Manual Testing Questions & Answers (Compiled from UPSC, SSC ,PSC ,IBPS previous question papers)

Defect life cycle is also called as bug life cycle. It has 6stages namely
1. New: found new bug
2. Assigned: bud assigned to developer
3. Open: developer is fixing the bug
4. Fixed: developer has fixed the bug
5. Retest: tester retests the application
6. closed/reopened: if it is ok tester gives closed statuselse he reopens and sends back to developer

Test plan means planning for the release. This includes Project background
Test Objectives: Brief overview and description of the document
Test Scope: setting the boundaries
Features being tested (Functionalities)
Hardware requirements
Software requirements
Entrance Criteria (When to start testing):
Test environment established, Builder received from developer, Test case prepared and reviewed.
Exit criteria (when to stop testing):
All bug status cycle are closed, all functionalities are tested, and all high and medium bugs are resolved.
Project milestones: dead lines

Compatibility testing is to evaluate the application compatibility with the computing environment like Operating System, Database, Browser compatibility, backwards compatibility, computing capacity of the Hardware Platform and compatibility of the Peripherals.

Example

If Compatibility testing is done on a Game application, before installing a game on a computer, its compatibility is checked with the computer specification that whether it is compatible with the computer having that much of specification or not.

Positive Testing - testing the system by giving the valid data.
Negative Testing - testing the system by giving the Invalid data.
For Exam application contains a textbox and as per the user’s Requirements the textbox should accept only Strings. By providing only String as input data to the textbox & to check whether its working properly or not means it is Positive Testing. If giving the input other than String means it is negative Testing.

It is an alternative form of Testing, where some colleagues were invited to examine your work products for defects and improvement opportunities.
Some Peer review approaches are,

Inspection

It is a more systematic and rigorous type of peer review. Inspections are more effective at finding defects than are informal reviews.
Ex: In Motorola's Iridium project nearly 80% of the defects were detected through inspections where only 60% of the defects were detected through formal reviews.

Team Reviews: It is a planned and structured approach but less formal and less rigorous comparing to Inspections.
Walkthrough: It is an informal review because the work product's author describes it to some colleagues and asks for suggestions. Walkthroughs are informal because they typically do not follow a defined procedure, do not specify exit criteria, require no management reporting, and generate no metrics.

Or

A 'walkthrough' is an informal meeting for evaluation or informational purposes. Little or no preparation is usually required.
Pair Programming: In Pair Programming, two developers work together on the same program at a single workstation and continuously reviewing their work.

Peer Desk check

In Peer Desk check only one person besides the author examines the work product. It is an informal review, where the reviewer can use defect checklists and some analysis methods to increase the effectiveness.
Passaround: It is a multiple, concurrent peer desk check where several people are invited to provide comments on the product.

Test-Cases for the calculator
so here we have 12 buttons totalize 0,1,2,3,4,5,6,7,8,9,ADD,Equalto -12 buttons
here u can press at least 4 buttons at a time minimum for example 0+1= for zero u should press ‘zero’ labeled button for plus u should press ‘+’ labeled button for one u should press ‘one’ labeled button for equal to u should press ‘equal to’ labeled button 0+1=here + and = positions will not vary so first number position can be varied from 0 to 9 i.e. from permutation and combinations u can fill that space in 10 ways in the same way second number position can be varied from 0 to 9 i.e. from permutation and combinations u can fill that space in 10 ways
Total number of possibilities are =10×10=100
This is exhaustive testing methodology and this is not possible in all cases.
In mathematics we have one policy that the function satisfies the starting and ending values of a range then it can satisfy for entire range of values from starting to ending.
then we check the starting conditions i.e. one test case for ‘0+0=’ (expected values you know that’s ‘0′) then another test case for ‘9+9=’(expected values you know that’s ‘18′) only two test cases are enough to test the calculator functionality.

Integration Testing:

• Combining the modules together & construct software architecture.
• To test the communication & data flow
• White & Black box testing techniques are used
• It is done by developer & tester

Regression Testing

• It is re-execution of our testing after the bug is fixed to ensure that the build is free from bugs.
• Done after bug is fixed
• It is done by Tester

Bug Log: Bug Log document showing the number of defect such as open, closed, reopen or deferred of a particular module

Defect Tracking- The process of tracking a defect such as symptom, whether reproducible /not, priority, severity and status.

User interface defect is a high visibility defect and easy to reproduce.
Follow the below procedure
1. Reproduce the defect
2. Capture the defect screen shots
3. Document the proper inputs that you are used to get the defect in the defect report
3. Send the defect report with screen shots, i/ps and procedure for defect reproduction.
Before going to this you must check your computer hard ware configuration that is same as developer system configuration. And also check the system graphic drivers are properly
Installed or not. If the problem in graphic drivers the User interfaces error will come.
So first check your side if it is correct from your side then reports the defect by following the above method.

Test Harness is configuring a set of tools and test data to test an application in various conditions, which involves monitoring the output with expected output for correctness.

The benefits of Test Harness are,

• Productivity increase due to process automation.
• Quality in the application.

