Security testing
First, safety testing
1. Software Permissions1) The risk of deduction: including text messages, telephone calls, network connections and so on. 2) Privacy disclosure risk: including access to mobile phone information, access to contact information and so on. 3) Testing the input validity of the app, authentication, authorization, data encryption, etc. 4) limit/allow use of mobile phone function to access the Internet 5) limit/allow use of mobile phone to send receive information function 6) limit or use local connection 7) limit/allow use of mobile phone photo or recording 8) limit/ Allow use of mobile phone to read user Data 9) Limit/allow use of phone to write user data 10) Restrict/Allow application to register Autostart application
2. Installation and uninstallation security1) The application should be installed correctly on the device driver 2) can find the appropriate icon for the application on the installation device driver 3) The installation path should be able to specify 4) without the user's permission, the application cannot pre-set auto-start 5) uninstall is safe, Whether all of its installed files are uninstalled 6) uninstall the files generated by the user in the process if there is a hint 7) whether the modified configuration information is restored 8) uninstall affects the functionality of other software 9) Uninstall should remove all files
3. Data Security1) When a password or other sensitive data is entered into the application, it is not stored in the device and the password is not decoded. 2) The password entered will not be displayed in clear text. 3) Passwords, credit card details, or other sensitive data will not be stored in their pre-entered locations. 4) The individual ID or password length of the different applications must be at least between 4-8 digit lengths. 5) When the application processes credit card details or other sensitive data, the data is not written in clear text to other separate files or temporary files. To prevent an application from terminating unexpectedly without deleting its temporary files, the file may be attacked by the intruder and then read the data information. 6) Party building sensitive data is not stored in the device when it is entered into the application. 7) The application should consider either the user prompting information or the security warning generated by the virtual machine 8) The application cannot ignore user prompts or security warnings generated by the system or virtual machine, nor can it deceive the user by displaying misleading information before the security warning is displayed, and the application should not impersonate a security warning to mislead the user. 9) Before the data is deleted, the application should notify the user or the application to provide a "cancel" command operation. 10) The application should be able to handle situations where the application software is not allowed to connect to personal information management. 11) When you perform a read or write user information operation, the application will send the user an error message. 12) Do not damage the deletion of any content in the personal information management application without the user's explicit permission. 13) If important data in the database is being rewritten, the user should be notified in time. 14) can reasonably deal with the errors that occur. 15) Unexpected circumstances should prompt the user.
4. Communication Security1) in the process of running the software, if there is a call, SMS, Bluetooth and other communications or charging, whether it can suspend the program, the priority of processing communications, and after the processing is completed to resume the software normally, continue its original function. 2) When the connection is established, the application can handle the interruption of the connection due to the interruption of the network connection. 3) should be able to handle communication delay or interruption. 4) The application will remain working until the communication expires, giving the user an error message indicating that there is a link error. 5) should be able to deal with network anomalies and timely notify users of anomalies. 6) The application shuts down when the network connection is no longer in use should be closed and disconnected.
5. Human-machine interface safety Test1) The return menu should always remain available. 2) command has priority order. 3) Sound settings do not affect the ability to use the program. 4) Sound settings do not affect the functionality of the application 5) the application must be able to handle unpredictable user actions, such as wrong actions and pressing multiple keys at the same time.
second, installation, unloading testVerify that the app is properly installed, running, uninstalled, and used for system resources before and after operation and operation
1. Installation1) Whether the software can run properly after installation, the folder after installation and whether the file is written in the specified directory. 2) Whether the combination of the various options for software installation conforms to the summary design instructions. 3) The Software Installation Wizard UI Test 4) does not generate redundant directory structures and files after installation.
2. Uninstall1) test the system directly uninstall the program if there is a prompt message. 2) After testing the uninstall file, delete all the installation folders. 3) Uninstall whether to support the cancellation feature, click Cancel after the software uninstall situation. 4) The system directly uninstall the UI test, whether there is an uninstall status progress bar hint.
third, UI testing1) test the layout of the user interface (such as menus, dialogs, Windows, and other controls), whether the style meets the requirements, whether the text is correct, whether the page is beautiful, the text, the picture combination is perfect, whether the operation is friendly, etc. 2) The goal of the UI test is to ensure that the user interface provides the user with the appropriate access or browsing capabilities by testing the functionality of the object. Ensure that the user interface complies with company or industry standards. Including user-friendly, humanized, easy to operate test.
1. Navigation Test1) Buttons, dialog boxes, lists and windows, etc., or navigation between different connection pages. 2) is easy to navigate, navigation is intuitive. 3) Whether a search engine is required. 4) navigation help is accurate and intuitive. 5) The style of navigation and page structure, menu, Connection page is consistent.
