PROJECT REPORT

On
ROLE OF TESTING IN SDLC

Submitted in partial fulfillment of the degree of

Bachelor of Business Administration
(Computer Aided Management)
Session (2016-2017)

SUBMITTED TO: SUBMITTED BY:

MR.LEKHRAJ AKASHDEEP CHAUDHARY

(LECTURER, BBA DEPARTMENT) BBA (CAM)-6th SEM.

ROLL NO.-26072

D.A.V CENTENARY, FARIDABAD

(AFFILIATED TO MAHARISHI DAYANAND UNIVERSITY)
 ACKNOWLEDGEMENT

I am very much thankful to. Mr. LEKHRAJ (PROJECT GUIDE) for giving me opportunity and
her guidance which helps me throughout preparing this report. He has also provided me a
valuable suggestions and excellence guidance about this project which proved very helpful to
me to utilize my theoretical knowledge in practical field.

I am thankful to M.D University, Rohtak for putting me to this valuable exposure into the field
of Research Methodology.

I would also like to thanks my family for motivating me and supporting me at every part of my
life.

At last I am also thankful to my friends, who have given me their constructive advice, educative
suggestion, encouragement, co-operation and motivation to prepare this report.

AKASHDEEP CHAUDHARY
 PREFACE

The title of my project is Role of Testing in SDLC

Project report is a very vital part of curriculum of BBA [CAM] and is the stepping-stone to
management career. In order to achieve practical, positive and concrete result, the classroom
learning has to be effectively supplemented in relation to the situation existing outside the
classroom for developing healthy managerial and administrative skills in a potential manager.

I feel highly gratified in this report. It has been my constant endeavor to present this report in
the most systematic and analytical manner

AKASHDEEP CHAUDHARY
 CONTENTS

S.No. Topic PAGE NO.

1. Introduction To The Topic

2. Review of literature

3. Research Methodology
a) Objectives of the study
b) Scope of the study
c) Data Collection
d) Limitations of the study

4. Data Analysis & Interpretation

5. Conclusion

6. Recommendation & suggestion

7. Bibliography
 CHAPTER -1

INTRODUCTION
TO
THE TOPIC
 ROLE OF TESTING IN SDLC

Software development life cycle (SDLC) is an integral part of any software application development.
Testing has a lot of influence in SDLC. In this article we will discuss the role of software testing in

In every company, testing is the most vital and precious stage in the software development life cycle. But,
the technique by which it is performed, dissimilar from one company to another company. Software testing
has turn into a part of programming and it is good to begin testing from the first stage, to avoid complexity
by repairing the errors at the last stage. Also in software development life cycle (SDLC) testing includes
pick up consistency, interpretation and other major elements, which may explain under software requirement
specification. Client may stay further for software delivery, but they don't akin to work with imperfection
software. It is desirable to perform the testing process from the first stages, with consider to the Software
Development Life Cycle to elude any difficulty.

Software Development Life Cycle

Software Development Life Cycle (SDLC) is the procedure of mounting application with appropriate
investigation, plan, execution and preservation.

Testing stages have lot of significance in SDLC due to a most important part in executing and fault
rectification. SDLC phases are followed by testing and implementation sequence of all software. Here we
are describing the phases of SDLC:

Requirements gathering and Analysis

In this phase of SDLC, suitable necessities of system are accumulated. All adjacent methods should
be in focus. All types of estimation and examination of user needs are done in this phase.

System Design
 In the second phase a basic system planning is done. After collecting the all statistics and data, a
system design is done.

Implementation

In the next phase implementation of project is done. Respect to the system design, correct
development is made to expand that design. According to the project programming language will be
chosen.

System Testing

After the implementation phase, system testing phase take place to recognize the result of
application. Testing is done to recognize the original result and the predictable result.

Operation Maintenance

It is the ultimate phase of SDLC, where the application which is implemented is spread to users who
are answerable for conserving and using it for appropriate actions. The implemented application
should be available for any adjustment to do in coding.

Extent of Software Testing

The basic job of software testing is to identify errors in order to reveal and spot it. The extent of software
testing consists of implementation of that code in different domain and also to look at the features of the
code does the software do what it is should be done and methods respect to the condition. It is proposed to
begin testing from the first phase of the software development. This is not only aids in correcting the faults
earlier to the last step, but also decrease the reworking of getting errors in the first step every time. It saves
time as well as cost. It is a continuous method, which is probably nonstop but has to be stopped anywhere,
for the need of time and resources. The basic need of the testing is to provide best quality product without
taking so much time and money. The test engineer has to pursue some technical way by which he/she can
review that all the points of necessity for testing have been covered or not. A register should be created for
keeping records of the day to day test cases. Presently in the IT Field, a testing group might be divided from
the development team. There are several roles for testing team members. Whatever outcome derivative from
testing may be used to accurate software development process.

Estimating Software Testing

There is requirement for estimating the software, at the phase of implementation as well as after the software
is completed for deliver. Though it is very complicated to estimate the conceptual controls but the controls
are also very important to do estimation. The components that cannot be estimated have to be restricted.
There are some vital uses of estimating the system.

Software estimation is used to defeat hazard such as:

Cost exceeds.
Identifying the problem raised part.
Illuminating objectives.

It also find out:

Evaluation of every act of the system.

Standards of the code which are involved to develop.
Way of upgrade the under implemented codes.

It helps to estimate the value of the application, price and attempt evaluation, set of information, output and
achievement assessment.
 Phases in Software Testing
Although many test teams use test tools or scripts to automate testing activities, there's a lot about testing
which is just simply labour intensive. Here are just some of the activities involved:

Planning and developing test cases: writing test plans and documentation,prioritizing the testing based
on assessing the risks, setting up test data, organising test teams .

Setting up the test environment: an application will be tested using multiplecombinations of hardware
and software and under different conditions. Also, setting up the prerequisites for the test cases
themselves.

Writing test harnesses and scripts: developing test applications to call the APIdirectly in order to
automate the test cases. Writing scripts to simulate user interactions .

Planning, writing and running load tests: non-functional tests to monitor an application's scalability
and performance. Looking at how an application behaves under the stress of a large number of users.

Writing bug reports: communicating the exact steps required to reproduce unexpected behavior on a
particular configuration. Reporting to development team with test results.
 Test Planning and Process
To ensure effective testing proper test planning is important an effective testing
Process will comprise of the following steps:
Test Strategy and Planning

Review Test Strategy to ensure its aligned with the Project Goals

Design/Write Test Cases

Review Test Cases to ensure proper Test Coverage

Execute Test Cases

Capture Test Results

Track Defects

Capture Relevant Metrics

Analyze
The testing process and the test cases should cover:
All the scenarios that can occur when using the software application.

Each business requirement that was defined for the project.

Specific levels of testing should cover every line of code written for the
application.

Most Importance of Testing in SDLC

In SDLC stage there are some most importance things as described below:

Recognition of Error and Faults

Testing step is one step which resolves the errors and faults in the software application.
These errors may be in unit level or in system level. After going through so many testing
the application will be free of errors that may be disturbing the application.

Statistics to Shareholders and Status of Organization

Testing stage helps to know the condition of product and work standards. The
stakeholders get better data through testing stage about utility value too.
 Enhancement in Product Standards

Testing can help to know the real result and the probable result. It also helps to pick up
the standards of the software. With proper testing an application can come out of bugs
and build up ideal software for the end-users.

