試已經發展出自動化工具,也使得測試工作越來越容易了。
Test smart: How to select testing techniques for agile team
Guide development vs. Critique the product
Guide development
These are the tests that are performed before coding happens or concurrently as coding proceeds
Critique the product
Those that critique (evaluate) the product after coding is complete
Business facing vs. Technology facing
Business facing
tests that are readable by business stakeholders and could be performed by testers, product owners, designers
Technology facing
tests that are written by or with the help of technical team members
測試的類型
廖家盛 (2015)整理了常見的測試類型:
單元測試:單一程式的測試
功能測試:模組或功能階層的測試
整合測試:系統整體的測試,有些公司會有不同層級的整合測試,將最後的測試稱為系統測試
探索性測試:除了已規劃的測試案例之外,進行未規劃的測試
壓力測試:了解系統所能承受的壓力,以及在壓力下的表現
容錯測試:了解系統面對未預期錯誤的容錯程度
使用者介面測試:使用者透過系統介面進行測試
安全性測試:進行資訊安全的相關測試
回歸測試:新增或更動功能時,測試過去已經測試且未被更動的功能
測試方式與工具
廖家盛 (2015)整理五個個案公司進行的測試及方式,發現大部分的公司還是以人工測試為主,也整理了一些個案公司所使用的測試工具:
功能性測試
Why We Quit Unit Testing Classes to Focus On a Behavioral Approach
Unexpected Lessons From 100% Test Coverage
While getting to 100 involved making some sacrifices, it also allowed me to:
fix a lot of bugs,
catch and fix redundancies in my code,
reason about my unreachable code,
delineate thoughtfully between error cases and assertions, and
thoughtfully shift run-time assertions into compile-time guarantees.
Ultimately, my sense is that 100% test coverage is definitely a useful exercise to do at least once. It’s probably also a useful exercise to do more than once.
單元測試 (Unit Test)
JUnit:很多軟體,如Eclipse已經內建JUnit
Visual Studio單元測試功能
NUnit
5 Questions Every Unit Test Must Answer
What are you testing?
What should it do?
What is the actual output?
What is the expected output?
How can the test be reproduced?
13 Tips for Writing Useful Unit Tests
Test One Thing at a Time in Isolation
Follow the AAA Rule: Arrange, Act, Assert
Write Simple “Fastball-Down-the-Middle” Tests First
Test Across Boundaries
If You Can, Test the Entire Spectrum
If Possible, Cover Every Code Path
Write Tests That Reveal a Bug, Then Fix It
Make Each Test Independent
Name Your Tests Clearly and Don’t Be Afraid of Long Names
Test That Every Raised Exception Is Raised
Avoid the Use of Assert.IsTrue
Constantly Run Your Tests
Run Your Tests as Part of Every Automated Build
Stop writing unit tests: How to avoid the daily pain in the ass and become more efficient
Why writing unit tests sucks
You actually have to write them
You manually have to define your inputs and outputs
You have to maintain twice as much code
While the record and replay approach has already gained some attention in UI development (there exist some open source frameworks), testing the replay against a recorded return value is uncommon.
Unit Testing: Best Practices To Follow
Only test your code
Unit tests should be automated
Test one thing at a time
Write your tests during development
Enter TDD
Only test the public interface
Dependency Injection is your friend, embrace it
Use mocks, stubs, spies and dummies to control logic flow
Don’t test external calls
使用者介面測試
Visual Studio介面測試功能
GUI Testing Tutorial: User Interface (UI) TestCases with Examples
How to Get Rid of Frontend bugs
How Serious is Frontend Bugs
Prevention Techniques
Monitoring
CI/CD
Code Quality
Static Testing
Automated Testing
Battle Testing
Ownership and Passion
Web使用者介面測試
Katalon (based on Selenium)
TestCafe vs Selenium : Which is better?
Selenium is simple as well as easy to learn. It has been around for quite some time now and has loyal testers in the QA industry.
TestCafe does not require any external plugins to run tests on different browsers which makes it easier for the testers to eliminate the effort of setting up plugins.
TestCafe is new to automation tool but with enhanced features. However, it only supports one programming language that is JavaScript, whereas Selenium supports all the main programming languages such as Python, PHP or ruby etc.
Selenium, can it withstand the next generation test tooling?
Selenium, of course, remains a great tool to use. When properly set up and configured, they provide us with reliable and maintainable test suites that do the trick. It gives flexibility with regards to being able to add stuff, however this requires a good amount of knowledge to do so. Especially when it comes to reliability, Selenium has the advantage of having proven themselves over a few years.
Cypress momentarily only supports chrome as a browser, but have Firefox, IE11 and edge on their roadmap. The cool thing about Cypress is that it’s actually a complete framework. It contains Mocha, Chai, Sinon and Chai-JQuery. Starting to write tests is something you can start on immediately after installing.
TestCafe actually recognizes any browser installed on the target device which makes it very easy to get proper browser support. It’s also quite easy to install, configure and get started.
