1. Software Standards Specification
  2. Software Requirements Definition
  3. Software Best Practices
  4. Input Validation
  5. Output Validation
  6. Cookie Requirements
  7. Access Failure Error Checking
  8. Buffer Overflow
  9. Code Structure
  10. Software Functions
  11. Software Modules
  12. Requirements for Variables
  13. Software Code Comment Requirements
  14. Quality Code Requirements
  15. Software Code Review
  16. Software Code Testing Requirements
  17. Software Change Control

    Security Best Practices

  18. Secure Functional Requirements
  19. Account Creation
  20. Change Password
  21. Forgot Password
  22. Personal Question
  23. Contact Webmaster
  24. CAPTCHA Tests
  25. Answer Verification

Software Code Testing Requirements

Software testing should be performed as software is developed. Different types of software testing is performed depending on the size of the project, the current project phase, and the amount of progress made in the coding process. Developers should document the primary testing methods and test cases used. Types of testing includes:

  • Unit testing may also be known as module testing and is used to test small parts of code such as functions and modules. Programmers should test each module to be sure it performs as intended.
  • Integration testing - Tests the interfaces between modules.
  • System testing - Tests the complete system against the system requirements specification.
  • Functional testing - Tests for correct functionality at all levels including modules, classes, system, or interfaces. It tests against the system requirements specification.
  • System integration testing is performed when the system needs to interface with other or third party systems. The testing tests against the system requirements specification for interfaces to other systems.
  • Performance testing - Tests the service quality and ability of the system to support the required number of connections. Includes stress tests and load tests.
  • Installation testing - Determines whether the system can be installed smoothly.
  • Security testing - Many people break this into a separate category of testing but this should not be the case since security requirements should be included in the system requirements specification.
  • Acceptance testing - Testing by the customer or end user to determine whether the software is acceptable. A test plan is done for this testing and the client will work with developers to create a test plan to test the functionality of the system against the system functional specification. Depending upon the application, acceptance testing may include two additional phases. These phases do not utilize a test plan and basically allow someone to use the system as an end user. These phases are:
    • Alpha testing - Alpha testing would be performed first and is done by a test team, users, or potential customers. The testing is normally done at the site where the developer is.
    • Beta testing - This testing is done after alpha testing and is an early release of software to select people that may be customers or users. The objective is to identify any other problems not previously found and determine whether the software is ready for release.
  • Documentation testing - Testing of user documentation to ensure that it is accurate, helpful, and adequate.

Essential testing includes:

  • Unit testing during development.
  • Integration testing during development and system integration.
  • Functional testing during development and system integration.
  • System testing.
  • System integration testing for systems that interface to other systems and require the interface to those systems to function properly or support a critical part of the business functionality.
  • Performance testing for large systems or systems to be used.
  • Acceptance testing.

It is management's responsibility to ensure that proper software testing is being done. It cannot be dumped solely into the hands of the developers. The management must be sure the developers have the proper training and tools. The management must also be sure the proper project plan is in place and that the test plan addresses the needs of the project.

A software test plan should be started early in the project life cycle. The types of testing required should be outlined early. Details of testing should be filled in as more information is available including information about the system requirements and system design. For most testing, specific test cases should be created that describe what the tester does, the expected output, and criteria to pass or fail the test.

Testing Requirements

  • A test plan must be created. The test plan should be started during the system design phase of the project and refined as the time for final testing draws near. The test plan should:
    • Outline the ways testers will test each module.
    • Identify all software functionality to be tested, and how it will be tested including how to determine whether it passed or failed.
    • Define interface testing by comparing module and system output with expected output when specific input is injected.
    • Create test cases and use them to test business functionality.
    • Define how testing will be done to be sure user manuals are effective.
  • The entire system must be tested including user input and output. The test plan should reflect this.
  • Every module must be tested. The test plan should reflect this. Each module should be tested as it is coded.
  • The system should be tested by programmers in the first phase of testing then the system should be tested by people representing the customer who are not technical.
  • There should be acceptance criteria set for the user and documented in the test plan.
  • For low level programs such as assembler, the stack and heap usage should be checked and monitored to be sure it does not contain erroneous data and could cause a return to go to the wrong area.
  • The test date, test method, and name of the tester should be entered on the module list next to the name of each module.
  • Automated testing and code checking tools should be used where possible but those tools should not reduce the need for manual checking and testing.