Technical Significance

Testing segment is significant for technical characteristics of any SDLC, as the software
then completed with technically satisfied.

To Succeed of any Contentious Programmers

Ideal testing functions and tools aid to evolve up the product in business and keep
programmers away from the other contestant. Going though all stages of testing, the
software application will be more bugs free, protected and technically sound.

Free from any Risk

Whenever going to develop any software, testing is an essential part. When develop
software without any testing then it may cause lots of risks to the end users. To free
everyone from any risk, it is essential that to go under all testing stages.

Enhanced Standards

Appropriate tested application provides additional assurance of build up with best

software. Moreover, it refines standards of application as incessant and all types of
testing stages have prepared a protected and harmless software application that could be
worn by the end users.

Confirmation and Corroboration

One of the major targets of testing stage in SDLC is for confirmation and corroboration.
Testing is greatly used in confirmation and corroboration method. Depending on the
result we can compare among standards of several software application.
 Credibility Evaluation

Testing stage also insist this important issue. If the software application has gone through
all the testing types (like unit testing, regression testing etc.), the application will surely
be a reliable one. So, testing evaluate credibility of software application. Testing provides
the greatest analytical process to give equipped testing on product ensuing in a credible
product.

Demonstrate Accessibility and Feasibility

One of the most significant targets of testing is to demonstrate the product is both
accessible and functional. Accessibility testing is where the application is delivering to a
select assembly of users and their functioning with the application is noticed. All type of
a user's communication with the application, like easiness of applies and whenever users
are getting troubles, are preserved and examined.

Avoid Fault Immigration

In the first stage of SDLC, most of the faults have been found. If the faults can be noticed
earlier, then these may be prohibited from immigrating to the following progress stage. If
the errors could be discover previously then the saving of software development cost will
be vast.

Commercial Significance

A full tested software application will have excellent business aspects. As all are like to work
with reliable and trusted application in commercial

Testing has a significant part in SDLC although the testing also upgrades the standards of the
software and programmed by recognizing errors prior in the system. It also upgrades the standard
of organization.
CHAPTER-2

REVIEW
OF
LITERATURE
 HISTORICAL BACKGROUND

For the quality of the test, the designing of test cases are important. A large number of test
methods have been developed to support the developer when choosing appropriate test data.
Some useful testing methods are structural testing methods, functional testing methods and
statistical testing methods It is very difficult to develop correct, good and unique test cases
manually. Therefore, automation of test cases is important. The success of a test data generation
method largely depends upon the efficiency of its search technique. Different researchers have
worked on test case automation from time to time with the aim to increase the quality of the tests
and to achieve substantial cost saving in the system development by means of higher degree of
automation.

One critical task in software testing is the creation of test data to satisfy a given test - coverage
criterion. This process is called as Test Data Generation. Developments in the field of
automated test data generation were initiated in early 70s when papers on Testing large
software with automated software evaluation systems by Ramamurthy, in 1976 and Holland, in
1975 and Automatic Generation of Floating-Point Test Data by Miller and Spooner, in 1976 is
published. Work done by Nevertheless, Clarke in 1976 is considered to be the first of its kind to
produce a solid algorithm for Automatic Test Data Generation (ATDG).

Various mechanisms exist to contextualize complex testing problems with respect to existing
literature. Problem classification is an important prerequisite to the selection of a suitable
solution strategy since information regarding problem complexity and existing algorithms
provide useful points of departure for new algorithm development. Automatically test data
generation for software testing with minimum time and cost is a known to be NP-hard and only
exhaustive search guarantees the optimal solutions. But these can become prohibitively
expensive to compute even for small problems. Several methods have been used to solve
combinatorial optimization problem but each of them has its own limitation and advantages.
Some useful existing optimization techniques to solve the software testing problems have
surveyed. Some of the important literature on software test case generation for software testing
has been presented in respect of techniques ranging from the traditional exact methods to modern
metaheuristic methods here

SOFTWARE COVERAGE ANALYSIS TECHNIQUES

A number of test-data generation techniques have been developed for coverage of software under
test. Each one of them uses different kinds or variations of existing testing techniques.Test
adequacy criterion usually involves coverage analysis, which can be measured based on different
aspects of software like statements, branches, paths and all-uses.

In statement testing, each and every statement of the software/ program under test has to be
executed at least once during testing. The main drawback of statement testing is that even if one
achieves a very high level of statement coverage, it does not reflect that program is error free.

Branch coverage is stronger testing criteria than statement coverage testing criteria. For branch
coverage each and every branch has to be executed at least once during testing. In this testing all
control transfer are executed. However some errors can only be detected if the statements and
branches are executed in a certain order.

Path testing searches the program domain for suitable test cases that covers every possible path
in the Software under Test (SUT) it is stronger criteria as compare to statement and branch
coverage criteria. This tries to find out the percentage of code coverage to more extent and hence
increase the chances of error detection. However, it is generally impossible to achieve this goal,
for several reasons. First, a program may contain an infinite number of paths when the program
has loops. Second, the number of paths in a program is exponential to the number of branches in
it and many of them may be unfeasible. Third, the numbers of test cases are too large, since each
path can be covered by several test cases. For these reasons, the problem of path testing can
become a NP complete problem, making the covering of all possible paths computationally
impractical. Since it is impossible to cover all paths in software, the problem of path testing
selects a subset of paths to execute and find test data to cover it.

Frankl, in 1988 uses all-uses criteria in her paper An Applicable Family of Data Flow Testing
Criteria. This was stronger criteria as compare to already discuss one. It focuses on all p-uses
and c-uses of each and every variable hence coving each and every path and branch of software
under the test. Girgis has proposed a technique that uses GA which is guided by the data flow
dependencies in the program to search for test data to fulfill data flow path selection criteria
namely the all-uses criterion. Data-flow testing is important because it augments control-flow
testing criteria and concentrates on how a variable is defined and used, which could lead to more
efficient and targeted test suites.

Girgis used the ratio between the numbers of the covered def-use paths covered by a test case to
the total number of def-use paths. This technique cannot find the closeness of the test cases
because the fitness function gives the same value for all test cases that cover the same number of
def-use paths and 0 for all test cases that do not cover any def-use path. This technique will
result in a loss of valuable information (test data that contains good genes) when it ignores test
cases that cover only the use node

TESTING TYPES AND APPROACHES

Various test data generation methods have been proposed in the literature. These methods can be
classified as Static methods, Dynamic methods, functional methods, random test data generators,
symbolic evaluators and function minimization methods.

Static Testing

The static methods never require the execution of code on computers but involve the tester to go
through the code to find the errors. The first automatic test generation approach proposed by
Clarke in 1976 was static which based on symbolic execution. The symbolic execution methods
are static, in the sense that they analyze a program to obtain a set of symbolic representations of
each condition predicate along a selected path. The expressions are obtained by attributing
symbolic values to the input variables. If the predicates are linear, then the solution can be
obtained by using linear programming. Symbolic Test Data Generation Techniques assign
symbolic values to variables to create algebraic expressions for the constraints in the program
and use a constraints solver to find a solution for these expressions that satisfies a test
requirement. Symbolic execution cannot determine which symbolic value of the potential values
will be used for array or pointer. Symbolic execution cannot find floating point inputs because
the current constraint solvers cannot solve floating point constraints.

