ISTQB Advanced Syllabus | RBCS

  • 2,954 views
Uploaded on

 

  • Full Name Full Name Comment goes here.
    Are you sure you want to
    Your message goes here
    Be the first to comment
No Downloads

Views

Total Views
2,954
On Slideshare
0
From Embeds
0
Number of Embeds
1

Actions

Shares
Downloads
176
Comments
0
Likes
2

Embeds 0

No embeds

Report content

Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
    No notes for slide

Transcript

  • 1. The ISTQB Advanced Syllabus Guiding the Way to Better Software Testing
  • 2. ISTQB Ad Advanced S ll b d Syllabus Goals of this presentation p Familiarize you with the ISTQB program and certifications in general Explain the Advanced level certification and its benefits Illustrate th kinds f biliti Ill t t the ki d of abilities candidates must d did t t demonstrate t t to gain the certificate Topics to cover An overview of the ISTQB program and results so far The structure and origin of the Advanced Syllabus The Advanced Test Manager The Advanced Test Analysty The Advanced Technical Test Analyst Each of the last three topics includes a training course excerpt, an example of the kind of problem a certificate- holder h ld can solve, and a sample exam question l d l i www.rbcs-us.com ISTQB Advanced Syllabus Copyright (c) RBCS 2008 Page 2
  • 3. The ISTQB Advanced Syllabus Guiding the Way to Better Software Testing ISTQB Overview O i Program and Results
  • 4. K Q ti T Add Key Questions To Address What is tester certification? What are the ASTQB and ISTQB? What are the levels of certification? What is the impact of certification p On the tester? O t e organization? On the o ga at o ? On the testing profession? www.rbcs-us.com ISTQB Advanced Syllabus Copyright (c) RBCS 2008 Page 4
  • 5. S ft Software T t C tifi ti Tester Certification Tester certification confirms, through objective, confirms objective carefully-designed exams, the professional capabilities of software testers ISTQB’s approach Practical, real-world focused Supports a career path with levels of certification Promotes the software testing profession Represents the distilled wisdom of many experts including practitioners, consultants, trainers, practitioners consultants trainers and academics Training is not required to take exams Last two points in particular distinguish ISTQB’s approach from other testing certifications www.rbcs-us.com ISTQB Advanced Syllabus Copyright (c) RBCS 2008 Page 5
  • 6. ASTQB Composed of recognized experts p g p Mix of practitioners, consultants, trainers, and academics Patricia McQuaid, President (academic) Joe Gance, Vice President (practitioner) Randy Rice, Treasurer (trainer) Debra Friedenberg, Technical Advisory Group Chair (practitioner) Rex Black, ISTQB Representative (consultant) Taz Daughtrey (academic/practitioner), Jerry Everett (trainer), Andrew Pollner (trainer), and Wayne Middleton (trainer), Directors Lois Kostroski Managing Director Kostroski, Develops and administers exams Accredits trainers Participates in ISTQB activities www.rbcs-us.com ISTQB Advanced Syllabus Copyright (c) RBCS 2008 Page 6
  • 7. ISTQB Composed of 41 National Boards, B d more than doubled i th d bl d in scope in the last four years Based in Brussels, Belgium, EU Rex Black, President Erik E ik van VVeenendaal, Vi d l Vice President Horst Pohlmann, Treasurer Chris Carter, Secretary A collegial, sharing organization ll i l h i i ti Working parties (composed of National Board delegates) define syllabi (bodies of knowledge), glossary, processes, etc. These working parties distill the collective experience and wisdom represented across boards (>2,000 person-years) www.rbcs-us.com ISTQB Advanced Syllabus Copyright (c) RBCS 2008 Page 7
  • 8. F d ti C tifi ti Foundation Certification Entry level Entry-level certification: 0 years of experience 0+ Goals Ensure a broad understanding of the fundamental best practices and key concepts in software testing Provide a foundation for professional growth Syllabus/body of knowledge covers Fundamentals of testing, testing i th software lif F d t l f t ti t ti in the ft lifecycle, l static techniques, white-box and black-box test design, test management, and testing tools Syllabus-based training courses are typically 3-5 days Status: Version 2007, an incremental improvement on version 2005, released, with exams and training courses widely available www.rbcs-us.com ISTQB Advanced Syllabus Copyright (c) RBCS 2008 Page 8