2. Graphics Testing1) Horizontal comparison, each control operation mode is unified. 2) Adaptive interface design, the content according to the window size adaptive. 3) the page label style is unified. 4) the page is beautiful. 5) The picture of the page should have its actual meaning and require the overall orderly appearance.
3. Content Testing1) The input box indicates whether the content of the text is consistent with the system function. 2) Whether the length of the text is limited. 3) The text content is unclear. 4) Whether there is a typo. 5) Whether the information is displayed in Chinese.
Iv. Functional TestingAccording to the software description or user requirements to verify the implementation of the various functions of the app, the following methods to achieve and evaluate the functional testing process: 1) using time, place, object, behavior and background five elements or business analysis methods to analyze, refine the user use of the app scene, compare the description or demand, sort out the internal, External and non-functional directly related requirements, build test points, and define test criteria. 2) The corresponding types of test cases are covered according to the characteristics of the measured function points, such as: the place of design input needs to consider equivalence, boundary, negative, exception, illegal, scene rollback, association test and other test types to overwrite it. 3) keep track of the coverage of the test implementation and requirements input at all stages of the test implementation, and revise the business or demand comprehension errors in a timely manner.
1. Running1) After the app installs the test run, can open the software normally. 2) app open test, whether there is a progress prompt to load status. 3) The switch between the app pages is smooth and the logic is correct. 4) Registration
- Same Form Editing page
- User name Password length
- Post-Registration Tips page
- The front registration page and background Management page data is consistent
- After registering, in the Background management page prompt
5) Login
- Using a legitimate user login system
- Whether the system allows multiple illegal logins, and whether there are times limit
- Log in to the system using an account that is already logged in to correct processing
- User name, password (password) error or missing fill in the login can
- Deleted or modified users, the original user name login
- Do not enter user password and duplicate point "OK/Cancel" button, whether to allow login
- After landing, the login information on the page
- There is a logout button on the page
- Processing of logon Timeouts
2. Front and rear switch of the application1) The app switches to the background and back to the app, checking to see if it stays on the last user interface. 2) The app switches to the background, then back to the app, check the function and application status is normal. 3) The app switch to the background, and then back to the foreground, notice whether the program crashes, functional status is normal, especially for switching back from the background to the foreground data has automatic updates. 4) Mobile phone lock screen after unlocking into the app note whether it will crash, functional status is normal, especially for switching back from the background to the foreground data has automatic updates. 5) When the app is in use, the phone comes in and then switches to the app, the function status is normal. 6) When the app is killed in the city, and then open App,app can normally start. 7) The prompt box must be processed, switch to the background, and then switch back, check whether the prompt box is still there, and sometimes the application will automatically skip the hint box defects. 8) for the data exchange of the page, each page must be the front and rear switch, lock screen test, this page is most prone to crash.
3. Free LoginMany apps offer a no-sign-on feature that automatically uses the app as soon as the app is turned on with the user's identity. 1) Consider the ability to enter the non-logon state normally without network conditions. 2) After the user login, to verify the user login information and data content is updated to ensure that the original user exit. 3) According to the existing rules of Mtop, an account is allowed to log on only one machine. Therefore, it is necessary to check the situation of one account login to multiple phones. The original mobile phone users need to be exited, give a friendly hint. 4) The app switches to the background and switches back to the foreground check. 5) switch to the background and switch back to the foreground test. 6) After the password change, check if there is a valid identity verification when the data exchange. 7) An application that supports automatic login checks that the system can log on successfully and that the data is operating correctly when the data is verified. 8) Check that the user is actively logged out, the next time you start the app, you should stay in the login screen.
4. Offline BrowsingMany apps support offline browsing, where local clients cache part of the data for users to view. 1) Local data can be browsed in wireless network conditions. 2) When you exit the app and then open the app, you'll be able to navigate. 3) switch to the background and back to the front desk can be viewed normally. 4) lock screen and then unlock back to the application foreground can be viewed normally. 5) When the data on the server segment is updated, the corresponding prompt is given offline.
5.App Update1) There is an update prompt when the client has a new version. 2) When the version is a non-mandatory upgrade version, users can cancel the update, the old version can be used normally. The update prompt will still appear the next time the user launches the app. 3) Exit the client when the version is a mandatory upgrade, but the user does not make an update after the mandatory update is given. The next time you start the app, a mandatory upgrade prompt still appears. 4) If the client has a new version, the direct update check will update properly if the client is not deleted locally. 5) When the client has a new version, if the client is not deleted locally, check whether the updated client features are new versions. 6) When the client has a new version, if the client is not deleted locally, check whether the file with the same name can be updated to the latest version properly. If the above cannot be updated successfully, also belong to the flaw.
