SELL ME THIS ...



A defect[bug] is an important role in the software development lifecycle, In our software industries, 25% of bugs are opened for more than 3 to 6 months, due to various reasons, the bug does not explain properly, is not communicated properly or prioritized or reports share with the right audiences. More details





JETscript



Tests -> Reports -> Reviews -> Repeats



Tester(s) First



Why you starts the Software Testing efforts early phase ?


Early testing would be identify the issues in requirement/functional gap , through more questions get system knowledge as much early. Fail Fast, trying to predict, control, and eliminate business-risk in early phase. every business in complex environment, changing constantly,


Test Early , Test Often.


-Test-driven development (TDD),

-Behaviour Driven Approach(BDD),

-Shift left Approach ,

-Defect Prevention mode ,

-Business Process Testing ,

-Risk based Testing ,

-Context Driven Testing etc ...



Process Next



People First and Process Next , Identify right people who can improve the test process ,it's a continues improvement approach, must be Integrating the software testing with the development process.


This process integration is a most important so that adequate time and resources are allocated for both building the software and testing the software.


Process starts from People and improve by tools and through transparency.We can not implement same process across organizations and every product, for different type of market needs.



Testing Tools



Choosing the right testing tools depends on the specific needs for effort, resources & budget.

QE Management and Automation:

Help to organize and manage the testing process, including planning, execution, and reporting. Automation can save time & effort, and make it easier to run tests repeatedly for regression phase.


Performance-testing: measure the performance.load and scalability of software, including response-time, throughput User usage

Static analysis tools: Analyze source code and other artifacts without executing the code. identify problems- vulnerabilities, such as security issues, coding standards violations.




Performance Engineering



Performance engineering is a discipline that focuses on the design, development, and delivery of high-performance software systems.

Performance modeling: This involves creating mathematical models of the system to predict how it will behave under different workloads and conditions.

Performance testing: This involves subjecting the system to various types of tests, such as load, stress, and endurance tests, to identify any bottlenecks or other issues that may impact performance. Infra level Performance-KPI , DB, API and UI / Images.

Performance optimization: This involves identifying and addressing any issues or bottlenecks that are identified through performance testing, in order to improve the performance and scalability of the system.

It is a multidisciplinary field that involves collaboration between developers, architects, and performance experts.



Security Testing



Focus on evaluating the security of a software application or system. .

Vulnerability scanning:

This involves using automated tools to scan the system for known vulnerabilities, such as weak passwords or unpatched software.

Penetration testing: This approach involves simulating an attack on the system in order to identify vulnerabilities that could be exploited by an attacker.

Network security testing: This involves evaluating the security of the network infrastructure that the system relies on, including firewalls, routers, and servers.

Application security testing: This involves evaluating the security of the application itself, including the underlying code and the user interface.it helps ensure that the system is secure and protects sensitive data. - Burp Suite, Nessus, and AppScan.

Good practices : Strong passwords & two-factor authentication (2FA), Regular updates (Keeping software and operating systems up to date with the latest security patches), Data encryption: Encrypting sensitive data, & Access controls level(Role based access).



meta-Data | ETL Testing



All means Data about Data.

Descriptive metadata: This type of metadata describes the content and characteristics of a piece of data, - title, author, date of creation, and subject matter.

Structural metadata: This type of metadata describes the organization or structure of a piece of data, such as the relationships between different parts of the data or formatted.

Administrative metadata: This type of metadata describes the management and maintenance of a piece of data, such as its creator, copyright status, or access restrictions.

Technical metadata: such as its file format, size, or resolution. Metadata is often used to organize and manage large datasets Structured, Unstructured, Big data, Raw data and Processed data.


ETL tools can extract data from various sources, such as databases, files, or APIs, using a variety of connectivity options.

Data transformation, Data loading. Scheduling and Monitoring

-Informatica, Talend, & Data Stage.



SRE - Supports



SRE/Support teams work closely with software developers and operations teams to ensure that systems are designed and implemented in a way that meets the needs of the business and its customers.

Monitoring and alerting: These tools are used to monitor the performance and health of systems and services, and to alert SRE teams when there are issues or potential problems. - Nagios, Datadog, and Prometheus.

Incident response & recovery: These tools are used to help SRE teams respond to and recover from incidents and outages. - PagerDuty and VictorOps.

Capacity,Performance- optimization: These tools are used to help SRE teams plan for and optimize the capacity and performance of systems. Grafana and New Relic.

Automation: These tools are used to automate operational tasks, such as deployment, provisioning, and scaling, in order to improve efficiency and reduce the risk of errors. -Ansible, Chef, and Puppet.

