Why Perform CRM Testing?

CRM is designed keeping in view the market requirements of different clients. So once designed it is used among different clients by customizing it. The problem that is mostly faced, not all the requirements can be fulfilled or required by all clients. So this may results in compromising with the CRM used for business. Consider a common example of a date functionality provided by the CRM system. For example a company was established 10 years ago and CRM is allowing the dates to be used for an event or meeting held etc that is more than 10 years old for that specific company. Also for one company the user Date of Birth restriction is 30 year old, while for the other its 35. Capturing these requirements that are the company policy becomes difficult sometimes to maintain and fulfill. The CRM should be designed in a way so that each and every aspect can be customized as to client requirements. This will help to set the companies goals and make the CRM works keeping in view the company policies.

CRM when not tested properly may results in loss of money if failed to fulfill the company policies and requirements. For example a system may have different group of roles with restriction on performing specific tasks. A common problem that arises is the access of restricted user over the area where he has limited rights to perform operations. In most of the cases with generic CRM this issues comes to be very common for a client. Each role of the client should be checked for the rights of performing operations. This ensures that the user have no access to the area he is restricted for and also to ensure that the user have rights of performing operations he is authorized for. An available access to the un-authorized users over the restricted areas of the system may results in complete disaster and destroying company reputation and policies.

The CRM may or may not be compatible with all the platforms. For example a CRM is designed for a set of users using a specific platform. Let say it work for some clients on the same platform and for the clients who can switch between the platforms. But what about the clients who have some of the functionalities dependent on one specific platform and are unable to switch? In such case the CRM if not tested for their requirements may results in complete disaster.

Other issue that may be faced is the Performance measures like Response Time, Through Put, Round Time and Hits per Second. The Performance measures vary with the requirements of the clients and needs. The performance of the system may be excellent for one client but it may behave very badly for others. In case of web based CRM the number of users accessing the system for each client will vary and may results in maintaining the required functionality. Performance is very important aspect that cannot be ignored keeping in view the requirements of user using the system. The performance of the product varies as the number of users varies. So it is important to test the product to evaluate its performance behavior for each client.

Some companies are more interested for using more secure system that uses SSL (Secure Sockets Layer) and OWASP (Open Web Application Security Project) standards to perform business operations, while some don’t care in most of the cases depending on the nature or type of data involved. CRM some time capture the requirements of both clients and provides plug-ins that can be enabled or disable depending on the requirements. Keeping in view the privacy and data confidentiality issue it is important to check the system for Security that is a very broad and an important aspect for any product. Confirming that the system is saved from the un-authorized access confirming the security aspect leads to beneficial results.

It is important to test the product as soon as it is configured for the use. An early testing can save lot of money in terms of development cost, new resources that may be required. It may also prevent from loss of data, improper and inaccurate data retrieval and avoiding un-authorized user actions.

Quality Assurance Vs Quality Control

Quality Assurance VS Quality Control

In simple words when we compare quality assurance with quality control the quality will be the defects prevention and the goal will be the zero defects for Quality Assurance where as quality will be defect identification and goal will be the process of control to reduce the defects for Quality Control.

§ In Quality Assurance deliverables are created which is performed by a manager or client. Checklist, project audits and methodology and standards are example of QA. Quality control is only about requirements. Quality assurance is basic and does not relate to the specific requirements of the product being developed.

§ Whereas Quality Control is a process in which quality related activities are associated with the creation of project deliverables. Quality control is basically used to verify that deliverables are completed and correct. Inspections, deliverable peer reviews and the testing processes are the examples of quality control. Quality assurance actions are determined before production work begins and these activities are performed while the product is being developed. In contrast, Quality control actions are performed after the product is developed.

QA actions ensure that the process is defined and proper. Methodology and standards development are examples of QA activities. QA would focus on the process elements of a project and requirements are being defined at the proper level of detail. QC activities focus on the finding defects in the deliverables.

Typical QC steps:

· Problem Identification

The main outcome of the Problem Identification stage is to set the overall purpose and objectives of the risk assessment and to determine the likely data requirements

· Problem Analysis

To gather information that helps you determines the nature of a problem encountered on your system.

· Problem Correction

To correct the problem identified in QC process.

· Feedback To QA

Process of control to reduce the defects for Quality Control.

Typical QA steps:

· Data gathering

It is a frequent part of solving problems and satisfying curiosity

· Problem Trend Analysis

Based on number of problems occurring in the area under study

· Process Identification

Each process is identified with a unique name/number.