Constraint Based Testing builds up constraint systems which describe the given test goal. The
solution to this constraint system brings about satisfaction of the goal. The original purpose of
Constraint Based testing was to generate test data for mutation testing. Reach ability constraints
within the constraint system describe conditions under which a particular statement will be
reached. Necessity constraints describe the conditions under which a mutant will be killed. With
Constraint-based testing, constraints must be computed before they are analyzed.

Another test data generation technique type of Constraint-Based Testing is invented by DeMillo
and Offutt and based on symbolic execution is used to develop the constraints in terms of the
input variables is called Domain Reduction. Domain Reduction is then used to attempt a solution
to the constraints. The first step of this technique starts with the finding of domains of each input
variable which are derived from type or specification information or be supplied by the tester.
The domains are then reduced using information in the constraints, beginning with those
involving a relation operator, a variable, a constant and constraints involving a relation operator
and two variables. This helps in reducing the search space (input domain) for solving a constraint
system. Remaining constraints are then simplified by back-substituting values. Although efforts
were made for improving the performance of algorithmic search methods by employing some
techniques likes identification of undesirable variables, finding optimum order of consideration
of input variables, use of binary search algorithm and expression handling technique but these
required a plenty of manual and time consuming analysis. This makes algorithmic search
methods very slow and ineffective. These algorithms also lack global search capabilities which
are a necessary requirement for software testing where objective functions are very complex and
usually non-linear. Since these constraints are derived using symbolic execution, the method
suffers from similar problems involving loops, procedure calls and computed storage locations.

To overcome the limitations of domain reduction method another method called Dynamic
Domain Reduction was introduced by Offutt, in 1997. Dynamic Domain Reduction also starts
with the domain of input variables like the Domain Reduction but these domains are reduced
dynamically during the Symbolic Execution stage, using constraints composed from branch
predicates encountered as the path is followed. If the branch predicate involves a variable
comparison, the domains of the input variables responsible for the outcome at the decision are
split at some arbitrary split point rather than assigning random input values. Dynamic Domain
Reduction still suffers with difficulties due to computed storage locations and loops.
Furthermore, it is not clear how domain reduction techniques handle non-ordinal variable types
such as enumerations.

Dynamic Testing

Unlike the static testing, dynamic methods require the execution of code. The test cases are run
on the code of the software product that has to be tested with the help of computer. Since array
subscripts and pointer values are known at run-time, many of the problems associated with
symbolic execution can be discovered with dynamic methods which are not possible with static
testing. Dynamic Test Data Generation Technique collects information during the execution of
the program to determine which test cases come closest to satisfying the requirement. Then, test
inputs are incrementally modified until one of them satisfies the requirements.

Random Test-Data Generation Techniques select inputs at random until useful inputs are found .
In random testing, random values are generated from domains of inputs and program is executed
using these values. If these inputs are able to satisfy the testing criterion then they form a test
case. This technique may fail to find test data to satisfy the requirements because information
about the test requirements is not incorporated into the generation process. J. W. Duran and S.
Ntafos in 1984 reported random testing to be satisfactory for small as well as large programs.
Thayer and others used it to measure reliability of the system. Demillo and others also used
random testing for identifying seeded faults in programs.

Mayer and Schneckenburger empirically investigated different flavors of adaptive random

testing. They concluded that distance based random testing and restricted random testing are the
best methods for this class of testing techniques. This approach is quick and simple but it is a
poor choice with complex programs and complex adequacy criteria. The probability of selecting
an adequate input by chance could be low in this case. The biggest issue for random approach is
that of adequate test data selection. Myers viewed random testing as a worst case of program
testing.

The results of actual executions of the program with a search technique were first studied by
Miller and Spooner. These were originally designed for the generation of floating-point test data.
However, the principles are more widely applicable. The tester selects a path through the
program and then produces a straightline version of it, containing only that path. Korel suggested
a dynamic approach to automatic test data generation using function minimization and directed
search. In this work, the test data generation procedure worked on an instrumented version of the
original program without the need for a straight-line version to be produced. The search targeted
the satisfaction of each branch predicate along the path in turn, circumventing issues encountered
by the work of Miller and Spooner. In this type exploratory search is done, in which the selected
input variables are modified by a small amount and submitted to the program. Korel used
alternate variable method for its dynamic test data generator. The alternate variable method
works in two phases. First, an input variable is selected and its value is changed in small steps
just to find out the direction in which variable minimizes the branch function. This is called
exploratory search. Once the direction of search is known then pattern search is taken in large
steps to find the value of the variable in consideration for satisfying or minimizing the branch
function. If selected value of the variable fails to decrease the branch function then steps of the
pattern search are decreased successively before exploring other variables for minimization
purpose. Gallagher and Narasimhan built on Korel's work for programs written in ADA. In
particular, this was the first work to record support for the use of logical connectives within
branch predicates. Dynamic techniques can stall when they encounter local minima because they
depend on local search techniques such as gradient descent

Korel, in 1992 was first used concept of Goal-Oriented Approach. In 1992, Goal-oriented
techniques identify test data covering a selected goal such as a statement or a branch, irrespective
of the path taken. This approach involves two basic steps: to identify a set of statements
(respective branches) the covering of which implies covering the criterion; to generate input test
data that execute every selected statement (respective branch). Two typical approaches,
Assertion-Based and Chaining Approach are known as goal oriented. In the first case assertions
are and then solved. In chaining approach data dependence analysis is carried out. It uses the
concept of an event sequence as an intermediate means of deciding the type of path required for
execution up to the target node. An event sequence is basically a succession of program nodes
that are to be executed. The initial event sequence consists of just the start node and target node.
Extra nodes are then inserted into this event sequence when the test data search encounters
difficulties. Generally the goal-oriented approach faces issues of goal selection and selection of
adequate test data.

Functional Testing

Functional Testing is also called as specification based or Black Box Testing. If testers want to
test functional requirements, they may use Black-Box Testing technique. On the other hand,
function minimization methods are dynamic. They are based on program execution. Black Box
Testing does not need knowledge of how software is programmed. It generates test data for
software from its specification without considering the behavior of the program under test.
Testers inject test data to execute program, then compare actual result with the specified test
oracle. The test engineers engaged in black box testing only knows the sets of input and expected
output and is unaware of how those inputs are transformed into output by software. Black box
testing requires functional knowledge of the product to be tested. Black Box Testing helps in the
overall functionality verification of the system under test.

Syntax Based Testing involves on boundary value analysis, partition analysis, domain testing,
equivalence partitioning, domain partitioning, and functional analysis Hoffman in 1999
presented a technique based on boundary values analysis in this technique the relationship
between a generalized approach to boundary values and statement coverage is explored. Jeng in
1999 has presented a technique that is mainly related to domain testing. It combined the static
approach with the dynamic search method. In 1997, Gallagher and Lakshmi Narasimhan
proposed a method for locating input domain boundaries intersections and generating ON/OFF
test data

METAHEURISTICS
Metaheuristics are general heuristic methods that guide the search through the solution space,
using as surrogate algorithms some form of heuristics and usually local search. Starting from an
initial solution built by some heuristic, metaheuristics improve it iteratively until a stopping
criterion is met. The stopping criterion can be elapsed time, number of iterations, number of
evaluations of the objective function and so on . Voss in 1999 described a metaheuristic as
Iterative master processes that guides and modifies the operations of subordinate heuristics to
efficiently produce high quality solutions.

