SlideShare a Scribd company logo

Requirements Verification v3

Ian McDonald
Ian McDonald

This presentation is aimed to stimulate improvement at requirements review, with the intent of improving defect injection. Some specific mention is made of non-functional requirements - specifically performance and security. This is one slide pack of a set.

Technology
1 of 38
1 Ian McDonald Requirements Verification © 2010, 2012. 2013 Ian McDonald
2 Overview  This slide set deals with requirements and early high level assessment. Special mention is made of non-functional requirements such as performance and security.  The presentation is specifically targeted at functional testers and requirements authors to stimulate the initial thought process in considering non-functional requirements, when no or limited performance or security would otherwise be considered.
3 A Successful Requirement This section deals with what is a successful requirement?
4 Good Requirements Good Requirements provide:  Clarity of purpose.  Limits and boundaries that are defined.  Clarity and traceability, so:  Development is quick.  Testing is fast and effective, mitigating risk.  Product is fast to market – making the right impact.  Financial Return is good.  Maintenance is low.
5 Requirements Test Checks Get a test lead to check the requirements over. Typical problems that can be sorted are: Structure related – risk of missing important attributes. Gaps in requirements – not all options considered. Poor attention to performance requirements. Lack of attention to security requirements.
6 Requirements Fault Injection  Testing starts with the requirements.  A significant cost saving can be created by ensuring that the requirements are tested prior to starting coding.  The test team will become the guardians of the requirements, ensuring that was is required is delivered. It is therefore vital that the test team have a full understanding of the requirements and that the requirements are structured to assist the test team in ensuring that the business vision is delivered. Typical Fault Origin and detection rates within the industry. Note: Fault cost assumes an hourly cost of £15.
7 Good Requirements – POWER CO  Good requirements lead to good products. Good requirements are:  Possible - Feasible  Ordered – Prioritised  Well Written – Correct  Essential – Necessary  Recognisable – Reasoned  Checkable – Verifiable  On its Own – Single Logical Statements
8 Possible - Feasible  Write requirements that are possible to implement within the capabilities and limitations of the system and environment.  Avoid unrealistic requirements such as “instantly” or “immediately”.  Avoid infeasible requirements, by having a developer work with the requirements analysts or marketing personnel throughout the requirement creation process. The developer will provide a reality check on:  What can and cannot be done technically,  What can only be done at excessive cost or with other tradeoffs.
9 Ordered – Prioritised  Assign a priority to each requirement, feature, or use case to indicate how essential it is to include it in a particular product release.  If delivering within an Agile lifecycle then delivery time is fixed and product content sacrifices are made.  Customers or their representatives have responsibility in establishing priorities.  When the requirements are regarded as equally important, the project manager is less able to react to:  New requirements added during development,  budget cuts,  schedule overruns  departure of a team member.  Priority represents a measure of the value provided to the customer, relative cost of implementation and the technical risk of implementation.  Priority levels are typically:  Critical priority - requirement must be incorporated in the next product release even if this means a delay. Ideally this will be no more than 10% of the total number.  High priority - requirement to be incorporated in the next product release, but should not cause a delay to go live. Ideally this will be no more than 20% of the total number.  Medium priority - requirement is necessary but it can be deferred to a later release. Typically this will be no more than 40% of the total number.  Low priority – requirement is a nice to have, but it can be dropped if insufficient time or resources.
10 Well Written – Correct  Describe each individual requirement precisely and correctly.  Document the source of the requirement. e.g. customer reference, higher-level system requirements specification, change request, etc.  If a software requirement conflicts with a corresponding system requirement then an error is present.  Only user representatives can determine if a requirement is correct so for a requirements inspection include them, or their representatives.  Otherwise: lead to guessing or incorrect assumptions by developers and testers:  This leads to code defects and even a product recall.
11 Essential – Necessary  Each requirement documents something the customers needs or something that is required for conformance to an external requirement, an external interface, or a standard.  Each requirement originates from an authoritative source.  Each requirement is traced back to its origin. e.g. use case, system requirement, regulation, other customer input.  If no origin, then is the requirement “over engineering” and not essential?
12 Recognisable – Reasoned  A good requirements has only one consistent interpretation.  Multiple readers will have the same interpretation.  Avoid subjective words like: user-friendly, easy, simple, rapid, fast, efficient, several, state-of-the-art, improved, maximise, and minimise. Think what is the logical test that provides evidence of pass or fail.  Words that are clear to the requirements author may not be clear to readers. Write each requirement in clear, simple language, avoid techno-gabble – if this is necessary, then define it in a glossary.  To reveal ambiguity:  Carry out formal inspections of the requirements specifications,  Write test cases from requirements,  Create user scenarios illustrating any expected product behaviour.
13 Checkable – Verifiable  Each requirement is properly implemented in the product. This is achieved by:  Tests which are repeatable with clear pass / fail criteria.  Verification approaches, such as inspection or demonstration.  If a requirement is not verifiable, then just a matter of opinion. The Requirement was of poor quality not the product.  Requirements must be consistent, feasible, unambiguous and verifiable.  Any requirement that says the product shall "support" something is not verifiable. (Support to what level? Be specific).
14 On its Own – Single Logical Statements  A single Requirement will have a single test or group of tests associated to prove delivery.  A Change in requirement means a change in test.  Within the configuration control – build in triggers, otherwise testing may not test the latest requirements.  DO NOT write long winded paragraphs sighting great detail of functionality in one single Requirement clause. Avoid “AND”, “OR”, “Either”, etc. Single requirement – single proof (although perhaps many tests for a single proof set – e.g. boundary values).  Where necessary break top level requirements (A- Level) into lower (B-Level) requirements to provide clarity. Testing all B-levels will automatically mean that the A-level requirement needs no further testing in isolation (since all components were tested).
15 Managing Success This section deals with how to manage requirements for a successful delivery.
16 Review for Correctness Is the Requirement Correct? Is the requirement within the release scope? Is the requirement logically derived and not just an arbitrary value? Is the requirement technically possible? Is the requirement over-stringent? Is it a requirement (what) as opposed to a description of implementation (how)?
17 Review for Ambiguity Is the Requirement Unambiguous and Measurable? A statement that can only be interpreted one way. Does not contain weak phrases or a poor sentence structure that can be misinterpreted.
18 Review for Atomic, Traceable & Manageable  Is the Requirement Atomic, Traceable & Manageable?  Requirement is a single logical statement that cannot be separated out into ‘smaller’ sub-requirements.  Contains no logical AND/OR statements.  All requirements have a unique single identifier that can be used to map tests and software features to the requirements from which they were derived.  All lower sub-requirements are traceable to parent- requirements.  An infrastructure is in place to support the requirement and test traceability.  Related requirements are grouped together and refer to each other.  The requirement structure and style can be preserved even if the parameter value of the requirement change.
19 Review for Testable & Verifiable  Is the Requirement Testable and Verifiable?  Can the requirement be tested with a pass/fail or quantitative assessment criteria derived from the specification itself and/or referenced information?  No subjective statements. Requiring that a system must be easy to use is subjective and therefore is not testable.  Are the valid / Invalid ranges defined?  Performance requirements state under what conditions the requirement is true. E.g. is a login response time to be measured for a single login, or while 200 virtual users are logging on spread over a 3 minute period?
20 Review for Consistency Is the requirement set consistent? A consistent specification has no conflict between individual requirement statements. The defined behaviour of essential capabilities, specified behavioural properties and constraints do not have an adverse impact on that behaviour.  For example: “The only aircraft that is totally safe is one that cannot be started, contains no fuel or other liquids, and is securely tied down” (NASA).
21 Review for Prioritisation Are Requirements Prioritised? Requirements need to be ranked according to importance for delivery, based upon the importance of the overall Business Goal.