Client side scripting languages are
Javascript, VbScript, PHP…etc
Server side Scripting languages are
Perl, JSP, ASP, PHP.etc
Client side scripting languages are useful to validate the inputs or user actions from user side or client side.
Server side Scripting languages are to validate the inputs at server side.
These scripting languages provide security for the application. And also provides dynamic nature to web or client server application
Client side scripting is good because it won’t send the unwanted input’s to server for validation. From front-end it self it validated the user inputs and restricts the user activities and guides him

An IEEE 829 standard is used for Software Test Documentation, where it specifies format for the set of documents to be used in the different stages software testing. The documents are,

Test Plan- Test Plan is a planning document which has information about the scope, resources, duration, test coverage and other details.
Test Design- Test Design document has information of test pass criteria with test conditions and expected results.
Test Case- Test case document has information about the test data to be used.
Test Procedure- Test Procedure has information about the test steps to be followed and how to execute it.
Test Log- Test log has details about the run test cases, test plans & fail status, order, and the resource information who tested it.
Test Incident Report- Test Incident Report has information about the failed test comparing the actual result with expected result.
Test Summary Report- Test Summary Report has information about the testing done and quality of the software, it also analyses whether the software has met the requirements given by customer.

The other standards related to software testing are,

IEEE 1008 is for Unit Testing
IEEE 1012 is for Software verification and validation
IEEE 1028 is for Software Inspections
IEEE 1061 is for Software metrics and methodology
IEEE 1233 is for guiding the SRS development
IEEE 12207 is for SLC process

Web application testing
Web application should have the following features like
1. Attractive User Interface (logos, fonts, alignment)
2. High Usability options
3. Security features (if it has login feature)
4. Database (back end).
5. Performance (appearing speed of the application on client system)
6. Able to work on different Browsers (Browser compatibility), O.S compatibility (technically called as portability)
7. Broken link testing………etc
so we need to follow out the following test strategy.
1. Functionality Testing
2. Performance Testing (Load, volume, Stress, Scalability)
3. Usability Testing
4. User Interface Testing (colors, fonts, alignments…)
5. Security Testing
6. Browser compatibility Testing (different versions and different browser)
7. Broken link and Navigation Testing
8. Database (back end) Testing (data integrity)
9. Portability testing (Multi O.s Support)….etc

Security testing can be performed in many ways like,

1. Black Box Testing
2. White Box Testing
3. Database Testing

1. Black Box Testing

a. Session Hijacking

Session Hijacking commonly called as "IP Spoofing" where a user session will be attacked on a protected network.

b. Session Prediction

Session prediction is a method of obtaining data or a session ID of an authorized user and gets access to the application. In a web application the session ID can be retrieved from cookies or URL.
The session prediction happening can be predicted when a website is not responding normally or stops responding for an unknown reason.

c. Email Spoofing

Email Spoofing is duplicating the email header ("From" address) to look like originated from actual source and if the email is replied it will land in the spammers inbox. By inserting commands in the header the message information can be altered. It is possible to send a spoofed email with information you didn't write.

d. Content Spoofing

Content spoofing is a technique to develop a fake website and make the user believe that the information and website is genuine. When the user enters his Credit Card Number, Password, SSN and other important details the hacker can get the data and use if for fraud purposes.

e. Phishing

Phishing is similar to Email Spoofing where the hacker sends a genuine look like mail attempting to get the personal and financial information of the user. The emails will appear to have come from well known websites.

f. Password Cracking

Password Cracking is used to identify an unknown password or to identify a forgotten password

Password cracking can be done through two ways,

1. Brute Force – The hacker tries with a combination of characters within a length and tries until it is getting accepted.
2. Password Dictionary â€“ The hacker uses the Password dictionary where it is available on various topics.

2. White Box level

a. Malicious Code Injection

SQL Injection is most popular in Code Injection Attack, the hacker attach the malicious code into the good code by inserting the field in the application. The motive behind the injection is to steal the secured information which was intended to be used by a set of users.

Apart from SQL Injection, the other types of malicious code injection are XPath Injection, LDAP Injection, and Command Execution Injection. Similar to SQL Injection the XPath Injection deals with XML document.

b. Penetration Testing:

Penetration Testing is used to check the security of a computer or a network. The test process explores all the security aspects of the system and tries to penetrate the system.

c. Input validation:

Input validation is used to defend the applications from hackers. If the input is not validated mostly in web applications it could lead to system crashes, database manipulation and corruption.

d. Variable Manipulation

Variable manipulation is used as a method for specifying or editing the variables in a program. It is mostly used to alter the data sent to web server.

3. Database Level

a. SQL Injection

SQL Injection is used to hack the websites by changing the backend SQL statements, using this technique the hacker can steal the data from database and also delete and modify it.

Retesting: it is manual process in which application will be tested with entire new set of data.
Data Driven Testing(DDT)-It is a Automated testing process in which application is tested with multiple test dated is very easy procedure than retesting because the tester should sit and need to give different new inputs manually from front end and it is very tedious and boring
Procedure.