The most successful search algorithm class is based on metaheuristic techniques like Hill
Climbing (HC), Tabu Search (TS), Simulated Annealing (SA), Genetic Algorithm (GA), Ant
Colony Optimization (ACO), Particle Swarm Optimization (PSO), Cat Intelligence etc. McMinn
has provided a detail and up to date survey on use of metaheuristic techniques for software
testing. Several metaheuristics have been suggested for path coverage, statement coverage and
branch coverage. In such cases the use of metaheuristics would be very useful in providing
usable results in a reasonable time.

Hill Climbing (HC)

Hill Climbing is a local search algorithm. Starting from a solution created at random or by some
problem specific heuristic, standard local search tries to improve on it by iteratively deriving a
similar solution in the neighborhood of the so-far best solution. Responsible for finding a
neighboring solution is a move-operator, which must be carefully defined according to the
problem. This progression improvement is likened to the climbing of hills in the landscape of a
maximising objective function . It applies standard local search multiple times from different
starting solutions and returns the best local optimum identified . The major disadvantage of
standard local search is its high probability of getting trapped at a poor local optimum.

Tabu Search (TS)

Diaz developed a tabu search based test generator that have used program control flow graph for
branch coverage. It maintains a search list also called as tabu list. This strategy extends local
search by the introduction of memory. Stagnation at a local optimum is avoided by maintaining a
data structure called history, in which the last created solutions or alternatively the last moves
(i.e., changes from one candidate solution to the next) are stored. These solutions, respectively
moves, are forbidden (tabu) in the next iteration and the algorithm is forced to approach
unexplored areas of the search space. It uses neighborhood information and backtracking for
solving local optima. They defined two cost functions for intensifying and diversifying the
search mechanism. These cost functions are similar to the functions used by Wegner, in 12002 in
which individuals are penalized for taking wrong path while executing the program. Penalty is
fixed on the basis of error value produced by an individual in the effort of satisfying a branch
constraint.

Simulated Annealing (SA)

Another way for enabling local search to escape from local optima and approach new areas of
attraction in the search space is to sometimes also accept worse neighboring solutions. Simulated
annealing does this in a probabilistic way. Simulated Annealing (SA) algorithms, based on the
analogy of annealing process of metals, were proposed by Metropolis in 1953 and were first
applied to combinatorial optimization problems by Kirkpatrick in 1983. SA is considered to be
an improvement heuristic where a given initial solution is iteratively improved upon. SA is a
metaheuristic method used for test case generation in which process of cooling of a material
simulates the change in energy level with time or iterations. The steady state in energy
symbolizes the convergence of solution. At the beginning of the optimization, worse solutions
are accepted with a relatively high probability and this probability is reduced over time in order
to achieve convergence A number of researchers have applied SA to testing problems. Tracey
constructed a SA based test data generator for safety critical system. A hybrid objective function
is used which includes concepts, branch distance and number of executed control dependent
nodes. N. Mansour in 2004 presents that GA is faster than SA for generating test cases.

Genetic Algorithms (GAs)

GA is one of the most popular and intensively pursued techniques for software testing. The GA
is a global search metaheuristic proposed originally by Holland in 1975. Extensive work has
been done on the development of the original algorithm in the last 20 years and it has been
applied successfully in many fields of science and engineering. The GA is based on the
principles of Darwins theory of natural evolution and belongs to a more general category, the
Evolutionary Algorithms (EAs).

Recently, test-data generation techniques based on genetic algorithms (GAs) have been
developed whereas previous techniques may not be useful in practice, techniques based on GAs
have the potential to use for real systems. Cantharis first time applied GA for automatic test case
generation. Pargas et al. presented a Genetic Algorithm directed by the control-dependence graph
of the program under test to search for test data to satisfy all-nodes and all branches criteria.
Wagener logarithm zed the objective function to provide better guidance for its GA based test
case generator. They present a test environment for automatic generation of test data for
statement and branch testing. These techniques evolve a set of test data using genetic operations
(selection and recombination) to find the required test data. Michael et al. used GAs for
automatic test-data generation to satisfy condition-decision test-coverage criterion. They
proposed a GA based test generation system called Genetic Algorithm Data Generation Tool
(GADGET) to generate test cases for large C and C++ programs by using condition decision
coverage metrics.

Watkins and Ropar used coverage based criteria for assessing the fitness of individuals in their
GA based test generator. Lin and Yeh used hamming distance based metric in objective function
of their GA program to identify the similarity and distance between actual path and already
selected target path in dynamic testing. Bouchachia incorporated immune operators in genetic
algorithm to generate software test data for condition coverage

GA has started getting competition from other heuristic search techniques like Particle Swarm
Optimization. Various works show that particle swarm optimization is equally well suited or
even better than Genetic Algorithms for solving a number of test problems].

Particle Swarm Optimization (PSO)

PSO has been applied successfully to a wide variety of search and optimization problems It is
motivated from the simulation of social behavior PSO was proposed by Kennedy and Eberhart in
1995 is commonly used to solve the problem of nonlinear optimization through the coordination
between the individual to implement population convergence. Windisch have reported the
application of this swarm intelligence based technique for test data generation for dynamic
testing. They have conducted experiments to prove the usefulness and utility of search algorithm
towards test case generation. Compared with GA, PSO has some attractive characteristics. It has
memory, so knowledge of good solutions is retained by all particles; whereas in GA, previous
knowledge of the problem is destroyed once the population changes. It has constructive
cooperation between particles, particles in the swarm share information between them. The
individuals in the PSO update themselves using the best value of their own and the best value of
the whole population in the history. Finally, the entire population will converge to the global
optimum. The research work of different researchers from time to time shows that PSO is better
alternates compare to GAs in generation of test cases.

Ant Colony Optimization (ACO)

ACO has been applied in the area of software testing in 2003 Boerner and Gutjahr described an
approach involving ACO and a Markov software usage model for deriving a set of test paths for
a software system. McMinn and Holcombe presented ACO as a supplementary optimization
stage for finding sequences of transitional statements in generating test data for evolutionary
testing. H. Li and C. P. Lam proposed an ACO approach to test data generation for the state-
based software testing. Ayari et al. proposed an approach based on Ant Colony to reduce the cost
of test data generation in the context of mutation testing. Srivastava and Rai roposed an ant
colony optimization based approach to test sequence generation for control-flow based software
testing. K. Li et al. presents a model of generating test data based on an improved ant colony
optimization and path coverage criteria. P. R. Srivastava et al. made an algorithm with the help
of an ACO for the optimal path identification by using the basic property and behavior of the
ants. This ACO based approach is enhanced by a probability density estimation technique in
order to better guide the search for continuous input parameters.
 Hybrid Metaheuristics

Hybridization of evolutionary algorithms with local search has been investigated in many studies
such a hybrid is often referred to as a mimetic algorithm Talbi gave a classification framework
and taxonomy of hybrid met heuristics.

L. Wangand and D. Z. Zheng presents a hybrid approach which combined Genetic Algorithm
and local optimization technique for simulation optimization problems. Through the combination
of genetic algorithms with the local optimization method, it can maximally use the good global
property of random searching and the convergence rate of a local method. Their study considers
the sampling procedure based on orthogonal design and quantization technology, the use of
orthogonal Genetic Algorithm with quantization for the global exploration and the application of
local optimization technique for local exploitation. The final experimental results demonstrated
that the proposed approach can find optimal or close-to-optimal solutions and is superior to other
recent algorithms in simulation optimization.