  • 9. Ad Advanced C tifi ti d Certification Mid-level certification: 5+ years experience y p Goals Ensure an understanding of advanced best practices and key concepts in software testing by committed test p p g y professionals Support on-going professional growth Syllabus/body of knowledge covers Advanced behavioral (black-box) test g for teste a a ysts, test d a ced be a o a (b ac box) testing o tester analysts, automation and advanced non-functional testing for technical test analysts, and sophisticated test management concepts Syllabus-based training courses are typically 5 days for each module (three modules total) d l (th d l t t l) Status: Version 2007, a merge and expansion of the older Practitioner and Advanced syllabi, is released. Exams and accredited training are running against this version now now. www.rbcs-us.com ISTQB Advanced Syllabus Copyright (c) RBCS 2008 Page 9
  • 10. E p t C tifi ti Expert Certification Guru level Guru-level certification: 8+ years experience Goals Ensure consistent understanding and execution of proven cutting-edge techniques by seasoned test professionals Lead the software testing profession Syllabi/bodies of knowledge may cover Test process improvement, test automation, test management, and more Syllabus-based Syllabus based training courses will be offered Status: A working party is developing new expert syllabi. We expect the Expert Test Manager syllabi an Improving Test Processes syllabi this year. www.rbcs-us.com ISTQB Advanced Syllabus Copyright (c) RBCS 2008 Page 10
  • 11. Visualizing the L l f C tifi ti Vi li i th Levels of Certification Expert Expert … Expert Expert [TBD] [TBD] [TBD] [TBD] Advanced Advanced Advanced Technical Functional Manager Foundation Relative size of figures indicates expected relative numbers of potential certificate holders (not to scale). There will be more than four expert certifications. www.rbcs-us.com ISTQB Advanced Syllabus Copyright (c) RBCS 2008 Page 11
  • 12. ISTQB b th Numbers by the N b www.rbcs-us.com ISTQB Advanced Syllabus Copyright (c) RBCS 2008 Page 12
  • 13. ISTQB C tifi ti Growth Certification G th www.rbcs-us.com ISTQB Advanced Syllabus Copyright (c) RBCS 2008 Page 13
  • 14. V l of C tifi ti Value f Certification To the tester Demonstrate mastery of the best practices and key concepts in the field Advance career and opportunities in competitive pp p market To the organization Ensure better testing for better software and lower g costs of poor quality Achieve consistency and re-usability of testing To the profession Build on our best work and stop going in circles Define the profession and what professional testers know www.rbcs-us.com ISTQB Advanced Syllabus Copyright (c) RBCS 2008 Page 14
  • 15. A E An Example of C tifi ti ROI pl f Certification One RBCS client ran a Foundation course as a pilot in one of its many offices in the US The week after the course, a tester applied a technique he’d learned to reduce the regression test set from 800 test cases to 300 That is a 60% reduction in regression test effort effort, which accounts for most of their testing This client now requires all new testers to hold q the Foundation certificate, and is gradually training its entire staff of testers www.rbcs-us.com ISTQB Advanced Syllabus Copyright (c) RBCS 2008 Page 15
  • 16. The ISTQB Advanced Syllabus Guiding the Way to Better Software Testing ISTQB Advanced Syllabus Ad d S ll b Structure and Origin
  • 17. ISTQB Ad Advanced S ll b 2007 d Syllabus Developed by a team of 15 authors spanning 10 countries Sixty-nine primary reviewers spanning nine countries Final review and approval by 33 National Boards Distills over 2 000 person-years of experience 2,000 person years The ISTQB and the authors are the source of the syllabus which is used by p y y permission as the basis for all accredited training courses (including RBCS’ courses) www.rbcs-us.com ISTQB Advanced Syllabus Copyright (c) RBCS 2008 Page 17
  • 18. Ad Advanced S ll b A th d Syllabus Authors Graham Bath*+ Bath + Klaus Olsen Rex Black*+ Randy Rice*+ Sigrid Eldh+ g J g Jürgen Richter Bernard Homès (chair)+ Eric Riou Du Cosquer Jayapradeep Jiothis Mike Smith+ Paul Jorgensen*+ Geoff Thompson (vice Vipul Kocher chair)*+ Judy M K * J d McKay*+ Erik Van Veenendaal*+ * Indicates an author who has also written or edited one or more books on testing. + Indicates an author who has 20 or more years of software or systems experience. www.rbcs-us.com ISTQB Advanced Syllabus Copyright (c) RBCS 2008 Page 18