22 Review for Impact Assessment Are Requirements Impact Assessed? Is the requirement assessed for its impact [High(3)/Medium(2)/Low(1)] upon the business if the requirement fails?  NOTE: Test Risk Score = (Impact Score) x (Development Assessed Likelihood of Failure Score). The Development Assessed Likelihood of Failure Score can be assessed by the development team by assigning a numerical value: e.g.: Extremely Likely on a weekly bases (4), Likely on a quarterly bases (3), Possible (2), Outside small chance or lower (1).
23 Managing review Feedback  To optimise the review feedback, consider maintaining a Review card to mark the requirement against each criteria (pass/fail).  The review should be carried out by users, the test manager and the development manager – so there is a full understanding and lack of future requirement blame. If a requirement later causes a problem then it is the fault of the review process.  Identify the mitigation actions required for all high risk requirements.
24 Non Functional Requirements This section specifically looks at performance and security testing
25 Special Case of Non Functional Requirements  13 non-functional requirements are specifically identified within IEEE-Std 830.  Performance  Security  Interface  Operational  Resource  Verification  Acceptance  Documentation  Portability  Quality  Reliability  Maintainability  Safety  Other groupings often identified include:  Implementation  Interface  Operations  Legal  Within this presentation 2 specifically are identified for special mention:  Performance  Security.
26 Performance Testing Introduction This section starts to deal with performance testing. It is intended only to stimulate thought – where perhaps no previous consideration has been given to early performance testing. It does not cover the details of how to define and set up tests or in how to interpret results. It is purely focused on early mitigation.
27 Performance Requirement Types Performance Criteria often include:  Availability - The proportion of time a system is in a functioning condition.  Response time - The interval from when an operator at a terminal enters a request, to the instant at which the first character of the response is received at a terminal. In data systems, the system response time is the interval from the receipt of an end of transmission for an inquiry message, to the start of a response transmission.  Channel (or Shannon) Capacity - The tightest upper bound on the rate of information that can be reliably transmitted over a communications channel.  Latency - The time delay experienced in a system  Completion time - The amount of time required for a specific task to be completed.  Service time - The time duration to service a specific item.  Bandwidth - The measurement of the bit-rate for available or consumed data communication, expressed in multiples of bits per second (bit/s, kbit/s, Mbit/s, Gbit/s, etc.) for computer networks.  Capacity - The total measure that can be contained or produced for the system. This can include for Example Requirement: data traffic or data storage.  Throughput - The average rate of successful message delivery over a communication channel.  Efficiency - The resource consumption for a given load.  Scalability - The ability for a system, network, or process to handle an increased amount of work in an appropriate manner, or the ability to be enlarged to accommodate growth or demand.  CPU benchmarks - The performance characteristics for a specific central processor unit. However this can apply to the running of software on a specific CPU type.  Resource constraints include processor speed, memory, disk space, network bandwidth, etc.
28 General Principles for Performance Requirements 1. Avoid phrases such as “immediately” or “instantaneous” All transactions take some time. 2. Avoid requirements that would need control over external systems. For example to carry out a timing test over the internet would mean that the traffic would need to be controlled and kept consistent each time. So consider where the measurement is to be taken and under what conditions. A simulated load might be required and the user terminal might need to be connected at the data centre, for the timing to be valid. 3. Think about tolerances of readings. E.g. If a timing is to be measured as 3 seconds, would the test fail if the reading was either 2.99s or 3.2 sec? Specify either the top or bottom limit as appropriate. If necessary specify the range or tolerance permitted.
29 Example Performance Requirements  The system shall be available 24/7 for 363 days in any one calendar year.  When an operator requests data, it shall start to be presented on the screen within no more than 3 seconds. Based upon a normal background scenario running (As described in document XYZ) and the user terminal being connected to the server.  The channel capacity for 6.2GHz at a distance of 11m shall be greater than 10-6.  for a web page download containing 512Kb of text, the latency shall not be greater than 900 ms.  Upon submitting a request to create a new user profile, the profile shall be created within 2.1 seconds (+/- 0.2s), based upon a normal background scenario running (As described in document XYZ).  The timing from the moment the credit transaction is submitted to the server, a user information message for the outcome of the transaction is to be sent to the user within no more than 10 seconds.  The interface shall transmit data at a minimum rate of 9,600 bits/second.  The spectral efficiency (or modulation efficiency) is to be not less than:  18.1 (bit/s)/Hz downstream.  15.5 (bit/s)/Hz upstream.  The telecommunications bandwidth shall be not less than 4.5 KHz.  Application X shall be able to be installed on a Windows 7 Pro system with a minimum of 2Gb of free hard drive space.  For an Ethernet connection of between 98 and 101 Mbit/s, the throughput shall not be less than 70 Mbit/s.  When dealing with current process demand levels (detailed within document ABC), the replacement system shall be at least 40% more energy efficient than the existing systems (whose energy consumption figures are contained within document ABC).  The system shall be scalable to accommodate growth from 1,000 records to 500 million records.  Game X shall run at 60 +/- 2 frames per second on a system containing a Corei7-2620M 2.7GHz processor with a HP Elitebook 8510w Nvidia 256mb laptop video graphic card.  Application X shall function with a minimum of 4GB of RAM on a laptop containing a Corei7-2620M 2.7GHz processor.
30 General rule for testers  Do not leave performance till post integration. At that point it can be too late to fix problems and so only patching is possible, potentially opening up security weaknesses. Instead: 1. Create a realistic understanding of the operational conditions. 2. Design in performance – check the requirements and design. 3. Review code for performance issues. 4. Test unit code for performance. 5. Test the application for performance. 6. Test the system for performance.
31 Security Section This section starts to deal with security testing. It is intended only to stimulate thought – where perhaps no previous consideration has been given to early security testing. It does not cover the details of security testing or penetration testing.
32 Security Requirements  Security requirements seek to ensure:  Denial of unauthorised access to the system and the system data.  Defend the integrity of the system from malicious (including harmful accidental) damage  There are at least two basic metric groupings:  The ability to resist unauthorised attempts at usage  Continued service to genuine users while the system is under attack - avoiding Denial of Service (DoS).
33 Negative and Non-Functional  Software is often not tested for security. At best the system may be subjected to a penetration test, which can often be a high level assessment. To improve security, software must be secure by design.  However usually requirements for software security are not specified. Further, negative and non-functional requirements may not be documented because they are not considered by requirements authors as “testable” or “actionable”.  To design in security from the start, the requirements author needs to go through a the process of listing the negative and non- functional requirements that are crucial to security.  Next the requirements author needs to analyse the negative and non-functional requirements to determine the resulting functional requirements required to support security.  The catch is the requirements authors may not have the skill set to do this.
34 Early Security Consideration  When addressing security early consider:  Assume the system will be hacked. What is the inner defence?  Normal entry point may be secure by password, but what if it is disclosed, or data is stolen by an employee?  Do all users have access to all data?  Are there any back door connections to 3rd party systems that may be less secure?  For data entry are the fields open to any data – allowing SQL injection? Limit data content and size.  Is there any security monitoring in place – do not rely upon this – still test applications!
35 Security Risk  In assessing security risk, the use of metrics is important, since that will direct the tester to the greatest need for mitigation.  Authentication metrics.  User types and access to data.  Resistance to known attack types.  Probability of finding a key – time, effort and resources needed.  Percentage of services available during an attack.  Lifespan of a password.  Lifespan of a session.
36 Agile response to Non-functional testing  For the tester, the key to success is to ensure that non-functional testing starts early.  Within an Agile delivery approach, this means including non-functional requirement tests in the early burn-down lists, ensuring that test activities are included. The scope of the tests may well grow at each sprint, but they need to be included from the start.
37 Mitigating Security Risk Understand the threats and assume the worse will happen. What is the next line of defence. Review the requirements and architecture for security. Review code early for security issues. Test the application for security issues. Test the system for security issues.
38 END Slides created by: Ian R. McDonald uk.linkedin.com/in/islandsystems