· Process Analysis

A process can be defined as "a logical series of related transactions that converts input to results or output" (Andersen 1999)

· Process Improvement

It is a series of actions taken by a Process Owner to identify, analyze and improve existing processes

QC Vs QA - Examples

QC	QA
Walkthrough	Quality Audit
Testing	Defining Process
Inspection	Selection of tools
Checkpoint review	Training

Is Testing a QA or a QC Activity?

Testing is an example of a QC activity, but there are others such as inspections.

The difference is that QA is process oriented and QC is product oriented.

Testing therefore is product oriented and thus is in the QC domain. Testing for quality isn't assuring quality, it's controlling it.

Quality Assurance makes sure you are doing the right things, the right way. Quality Control makes sure the results of what you've done are what you expected.

Example:

Let us consider an example to understand difference between software quality assurance and software control:

“Consider a software project that includes requirements, user Interface design and a SQL database implementation.

The SQA team would produce a quality plan that would specify any standards, processes and procedures that apply to the example project. These might include, by way of example, IEEE xyz specification layout (for the requirements), Motif style guide abc (for the user interface design) and Open SQL standards (for the SQL implementation). All of the standards processes and procedures that should be followed are identified and documented in the quality plan, this is done by SQA.

When the requirements are produced (in this example) the Software Quality Control team would ensure that the requirements did in fact follow the documented standard (in this case IEEE xyz). The same task, by SQC, would be undertaken for the user interface design and the SQL implementation, that is they both followed the standard identified by SQA. Later the SQA team could make audits to verify that IEEE xyz and not IEEE abc was indeed used as the requirements standard”.

In this way a difference between correctly implemented by SQA and followed by SQC can clearly be drawn.

The SQC definition implies software testing, as this is part of the project produces the required internal and external (deliverable) products definition for SQC. The term required refers not only to the functional requirements but also to the non-functional aspects of supportability, performance and usability etc. All of the requirements are Verified or Validated by SQC. For the most part, however, it is the distinction around correctly implemented and followed for standards, processes and procedures that gives the most confusion for the SQA and SQC definitions. Testing is normally clearly identified with SQC, although it is usually only associated with functional requirement testing.

Reference links:

1. http://www.diffen.com/difference/Quality_Assurance_vs_Quality_Control

2. http://geekswithblogs.net/srkprasad/archive/2004/04/29/4489.aspx

3. http://www.sqa.net/softwarequalitycontrol.html

4. http://elsmar.com/pdf_files/QC%20vs%20QA.pdf

5. http://plasticpipe.org/pdf/chapter-8_quality_control_quality_assurance.pdf

6. http://contamsites.landcareresearch.co.nz/problem_id.htm

Top Reasons for QA Outsourcing

One of the main concerns that most software development companies face is the quality assurance (QA) process. The quality of the product is mostly checked and improved through thorough software testing. For companies in need of a flexible and seamless solution for their software testing needs, a testing outsourcing company such as Kualitatem can provide it for them.

1. Efficient and cost-effective quality solutions
   To reduce costs on software testing process, companies can get them through a professional software testing company. With Kualitatem working to provide support for QA and testing processes, companies can save costs and focus more on their core business.
   
   Kualitatem has in-depth knowledge and experience in providing solutions for software bugs that most software development companies have in their software products. The testing outsourcing company will provide the right solution to resolve their problems with their various services.
2. Expertise in using multiple testing tools
   In delivering solutions for testing, test management, and consulting, Kualitatem uses the right tools at every stage of the testing cycle. At Kualitatem, they explore the functions of various licensed and open source tools to discover the right tools to meet their client’s needs.
   
   In delivering test management solutions, Kualitatem uses the test director, test link, and zephyr tool. To improve the efficiency of the client’s testing activities, Kualitatem uses the QTP, Selenium, Jira and Mantis tool in providing test automation.
3. Experience in various industries
   Through their highly experienced team of professionals, Kualitatem provides quality services to various clients across the globe. With Kualitatem as their software testing company, clients can expect the best support for their quality assurance and testing processes.
   
   Kualitatem testing outsourcing company has experts who have experience in various industries like enterprise web solutions, digital media, networking and hardware, mobile and Smartphone, video games, and more.