  • 19. Foundation Syllabus: Th Si Ch pt F d ti S ll b The Six Chapters 1. 1 Fundamentals of testing 2. Testing throughout the software lifecycle lif l 3. Static techniques 4. Test design techniques 5. Test management 6. Tool support for testing www.rbcs-us.com ISTQB Advanced Syllabus Copyright (c) RBCS 2008 Page 19
  • 20. Advanced S ll b The Ten Ch pt Ad d Syllabus: Th T Chapters 1. 1 Basic aspects of software testing 2. Testing processes 3. g Test management 4. Test techniques 5. Testing of software characteristics 6. Reviews 7. Incident (defect) management 8. 8 Standards d t t St d d and test process i improvement t 9. Test tools and automation 10. 10 People skills (team composition) www.rbcs-us.com ISTQB Advanced Syllabus Copyright (c) RBCS 2008 Page 20
  • 21. Ad Advanced S ll b b th N b d Syllabus by the Numbers Number of pages: 114 Number of learning objectives Test Manager: • 64 t t l total • 43 K2, 12 K3, 9 K4 Test Analyst: • 29 t t l total • 18 K2, 7 K3, 4 K4 Technical Test Analyst: • 44 t t l total • 25 K2, 11 K3, 8 K4 Referenced books: 21 Referenced standards: 7 www.rbcs-us.com ISTQB Advanced Syllabus Copyright (c) RBCS 2008 Page 21
  • 22. L i Obj ti Learning Objectives The Foundation and Advanced exams are based on learning objectives, which state what you should b able l i bj i hi h h h ld be bl to do The learning objectives are at four levels of increasing sophistication p K1: remember basic facts, techniques, and standards K2: understand the facts, techniques, and standards and how they inter-relate K3: apply facts, techniques, and standards to y pp y , q , your p j projects K4: analyze facts, techniques, and standards, and adapt or select them for your project For the Advanced exams, the entire Advanced syllabus is implicitly covered at the K1 level p y Each module (test manager, test analyst, technical test analyst) has its own set of K2, K3, and K4 learning objectives defined against each chapter www.rbcs-us.com ISTQB Advanced Syllabus Copyright (c) RBCS 2008 Page 22
  • 23. Ad Advanced E d Exam Q ti Questions The lower levels, K1 and K2, are covered implicitly within higher level questions Unlike the Foundation exam, the Advanced exams are heavily focused on K3 and K4 questions Many exam questions consider a scenario Scenario described Sequence of questions about scenario asked Simulates real-world use of various advanced testing concepts The Foundation syllabus is also examinable h d ll b l bl Cross-section questions, including joining Foundation and Advanced sections, are allowed , www.rbcs-us.com ISTQB Advanced Syllabus Copyright (c) RBCS 2008 Page 23
  • 24. Ad Advanced T i i C d Training Courses Must cover all learning objectives defined for the module (test manager, test analyst, or technical test analyst) Must be at least five days l M b l fi d long (for li (f live, instructor-led courses) Must include real-world examples for all K2, K3, and K4 learning objectives Must include realistic exercise for all K3 and K4 learning objectives (which must be done in class for live, instructor-led courses) www.rbcs-us.com ISTQB Advanced Syllabus Copyright (c) RBCS 2008 Page 24
  • 25. Training Course B kd T i i C Breakdown Test Manager g Test Analyst y Tech Test Analyst y Chapter Hours Percent Hours Percent Hours Percent Intro 1.0 3% 1.0 3% 1.0 3% 1 2.5 7% 0.5 1% 0.5 1% 2 2.0 6% 3.0 9% 3.0 9% 3 18.7 53% 2.0 6% 2.0 6% 4 0.0 0% 18.0 51% 15.5 44% 5 0.0 0% 3.5 10% 4.0 11% 6 2.0 6% 3.0 9% 3.0 9% 7 1.3 4% 2.0 6% 2.0 6% 8 2.0 6% 0.0 0% 0.0 0% 9 1.5 4% 1.5 4% 3.5 10% 10 4.0 11% 0.5 1% 0.5 1% Total 35.0 100.0% 35.0 100% 35.0 100% www.rbcs-us.com ISTQB Advanced Syllabus Copyright (c) RBCS 2008 Page 25
  • 26. R i Requirements f Ad t for Advanced C tifi t d Certificates To earn a certificate, one must: certificate Hold a Foundation Level certificate issued by an ISTQB-recognized Exam Board or Member Board Have appropriate experience in software testing or development, between 2-5 years development years, depending on degree held and certificate(s) sought Subscribe to the Code of Ethics in the syllabus h d h h ll Accredited training is recommended but not required www.rbcs-us.com ISTQB Advanced Syllabus Copyright (c) RBCS 2008 Page 26