Recommended

Quality Control in Development
Quality Control in DevelopmentQuality Control in Development
Quality Control in DevelopmentSalesforce Developers
 
Software Quality Assurance (QA) Testing Interview Questions & Answers
Software Quality Assurance (QA) Testing Interview Questions & AnswersSoftware Quality Assurance (QA) Testing Interview Questions & Answers
Software Quality Assurance (QA) Testing Interview Questions & AnswersJanBask Training
 
Testing banking apps
Testing banking appsTesting banking apps
Testing banking appsChristian Ramirez
 
CHAPTER 1 BASIC CONCEPTS AND PRELIMINARIES
CHAPTER 1 BASIC CONCEPTS AND PRELIMINARIESCHAPTER 1 BASIC CONCEPTS AND PRELIMINARIES
CHAPTER 1 BASIC CONCEPTS AND PRELIMINARIESSamruddhi Sheth
 
software testing for beginners
software testing for beginnerssoftware testing for beginners
software testing for beginnersBharathi Ashok
 
QAustral Testing
QAustral TestingQAustral Testing
QAustral Testingcusmaim
 
Software Testing Interview Q&A – part 1
Software Testing Interview Q&A – part 1Software Testing Interview Q&A – part 1
Software Testing Interview Q&A – part 1Khoa Bui
 
Best practices quality assurance
Best practices quality assuranceBest practices quality assurance
Best practices quality assuranceShakal Shukla
 

Recommended

Quality Control in Development
Quality Control in DevelopmentQuality Control in Development
Quality Control in DevelopmentSalesforce Developers
 
Software Quality Assurance (QA) Testing Interview Questions & Answers
Software Quality Assurance (QA) Testing Interview Questions & AnswersSoftware Quality Assurance (QA) Testing Interview Questions & Answers
Software Quality Assurance (QA) Testing Interview Questions & AnswersJanBask Training
 
Testing banking apps
Testing banking appsTesting banking apps
Testing banking appsChristian Ramirez
 
CHAPTER 1 BASIC CONCEPTS AND PRELIMINARIES
CHAPTER 1 BASIC CONCEPTS AND PRELIMINARIESCHAPTER 1 BASIC CONCEPTS AND PRELIMINARIES
CHAPTER 1 BASIC CONCEPTS AND PRELIMINARIESSamruddhi Sheth
 
software testing for beginners
software testing for beginnerssoftware testing for beginners
software testing for beginnersBharathi Ashok
 
QAustral Testing
QAustral TestingQAustral Testing
QAustral Testingcusmaim
 
Software Testing Interview Q&A – part 1
Software Testing Interview Q&A – part 1Software Testing Interview Q&A – part 1
Software Testing Interview Q&A – part 1Khoa Bui
 
Best practices quality assurance
Best practices quality assuranceBest practices quality assurance
Best practices quality assuranceShakal Shukla
 
Testing overview
Testing overviewTesting overview
Testing overviewAnandhababu Msj
 
Not Your Grandfather's Requirements-Based Testing Webinar – Robin Goldsmith, ...
Not Your Grandfather's Requirements-Based Testing Webinar – Robin Goldsmith, ...Not Your Grandfather's Requirements-Based Testing Webinar – Robin Goldsmith, ...
Not Your Grandfather's Requirements-Based Testing Webinar – Robin Goldsmith, ...XBOSoft
 
EDLC-EMBEDDED PRODUCT DEVELOPMENT LIFE CYCLE
EDLC-EMBEDDED PRODUCT DEVELOPMENT LIFE CYCLEEDLC-EMBEDDED PRODUCT DEVELOPMENT LIFE CYCLE
EDLC-EMBEDDED PRODUCT DEVELOPMENT LIFE CYCLESabeel Irshad
 
Sw testing and qa basics
Sw testing and qa basicsSw testing and qa basics
Sw testing and qa basicsVladimir Shterenberg
 
2011/09/20 - Software Testing
2011/09/20 - Software Testing2011/09/20 - Software Testing
2011/09/20 - Software TestingFernando Brito e Abreu
 
Testing fundamental stqa
Testing fundamental stqaTesting fundamental stqa
Testing fundamental stqaSwati Patel
 
James Brodie - Outsourcing Partnership - Shared Perspectives
James Brodie - Outsourcing Partnership - Shared Perspectives James Brodie - Outsourcing Partnership - Shared Perspectives
James Brodie - Outsourcing Partnership - Shared Perspectives TEST Huddle
 
Manual testing good notes
Manual testing good notesManual testing good notes
Manual testing good notesdkns0906
 
Asril_Resume_LinkedIn
Asril_Resume_LinkedInAsril_Resume_LinkedIn
Asril_Resume_LinkedInMuhamad Asril Abdullah
 
Black box
Black boxBlack box
Black boxNikunj Kathiria
 
Software testing-in-gurgaon
Software testing-in-gurgaonSoftware testing-in-gurgaon
Software testing-in-gurgaonAP EDUSOFT
 
SuchhandaDey_Exp_Resume
SuchhandaDey_Exp_ResumeSuchhandaDey_Exp_Resume
SuchhandaDey_Exp_Resumesuchhanda dey
 
Inverting The Testing Pyramid
Inverting The Testing PyramidInverting The Testing Pyramid
Inverting The Testing PyramidNaresh Jain
 
Risk-Based Testing for Agile Projects
Risk-Based Testing for Agile ProjectsRisk-Based Testing for Agile Projects
Risk-Based Testing for Agile ProjectsTechWell
 
Prasanth Namama_Resume
Prasanth Namama_ResumePrasanth Namama_Resume
Prasanth Namama_Resumeprasanth namana
 
Performance Engineering Basics
Performance Engineering BasicsPerformance Engineering Basics
Performance Engineering BasicsImpetus Technologies
 