D. Kusum, D. K. Nath presented a Hybrid Binary Coded Genetic Algorithm (HBGA) for
constrained optimization. They called it HBGA-C. It is based on the features of Hybrid Binary
Coded Genetic Algorithms. The aim was to implement constraint handling technique to HBGA.
It was easy to implement and it also provided feasible and better solutions with a fewer number
of function evaluations. It was compared with Constrained Binary GA (BGA-C) by
incorporating the constraint handling technique on BGA that used Roulette wheel selection and
single point crossover. Their comparative performance was tested on a set of twenty five
constrained benchmark problems. The results have shown the better performance.

Y. R. Ali, O. Nursel, K. Necmettin and O. Ferruh describes a new hybrid approach, which
deals with the improvement of shape optimization process. The objective is to contribute to the
development of more efficient shape optimization approaches in an integrated optimal topology
and shape optimization area with the help of GA and robustness issues. An improved GA is
introduced to solve multi objective shape design optimization problems. The specific issue is to
overcome the limitations caused by larger population of solutions in the pure multi-objective
genetic algorithm. The combination of genetic algorithm with robust parameter design through a
smaller population of individuals results in a solution that leads to better parameter values for
design optimization problems. The effectiveness of the proposed hybrid approach is illustrated
and evaluated with test problems. It shows that the proposed approach can be used as first stage
in other multi-objective GA to enhance the performance of GA. Finally, the shape optimization
is applied for solving multi objective shape design optimization problems.

The social foraging behavior of bacteria has been used to solve optimization problems. V. K. D.

Hwa, A. Ajith and C. J. Hoon proposed a hybrid approach involving GA and Bacterial
Foraging (BF) algorithms for function optimization problems. The algorithm emphasizes on
mutation, crossover, variation of step sizes, and the lifetime of the bacteria. The algorithm is then
used to tune a PID controller of an Automatic Voltage Regulator (AVR). Simulation results
show the efficiency of it. It could easily be extended for other global optimization problems.

Devraj presented a GA with adaptive mutation based upon nonrevisiting. The algorithm
removed the duplicate individuals. Moreover, instead of using simple GA, by which the
individuals are generated again and again, which is clearly wastage of time and computational
resources, an improved GA has been suggested. The proposed GA is flexible with all function
with any number of variables.

A hybrid algorithm based on Simulating Annealing and Genetic Algorithm was proposed by
Wangsnd to improve neighbor search ability of the heuristic algorithms. They divided the initial
population which was generated randomly into subpopulations and apply multiple crossover
operations to these subpopulations in order to improve the exploring potential of traditional GA
based approaches. They analyzed that this hybrid algorithm provides better results as compare to
existing simple GA but hybrid heuristic is computationally more expensive. Using a hybrid of
Ant System and Genetic Algorithm Noorul Haq proposed new techniques that give as compared
to pure metaheuristics techniques. In this hybridization the output of Ant System became input
GA. A hybrid algorithm based on Simulating Annealing, Genetic algorithm and iterative hill
climbing procedure to avoid local-minima at each step in the iteration is proposed in 2004 by
Nearchou

A more superior hybrid genetic algorithm in which initial solutions have been searched by PSO
for multi-objective scheduling of flexible manufacturing system was proposed by Biswal the
outstanding performance of this algorithm overcomes the main limitation of early work done by
Naderi in 2009.

D.H. Kim in 2007 proposes a hybrid approach by combining a Euclidian distance (EU) based
GA and PSO method.

K. Li in 2010 proposed a GPSMA (Genetic-Particle Swarm Mixed Algorithm) to breed software

test data for path testing. On the basis of population division, drawing on the idea of niche, the
GPSMA method used to generate test data in each subpopulation. They used a new method to
breed software test data called GPSMA for structure data test generation. They introduced a new
strategy to replace the mutation operation in traditional GA. They used the excellent rate of
production to implement the interaction between sub-populations. Theoretical analysis and
practical testing results show that the approach is simpler, easier and more effective in generating
test data automatically. The comparison with ant colony optimization and traditional genetic
algorithm shows that the GPSMA is a good alternative for test data generation problems.

LIMITATIONS / GAPS OF EXISTING RESEARCH

After a comprehensive study made on the existing literature, a lot of limitations/gaps have been
found in the area of Software Testing:

Majority of work reported for software testing problems has been dealt with statement
testing, branch testing, path testing, and data flow testing which have their own
limitations. Hence a more attention is required towards a new approach for testing.
Automatic test data generation is major issue in software testing problem. Most of the
works reported in automatic test data generation but a new approach is required that can
generate unique test data and that does not fall into local optima.
 Most of work with the hybridization of local search and heuristic techniques has done.
There is limited work towards hybridization of metaheuristics algorithms in software
testing. Hence more emphasis is required towards it.

From the survey of literature, it is concluded that metaheuristic techniques especially GA and
PSO has become interesting preference for researchers to testing problems. Development of
heuristics and metaheuristics are still the major issues related to software testing which includes
automatically test data generation to covers each and every statement. Therefore, in the present
work, automatic test data generation problems with very good performance measures including
generation of unique test data, covering each and every statement or 100 percent statement
coverage have been considered. An attempt has been made to develop Hybrid algorithm that is
based on combination of powers of two algorithms PSO and GA for solving test data generation
problem of software testing which must be effective in generating test cases.

Gelperin and Hetzel presented the evolution of software test engineering which traced by
examining changes in the testing process model and the level of professionalism over the years.
Two phase models such as the demonstration and destruction models and two life cycle models
such as the evolution and prevention models are given to describe the growth of software testing.

Hamlet and taylor presented more extensive simulations, and reach at more precise results
about the relationship between partition probability, failure rate, and effectiveness.

Vishwas Massey and K.J.Satao in their paper has also compared various SDLC Models for
performance and has also proposed a new model for better performance. But both the papers do
not make a comparison between the research methodology and SDLC process.

Richardson and Malley proposed one of the earliest approaches focusing on utilizing
specifications in selecting test cases. They proposed approaches to specification-based testing by
extending a wide range of implementation-based testing techniques to be applicable to formal
specification languages and determine these approaches for the Anna and Larch specification
languages.
Madeyski Lechetal presented the concept of using a set of second order mutants by applying
them to large open source software with number of different algorithms. They show that second
order mutation techniques can significantly improve the efficiency of mutation testing at a cost in
the testing strength.

Ntafos presented the comparisons of random testing, partition testing and proportional partition
testing. The author guaranteeing that partition testing has at least as high a probability of
detecting a failure comes at the expense of decreasing its relative advantage over random testing.

Juristo et al. Analyzed the maturity level of the knowledge about testing techniques. For this,
they examined existing empirical studies about testing techniques. According to knowledge, they
classified the testing techniques and choose parameters to compare them.

J. A. Whittaker presented a four phase approach to determine how bugs escape from testing.
They offer testers to a group related problems that they can solve Importance of Testing in SDLC
Tanu Jindal Department of Computer Science & Engineering Noida Institute of Engineering &
Technology (NIET) Greater Noida, India. Tanu Jindal International Journal of Engineering and
Applied Computer Science (IJEACS) Volume: 01, Issue: 02, December 2016 ISBN: 978-0-
9957075-1-1 www.ijeacs.com 55 during each phase.

Claessen et al. Developed a lightweight and easy to use tool named quickCheck, that is a
combination of two old techniques (specifications as oracle and random testing) works extremely
well for Haskell program. They present a number of case studies, in that the tool was
successfully used and also point out some pitfalls to avoid.