  • 27. ISTQB T t Ethi Tester Ethics PUBLIC- Certified software testers shall act consistently with the public interest. CLIENT AND EMPLOYER - Certified software testers shall act in a manner that is in the best interests of their client and employer, consistent with the public interest. PRODUCT - Certified software testers shall ensure that the deliverables they provide (on the products and systems they test) meet the highest professional d ( h d d h ) h h h f l standards possible. JUDGMENT- Certified software testers shall maintain integrity and independence in their professional judgment. MANAGEMENT - C f d software test managers and leaders shall subscribe A AG Certified f dl d h ll b b to and promote an ethical approach to the management of software testing. PROFESSION - Certified software testers shall advance the integrity and reputation of the profession consistent with the public interest. COLLEAGUES - C ifi d software testers shall b f i to and supportive of Certified f h ll be fair d i f their colleagues, and promote cooperation with software developers. SELF - Certified software testers shall participate in lifelong learning regarding the practice of their profession and shall promote an ethical approach to the practice of the profession profession. www.rbcs-us.com ISTQB Advanced Syllabus Copyright (c) RBCS 2008 Page 27
  • 28. The ISTQB Advanced Syllabus Guiding the Way to Better Software Testing Advanced T t M Ad d Test Manager Goals, Excerpt, Goals Excerpt and Sample Exam Question
  • 29. B i an Ad Being Advanced T t M d Test Manager You should be able to: Define the overall testing goals and strategy for the systems being tested Plan, schedule and track the tasks Describe and organize the necessary activities D ib d i th ti iti Select, acquire and assign the adequate resources to the tasks Select, organize and lead testing teams Organize the communication between the members of the testing teams, and between the testing teams and all the other stakeholders Justify the decisions and provide adequate reporting information where applicable here Advanced Test Manager exams (and courses) focus on these main concepts Let s Let’s look at sample course content and an exam question… question www.rbcs-us.com ISTQB Advanced Syllabus Copyright (c) RBCS 2008 Page 29
  • 30. Ri k B d T ti Risk-Based Testing Risk: the possibility of an undesired outcome Product or quality risks Project or planning risks The level of risk varies often depending on: varies, Likelihood Impact In risk based testing testing responds to risk: risk-based testing, Allocation of effort, test sequencing, prioritization of defect repair Providing mitigation and contingency responses Reporting test results and project status These responses to risk occur throughout the lifecycle: Reduce risk by running tests and finding defects Re-evaluate risk and risk l R l i k d i k levels b d on new i f l based information i www.rbcs-us.com ISTQB Advanced Syllabus Copyright (c) RBCS 2008 Page 30
  • 31. A l ti l Ri k B d T t St t Analytical Risk-Based Test Strategy The higher the risk, the more test effort risk The higher the risk, the earlier the test coverage g Total level of quality risk reduced as testing continues Results reported in terms of residual risk Test triage (e.g., due to schedule compression) done in risk order More robust than requirements-based Best when blended with reactive strategies to detect missed risks www.rbcs-us.com ISTQB Advanced Syllabus Copyright (c) RBCS 2008 Page 31
  • 32. H Ri k B d T ti S l P bl How Risk-Based Testing Solves Problems Insufficient time: All testing is time-boxed; time boxed; have to prioritize and triage Coverage q g questions: All test coverage, g measured as a percentage of what could be tested, is 0%; choose smart subset Poor specifications: St k h ld i P ifi ti Stakeholder involvement l t fills gaps in documents End game End-game compression: Provides means to drop tests intelligently Release decisions: Can address residual risk rather than bug and test counts www.rbcs-us.com ISTQB Advanced Syllabus Copyright (c) RBCS 2008 Page 32