An Introduction to Software Performance Engineering
An Introduction to Software Performance EngineeringAn Introduction to Software Performance Engineering
An Introduction to Software Performance EngineeringCorrelsense
 
What is performance_engineering_v0.2
What is performance_engineering_v0.2What is performance_engineering_v0.2
What is performance_engineering_v0.2Trevor Warren
 
EDLC-EMBEDDED PRODUCT DEVELOPMENT LIFE CYCLE
EDLC-EMBEDDED PRODUCT DEVELOPMENT LIFE CYCLEEDLC-EMBEDDED PRODUCT DEVELOPMENT LIFE CYCLE
EDLC-EMBEDDED PRODUCT DEVELOPMENT LIFE CYCLESabeel Irshad
 
2 cop managingcreditrisk
2 cop managingcreditrisk2 cop managingcreditrisk
2 cop managingcreditriskBinsa Sharma
 
Fact finding presentation
Fact finding presentationFact finding presentation
Fact finding presentationRam Dayal
 
Primary and Secondary market
Primary and Secondary market Primary and Secondary market
Primary and Secondary market Rohit Kumar
 

More Related Content

What's hot

Not Your Grandfather's Requirements-Based Testing Webinar – Robin Goldsmith, ...
Not Your Grandfather's Requirements-Based Testing Webinar – Robin Goldsmith, ...Not Your Grandfather's Requirements-Based Testing Webinar – Robin Goldsmith, ...
Not Your Grandfather's Requirements-Based Testing Webinar – Robin Goldsmith, ...XBOSoft
 
EDLC-EMBEDDED PRODUCT DEVELOPMENT LIFE CYCLE
EDLC-EMBEDDED PRODUCT DEVELOPMENT LIFE CYCLEEDLC-EMBEDDED PRODUCT DEVELOPMENT LIFE CYCLE
EDLC-EMBEDDED PRODUCT DEVELOPMENT LIFE CYCLESabeel Irshad
 
Testing fundamental stqa
Testing fundamental stqaTesting fundamental stqa
Testing fundamental stqaSwati Patel
 
James Brodie - Outsourcing Partnership - Shared Perspectives
James Brodie - Outsourcing Partnership - Shared Perspectives James Brodie - Outsourcing Partnership - Shared Perspectives
James Brodie - Outsourcing Partnership - Shared Perspectives TEST Huddle
 
Manual testing good notes
Manual testing good notesManual testing good notes
Manual testing good notesdkns0906
 
Software testing-in-gurgaon
Software testing-in-gurgaonSoftware testing-in-gurgaon
Software testing-in-gurgaonAP EDUSOFT
 
SuchhandaDey_Exp_Resume
SuchhandaDey_Exp_ResumeSuchhandaDey_Exp_Resume
SuchhandaDey_Exp_Resumesuchhanda dey
 
Inverting The Testing Pyramid
Inverting The Testing PyramidInverting The Testing Pyramid
Inverting The Testing PyramidNaresh Jain
 
Risk-Based Testing for Agile Projects
Risk-Based Testing for Agile ProjectsRisk-Based Testing for Agile Projects
Risk-Based Testing for Agile ProjectsTechWell
 
An Introduction to Software Performance Engineering
An Introduction to Software Performance EngineeringAn Introduction to Software Performance Engineering
An Introduction to Software Performance EngineeringCorrelsense
 
What is performance_engineering_v0.2
What is performance_engineering_v0.2What is performance_engineering_v0.2
What is performance_engineering_v0.2Trevor Warren
 
EDLC-EMBEDDED PRODUCT DEVELOPMENT LIFE CYCLE
EDLC-EMBEDDED PRODUCT DEVELOPMENT LIFE CYCLEEDLC-EMBEDDED PRODUCT DEVELOPMENT LIFE CYCLE
EDLC-EMBEDDED PRODUCT DEVELOPMENT LIFE CYCLESabeel Irshad
 

What's hot (19)

Testing overview
Testing overviewTesting overview
Testing overview
 
Not Your Grandfather's Requirements-Based Testing Webinar – Robin Goldsmith, ...
Not Your Grandfather's Requirements-Based Testing Webinar – Robin Goldsmith, ...Not Your Grandfather's Requirements-Based Testing Webinar – Robin Goldsmith, ...
Not Your Grandfather's Requirements-Based Testing Webinar – Robin Goldsmith, ...
 
EDLC-EMBEDDED PRODUCT DEVELOPMENT LIFE CYCLE
EDLC-EMBEDDED PRODUCT DEVELOPMENT LIFE CYCLEEDLC-EMBEDDED PRODUCT DEVELOPMENT LIFE CYCLE
EDLC-EMBEDDED PRODUCT DEVELOPMENT LIFE CYCLE
 
Sw testing and qa basics
Sw testing and qa basicsSw testing and qa basics
Sw testing and qa basics
 
2011/09/20 - Software Testing
2011/09/20 - Software Testing2011/09/20 - Software Testing
2011/09/20 - Software Testing
 
Testing fundamental stqa
Testing fundamental stqaTesting fundamental stqa
Testing fundamental stqa
 
James Brodie - Outsourcing Partnership - Shared Perspectives
James Brodie - Outsourcing Partnership - Shared Perspectives James Brodie - Outsourcing Partnership - Shared Perspectives
James Brodie - Outsourcing Partnership - Shared Perspectives
 
Manual testing good notes
Manual testing good notesManual testing good notes
Manual testing good notes
 
Asril_Resume_LinkedIn
Asril_Resume_LinkedInAsril_Resume_LinkedIn
Asril_Resume_LinkedIn
 
Black box
Black boxBlack box
Black box
 
Software testing-in-gurgaon
Software testing-in-gurgaonSoftware testing-in-gurgaon
Software testing-in-gurgaon
 
SuchhandaDey_Exp_Resume
SuchhandaDey_Exp_ResumeSuchhandaDey_Exp_Resume
SuchhandaDey_Exp_Resume
 
Inverting The Testing Pyramid
Inverting The Testing PyramidInverting The Testing Pyramid
Inverting The Testing Pyramid
 
Risk-Based Testing for Agile Projects
Risk-Based Testing for Agile ProjectsRisk-Based Testing for Agile Projects
Risk-Based Testing for Agile Projects
 
Prasanth Namama_Resume
Prasanth Namama_ResumePrasanth Namama_Resume
Prasanth Namama_Resume
 
Performance Engineering Basics
Performance Engineering BasicsPerformance Engineering Basics
Performance Engineering Basics
 
An Introduction to Software Performance Engineering
An Introduction to Software Performance EngineeringAn Introduction to Software Performance Engineering
An Introduction to Software Performance Engineering
 
What is performance_engineering_v0.2
What is performance_engineering_v0.2What is performance_engineering_v0.2
What is performance_engineering_v0.2
 
EDLC-EMBEDDED PRODUCT DEVELOPMENT LIFE CYCLE
EDLC-EMBEDDED PRODUCT DEVELOPMENT LIFE CYCLEEDLC-EMBEDDED PRODUCT DEVELOPMENT LIFE CYCLE
EDLC-EMBEDDED PRODUCT DEVELOPMENT LIFE CYCLE
 