Debugging & troubleshooting: These tools are used to help SRE teams identify and fix issues with systems. - GDB and strace.



Risk Analysis



The first step in risk analysis is to identify the potential risks that an organization or individual may face to identify potential threats.

Assess the likelihood of the risks: Once the risks have been identified, the likelihood of each risk occurring should be assessed. - analyzing historical data or using expert judgment to estimate the probability of each risk.

Assess the potential impact of the risks:

The potential impact of each risk should also be assessed, including any financial, operational, or reputational consequences that may result from the risk occurring.

Prioritize the risks:

Based on the likelihood and potential impact of the risks, they should be prioritized to focus efforts on the most critical ones.

Risk management plan:

This plan should include strategies to minimize or mitigate the impact of the risks, and avoiding the risk, transferring the risk to a third party,

Implement & monitor the risk management plan: it should be monitored to ensure that it is effective. This may involve ongoing monitoring and review of the plan to identify any changes that may be needed...



Value Adds



Value adds refer to additional features, benefits, or services that are added to a service in order to enhance its value or appeal to customers.

By offering value adds, businesses can increase the perceived value of their services, which can help increase customer loyalty & sales.

Customer research: Conducting customer research can help businesses understand what their customers value and what they are looking for in service. This can help identify potential value adds that will be most appealing to customers.

Competitive analysis: Analyzing the offerings of competitors can help businesses identify opportunities to differentiate their products or services through value adds.

Innovation: Developing new and innovative value adds can help businesses stand out in the market and offer unique benefits to customers.

By effectively identifying and implementing value adds, businesses can increase the value of their services and create a competitive advantage.



TCoE Practices



A Testing Center of Excellence (TCoE) is an organization or department within a company that is responsible for defining, implementing, and maintaining the testing practices and processes of the company.

Defining testing standards and best practices: The TCoE is responsible for defining the testing standards and best practices that should be followed within the company.


Providing training and support: The TCoE provides training and support to testers within the company, helping them to improve their skills and knowledge.

Implementing testing tools and processes: The TCoE is responsible for implementing testing tools and processes that support the testing efforts of the company.


Managing testing resources: The TCoE is responsible for managing the testing resources of the company, including test environments, test data, and testing infrastructure.


Continuous improvement: Continuously reviewing , improving the testing practices and processes of the company in order to ensure that they are effective and efficient.



CI & CD



CI&CD improve the speed, quality, and reliability of software delivery.

Version control: Using version control allows multiple developers to work on the same codebase without overwriting each other's changes. It also enables CI by allowing developers to commit code changes to a shared repository.

Automate testing: By automating testing, developers can quickly and consistently verify that code changes are of high quality and do not break the existing codebase.

Build server: A build server is a tool that automates the build and testing process. It can help ensure that code changes are built and tested consistently and automatically.

Deployment pipeline: An automated processes that move code changes from development to production environments. It can help ensure that code changes are deployed consistently and automatically, reducing the risk of errors and downtime.

Monitor the pipeline: It's important to monitor the pipeline to ensure that it is running smoothly and to identify and address any issues that may arise.

Continuous improvement: It's important to continuously review and improve the CI and CD processes in order to ensure that they are effective and efficient..



Releases



Release management is the process of planning, coordinating, and controlling the delivery of software updates and new features to users. It's an important aspect of software development as it helps ensure that software is delivered in a timely, reliable, and controlled manner.


The goal of release management is to minimize the risk of errors and downtime, and to ensure that software updates are delivered to users with minimal disruption.This involves tasks such as planning and scheduling releases, coordinating with different teams and stakeholders, testing and verifying code changes, and managing the deployment process.


Effective release management requires the use of a robust set of processes and tools to manage and track the release process. This can include version control systems, issue tracking tools, and deployment automation tools.


It's important to note that release management is not just about deploying code changes, but also about managing the entire release process from planning to deployment and beyond.



Goals



The goal of a testing is to ensure that the testing function within an organization is effective and efficient, and that it helps to ensure the quality, reliability, and performance of the organization's products and services. Defining the overall testing strategy and approach for the organization:

-Managing the testing function.

-Coordinating testing activities across the team

-Monitoring test progress & results. -Establishing quality standards.

-Continues Improvements.


Organizations may set specific quality goals that outline the level of quality that is desired for a product or service. These goals may be based on factors such as customer satisfaction, error rates, or defect levels,Implementing.

Quality control processes:

Organizations may implement quality control processes that are designed to identify and address issues with the quality of a product or service. These processes may involve testing, inspection, and other activities to ensure that the product or service meets the required quality standards.