  • 33. Hi t of A l ti l Ri k B d T ti History f Analytical Risk-Based Testing Early 1980s: Separately, Boehm and Beizer develop Separately risk-driven spiral lifecycle and risk-driven integration, precursors of iterative and agile lifecycles Mid 1980s: Separately, Beizer and Hetzel declare risk as driver of testing but leave out mechanisms 1990s: Separately Black Craig Gerrard and Redmill Separately, Black, Craig, Gerrard, develop similar approaches for quality risks analysis and risk-based testing 2000s: Risk-based testing (in various forms) in wide usage www.rbcs-us.com ISTQB Advanced Syllabus Copyright (c) RBCS 2008 Page 33
  • 34. Ri k M t Risk Management Risk management includes three primary activities: Risk identification Risk assessment or analysis Risk mitigation or risk control These activities start in sequence, but are overlapping and iterative due to continuous risk management Risk Ri k management id ll includes all project ideally i l d ll j stakeholders, though some stakeholders may act as surrogates for other stakeholders Test analysts bring particular expertise to risk management due to their defect-focused outlook Let s Let’s look at these activities more closely… www.rbcs-us.com ISTQB Advanced Syllabus Copyright (c) RBCS 2008 Page 34
  • 35. Ri k Id tifi ti Risk Identification Whether for product or p j risks, we can identify risks via: p project , y Expert interviews Independent assessments Use of risk templates Project retrospectives Risk workshops and brainstorming Checklists Calling C lli on past experience t i The broadest range of stakeholders yields the most complete, accurate, precise risk identification Risk identification can Stop at risk items Look downstream to identify potential effects of the risk item ( (FMEA) ) Look upstream at the source of the risk (Hazard Analysis) www.rbcs-us.com ISTQB Advanced Syllabus Copyright (c) RBCS 2008 Page 35
  • 36. Ri k A l i or A t Risk Analysis Assessment Risk analysis or assessment studies the identified risks Risks are categorized, using ISO 9126 or other quality categories Risks are assigned a level of risk, often based on likelihood and impact Likelihood arises from technical risk Impact arises from business risk The level of risk is determined either quantitatively q y or qualitatively Typically the level of risk is determined qualitatively Either way, unless statistical data is used, the level of risk y, , reflects stakeholder opinions and consensus www.rbcs-us.com ISTQB Advanced Syllabus Copyright (c) RBCS 2008 Page 36
  • 37. Ri k C t l Risk Control Four options for risk control Mitigation: reduce likelihood and/or impact beforehand Contingency: prepare to reduce impact after the d f h fact Transference: transfer impact of risk to another p part Ignore/accept: hope for the best Each ti h b E h option has benefits, opportunities, costs, fit t iti t and potentially additional risks to consider Poorly done, risk control can make matters done worse! www.rbcs-us.com ISTQB Advanced Syllabus Copyright (c) RBCS 2008 Page 37
  • 38. E i F ti l Q lit Risks Analysis Exercise: Functional Quality Ri k A l i Read the HELLOCARMS System Requirements Document Perform an informal quality risks analysis in groups of 3-5, identifying risks for functional q quality characteristics only, using the y y g template shown earlier Spend 30 minutes identifying quality risks Spend 15 minutes assessing the level of each risk Discuss www.rbcs-us.com ISTQB Advanced Syllabus Copyright (c) RBCS 2008 Page 38
  • 39. Sample E S pl Exam Question Q ti An organization follows a requirements-based test g q strategy for most of its projects. Which of the following is the best example of modifying the test approach for a p j based on an understanding of pp project g risks? A. Past performance issues lead to an increased effort on performance testing. p g B. Test estimation is based on the number of pages in the requirements specification. C. Test execution is outsourced to a testing company based on a low-cost bid. D. Unit test effort is limited to ensure early commencement of system test execution execution. www.rbcs-us.com ISTQB Advanced Syllabus Copyright (c) RBCS 2008 Page 39
  • 40. The ISTQB Advanced Syllabus Guiding the Way to Better Software Testing Advanced T t A l t Ad d Test Analyst Goals, Excerpt, Goals Excerpt and Sample Exam Question