Viewers also liked

2 cop managingcreditrisk
2 cop managingcreditrisk2 cop managingcreditrisk
2 cop managingcreditriskBinsa Sharma
 
Fact finding presentation
Fact finding presentationFact finding presentation
Fact finding presentationRam Dayal
 
Primary and Secondary market
Primary and Secondary market Primary and Secondary market
Primary and Secondary market Rohit Kumar
 
Fact - Finding Techniques
Fact - Finding TechniquesFact - Finding Techniques
Fact - Finding Techniquesgomzy22
 
Fact finding techniques
Fact finding techniquesFact finding techniques
Fact finding techniquesimthiyasbtm
 
System Analysis Fact Finding Methods
System Analysis Fact Finding MethodsSystem Analysis Fact Finding Methods
System Analysis Fact Finding MethodsMoshikur Rahman
 

Viewers also liked (6)

2 cop managingcreditrisk
2 cop managingcreditrisk2 cop managingcreditrisk
2 cop managingcreditrisk
 
Fact finding presentation
Fact finding presentationFact finding presentation
Fact finding presentation
 
Primary and Secondary market
Primary and Secondary market Primary and Secondary market
Primary and Secondary market
 
Fact - Finding Techniques
Fact - Finding TechniquesFact - Finding Techniques
Fact - Finding Techniques
 
Fact finding techniques
Fact finding techniquesFact finding techniques
Fact finding techniques
 
System Analysis Fact Finding Methods
System Analysis Fact Finding MethodsSystem Analysis Fact Finding Methods
System Analysis Fact Finding Methods
 

Similar to Requirements Verification v3

Requirements validation - requirements engineering
Requirements validation - requirements engineeringRequirements validation - requirements engineering
Requirements validation - requirements engineeringRa'Fat Al-Msie'deen
 
Choosing an alm tool set
Choosing an alm tool setChoosing an alm tool set
Choosing an alm tool setIan McDonald
 
Independent verification & validation presented by Maneat v02
Independent verification & validation presented by Maneat v02Independent verification & validation presented by Maneat v02
Independent verification & validation presented by Maneat v02Dr. Pierpaolo Mangeruga
 
Lecture 04
Lecture 04Lecture 04
Lecture 04Rana Ali
 
Software testing main
Software testing mainSoftware testing main
Software testing mainYogeshDhamke2
 
Software Requirements (3rd Edition) summary
Software Requirements (3rd Edition) summarySoftware Requirements (3rd Edition) summary
Software Requirements (3rd Edition) summaryAhmed Kamel Taha
 
The Complete Web Application Security Testing Checklist
The Complete Web Application Security Testing ChecklistThe Complete Web Application Security Testing Checklist
The Complete Web Application Security Testing ChecklistCigital
 
Manual testing
Manual testingManual testing
Manual testingAjit Jain
 
Basic interview questions for manual testing
Basic interview questions for manual testingBasic interview questions for manual testing
Basic interview questions for manual testingJYOTI RANJAN PAL
 
Week5 Ensure Analysis Is Accurate And Complete
Week5 Ensure Analysis Is Accurate And CompleteWeek5 Ensure Analysis Is Accurate And Complete
Week5 Ensure Analysis Is Accurate And Completehapy
 
Software quality assurance
Software quality assuranceSoftware quality assurance
Software quality assuranceRajeev Sharan
 
Software Testing Interview Questions For Experienced
Software Testing Interview Questions For ExperiencedSoftware Testing Interview Questions For Experienced
Software Testing Interview Questions For Experiencedzynofustechnology
 
Quality assurance by Sadquain
Quality assurance by Sadquain Quality assurance by Sadquain
Quality assurance by Sadquain Xad Kuain
 
Interview questions and answers for quality assurance
Interview questions and answers for quality assuranceInterview questions and answers for quality assurance
Interview questions and answers for quality assuranceGaruda Trainings
 
Chapter16For all types of project and in their different sizes, .docx
Chapter16For all types of project and in their different sizes, .docxChapter16For all types of project and in their different sizes, .docx
Chapter16For all types of project and in their different sizes, .docxchristinemaritza
 

Similar to Requirements Verification v3 (20)

Requirements validation - requirements engineering
Requirements validation - requirements engineeringRequirements validation - requirements engineering
Requirements validation - requirements engineering
 
Choosing an alm tool set
Choosing an alm tool setChoosing an alm tool set
Choosing an alm tool set
 
Independent verification & validation presented by Maneat v02
Independent verification & validation presented by Maneat v02Independent verification & validation presented by Maneat v02
Independent verification & validation presented by Maneat v02
 
Lecture 04
Lecture 04Lecture 04
Lecture 04
 
Software testing main
Software testing mainSoftware testing main
Software testing main
 
SDLCTesting
SDLCTestingSDLCTesting
SDLCTesting
 
Software Requirements (3rd Edition) summary
Software Requirements (3rd Edition) summarySoftware Requirements (3rd Edition) summary
Software Requirements (3rd Edition) summary
 
The Complete Web Application Security Testing Checklist
The Complete Web Application Security Testing ChecklistThe Complete Web Application Security Testing Checklist
The Complete Web Application Security Testing Checklist
 
Manual testing
Manual testingManual testing
Manual testing
 
Basic interview questions for manual testing
Basic interview questions for manual testingBasic interview questions for manual testing
Basic interview questions for manual testing
 
Quality Assurance
Quality AssuranceQuality Assurance
Quality Assurance
 
Week5 Ensure Analysis Is Accurate And Complete
Week5 Ensure Analysis Is Accurate And CompleteWeek5 Ensure Analysis Is Accurate And Complete
Week5 Ensure Analysis Is Accurate And Complete
 
User Stories Lunch & Learn
User Stories Lunch & LearnUser Stories Lunch & Learn
User Stories Lunch & Learn
 
Software quality assurance
Software quality assuranceSoftware quality assurance
Software quality assurance
 
Quality principles and concepts
Quality principles and conceptsQuality principles and concepts
Quality principles and concepts
 
Software Testing Interview Questions For Experienced
Software Testing Interview Questions For ExperiencedSoftware Testing Interview Questions For Experienced
Software Testing Interview Questions For Experienced
 
Quality assurance by Sadquain
Quality assurance by Sadquain Quality assurance by Sadquain
Quality assurance by Sadquain
 
Interview questions and answers for quality assurance
Interview questions and answers for quality assuranceInterview questions and answers for quality assurance
Interview questions and answers for quality assurance
 
Chapter16For all types of project and in their different sizes, .docx
Chapter16For all types of project and in their different sizes, .docxChapter16For all types of project and in their different sizes, .docx
Chapter16For all types of project and in their different sizes, .docx
 
Fundamentals of testing
Fundamentals of testingFundamentals of testing
Fundamentals of testing
 

More from Ian McDonald

Non functional performance requirements v2.2
Non functional performance requirements v2.2Non functional performance requirements v2.2
Non functional performance requirements v2.2Ian McDonald
 
Boundary and equivalnce systematic test design
Boundary and equivalnce systematic test designBoundary and equivalnce systematic test design
Boundary and equivalnce systematic test designIan McDonald
 