Harrold et al. presented a new approach to class testing that supports data flow testing for data
flow interaction in a class. They also describe class testing and the application of dataflow testing
to class.
 CHAPTER 3
RESEARCH
METHODOLOGY
 RESEARCH METHODOLOGY

Research methodology is not only the application of the research methods but also the
comparison of the logic behind the methods that is being used in this context of research study
and explain why particular methods or techniques are used and why others are not being used.
Research methodology is the to systematically solve the research problem .In various steps that
are generally adopted by a researcher in studying his research problem along with the logic
behind them are studied in order to have a clear view of the study.

Research methodology is the way to systematically solve the research problem. It

may be understand as a science of studying how research is done scientifically. In it I study
the various steps that are generally adopted by a researcher in his research problem
along with the logic behind them. It is necessary f o r t h e researcher to know not only
the research method but also the methodology.

The report has different direction and features, including different steps as follows:

The research process includes the following steps:

Defining the problem

Statement of research objectives
Planning the research design
Planning the sample
Collection of data
Analyzing the data
Formulation of conclusion
Preparation of the report
 OBJECTIVES OF THE STUDY

Software Testing has different goals and objectives. The major objectives of Software testing
are as follows:

To know about importance of testing in software development process.

To know about different type of testing in SDLC.
To know about role of testing in SDLC at various phases.
To know about testing techniques and its application at various phases of SDLC.
To learn about software testing life cycle model.
To know why early testing is vital.
To learn about security testing in SDLC, why it is important and where does it fit in
SDLC.
 SCOPE OF THE STUDY

A little bit of testing uses, importance and application of testing is also covered in this
SDLC.
This study will help in applying different testing techniques at various phases of sdlc.
This study has summarized the key aspects of testing sdlc
The testing that unless otherwise agreed an acceptance of contract may be expressed.
 RESEARCH DESIGN

The research design refers to the overall strategy that you choose to integrate the different
components of the study in a coherent and logical way, thereby, ensuring you will effectively
address the research problem; it constitutes the blueprint for the collection, measurement, and
analysis of data.

A research design is the plan of a research study. The design of a study defines the study type.

The various types of research designs which are used in collection of data are:

Exploratory Research Design

Descriptive Research Design

Diagnostic Research Design

Experimental Research Design

DATA COLLECTION

The type of research design which is used in this study is exploratory research design
Depending on the source, statistical data are classified under two categories:

Primary Data: Primary data are obtained by a study specifically designed to fulfill the data
needs of the problem at hand. Such data are original in character and are generated in large no. of
survey conducted with a sample.

Secondary Data: These data are not originally collected but rather obtained from published or
unpublished source
 SOURCE OF DATA COLLECTION FOR PRESENT STUDY

The source of data collection is Secondary Data.

The various sources which I used for collecting data for this study involve:
The use of internet
websites
Books
Newspaper
Magazines
These sources really help me a lot in gathering and collecting knowledge about computers which
helped me in completing my project on the topic evolution of computers successfully.
 LIMITATION OF THE STUDY

Due to Shortage of time data is biased to some extends.

This study is only limited to the study of testing.
I have less time to study about this study and it is a very good topic and the one month is
very less time period.
Study is only for the educational purpose only, cannot be used commercially without my
permission.
Data is collected particularly from secondary sources.
All testing techniques are not defined in detail.
Proper Usage of testing techniques at various phases of sdlc could not be defined in
detail.
Only secondary Data is used
Information may be outdated or obsolete.
The available data may not suit the current purpose of research due to incompleteness and
generalities.
There may be difficulty in identification of source.
 CHAPTER4
DATA ANALYSIS &
INTERPRETATION
 Importance of Testing in Software Development Process
The major role of software testing involves that there should be no discrepancy in the software
development process. According to one survey software errors costs U.S economy 0.6 percent
of the gross domestic product and about 80% of the software development costs of a project are
spent on identifying and fixing errors.
Each software development life cycle has passed through a set of common phases one or more
times. So starting activities early means we can catch small problems before they become big
problems later on. Starting testing activities early also provides the chance to review
requirements for important quality attributes, to ask questions and to resolve issues.

Testing in SDLC helps to prove that all the software requirements are always implemented
correctly or not.

Testing helps in identifying defects and ensuring that testing are addressed before software
deployment. If any defect is discover and fixed after deployment, then the correction cost will be
much huge than the cost of fixing it at earlier stages of development

Testing in SDLC demonstrates that software always appears to be working correspond to

specification, and the sociology and performance requirements always appear to have been met.

Whenever several systems are developed in different components, different levels of testing help
to verify proper integration or interaction of all components to rest of the system.

Testing in SDLC means that testing always improves the quality of product and project.

There are three different testing phases in SDLC are:

i. Test Analysis: tester tries to understand about the project.
ii. Test Design: tester design the test cases based on user requirement.
iii. Test Execution: tester execute the test cases and raise defects, if any.
 Various types of testing involves throughout SDLC are:
All the testing techniques are divided into mainly three categories:
1. Black Box: It tests external behavior of the system. Internal system design is not
considered in this type of testing. Tests are based on requirements and
functionality.
2. White Box: it tests internal behavior of the system. This testing is based on
knowledge of the internal logic of an applications code. Also known as Glass
box Testing. Internal software and code working should be known for this type
of testing. Tests are based on coverage of code statements, branches, paths,
conditions.
3. Grey box: Both internal and external behavior is called grey box testing.

Other types of testing that comes under the above categories are-
1. Acceptance Testing: Formal testing with respect to user needs, requirements, and
business processes conducted to determine the acceptability of the system.

2. Ad-Hoc Testing: It is performed without planning or documentation and its main

work is to find errors that are not uncovered by other types of testing.

3. Alpha and Beta Testing: Alpha testing is the testing done by test teams at
development site after the acceptance testing. Beta testing carried out by real users
in real environment.

4. Black Box Testing: Black box testing is the testing technique whereby the internal
workings of the item being tested are not known by the tester.

5. White Box Testing: White box testing is the testing of a software solution's
internal coding and infrastructure.

6. Automated Testing: Using automation tools to write and execute test cases is
known as automation testing.

7. Grey Box Testing: Grey box testing is a software testing technique that uses a
combination of black box testing and white box testing.

8. Integration Testing: In integration testing the individual tested units are grouped
as one and the interface between them is tested.

9. Regression Testing: Regression testing means rerunning test cases from existing
test suites to build confidence that software changes have no unintended side-
effects.

10. Stress Testing: Stress testing is a software testing activity that determines the
robustness of software by testing beyond the limits of normal operation.
 11. UAT (User Acceptance testing): It is performed by the end users of the software.
This testing happens in the final phase of testing.

12. Security Testing: Security testing tests the ability of the software to prevent
unauthorized access to the resources and data.

13. Performance Testing: The goal of application performance testing is to appraise

any user experience in realistic scenarios on our target application. In software
engineering, performance testing is in general testing performed to determine how a
system performs in terms of responsiveness and stability under every condition. Hence,
software testing is one of the major parts of the SDLC and it should be carried out
effectively for the quality of the product.

Role of Testing in SDLC at various phases

Inception Phase

In this phase, a test engineer will get an opportunity to indentify the necessities of project.
Normally the data are recorded by the architecture team in the architectural reference
document. Data design, information design, system design are the main issues in this
phase.