So for companies in need of efficient solutions for their software testing and quality assurance needs, outsource them at a professional testing outsourcing company that prioritizes quality before anything else. Read more about Kualitatem athttp://www.kualitatem.com/

Important Facts about the Software Test Management Process

If you are the manager of a software developing company, you would know that the software test management phase is one of the most important stages of the software development process. In order to improve the quality and productivity of your company, you have to implement an efficient software testing process to ensure the functionality and quality of the software projects. With the services of a software testing company, you can ensure brand credibility and high quality control standards for your company.

As a testing outsourcing company, Kualitatem can provide your company with seamless solutions for your company’s software testing and QA processes. With their test process management services, you can expect the greatest degree of professionalism from their test management team.

The test management process has various steps in providing software checks and review documentation for your software development process. Based on the requirements of the client, the testing process will be done in various testing scenarios. Some of the steps for the test management service provided by Kualitatem will include:

1. Process definition, test planning, and test scenario and test case development
   During these stages of the test management process service, the requirements and specifications on what will be tested will be defined, the method on how the testing process will be chosen, and the different scenarios and specific conditions for the whole test management process will be specified.
2. Application, unit, functional, regression, integration, and user acceptance testing
   Encompassing the most visible part of the test management process activity, these testing activities would include checking the software development process to gather test results based on the specific scenario being tested.
3. Live bug status reporting, traceability matrix generation, code reviews, and test process reporting
   Once the tests for the test management process activity is completed, the test results would then be gathered, analyzed and presented in a report detailing all the results of the tests and the overall quality of the software development process.

To ensure that your software does what it is supposed to do, get test management solutions from professional software testing companies such as Kualitatem.


To learn more about Kualitatem, please visit http://www.kualitatem.com/

What is Email Security?

Viruses transmitted via emails are very common and cannot be avoided by using only antivirus software. Some additional checks need to be carried out to protect email vulnerabilities.

Love Letter is the most harmful type of viruses transmitted in email and causes great loss within minutes in the email systems and corporate networks. Some viruses are sent via attachments while some are sent using the messages within the emails that run automatically. “Nimda” is an example of such virus that runs automatically i.e. don’t require intention of the user.

An email containing infected attachments entails with malformed MIME headers, and HTML mails with embedded scripts should be found in the emails to protect email system from current and future viruses. There are various tests that should be conducted in order to secure email system from the email vulnerabilities. Some of them are as under:

· Long subject attachment checking bypass test

Checks whether system accepts emails with long subjects.

· Attachment with no filename vulnerability test

Examines whether system accepts an attachment with no filename containing executable code that can bypass content checking security solutions.

· Long filename vulnerability test

Indicates whether system blocks emails with attachments having long filenames, which can be used to trick a user into double-clicking the attachment, which can execute the malicious code it contains on the system.

· Popup Object Exploit vulnerability test

Discover if machine is vulnerable to the Popup Object Exploit which can automatically launch files on a vulnerable system.

· Double file extension vulnerability test

Shows whether email system accepts emails which contain attachments with double file extensions.

· ActiveX vulnerability test

Finds out if machine is vulnerable to the ActiveX exploit.

· CLSID extension vulnerability test

Reveals whether mail server detects and blocks files with Class ID (CLSID) extensions.

· CLSID extension vulnerability test

Reveals whether Outlook 2002 (XP) system detects and blocks files with Class ID (CLSID) extensions.

· Eicar anti-virus software test

Check if anti-virus software is in place and functioning correctly.

· Fragmented message vulnerability test

Checks whether server-level anti-virus/content checking system detects and blocks emails using the fragmented message exploit.

· GFI's Access exploit vulnerability test

Discover if machine is vulnerable to the Access exploit vulnerability discovered by GFI. It does not apply to IE6 users who have the latest patches installed.

· Iframe remote vulnerability test

Discover if machine is vulnerable to the Iframe remote exploit. It does not apply to IE6 users who have the latest patches installed.

· Malformed file extension vulnerability test

Examines whether Outlook 2002 (XP) system detects and blocks files with malformed HTA file extensions.

· MIME header vulnerability test (Nimda & Klez testing)

Examines whether system is protected against emails using the MIME exploit. It does not apply to IE6 users who have the latest patches installed.

· Object Codebase vulnerability test

Examines whether system detects and blocks emails using the Object Codebase exploit. It is also suited to Outlook 2002. It does not apply to IE6 users who have the latest patches installed

· VBS attachment vulnerability test

Checks whether mail server blocks VBS attachments.