Implementing test scripting Ian McDonald updated (minor changes) 26-04-2013
Implementing test scripting Ian McDonald updated (minor changes) 26-04-2013Implementing test scripting Ian McDonald updated (minor changes) 26-04-2013
Implementing test scripting Ian McDonald updated (minor changes) 26-04-2013Ian McDonald
 
Estimating test effort part 1 of 2
Estimating test effort part 1 of 2Estimating test effort part 1 of 2
Estimating test effort part 1 of 2Ian McDonald
 
Estimating test effort part 2 of 2
Estimating test effort part 2 of 2Estimating test effort part 2 of 2
Estimating test effort part 2 of 2Ian McDonald
 
CTE Presentation V2
CTE Presentation V2CTE Presentation V2
CTE Presentation V2Ian McDonald
 
RCA Presentation V0 1
RCA Presentation V0 1RCA Presentation V0 1
RCA Presentation V0 1Ian McDonald
 
TEA Presentation V 0.3
TEA Presentation V 0.3TEA Presentation V 0.3
TEA Presentation V 0.3Ian McDonald
 

More from Ian McDonald (8)

Non functional performance requirements v2.2
Non functional performance requirements v2.2Non functional performance requirements v2.2
Non functional performance requirements v2.2
 
Boundary and equivalnce systematic test design
Boundary and equivalnce systematic test designBoundary and equivalnce systematic test design
Boundary and equivalnce systematic test design
 
Implementing test scripting Ian McDonald updated (minor changes) 26-04-2013
Implementing test scripting Ian McDonald updated (minor changes) 26-04-2013Implementing test scripting Ian McDonald updated (minor changes) 26-04-2013
Implementing test scripting Ian McDonald updated (minor changes) 26-04-2013
 
Estimating test effort part 1 of 2
Estimating test effort part 1 of 2Estimating test effort part 1 of 2
Estimating test effort part 1 of 2
 
Estimating test effort part 2 of 2
Estimating test effort part 2 of 2Estimating test effort part 2 of 2
Estimating test effort part 2 of 2
 
CTE Presentation V2
CTE Presentation V2CTE Presentation V2
CTE Presentation V2
 
RCA Presentation V0 1
RCA Presentation V0 1RCA Presentation V0 1
RCA Presentation V0 1
 
TEA Presentation V 0.3
TEA Presentation V 0.3TEA Presentation V 0.3
TEA Presentation V 0.3
 

Recently uploaded

08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking MenDelhi Call girls
 
Slack Application Development 101 Slides
Slack Application Development 101 SlidesSlack Application Development 101 Slides
Slack Application Development 101 Slidespraypatel2
 
How to Remove Document Management Hurdles with X-Docs?
How to Remove Document Management Hurdles with X-Docs?How to Remove Document Management Hurdles with X-Docs?
How to Remove Document Management Hurdles with X-Docs?XfilesPro
 
Benefits Of Flutter Compared To Other Frameworks
Benefits Of Flutter Compared To Other FrameworksBenefits Of Flutter Compared To Other Frameworks
Benefits Of Flutter Compared To Other FrameworksSoftradix Technologies
 
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmaticsKotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmaticscarlostorres15106
 
Understanding the Laravel MVC Architecture
Understanding the Laravel MVC ArchitectureUnderstanding the Laravel MVC Architecture
Understanding the Laravel MVC ArchitecturePixlogix Infotech
 
A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)Gabriella Davis
 
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationFrom Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationSafe Software
 
Presentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreterPresentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreternaman860154
 
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...Neo4j
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerThousandEyes
 
Swan(sea) Song – personal research during my six years at Swansea ... and bey...
Swan(sea) Song – personal research during my six years at Swansea ... and bey...Swan(sea) Song – personal research during my six years at Swansea ... and bey...
Swan(sea) Song – personal research during my six years at Swansea ... and bey...Alan Dix
 
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking MenDelhi Call girls
 
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptxHampshireHUG
 
Breaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountBreaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountPuma Security, LLC
 
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking MenDelhi Call girls
 
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024BookNet Canada
 
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 3652toLead Limited
 
Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...
Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...
Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...HostedbyConfluent
 
Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)Allon Mureinik
 

Recently uploaded (20)

08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men
 
Slack Application Development 101 Slides
Slack Application Development 101 SlidesSlack Application Development 101 Slides
Slack Application Development 101 Slides
 
How to Remove Document Management Hurdles with X-Docs?
How to Remove Document Management Hurdles with X-Docs?How to Remove Document Management Hurdles with X-Docs?
How to Remove Document Management Hurdles with X-Docs?
 
Benefits Of Flutter Compared To Other Frameworks
Benefits Of Flutter Compared To Other FrameworksBenefits Of Flutter Compared To Other Frameworks
Benefits Of Flutter Compared To Other Frameworks
 
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmaticsKotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
 
Understanding the Laravel MVC Architecture
Understanding the Laravel MVC ArchitectureUnderstanding the Laravel MVC Architecture
Understanding the Laravel MVC Architecture
 
A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)
 
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationFrom Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
 
Presentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreterPresentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreter
 
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected Worker
 
Swan(sea) Song – personal research during my six years at Swansea ... and bey...
Swan(sea) Song – personal research during my six years at Swansea ... and bey...Swan(sea) Song – personal research during my six years at Swansea ... and bey...
Swan(sea) Song – personal research during my six years at Swansea ... and bey...
 
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
 
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
 
Breaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountBreaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path Mount
 
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
 
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
 
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
 
Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...
Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...
Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...
 
Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)
 

