ISTQB AL-TA/TTA serial 17: Risk-based test design

Risk-based testing allows almost every tester to use it more or less in testing practice. For risk-based testing design, the tester must first consider where the risk is? That is, identifying and analyzing risks in a test object is a prerequisite for conducting a risk-based test design.

Risk-based testing design can adopt the following techniques: heuristic analysis methods, attacks, failure modes, and impact analysis FMEA, the heuristic analysis method consists of the heuristic analysis method inside-out and the heuristic analysis method outside-in. This article briefly describes the inside-out analysis method.

The basic idea of inside-out is to analyze the detailed information and background information of the test object to identify the risks. Using this method, testers need to constantly ask the question "What kind of risks may exist here" when learning test objects ". More correctly, the tester needs to answer the following three questions for each part of the test object.

° Weakness vulnerabilities: What are the vulnerabilities or possible failures of the test object?

° Original treats: In what input or circumstances does the test object cause defects and weaknesses, and trigger the failure of the test object?

° Affected by victims: Who is the affected target of the vulnerability or failure? What is the impact?

The inside-out analysis method requires the tester to have a deep understanding of the testing objects, for example, the specific technical implementation of the testing objects. Inside-out is not limited to the testing team, but can also work with developers. The common process is to ask developers related questions in the meeting room with a blackboard/whiteboard (for example, how is this function implemented ?); The developer draws the corresponding schematic on the blackboard/whiteboard and explains the internal working process of the test object. At the same time, the tester quickly thinks about some problems when drawing the schematic.

Through such a process, the tester and the developer can quickly agree with the working principle of the test object. Ask the developer immediately if the tester has doubts or is confused. After understanding how the test object works, the tester can start to find the vulnerabilities or possible failures. The following is a simulated application of the inside-out analysis method in the test practice.

The following is a simulated scenario where developers and testers conduct inside-out. Testers ask questions and developers can explain or think about each question: (1) The tester pointed to a module in the diagram of the test object and asked, "If this function fails, what will happen ?" (2) will this function module be called at that time? (3) The tester pointed to a part of the schematic and asked, "Is there any error check function ?" (4) The tester pointed to an arrow in the schematic and asked, "What is the specific meaning of the arrow? If the arrow cannot be accessed, what are the consequences ?" (5) The tester pointed to a data stream in the schematic and asked, "If this data stream is interrupted, how can we find this problem? If this problem is not found, what will happen ?" (6) What is the maximum number of concurrent users that this function can handle? What is the specific performance? (7) Does this function interact with other functions? (8) What are the most uncertain parts of this function? How should we test it from the developer's perspective?

 

The above scenario is not a complete inside-out method, so what the tester gets is not a complete list of problems, however, starting communication and communication in this way is a good start for testing. When a developer answers a question, the tester can understand the developer's concerns and where there is uncertainty or hesitation. This allows developers to determine where they may not fully understand the requirements or design requirements, which is usually the risk of testing objects. In the process of identifying risks, testers usually consider how to test and evaluate and manage such risks.

Generally, such a seminar lasts for about an hour. After discussion, testers are usually able to better understand the participants. And have a preliminary impression on possible risks, which can help determine the subsequent risk list and test strategy.

The inside-out method has obvious advantages, but the efficient application of this method requires strong communication and good cooperation between testers and developers. Of course, testers can also identify risks for test objects separately. However, this will increase the test workload and reduce the efficiency, because testers need to learn, understand, and analyze test objects independently.

For more information, visit: http://blog.csdn.net/Wenqiang_Zheng