If you are alarmed by these vulnerabilities, there exist solutions. Look out for companies ask for name and email address to sign up in order to check email system against all these vulnerabilities. On signup an email is send containing the link for confirmation. After the confirmation the email testing is performed on the system and results are send back in email.

How Database Testing Works!

Database Testing

Now a day’s databases are an important part of any software that is being developed. In order to communicate with a database we have to write queries. For complex or large software require certain level of expertise to perform complex tasks like

· Database monitoring

· Database auditing

· Database optimization

· Database models (database schema) etc.

Database Testing is an important aspect that a “Software Tester” should be aware of. We will discuss some important aspects of database testing over here.

Why do we test database?
It's important to test the database that the software applications use. Database holds confidential and valuable information which is not liked to be compromised in any case. Testing the database provides us with a solid feedback essential for identifying defects and fixing them.

What to test in database testing?
We need to consider the threats within the database (White box Testing) as well as at the interface level (Black Box Testing).

Black Box testing
Input data
Output Data (from queries, views, stored procedures)

White Box testing(Clear box testing)
Unit tests for Stored Procedures / functions
Triggers / Views code
Referential Integrity

Database Testing

Database security is the system, processes, and procedures that protect a database from unintended activity. Unintended activity can be categorized as authenticated misuse, malicious attacks or inadvertent mistakes made by authorized individuals or processes. “Database security” is also a specialty within the broader discipline of computer security.

Traditionally databases have been protected from external connections by firewalls or routers on the network perimeter with the database environment existing on the internal network opposed to being located within a demilitarized zone. Additional network security devices that detect and alert on malicious database protocol traffic include network intrusion detection systems along with host-based intrusion detection systems.

Database security is more critical as networks have become more open.

Databases provide many layers and types of information security, typically specified in the data dictionary, including:

§ Access control

§ Auditing

§ Authentication

§ Encryption

§ Integrity controls

“Database security” can begin with the process of creation and publishing of appropriate security standards for the database environment. The standards may include specific controls for the various relevant database platforms; a set of best practices that cross over the platforms; and linkages of the standards to higher level polices and governmental regulations.⁶

SQL injection is a code injection technique that exploits a security vulnerability occurring in the database layer of an application. The vulnerability is present when user input is either incorrectly filtered for string literal escape characters embedded in SQL statements or user input is not strongly typed and thereby unexpectedly executed. It is an instance of a more general class of vulnerabilities that can occur whenever one programming or scripting language is embedded inside another. SQL injection attacks are also known as SQL insertion attacks.⁷

Figure 1^[2]*

How to test?
When we want to test our database, we would need test databases that are copy (replica) of the original database. These are sometimes called as 'sandboxes' in agile terms. In this test database (sandbox) you will rebuild your system and then run all the tests to ensure you haven't broken anything (if so, then back to the development sandbox). Occasionally, at least once an iteration/cycle, we'll deploy our work to the level (demo and pre-production testing), and rerun our test suite (including database tests) each time that we do so to ensure that our changes integrate with the changes made by other developers in our organization working on the same database.
We need to create database tests based on either rebuilding the existing database or starting afresh with creation of database and related schema. Identifying Test Data is an important task here. Once the tests are ready, we would execute them and check the results. We rate the tests pass or fail according to the standards we have set in.

Some tools available for the Db testing are:

· CompuWare DevPartnerDB

DevPartnerDB simplifies rapid, high-quality application development by helping developers debug stored procedures and tune SQL statements. DevPartnerDB has support for Oracle, Microsoft SQL Server and Sybase, and also supports the development of applications in Visual Studio .NET.

· ScandiaSoft DbValidator

DbValidator, was designed to simplify the creation of automation tests for SQL Server database schemas.

· dbUnit SourceForge

DbUnit is a JUnit extension (also usable with Ant) targeted at database-driven projects that, among other things, puts your database into a known state between test runs. This is an excellent way to avoid the myriad of problems that can occur when one test case corrupts the database and causes subsequent tests to fail or exacerbate the damage.

Reference links

1. http://en.wikipedia.org/wiki/Database

2. http://www.agiledata.org/essays/databaseTesting.html *

3. http://www.dbunit.org/

4. http://scandiasoft.com/products.html

5. http://www.embeddedstar.com/software/content/c/embedded529.html

6. http://en.wikipedia.org/wiki/Database_security

7. http://en.wikipedia.org/wiki/SQL_injection