Requirements Verification v3

  • 1. 1 Ian McDonald Requirements Verification © 2010, 2012. 2013 Ian McDonald
  • 2. 2 Overview  This slide set deals with requirements and early high level assessment. Special mention is made of non-functional requirements such as performance and security.  The presentation is specifically targeted at functional testers and requirements authors to stimulate the initial thought process in considering non-functional requirements, when no or limited performance or security would otherwise be considered.
  • 3. 3 A Successful Requirement This section deals with what is a successful requirement?
  • 4. 4 Good Requirements Good Requirements provide:  Clarity of purpose.  Limits and boundaries that are defined.  Clarity and traceability, so:  Development is quick.  Testing is fast and effective, mitigating risk.  Product is fast to market – making the right impact.  Financial Return is good.  Maintenance is low.
  • 5. 5 Requirements Test Checks Get a test lead to check the requirements over. Typical problems that can be sorted are: Structure related – risk of missing important attributes. Gaps in requirements – not all options considered. Poor attention to performance requirements. Lack of attention to security requirements.
  • 6. 6 Requirements Fault Injection  Testing starts with the requirements.  A significant cost saving can be created by ensuring that the requirements are tested prior to starting coding.  The test team will become the guardians of the requirements, ensuring that was is required is delivered. It is therefore vital that the test team have a full understanding of the requirements and that the requirements are structured to assist the test team in ensuring that the business vision is delivered. Typical Fault Origin and detection rates within the industry. Note: Fault cost assumes an hourly cost of £15.
  • 7. 7 Good Requirements – POWER CO  Good requirements lead to good products. Good requirements are:  Possible - Feasible  Ordered – Prioritised  Well Written – Correct  Essential – Necessary  Recognisable – Reasoned  Checkable – Verifiable  On its Own – Single Logical Statements
  • 8. 8 Possible - Feasible  Write requirements that are possible to implement within the capabilities and limitations of the system and environment.  Avoid unrealistic requirements such as “instantly” or “immediately”.  Avoid infeasible requirements, by having a developer work with the requirements analysts or marketing personnel throughout the requirement creation process. The developer will provide a reality check on:  What can and cannot be done technically,  What can only be done at excessive cost or with other tradeoffs.
  • 9. 9 Ordered – Prioritised  Assign a priority to each requirement, feature, or use case to indicate how essential it is to include it in a particular product release.  If delivering within an Agile lifecycle then delivery time is fixed and product content sacrifices are made.  Customers or their representatives have responsibility in establishing priorities.  When the requirements are regarded as equally important, the project manager is less able to react to:  New requirements added during development,  budget cuts,  schedule overruns  departure of a team member.  Priority represents a measure of the value provided to the customer, relative cost of implementation and the technical risk of implementation.  Priority levels are typically:  Critical priority - requirement must be incorporated in the next product release even if this means a delay. Ideally this will be no more than 10% of the total number.  High priority - requirement to be incorporated in the next product release, but should not cause a delay to go live. Ideally this will be no more than 20% of the total number.  Medium priority - requirement is necessary but it can be deferred to a later release. Typically this will be no more than 40% of the total number.  Low priority – requirement is a nice to have, but it can be dropped if insufficient time or resources.
  • 10. 10 Well Written – Correct  Describe each individual requirement precisely and correctly.  Document the source of the requirement. e.g. customer reference, higher-level system requirements specification, change request, etc.  If a software requirement conflicts with a corresponding system requirement then an error is present.  Only user representatives can determine if a requirement is correct so for a requirements inspection include them, or their representatives.  Otherwise: lead to guessing or incorrect assumptions by developers and testers:  This leads to code defects and even a product recall.
  • 11. 11 Essential – Necessary  Each requirement documents something the customers needs or something that is required for conformance to an external requirement, an external interface, or a standard.  Each requirement originates from an authoritative source.  Each requirement is traced back to its origin. e.g. use case, system requirement, regulation, other customer input.  If no origin, then is the requirement “over engineering” and not essential?
  • 12. 12 Recognisable – Reasoned  A good requirements has only one consistent interpretation.  Multiple readers will have the same interpretation.  Avoid subjective words like: user-friendly, easy, simple, rapid, fast, efficient, several, state-of-the-art, improved, maximise, and minimise. Think what is the logical test that provides evidence of pass or fail.  Words that are clear to the requirements author may not be clear to readers. Write each requirement in clear, simple language, avoid techno-gabble – if this is necessary, then define it in a glossary.  To reveal ambiguity:  Carry out formal inspections of the requirements specifications,  Write test cases from requirements,  Create user scenarios illustrating any expected product behaviour.
  • 13. 13 Checkable – Verifiable  Each requirement is properly implemented in the product. This is achieved by:  Tests which are repeatable with clear pass / fail criteria.  Verification approaches, such as inspection or demonstration.  If a requirement is not verifiable, then just a matter of opinion. The Requirement was of poor quality not the product.  Requirements must be consistent, feasible, unambiguous and verifiable.  Any requirement that says the product shall "support" something is not verifiable. (Support to what level? Be specific).
  • 14. 14 On its Own – Single Logical Statements  A single Requirement will have a single test or group of tests associated to prove delivery.  A Change in requirement means a change in test.  Within the configuration control – build in triggers, otherwise testing may not test the latest requirements.  DO NOT write long winded paragraphs sighting great detail of functionality in one single Requirement clause. Avoid “AND”, “OR”, “Either”, etc. Single requirement – single proof (although perhaps many tests for a single proof set – e.g. boundary values).  Where necessary break top level requirements (A- Level) into lower (B-Level) requirements to provide clarity. Testing all B-levels will automatically mean that the A-level requirement needs no further testing in isolation (since all components were tested).
  • 15. 15 Managing Success This section deals with how to manage requirements for a successful delivery.
  • 16. 16 Review for Correctness Is the Requirement Correct? Is the requirement within the release scope? Is the requirement logically derived and not just an arbitrary value? Is the requirement technically possible? Is the requirement over-stringent? Is it a requirement (what) as opposed to a description of implementation (how)?
  • 17. 17 Review for Ambiguity Is the Requirement Unambiguous and Measurable? A statement that can only be interpreted one way. Does not contain weak phrases or a poor sentence structure that can be misinterpreted.
  • 18. 18 Review for Atomic, Traceable & Manageable  Is the Requirement Atomic, Traceable & Manageable?  Requirement is a single logical statement that cannot be separated out into ‘smaller’ sub-requirements.  Contains no logical AND/OR statements.  All requirements have a unique single identifier that can be used to map tests and software features to the requirements from which they were derived.  All lower sub-requirements are traceable to parent- requirements.  An infrastructure is in place to support the requirement and test traceability.  Related requirements are grouped together and refer to each other.  The requirement structure and style can be preserved even if the parameter value of the requirement change.
  • 19. 19 Review for Testable & Verifiable  Is the Requirement Testable and Verifiable?  Can the requirement be tested with a pass/fail or quantitative assessment criteria derived from the specification itself and/or referenced information?  No subjective statements. Requiring that a system must be easy to use is subjective and therefore is not testable.  Are the valid / Invalid ranges defined?  Performance requirements state under what conditions the requirement is true. E.g. is a login response time to be measured for a single login, or while 200 virtual users are logging on spread over a 3 minute period?
  • 20. 20 Review for Consistency Is the requirement set consistent? A consistent specification has no conflict between individual requirement statements. The defined behaviour of essential capabilities, specified behavioural properties and constraints do not have an adverse impact on that behaviour.  For example: “The only aircraft that is totally safe is one that cannot be started, contains no fuel or other liquids, and is securely tied down” (NASA).
  • 21. 21 Review for Prioritisation Are Requirements Prioritised? Requirements need to be ranked according to importance for delivery, based upon the importance of the overall Business Goal.
  • 22. 22 Review for Impact Assessment Are Requirements Impact Assessed? Is the requirement assessed for its impact [High(3)/Medium(2)/Low(1)] upon the business if the requirement fails?  NOTE: Test Risk Score = (Impact Score) x (Development Assessed Likelihood of Failure Score). The Development Assessed Likelihood of Failure Score can be assessed by the development team by assigning a numerical value: e.g.: Extremely Likely on a weekly bases (4), Likely on a quarterly bases (3), Possible (2), Outside small chance or lower (1).