API Test
非功能性測試
效能測試
壓力測試
7 Essential Cloud-based Load Testing Tools
free for 25 current users
free trial: 50 current users, 50 free tests
unlimited concurrent users in free plan with few limitation (5 hours free trial)
lets you run a load test for one minute with 1000 user request in the free account
allows you to stress test against your web application with 10 users for 10 minutes
you can perform load for up to 50 users and end of the test
Perform test with 500 concurrent users with a free account from either US or Ireland location (free trial for 14 days)
50 concurrent users/test
JMeter
Visual Studio壓力測試功能
安全測試
Checkmarx
10 Types of Application Security Testing Tools: When and How to Use Them
Static Application Security Testing (SAST)
Dynamic Application Security Testing (DAST)
Origin Analysis/Software Composition Analysis (SCA)
Database Security Scanning
Interactive Application Security Testing (IAST) and Hybrid Tools
Mobile Application Security Testing (MAST)
Application Security Testing as a Service (ASTaaS)
Correlation Tools
Test-Coverage Analyzers
Application Security Testing Orchestration (ASTO)
Testing Tools (Open Web Application Security Project, OWASP)
Top 11 Open Source Security Testing Tools for Web Applications
Wapiti
Zed Attack Proxy
Vega
W3af
Skipfish
Ratproxy
SQLMap
Wfuzz
Grendel-Scan
Arachni
Grabber
8 Open source security testing tools to test your website
Vega
ZED Attack Proxy (ZAP)
Wapiti
W3af
Iron Wasp
SQLMap
Google Nogotofail
BeEF (Browser Exploitation Framework)
15 Most Powerful & Reliable Security Testing Tools 2018
Metaspoilt
Wireshark
W3af
CORE Impact
Netsparker
Burpsuite
Cain & Abel
Acunetix
Retina
Canvas
Nmap
Dradis
Security Onion
Nikto
Vega
19 Powerful Penetration Testing Tools: Security Testing and Hacking Tools
Netsparker
Acunetix
Metasploit
Wireshark
w3af
Kali Linux
Nessus
Burpsuite
Cain & Abel
Zed Attack Proxy (ZAP)
John The Ripper
Retina
Sqlmap
Canvas
Social Engineer Toolkit
Sqlninja
Nmap
BeEF
Dradis
常用的測試工具
An Overview of JavaScript Testing in 2019 (**非常詳盡的文章**)
Best software testing tools (2018)
qTest
Katalon Studio (Free)
Selenium (Open Source)
Unified Functional Testing (UFT) (Formerly known as HP QuickTest Professional)
TestComplete
9 automation testing tools to consider for web applications in 2018
UI automation testing frameworks
Selenium WebDriver
Protractor
Cucumber (for BDD)
Desktop automation tools for enterprises
TestComplete
UFT Pro (LeanFT)
Eggplant Functional
Cloud testing platforms
Screenster
Ghost Inspector
Usetrace
Best Automation Testing Tools for 2018 (Top 10 reviews)
Selenium (open source)
Katalon Studio (free)
Unified Functional Testing (UFT)
Watir (open source)
IBM Rational Functional Tester
TestComplete
TestPlant eggPlant
Tricentis Tosca
Ranorex
Robot framework (open source)
Debug
測試計畫
測試計畫大概的內容
測試目的
測試範圍
測試完成標準
測試時程
資源需求
人力需求
設備需求
硬體環境
軟體環境
測試案例
不列入本次系統測試部分
測試完成須交付之文件
參考文件
要如何進行功能性測試
撰寫測試個案
測試個案名稱、測試步驟、預期結果
測試結果
通過、不通過(發現之問題)
要如何進行非功能性測試
壓力測試
壓力測試之目標 (上線人數、反應時間)
壓力測試之環境
安全測試
安全測試之目標 (哪些安全測試項目)
安全測試之環境
參考資料
The Wide World of Software Testing
Unit Testing
Integration Testing
End to End Testing
Performance Testing
Load Testing
User Acceptance Testing
Writing Automated Acceptance Tests Using Serenity and the Screenplay Pattern
Serenity is a powerful library for writing automated user acceptance tests. It uses test results to generate world-class test reports that document and describe what your application does and how it works.
Serenity can also be used with BDD tools such as JBehave or Cucumber.
In the Screenplay pattern, tests are presented from the perspective of the user. A user that interacts with the web app is called an actor. Everything revolves around actors in the Screenplay pattern.
9 Excuses Why Programmers Don’t Test Their Code
“My Code Works Fine — Why Should I Even Bother Testing It?”
“This Piece of Code Is Untestable”
“I Don’t Know What to Test”
“Testing Increases the Development Time, and We’re Running Out of Time”
“The Requirements Are No Good”
“This Piece of Code Doesn’t Change”
“I Can Test This Way Faster If I do It Manually”
“The Client Only Wants to Pay for Deliverables”
“This Piece of Code Is So Small … It Won’t Break Anything”