Test Audit & Governance



Quality Audits are typically conducted by independent third parties, such as accounting firms, who have the expertise and skills necessary to thoroughly review and evaluate an organization's Quality records. Quality audits typically involve a review of the organization's quality policies and procedures, as well as an evaluation of the organization's performance against those policies and procedures. - quality audits, including process audits, system audits, and product audits, departmental level, the operational level, and the strategic level.


The results of a quality audit are usually presented in a report, which may include recommendations for improvement or corrective action.Test governance refers to the Systems, People, Process and Policies that an organization puts in place to ensure that its testing activities are aligned with its overall goals.


Effective test governance can help organizations to ensure that their testing efforts are well-planned, well-executed, and aligned with the needs of the business.


It can also help to ensure that testing resources ,tools are used efficiently and effectively, and accurate and reliable.



Cloud Only*



Instead of having to purchase and maintain their own physical hardware and infrastructure, users can access these resources as a service on a pay-as-you-go basis, typically on a subscription model.


Cost savings:

By using shared resources, organizations can reduce the costs of purchasing, maintaining, and upgrading hardware and infrastructure.


Scalability: Cloud computing allows organizations to easily scale their computing resources up or down as needed, without having to invest in additional hardware.


Flexibility: Users can access cloud computing resources from anywhere with an internet connection, making it easy to work remotely or from different locations.


Security: Cloud computing providers typically have strong security measures in place to protect the data and resources of their users.


Disaster recovery plan: Develop a plan for disaster recovery and ensure that you have the necessary tools and resources in place to recover from any disruptions or failures in your cloud infrastructure.



TOOLS



Programming skill First , Tools Second!
**Checking is not Testing**



Selenium is a suite of tools for automating web browsers. It can be used to automate tasks such as filling out forms, clicking buttons, and navigating web pages.


Selenium is commonly used for web scraping, functional testing, and performance testing of web applications,

and available in several programming languages

including

- Java,

- Python,

- C#,

- JavaScript,

-Ruby.


It can be used in combination with other tools such as TestNG, Cucumber, and NUnit to create automated test suites.



Rest-Assured is a Java library for testing RESTful web services. It provides a simple and consistent interface for interacting with HTTP-based web services and can be used to test both the functionality and performance of RESTful APIs. Rest-Assured uses a fluent interface, which makes it easy to create complex requests and assert the response.


It can also be integrated with other testing frameworks such as JUnit and TestNG, allowing for the creation of automated test suites and supports a wide range of request and response formats, including XML and JSON, and it can be used with various HTTP libraries such as Apache HTTP Client and OkHttp.



An open-source load testing tool for analyzing and measuring the performance of web applications and various other services.


It can also be used to test the performance of a web service, by sending SOAP or REST requests and validating the responses. JMeter supports various protocols such as HTTP, HTTPS, FTP, JDBC, JMS, LDAP, and SOAP.


It also allows for the creation of test plans using a GUI, as well as the ability to run tests in non-GUI mode for continuous integration. Additionally, it can generate HTML reports that provide an overview of test results and performance metrics..



open-source tool for automating mobile applications. It allows you to test iOS and Android apps on both real devices and emulators/simulators. Appium supports both Android and iOS platforms, and it can be written in any language that has a Selenium client library, such as Java, Ruby, Python, C#, and JavaScript.


It communicates with the device or the simulator through the server, which acts as an HTTP proxy. The Appium server receives the command from the client libraries and translates it into the appropriate actions on the device.


Appium supports both Android and iOS platforms , Cloud infra -testing tools



Javascript based end-to-end testing framework that is specifically designed for testing web applications. It is a relatively new tool in the market, but it has gained popularity because of its ease of use and its ability to interact with the web page in the same way as a user. Cypress runs directly in the browser,


Including its front-end and back-end, it can test the app's functionality and performance in real-time. Cypress is built on top of Mocha, a JS testing framework, & Chai, an assertion library, which makes it easy to create and run test cases. also provides a built-in browser automation API, which allows you to interact with the web page, such as clicking buttons, filling out forms, and navigating pages. with Dashboard.



back-end JavaScript code. Mocha provides a flexible and easy-to-use interface for creating and running test cases. It allows you to organize your tests into a suite of test cases, and to write test cases in a human-readable format.
Mocha supports both synchronous and asynchronous code, it runs the tests in a JavaScript environment like Node.js.
Mocha also provides a set of hooks that allow you to set up and tear down test cases, such as before and after hooks, which can be used to prepare and cleanup test data.
Additionally, Mocha also provides a way to run test cases in parallel, which allows you to speed up the test execution.