  • 41. B i an Ad Being Advanced T t A l t d Test Analyst You should be able to: Implement the test strategy with a focus on business domain requirements Analyze the system based on user quality expectations and apply that analysis to the testing to be done Evaluate the system requirements to determine whether the business objectives can be met by that system Prepare and execute adequate testing activities, and report on the progress of these activities Provide the necessary evidence and data to support evaluations and findings Implement the necessary tools and techniques to achieve the y defined d fi d goalsl Advanced Test Analyst exams (and courses) focus on these main concepts Let’s look at sample course content and an exam question www.rbcs-us.com ISTQB Advanced Syllabus Copyright (c) RBCS 2008 Page 41
  • 42. D i i T bl Decision Tables Concept: test the rules that govern handling of transactional situations Model: table (or Boolean g p ) connecting ( graph) g conditions with actions Test derivation: fulfill conditions, check actions ti Coverage criteria: at least one test per combination of conditions (DT column) Bug hypothesis: improper action or missing action www.rbcs-us.com ISTQB Advanced Syllabus Copyright (c) RBCS 2008 Page 42
  • 43. Example: Decision Table (F ll) E pl D i i T bl (Full) Conditions 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 Real account? Y Y Y Y Y Y Y Y N N N N N N N N Active account? Y Y Y Y N N N N Y Y Y Y N N N N Within limit? Y Y N N Y Y N N Y Y N N Y Y N N Location k ? L ti okay? Y N Y N Y N Y N Y N Y N Y N Y N Actions Approve? A ? Y N N N N N N N N N N N N N N N Call cardholder? N Y Y Y N Y Y Y N N N N N N N N Call vendor? N N N N Y Y Y Y Y Y Y Y Y Y Y Y www.rbcs-us.com ISTQB Advanced Syllabus Copyright (c) RBCS 2008 Page 43
  • 44. E Example: D i i T t pl Deriving Tests In the example just shown, each column of the table is a test case We will create the conditions (which are the test’s inputs) We will verify the actions (which are the test s expected test’s results) In some cases, we might generate more than one test case per column (more later) In this case, some of the test cases don’t make much sense; e.g.: Account not real but account active? A lb i ? Account not real but account within limit? Maybe we don’t need all the columns in our decision table? www.rbcs-us.com ISTQB Advanced Syllabus Copyright (c) RBCS 2008 Page 44
  • 45. C ll p i a D i i T bl Collapsing Decision Table If the value of one or more particular conditions can’t can t affect the actions for two or more combinations of conditions, we can collapse the decision table This involves combining two or more columns Combinable columns often but not always next to each other Look for two or more columns that result in the same combination of actions (for all the actions in the table) Replace the conditions that are different in those columns with “-” (for don’t care/doesn’t matter/can’t happen) ( / / pp ) Repeat this process until no further columns share the same combination of actions or where collapse would erase an important distinction Be careful with tables that have non-exclusive rules www.rbcs-us.com ISTQB Advanced Syllabus Copyright (c) RBCS 2008 Page 45
  • 46. Example: Decision Table (C ll p d) E pl D i i T bl (Collapsed) Conditions 1 2 3 5 6 7 9 Column numbers retained for ease of reference to full table Real account? Y Y Y Y Y Y N Study carefully to understand Active account? Y Y Y N N N - why rule 4 could collapse into h l ld ll i rule 3, but not rule 3 into rule 2 Within limit? Y Y N Y Y N - The same logic also applies to g pp Location k ? L ti okay? Y N - Y N - - rule 8 collapsing into rule 7, but Actions not rule 7 into rule 6 Formula for number of columns Approve? A ? Y N N N N N N (2conditions) no longer applies Call cardholder? N Y Y N Y Y N Regular pattern of conditions no Call vendor? N N N Y Y Y Y longer applies l li www.rbcs-us.com ISTQB Advanced Syllabus Copyright (c) RBCS 2008 Page 46
  • 47. E i H Exercise: Home E it L I Equity Loan Insurance A new HELLOCARMS feature will allow selling a life insurance policy for the amount of a home equity loan to the borrower (no applicants for lines of credit or reverse mortgages) t ) The premium is calculated annually, at the beginning of each policy p p y period, based on the loan balance at , that time The base premium is $1 per $10,000 loan Premium increases by 50% based for each “yes” answer to the health questions on the next page Premium increases based on age and body mass index (BMI) table shown on following page www.rbcs-us.com ISTQB Advanced Syllabus Copyright (c) RBCS 2008 Page 47