Elaboration Phase

In this phase, a test engineer will get an opportunity to indentify how the project is
planned. This is a major phase, where the entire design of the project is documented in
the JAD phase in the System requirement document, business requirement document,
product requirement document commercial use cases. Planner, Commercial reviewer,
project organization, execution, testing, maintenance of project teams etc are attended the
JAD phase to give sign-off on these completed document.
 Construction Phase

In this phase, programmers play an important role of building the application depends on
the plan acknowledged during the JAD stage. Here tester group have to follow the
programming group to identify several adjustments taken by the system. There may be
any kind of fault which are overlooked by programmer, misapprehend the planed records,
in that time, a tester can always rise the issue to the regarding programmer to solve the
issue. A testing group requires developing the high level scenarios (HLS) on basis of the
elaboration phase. High level scenarios may have more than one test case. A tester should
ensure that all the necessities are discovered to a test case by a quality affirmation
standard. It is mandatory to record test cases on the basis of all probable references of the
newest modernized data and also signed-off.

Transition Phase

In this phase if any fault or errors are originate then these are test again and it goes
though the regression testing. With the help of regression testing, consistent systems
develop. By the helping of these testing methods, any fundamental result can be
converted into a tough and consistent system.
 Apply Testing on all Phases of SDLC

It has always been a big question when to start testing. Experts suggest that every step taken in
the development of the system must be tested thoroughly in a formal manner. It means that
testing must be done for requirements gathering, designing, coding, and even for testing phase.
Testing of testing efforts may seem to be unusual and surprising but it is an important effort
because one needs to be sure about the testing efforts to be able to rely on its reports. A good
testing life cycle begins during the requirements elicitation phase of software development, and
concludes when the product is ready to install or ship, following a successful system test. Below
shows that testing applied on all the phases (Requirement gathering, Designing, Coding,
Testing, Implementation and Maintenance) of SDLC, not a particular stage. The study of
various software development process models reveal that in almost all these models, software
testing is included as one phase, but testing is required at each phase and not at a particular
stage. In this SDLC testing model we applied the testing at all the phases of SDLC. By
categorizing which type of testing technique to be applied at which phase of software
development life cycle will help us plan for testing in that phase efficiently and to take full
advantage of all the types of testing techniques to improve quality in that phase and
consequently the overall quality of the software project. Well-defined traceable and controllable
processes are required for enhancing the quality of the software products and gaining optimum
benefits from applied effort. Software process is a stepwise sequence of activities carried with
the focus of producing quality software in an economic manner it will be possible when we
applied testing at all the phases of software development life cycle
 Applying testing on all phases of SDLC

Requirement
Gathering

Designing

Coding

Testing

Testing

Implementation

Maintenance

Software testing is recommended to be started as early as possible in the earliest phases of the
SDLC, most preferably in the requirement analysis phase itself and should be performed by
skilled testers only and not by developers. Software development life cycle (SDLC) processes
involve activities of software requirements analysis, requirements specification, design, coding,
testing, delivery, and maintenance. The testing phase can be used in all of these life cycle phases
as an umbrella activity.
 Testing Techniques according to Phase of SDLC
We identifying that which type of testing technique can be applied to which phase of SDLC.
Figure below shows the phases of SDLC and according to testing technique.

PLANNING FOR TESTING

Exploratory testing, Ad
hoc testing, Free form
testing,Risk based testing, REQUIRMENT GATHERING
structured walkthrough
MAINTAINENCE
Prototyping,
Maintenance and Regression testing
Requirement Testing
histogram testing, Pareto testing, Run
chart, Statistical profile testing,
structured walkthrough ANALYSIS

Decision table

IMPLEMENTATION

Acceptance testing, Alpha testing, Beta testing DESIGN

Cause-effect graphing, Comparison testing,
Compatibility testing, Exception testing, Load Integration testing,
testing, Mutation testing, Orthogonal array testing, System testing
Performance testing, Stress testing; prior detect
history testing, Random testing,Range testing,
Recovery testing, State transition testing,
Robustness testing, Penetration testing, Security CODING DESIGN
testing, Back to back testing
Code and Unit testing, Basis path
testing, Boundary value testing, Branch
coverage testing, Condition coverage
INTEGRATION testing, Desk checking, Loop coverage
testing,Statement coverage testing,
Integration and system testing, Black box testing, Syntax Testing, Table testing
White box testing, Bottom up testing, CRUD
testing, Database testing, End to end testing,
Equivalence partitioning, Incremental integration
testing, Inspections, Positive and negative testing,
Sandwich testing, Thread testing, Top down
testing
 SOFTWARE TESTING LIFE CYCLE (STLC)

Software Testing Life Cycle (STLC) defines the steps/ stages/ phases in testing of software.
However, there is no fixed standard STLC in the world.

Nevertheless, Software Testing Life Cycle, in general, comprises of the following phases:
Phase Activity Deliverables Necessity

You review the software

Requirements/ Review Defect
requirements/ design Curiosity
Design Review Reports
(Well, if they exist.)

Once you have gathered a

Test Plan
general idea of what needs
Test Planning Test Estimation Farsightedness
to be tested, you plan for
Test Schedule
the tests.

You design/ detail your

tests on the basis of
Test Cases / Test
detailed
Scripts /Test Data
Test Designing requirements/design of the Creativity
Requirements
software (sometimes, on
Traceability Matrix
the basis of your
imagination).

You setup the test

Test environment (server/
Environment client/ network, etc) with Test Environment Rich company

Setup the goal of replicating the

end-users environment.

You execute your Test

Test Results
Cases/ Scripts in the Test
Test Execution (Incremental) Patience
Environment to see
Defect Reports
whether they pass.
 Test Results (Final)
Test/ Defect Metrics
Test Closure Report
You prepare various Who Worked Late &
Test Reporting reports for various on Weekends Diplomacy
stakeholders. (WWLW) Report
[Depending on how
fussy your
Management is]

WHY EARLY TESTING IS VITAL?

Early Testing is vital

Industry Research (such as Gartner, Sticky minds) has highlighted approximately 50% of
defects can be traced to requirements. The earlier a defect is identified the cheaper it is to fix!

Stage of the SDLC Cost to Fix Defects

Requirements 1x

Design 2x

Coding 5x

Testing 10x

Production 30x

Source: US National Institute of Standards & Technology

 Role of Security Testing in the SDLC
As requirements for faster release cycles and applications packed with more features than ever
keep organizations rushing to production, we cant afford to skip a beat when it comes to
security. Developers with all stages of security knowhow are being hired, and right beside
giving developers a thorough education in secure coding is ensuring the code they write is
secure well before it gets deployed.

This is where a strong security testing approach becomes an organizations saving grace.

Security testing, Wikipedia says, is a process intended to reveal flaws in the security
mechanisms of an information system that protect data and maintain functionality as intended.
In other words, security testing is making sure all the security requirements you mapped out at
the beginning stages of your application security program are being implemented and
implemented correctly.

Why is Security Testing in the SDLC important?

Security testing is one of the most important aspects of any Secure SDLC approach.
Why? For one, security testing in the SDLC identifies security issues that need to be addressed.
The sooner you can find them, the more money you save: fixing security issues, like any bugs,
gets more expensive the later in the lifecycle you find them. Waiting until later stages of the
SDLC to begin security testing leads to hasty fixes in order to stay on schedule will not bode
well when customers complain or worse.
And thats not even considering the kinds of costs weve seen organizations pay when they
dont discover vulnerability at all. Breaches are costly, and the ROI gained from proper
implementation of security testing in the SDLC is proven by avoiding just one security breach.