Chai is an assertion library for JavaScript that is often used in conjunction with testing frameworks like Mocha and Jasmine. It provides a simple and consistent interface for making assertions about the values and behavior of your code.


It provides a wide range of assertion types such as: expect: This is the most commonly used assertion style in Chai.


should: This is another common assertion style, which is used in a similar way to expect. It is used by adding the should property to any object. assert: This is the traditional assert style, and it is used to make assertions directly in your test code.



BDD - Behavior-driven development that allows developers to write tests in natural language. It is written in the Ruby programming language, but it can also be used with other programming languages, including Java, C#, and JavaScript.


Cucumber tests are written in a simple language called Gherkin. Gherkin is a domain-specific language that uses a natural language syntax to describe the behavior of an application.Each line in a Gherkin file represents a single step in the scenario, and each scenario is a set of steps that describe a specific behavior.

it allows developers to bridge the gap between the technical and non-technical team.



Postman is a popular, free, and efficient tool for testing and documenting APIs (Application Programming Interfaces). It allows developers to easily test and debug their API endpoints.


It can be used to make various types of HTTP requests (e.g. GET, POST, PUT, DELETE), and can handle different types of request and response data, including JSON and XML. one can also create and manage a collection of API requests and responses, which can be shared with others. Additionally, Postman provides the ability to automate API testing with a built-in collection runner and an API testing tool called Newman.



Karate is an open-source tool for API testing. It is built on top of the Cucumber framework and allows developers to write tests in a natural language format, making it more accessible to non-technical team members. It also allows for the validation of response data and headers, as well as the ability to extract data from responses for use in subsequent requests.


Additionally, Karate provides the ability to test for specific HTTP status codes and perform data-driven testing. One of the key feature is that it supports parallel execution and it also provides the ability to test web services and REST APIs using JavaScript, making it easy to integrate with a variety of test runners and CI/CD systems.



Jira is a popular issue tracking and project management tool developed by Atlassian.


Jira offers a wide range of features, including:

Agile boards, manage their work using popular Agile methodologies such as Scrum and Kanban. Collaboration, Allows team members to communicate and share information easily through comments, mentions, and notifications.

Reporting, Provides a variety of pre-built and customizable reports that give teams insights into their work.

Integration, Jira can be integrated with a wide variety of tools such as Slack, Trello, and Github.



Application Lifecycle Management.


It is a set of practices, tools, and methodologies used to manage the entire life cycle of an application, from planning and development to testing, deployment, and maintenance.


The main components of ALM include:


-Requirements Management

-Project/Test Management

-Version control

-Build & release management,

-Performance management

-Change management.



Domain





Banking



- Payment as a Services

​- Lending as a Services

- Customer Services Group -CSG

- AML

- KYC

- Credit Risk

- Client OnBoarding.



Media and podcast



- Content Management.

- Analytics (User Metrics).

- Podcast-Audio & Video Streaming.

- Music and Transcript Tagging.

- Ad Platforms.

- VOICE Search & Recommendation



Insurance & Medical Devices



- Retail Health Insurance.

​- Enrollment with X834 Files - Health Insurance Exchanges and Billing.

- US Health Agency.





Retails



- Catalog & Content.

- Products Management

- Shipping

- Billing

- Store Management

- Coupon and Payments








Hello, I'm SP Sankar, Principal Test Consultant ​,Having more than 20000 hours(value provided),A Multi-faced global Test Leader both success & failure experience in Software Testing and currently working with HCL Technologies in Primary areas are TCoE Setups, Pre-sales ,Automation , Performance testing for Legacy, Web, Mobile apps in Banking Products Payments and Media Streaming and retails.

  • Standard chartered Bank - APAC Region | Whole Payment Test Analyst.
  • USAA : HCL Offshore Delivery Center | Lead Consultant.
  • Blue Cross Blue Shield - Chicago | Consultant -Onsite Delivery Center.
  • NJM : New Jersey | Digital Transmission Consulting.
  • True Value : Chicago | Digital Transmission Consulting.
  • Pearson : New York | Digital Transmission for Schools -Test Consulting.
  • SiriusXM: New York | Mobile , Analytics Digital Product Testing.
  • Deutsche Bank | Remote - Digital Payments Testing and SL3 Support.
  • eBay enterprises and Quest Diagnostics - King of Prussia-PA | Pre-sales and Consulting.


Believe me , My 60% customers are happy and Professional reference are based on your request.


***Conditionals are not applied : We also don't automate the mess and happy to test last minute changes my goals are "try to minimize testing efforts and improve test coverage" by Value Driven with Risk Based approach.