  • 23. 23 Managing review Feedback  To optimise the review feedback, consider maintaining a Review card to mark the requirement against each criteria (pass/fail).  The review should be carried out by users, the test manager and the development manager – so there is a full understanding and lack of future requirement blame. If a requirement later causes a problem then it is the fault of the review process.  Identify the mitigation actions required for all high risk requirements.
  • 24. 24 Non Functional Requirements This section specifically looks at performance and security testing
  • 25. 25 Special Case of Non Functional Requirements  13 non-functional requirements are specifically identified within IEEE-Std 830.  Performance  Security  Interface  Operational  Resource  Verification  Acceptance  Documentation  Portability  Quality  Reliability  Maintainability  Safety  Other groupings often identified include:  Implementation  Interface  Operations  Legal  Within this presentation 2 specifically are identified for special mention:  Performance  Security.
  • 26. 26 Performance Testing Introduction This section starts to deal with performance testing. It is intended only to stimulate thought – where perhaps no previous consideration has been given to early performance testing. It does not cover the details of how to define and set up tests or in how to interpret results. It is purely focused on early mitigation.
  • 27. 27 Performance Requirement Types Performance Criteria often include:  Availability - The proportion of time a system is in a functioning condition.  Response time - The interval from when an operator at a terminal enters a request, to the instant at which the first character of the response is received at a terminal. In data systems, the system response time is the interval from the receipt of an end of transmission for an inquiry message, to the start of a response transmission.  Channel (or Shannon) Capacity - The tightest upper bound on the rate of information that can be reliably transmitted over a communications channel.  Latency - The time delay experienced in a system  Completion time - The amount of time required for a specific task to be completed.  Service time - The time duration to service a specific item.  Bandwidth - The measurement of the bit-rate for available or consumed data communication, expressed in multiples of bits per second (bit/s, kbit/s, Mbit/s, Gbit/s, etc.) for computer networks.  Capacity - The total measure that can be contained or produced for the system. This can include for Example Requirement: data traffic or data storage.  Throughput - The average rate of successful message delivery over a communication channel.  Efficiency - The resource consumption for a given load.  Scalability - The ability for a system, network, or process to handle an increased amount of work in an appropriate manner, or the ability to be enlarged to accommodate growth or demand.  CPU benchmarks - The performance characteristics for a specific central processor unit. However this can apply to the running of software on a specific CPU type.  Resource constraints include processor speed, memory, disk space, network bandwidth, etc.
  • 28. 28 General Principles for Performance Requirements 1. Avoid phrases such as “immediately” or “instantaneous” All transactions take some time. 2. Avoid requirements that would need control over external systems. For example to carry out a timing test over the internet would mean that the traffic would need to be controlled and kept consistent each time. So consider where the measurement is to be taken and under what conditions. A simulated load might be required and the user terminal might need to be connected at the data centre, for the timing to be valid. 3. Think about tolerances of readings. E.g. If a timing is to be measured as 3 seconds, would the test fail if the reading was either 2.99s or 3.2 sec? Specify either the top or bottom limit as appropriate. If necessary specify the range or tolerance permitted.
  • 29. 29 Example Performance Requirements  The system shall be available 24/7 for 363 days in any one calendar year.  When an operator requests data, it shall start to be presented on the screen within no more than 3 seconds. Based upon a normal background scenario running (As described in document XYZ) and the user terminal being connected to the server.  The channel capacity for 6.2GHz at a distance of 11m shall be greater than 10-6.  for a web page download containing 512Kb of text, the latency shall not be greater than 900 ms.  Upon submitting a request to create a new user profile, the profile shall be created within 2.1 seconds (+/- 0.2s), based upon a normal background scenario running (As described in document XYZ).  The timing from the moment the credit transaction is submitted to the server, a user information message for the outcome of the transaction is to be sent to the user within no more than 10 seconds.  The interface shall transmit data at a minimum rate of 9,600 bits/second.  The spectral efficiency (or modulation efficiency) is to be not less than:  18.1 (bit/s)/Hz downstream.  15.5 (bit/s)/Hz upstream.  The telecommunications bandwidth shall be not less than 4.5 KHz.  Application X shall be able to be installed on a Windows 7 Pro system with a minimum of 2Gb of free hard drive space.  For an Ethernet connection of between 98 and 101 Mbit/s, the throughput shall not be less than 70 Mbit/s.  When dealing with current process demand levels (detailed within document ABC), the replacement system shall be at least 40% more energy efficient than the existing systems (whose energy consumption figures are contained within document ABC).  The system shall be scalable to accommodate growth from 1,000 records to 500 million records.  Game X shall run at 60 +/- 2 frames per second on a system containing a Corei7-2620M 2.7GHz processor with a HP Elitebook 8510w Nvidia 256mb laptop video graphic card.  Application X shall function with a minimum of 4GB of RAM on a laptop containing a Corei7-2620M 2.7GHz processor.
  • 30. 30 General rule for testers  Do not leave performance till post integration. At that point it can be too late to fix problems and so only patching is possible, potentially opening up security weaknesses. Instead: 1. Create a realistic understanding of the operational conditions. 2. Design in performance – check the requirements and design. 3. Review code for performance issues. 4. Test unit code for performance. 5. Test the application for performance. 6. Test the system for performance.
  • 31. 31 Security Section This section starts to deal with security testing. It is intended only to stimulate thought – where perhaps no previous consideration has been given to early security testing. It does not cover the details of security testing or penetration testing.
  • 32. 32 Security Requirements  Security requirements seek to ensure:  Denial of unauthorised access to the system and the system data.  Defend the integrity of the system from malicious (including harmful accidental) damage  There are at least two basic metric groupings:  The ability to resist unauthorised attempts at usage  Continued service to genuine users while the system is under attack - avoiding Denial of Service (DoS).
  • 33. 33 Negative and Non-Functional  Software is often not tested for security. At best the system may be subjected to a penetration test, which can often be a high level assessment. To improve security, software must be secure by design.  However usually requirements for software security are not specified. Further, negative and non-functional requirements may not be documented because they are not considered by requirements authors as “testable” or “actionable”.  To design in security from the start, the requirements author needs to go through a the process of listing the negative and non- functional requirements that are crucial to security.  Next the requirements author needs to analyse the negative and non-functional requirements to determine the resulting functional requirements required to support security.  The catch is the requirements authors may not have the skill set to do this.
  • 34. 34 Early Security Consideration  When addressing security early consider:  Assume the system will be hacked. What is the inner defence?  Normal entry point may be secure by password, but what if it is disclosed, or data is stolen by an employee?  Do all users have access to all data?  Are there any back door connections to 3rd party systems that may be less secure?  For data entry are the fields open to any data – allowing SQL injection? Limit data content and size.  Is there any security monitoring in place – do not rely upon this – still test applications!
  • 35. 35 Security Risk  In assessing security risk, the use of metrics is important, since that will direct the tester to the greatest need for mitigation.  Authentication metrics.  User types and access to data.  Resistance to known attack types.  Probability of finding a key – time, effort and resources needed.  Percentage of services available during an attack.  Lifespan of a password.  Lifespan of a session.
  • 36. 36 Agile response to Non-functional testing  For the tester, the key to success is to ensure that non-functional testing starts early.  Within an Agile delivery approach, this means including non-functional requirement tests in the early burn-down lists, ensuring that test activities are included. The scope of the tests may well grow at each sprint, but they need to be included from the start.
  • 37. 37 Mitigating Security Risk Understand the threats and assume the worse will happen. What is the next line of defence. Review the requirements and architecture for security. Review code early for security issues. Test the application for security issues. Test the system for security issues.
  • 38. 38 END Slides created by: Ian R. McDonald uk.linkedin.com/in/islandsystems