Secondly, the various types of tests youll perform throughout the lifecycle will also let you
know how closely the security architecture and design is being followed. In essence, security
testing is a barometer of security quality within your SDLC, as well as the best way to develop
and maintain applications efficiently and in line with organizational needs and risks.

Lastly, but perhaps most importantly, security testing gives an organization a strategic approach
to improving security in their application portfolio, and is a business imperative for any
business trying to minimize the potential risks including compliance requirements that
application security vulnerabilities can pose.

Where Does Security Testing Fit in the SDLC?

Security testing can be done through much of the SDLC, as early as during the analysis and
design phases, as well as throughout development and, of course, during the testing phase. And
just because an applicais released, doesnt mean you can stop thinking about the application
but were focusing on testing done during the lifecycle for now.
The security testing strategy, as we discuss below, needs to be based on your individual
organizational structure and what the established SDLC process allows for. Typically, however,
security testing can be broken up into three areas during the SDLC:

Requirements and Analysis Phase

During this phase, as security requirements are mapped out, testing plans can be created to
better track the completion and success of the stated requirements.

Development Phase
As soon as code is being written, static application security testing can begin. Starting testing as
soon as your SDLC allows facilitates the best way to stop vulnerabilities from making their way
to the finished product. With partial code scanning, source code can be scanned at any point in
time during the build, making vulnerability discovery that much faster and more effective.

Code Reviews & Manual Testing Phase

Finally, once development is finished, a final secure code review along with manual testing can
help detect logical code flaws and ensure that issues found during the development phase have
been fixed correctly and new vulnerabilities have not been introduced.

Defense in depth is a key aspect to a successful application security program and the same
goes for security testing in the SDLC.

Key Steps to Security Testing in the SDLC:

1. Make it measurable
As the OWASP Testing Guide so rightly says in the introduction, you cant control what you
cant measure. Security testing is no different especially when first implementing it within
the SDLC. Being able to look through your testing history and comparing it over time is
essential in seeing (and reporting up) on improvement. In order to do so, begin by establishing
goals and metrics from the get-go, working with stakeholders from the board to developers
to set expectations and gather feedback on the processes themselves.

2. Ensure testing tools are easy to adopt

Making sure the tools you choose are chosen in terms of learning curve and adoption rate by
developers are important factors in whether or not your security testing program will be
successful or not. Many developers havent dealt with needing to test for security before, so if a
tool is difficult to use or well-integrated into the developers current toolset, chances are its not
going to get used.

Dont spend a fortune on the best tool in the business if its not likely to be used by those that
would be in the business of using it.

3. Automate wherever possible

If youre doing a good job of training your developers, you want to make sure theyre spending
the most time doing what they were hired and trained to do code securely.

Instead of burdening them with long hours of code review or manual security testing at each
milestone, you can automate at least parts of that process with source code analysis tools,
implemented into their IDE. At check-in, developers can simply scan their code and get quick
results back instantly, allowing them to fix the code while its still fresh in their minds.

4. Align security testing activities to your current SDLC process

The phases youll be able to integrate security testing into and how quickly security testing can
be introduced largely depends on the existing SDLC process in place in your organization. In
agile environments, for instance, security testing can and should be integrated as early as
possible, while in waterfall environments, security testing may not be possible until
development is well-underway.

While security testing should always be integrated as early as possible, its more important to
make sure security is a business enabler by working with the current processes not against
them.
 Chapter 5
CONCLUSION
 CONCLUSION

Testing helps in identifying defects and ensuring that testing are addressed before
software deployment. If any defect is discover and fixed after deployment, then the
correction cost will be much huge than the cost of fixing it at earlier stages of
development

Whenever several systems are developed in different components, different levels

of testing help to verify proper integration or interaction of all components to rest of the
system.

This thesis report relates various types of testing technique that we can apply in
measuring various quality attributes. Also which testing are related to various phase of
SDLC.

General SDLC processes are applied to different type of projects under different
conditions and requirements. There is various type of SDLC model (Waterfall Model,
RAD Mode, Iterative Model, Proto Type Model, Spiral Model, V-Model, etc). But in all
these models, testing is applied after a particular stage and not in all the phases.

In this thesis report, it is concluded that testing should be applied in all the phases of
SDLC and not at a particular stage. Which type of testing technique can be applied to
which type of SDLC phase is also summarized

Future work for this area will be to take more new coming testing techniques and
relating these to the phases of SDLC. This will help taking the maximum advantage of
that testing technique. And this will be helpful to conclude that.
CHAPTER- 6
SUGESSTION
 SUGGESTIONS

Testing plays an important role in SDLC and apart from that testing also improves the
quality of the product and project by discovering bugs early in the software.

Testing not only improves the quality of the product, but it also improves the company
quality also.
So testing should be done at each step of SDLC.

Software Testing Documents always play an important role in Project

development/testing phase. So always keep things documented whenever possible. Dont
rely on verbal communication. Be always on safe side.

Documentation will not only save you but also help organization in long run saving
thousands of dollars on training and more importantly on fixing issues caused due to lack
of development and testing documents.

Dont document just to avoid finger pointing on you, but habit of documentation will
certainly bring a systematic approach in your testing process, leaving the ad hoc testing
behind

Following software testing documents that we need to use/maintain regularly:

1) Test plan
2) Test design and Test case specification
3) Test Strategy
4) Test summary reports
5) Weekly Status Report
6) User Documents/ manuals
7) User Acceptance Report
8 ) Risk Assessment
9) Test Log
10) Bug reports
11) Test data
12) Test analysis

SMEs (Subject matter experts) are the one who approve the test plan and they signify
the standards for the closure of the project. Test cases should be agreed with the
acceptance standards and all the scripts which are mentioned in the test plan which is
really essential for the closure of the project and to prove that all the test cases have been
performed with respective all the results in form of pass and fail.

Test cases are really important to generate from the requirements and design templates.
Then system can be testing thoroughly. Any feature/s can be included in the test case
 document it can be related with usability or functionality of the application.

There are respective test scripts which get converted into test cases and it should be
validated properly.

There are specific test scripts which tells what to do and what should happen in the
application after executing them. Detailed information about the design and architecture
can be understood with the help of test scripts in the software development process.
 CHAPTER-7

BIBLIOGRAPHY
 BIBLIOGRAPHY

1. Youddha Beer Singh, Shivani Goel Role of Testing In Phases of SDLC and Quality in
International Journal of Information Technology & Knowledge Management. [Accepted for
Vol.-II, Issue-II Dec. 2009]

2. Youddha Beer Singh, Shivani Goel Role of Software Testing in Software Quality at
National conference on Modern Management Practices & Information technology Trends

3. (MMPITT-09) held at Department of Business Management & Information Technology,

DAV Institute of Engineering & Technology, Jalandhar(India) on April 17-18, 2009, PP
500-504.[Presented & Published]

BOOKS:

(Joseph Brady, Ellen Monk, Bret Wagner, 2001)

(Nah and Lau 2001)

(Shehab et al., 2004)

Kroenke (2008)

(Zhang et al., 2005).

Web sites:
www.google.com
www.wikipedia.com
http://www.cio.com/article/40323/SDLC_Definition_and_Solutions?page=2&taxonomyId=300
9
http://www.cio.com/article/40323/SDLC_Definition_and_Solutions#erp