  • 48. Sample E S pl Exam Question Q ti An on-line shoe-selling e-commerce Web site stocks the following g g options f men’s loafers: for ’ l f • Tassel: Tassel (T) or non-tassel (~T) • Color: Black (B), cordovan (C), or white (W) • Size: all full and half sizes from 8 to 14 (S=n) The store is overstocked with tasseled loafers of all sizes and colors, along with white loafers in all sizes, and cordovan loafers in sizes 13, 13 ½, and 14. As a result, they are offering a 10% discount (10%) and free shipping (FS) on these items items. Design a full decision table that shows all combinations of conditions, then collapse that table by using don’t care (“-“) notation where one or two conditions cannot influence the action. Which of the following statements is true about these two tables? A. The full table has 8 rules; the collapsed table has 5. B. The full table has 12 rules; the collapsed table has 7. C. The full table has 12 rules; the collapsed table has 5. p D. Both tables have 12 rules, as no combinations can collapse. www.rbcs-us.com ISTQB Advanced Syllabus Copyright (c) RBCS 2008 Page 48
  • 49. The ISTQB Advanced Syllabus Guiding the Way to Better Software Testing Advanced T h i l T t A l t Ad d Technical Test Analyst Goals, Excerpt, Goals Excerpt and Sample Exam Question
  • 50. B i an Ad Being Advanced T h i l T t A l t d Technical Test Analyst You should be able to: Structure the tasks defined in the test strategy in terms of technical requirements Analyze the internal structure of the system in sufficient detail to t meet the expected quality level t th t d lit l l Evaluate the system in terms of technical quality attributes such as performance, security, etc. Prepare and execute adequate testing and report on progress Conduct technical testing activities Provide the necessary evidence to support evaluations Implement the necessary tools and techniques Advanced Technical Test Analyst exams (and courses) focus on these main concepts Let s Let’s look at sample course content and an exam question www.rbcs-us.com ISTQB Advanced Syllabus Copyright (c) RBCS 2008 Page 50
  • 51. T h i l S it T ti Technical Security Testing Security is a key risk for many applications Security tests and failures are different from functional tests and failures, often arising from unintended side-effects Vulnerabilities (and thus tests) include data access, function, function malicious code insertion, denial of service, insertion service sniffing, encryption, and virus/ worms Vulnerabilities can arise from user interface, file system, operating system, and external software Increased quality in security can decrease quality in usability, perform usability perform, and functionality www.rbcs-us.com ISTQB Advanced Syllabus Copyright (c) RBCS 2008 Page 51
  • 52. D i i T h i l S it T t Designing Technical Security Tests The following approaches can be used to develop security tests Information retrieval Vulnerability scan Attack plans ttack p a s Security attacks The last is very similar to the functional attacks described in Chapter 4 Let s Let’s take a closer look… www.rbcs-us.com ISTQB Advanced Syllabus Copyright (c) RBCS 2008 Page 52
  • 53. Att ki D p d i and th UI Attacking Dependencies d the Dependencies Block access to libraries Manipulate l registry (or similar information) Force use of corrupt files User interface Manipulate and Overflow inputs replace files Switches and options Force low-resource Characters, operation commands www.rbcs-us.com ISTQB Advanced Syllabus Copyright (c) RBCS 2008 Page 53
  • 54. Att ki D i and I pl Attacking Design d Implementation t ti Design Common accounts and passwordsd Unprotected APIs Implementation Connect to all ports p Manipulate time M i l t ti Create loops (e.g., using scripts) Duplicate high- p privilege files g Use unusual workflows Force error messages Force resets Sniff temporary files www.rbcs-us.com ISTQB Advanced Syllabus Copyright (c) RBCS 2008 Page 54
  • 55. Example: Security Setting Attack E pl S it S tti Att k www.rbcs-us.com ISTQB Advanced Syllabus Copyright (c) RBCS 2008 Page 55
  • 56. Sample E S pl Exam Question Q ti Which of the following is an example of a defect we would expect to find during technical security testing? A. Slow response time B. Resource over-utilization C. Invalid privilege elevation p g D. Frequent system crashes www.rbcs-us.com ISTQB Advanced Syllabus Copyright (c) RBCS 2008 Page 56