6. Positioning, Camera services1) app is useful to camera, when location service, need to pay attention to system version difference. 2) useful to the camera service place, need to carry out front and rear switch test, check whether the application is normal. 3) When testing the camera service, you need to test it with a real machine.
7.PUSH Test1) Check that the push message is sent according to the specified business rule. 2) The user does not receive a push message when it checks that the message is not received. 3) If the user has set a time-out period, the user cannot receive push during the time-free period. During a non-intrusive time period, the user receives the push normally. 4) When the push message is for the logged-on user, it is necessary to check that the received push is consistent with the user's identity and that no errors are pushed over the other person's message. In general, only the last logged-on user on the phone is sent a message push. 5) test push, you need to use a real machine to test.
Five, performance testing1) Responsiveness test: Test whether the various types of operations in the app meet user response time requirements.
- Response time for app installation and uninstallation
- Response time for various functional operations of the app
2) pressure test, repeated/long-term operation, system resources whether the use of abnormal.
- The app repeats the loading and unloading, checking the system resources are normal
- Other functions are repeated to check if system resources are normal
Vi. Cross-event testingThis paper presents a test method for the classification of service level and real-time characteristics of intelligent terminal applications. Cross-testing, also known as an event or conflict test, is a test in which a feature is executing while another event or operation interferes with the process. Such as: The app in front/background running state with the call, file download, music listening and other key applications such as interactive testing. Cross-event testing is important to identify potential performance issues in many applications. 1) Whether multiple apps run at the same time affect normal functionality. 2) whether the app runtime pre/background switch affects the normal function. 3) make/Receive phone calls while the app is running. 4) Send/Receive information when the app is running. 5) Send/Receive mail when the app is running. 6) Browse the network while the app is running. 7) Use Bluetooth to transmit/receive data while the app is running. 8) When the app is running, use the camera, calculator and other mobile phone to bring your own device.
Seven, compatibility testingMain test internal and external compatibility 1) compatibility with local and mainstream apps 2) compatible with a variety of devices, and if cross-system support is required to verify whether the various behaviors are consistent under a system.
- Compatibility of different cell phone screen scaling ratios
- Compatibility of different phone brands
viii. Regression Testing1) After a bug is fixed and a regression test is required after the new version is released. 2) regression testing after a bug fix is performed before delivery, with a large number of use case regression tests.
Nine, user experience testingTo perceive the comfort, usefulness, ease of use and friendliness of a product or service in the perspective of a subjective, ordinary consumer. Through different individuals, independent space and non-empirical statistical multiplexing methods to effectively evaluate the product experience characteristics, proposed to improve product potential customer satisfaction. 1) Whether there is an empty data interface design, to guide users to perform operations. 2) Whether user guidance is abused. 3) Whether there is a non-clickable effect, such as: Your button is not available at this time, then must be gray, or take off the button, otherwise it will mislead users. 4) The menu level is too deep. 5) Whether there are too many branches of the interaction process. 6) Whether the relevant options are far away. 7) Whether to load too much data at a time. 8) The button in the interface can be clicked in a moderate range. 9) Whether the tab is not affiliated with the content, when switching the label, the content is then switched. 10) The operation should have primary and secondary affiliation. 11) Whether to define back logic. When it comes to hardware/software interaction, the back key should be defined specifically. 12) Whether there is a horizontal screen mode design, applications generally need to support horizontal screen mode, that is, adaptive design.
10. Gesture Operation Test1) The impact of the mobile phone unlock screen on the running app. 2) The impact of the running app before and after the switch. 3) Switching of multiple running apps. 4) The app shuts down when it runs. 5) Restart the system when the app is running. 6) When the app is running, charge 7) The app will kill the process and then open it.
11. Client Database Testing1) General increase, delete, change, check test. 2) If the table does not exist, whether it can be automatically created, when the database table is deleted and can be self-built, data can be automatically retrieved from the server and saved. 3) The client can save data locally when the business needs to retrieve data from the server to the client. 4) When the business needs to fetch data from the client, can the app data be automatically removed from the client data when the client data is checked, or will it still be fetched from the server side? Check whether the app data is automatically fetched from the server side and saved to the server side when the client data does not exist. 5) If the business changes the data, after the deletion, the client and the server side will have the corresponding update.
Summary of App test methods