  • 57. The ISTQB Advanced Syllabus Guiding the Way to Better Software Testing Bibliography Bibli ph
  • 58. St d d Standards British Computer Society, BS 7925-2 (1998), “Software p y, ( ), Component Testing” Institute of Electrical and Electronics Engineers, IEEE Std 829 (1998/2007), “IEEE Standard for Software Test Documentation” Institute of Electrical and Electronics Engineers, IEEE Std 1028 (1997), “IEEE Standard for Software Reviews” Institute of Electrical and Electronics Engineers, IEEE Std 1044 (1993), IEEE (1993) “IEEE Standard Classification for Software Anomalies Anomalies” International Standards Organization, ISO/IEC 9126-1:2001, “Software Engineering – Software Product Quality” International Software Testing Qualifications Board ISTQB Board, Glossary (2007), “ISTQB Glossary of terms used in Software Testing, Version 2.0” US Federal Aviation Administration, DO-178B/ED-12B, , / , “Software Considerations in Airborne Systems and Equipment Certification” www.rbcs-us.com ISTQB Advanced Syllabus Copyright (c) RBCS 2008 Page 58
  • 59. B k Books Boris Beizer, Black-Box Testing, Wiley, 1995 o s e e , lack ox esting, W ey, 995 Rex Black, Managing the Testing Process (2nd edition), Wiley, 2002 Rex Black, Critical Testing Processes, Addison-Wesley, 2003 Rex Black Pragmatic Software Testing Wiley 2007 Black, Testing, Wiley, Ilene Burnstein, Practical Software Testing, Springer, 2003 Lee Copeland, A Practitioner’s Guide to Software Test Design, Artech House, 2003 A hH Rick Craig and Stefan Jaskiel, Systematic Software Testing, Artech House, 2002 Paul Gerrard and Neil Thompson, Risk-based e-Business Testing, Artech House, 2002 Tom Gilb and Dorothy Graham, Software Inspection, Addison- Wesley, 1993 www.rbcs-us.com ISTQB Advanced Syllabus Copyright (c) RBCS 2008 Page 59
  • 60. B k Books Dorothy Graham, Erik van Veenendaal, Isabel Evans, Rex Black, Foundations of Software Testing, Thomson Learning, 2007 M. Grochmann, “Test case design using Classification Trees”, Conference Proceedings of STAR 1994 g 99 Paul Jorgensen, Software Testing: A Craftsman’s Approach (Second Edition), CRC Press, 2002 Cem Kaner, James Bach, Bret Pettichord Lessons Learned in Kaner Bach Pettichord, Software Testing; Wiley, 2002 Tim Koomen, Martin Pol, Test Process Improvement, Addison- Wesley, Wesley 1999 Glenford Myers, The Art of Software Testing, Wiley, 1979 Martin Pol, Ruud Teunissen, Erik van Veenendaal, Software Testing: A Guide to the T map Approach Addison Wesley 2002 T-map Approach, Addison-Wesley, www.rbcs-us.com ISTQB Advanced Syllabus Copyright (c) RBCS 2008 Page 60
  • 61. B k Books Steve Splaine a d Stefan Jaskiel, he Web esting andbook, Steven Sp a e and Ste a Jask e , The Web-Testing Handbook, STQE Publishing, 2001 D. H. Stamatis, Failure Mode and Effect Analysis, ASQ Press, 1995 Erik van Veenendaal editor, The Testing Practitioner UTN Veenendaal, editor Practitioner, Publishing, 2002 James Whittaker, How to Break Software, Addison-Wesley, 2003 James Whittaker and Herbert Thompson How to Break Software Thompson, Security, Addison-Wesley, 2004 www.rbcs-us.com ISTQB Advanced Syllabus Copyright (c) RBCS 2008 Page 61
  • 62. The ISTQB Advanced Syllabus Guiding the Way to Better Software Testing For M I f F More Information… ti
  • 63. …Contact RBCS C t t For over a dozen years, RBCS has delivered services in consulting, outsourcing and training for software and hardware testing Employing the industry’s most testing. industry s experienced and recognized consultants, RBCS conducts product testing, builds and improves testing groups and hires testing staff for hundreds of clients worldwide. Ranging from Fortune 20 companies to start-ups, RBCS clients save g g p p time and money through improved product development, decreased tech support calls, improved corporate reputation and more. To learn more about RBCS, visit www.rbcs-us.com. Address: Add RBCS, I RBCS Inc. 31520 Beck Road Bulverde, TX 78163-3911 USA Phone: +1 (830) 438-4830 Fax: +1 (830) 438-4831 E-mail: info@rbcs-us.com Web: W b www.rbcs-us.com b www.rbcs-us.com ISTQB Advanced Syllabus Copyright (c) RBCS 2008 Page 63
  • 64. The ISTQB Advanced Syllabus Guiding the Way to Better Software Testing Q Questions, Comments, , , and Discussion?