One of the main reasons behind poor software delivery is lack of time in delivering the product, which results in lesser time in software testing and impacts software quality. Risk-based testing can help in identifying which scenarios are business-critical and allocates more time to such scenarios. Risk based testing is based on test prioritization.
Risk based testing approach:
Risk Analysis needs to be done initially which helps to take control over the issues in an effective manner. The first step in Risk based testing is Test Planning. Potential business risks need to be recognized and Risk Strategy needs to be developed. Risk can be categorized on the basis of intricacy in the AUT, different categories of resources, and tools. Risk strategy is followed by Test planning activities.
Thereafter, a Risk Mitigation plan needs to be created. Here, a solution for the corresponding plan is described. For instance, for intricate applications risk mitigation plan would be like dividing the AUT into smaller units and test them thoroughly with more potential resources.
The risk mitigation plan is followed by Risk reporting. It offers clear and wide clarity for the stakeholders of the project to measure and function on the risk. This helps to determine the risk by making use of techniques like inspection based on test metrics. The output from this stage is fetched into the risk identification area and it continues as a cyclic process, till the AUT is free from high risks.
Example of risk based testing:
Consider that there are approximately 6000 -8,000 test cases for the entire set of Applications. Imagine that approximately 1000 to 2000 test cases needs to be executed per release for an end to end testing. This can result in delays and is too expensive to function like this. However, in real-time applications, among these 1000 to 2000 cases, maybe executing 100-200 test cases would result in defects as they are linked to risk-prone zones. The statistical method of study will help to get the maximum number of defects.
Statistical Models:
The statistical model is based on the categorization of numerical data. It also helps in measuring the probability with respect to the system behavior. Here testing is based on the probability of having a specific issue or a segment to fail in a specific environment. This helps in determining which testing is the best and to evaluate focus areas in risk based testing. This also helps in the evaluation of best-fit criteria by understanding the critical path for the defects. Risk based testing will help to understand which areas demand testing in the AUT.
The risk exposure of the system is a crucial parameter in statistical modeling which is dependent on the probability of occurrence of defects and the after-effect of a defect. This would be dependent on the quality of code to a large extent. It would be caused by factors like poor design or coding by novice programmers. Code quality can also suffer due to complex functionality.
Let us define the parameters as follows:
Probability of occurrence of the defect – P(f)
The after-effect of an issue for the customer – C(c) After-effect of an issue to the vendor – C(v).
The after-effect of an issue for the customer will include the following:
- Defects with high risk may result in legal threat
- May cause the customer to lose the market
- Violation of FDI regulation
The two parameters C (c) and C (v) combined with the probability of failure results in risk exposure, Re(f)
Re(f) = P(f) * (C(c) + C (v))/2
Consequence parameters for customer and vendor are usually weighed between 1-3. The probability of failure is weighted between 0-1.
The parameter probability of failure is based on the following aspects:
- Amended functionality
- New functionality
- Quality of design
- Size of the project
- Intricacy
- Skill of programmer
Different types of testing approaches like System testing, core system testing, business-specific areas, Integration testing, etc. need to be done. QA team also needs to concentrate on regression testing, Adhoc testing, with a special focus on data integrity and volume testing.
What is the input parameter required for designing a statistical model?
- Count of issues
- Nature of defect: DB defect, Web area defect
- Categorization of issues: This is mostly pertaining to the origin of the issue- if it is from DB, application server
- The effort involved in getting issues and fixing them
- The weightage assigned for the probability function
Procedure for Risk based testing:
- Identified Defects need to be classified
- This has to be followed by checking the probability of multiple factors that could hamper the quality of the product
- Get the value for the risk exposure coefficient.
- The risk exposure coefficient need to be fed into iterative algorithms
- Identify the type and count of test cases that are required for Risk-Based Testing.
In real-time applications, imagine that there are 1000-2000 test cases. Suppose that the QA team understands based on current analysis that 21st or 31st test case will result in bugs in a particular area that comes under the sampling techniques. Also, imagine that there are other bugs from a different zone. QA team can sample them on a common algorithm and fetch them into an algorithm. This helps to determine the value of the Risk exposure coefficient. For areas where Re(f) is high, such areas need to be given complete coverage.
What testing need to be done for complete coverage?
- Cross-browser testing
- Compatibility testing
- Verification and validation
- Positive and negative scenarios
- CR
- BR validation
- Interface testing
- End to end testing.
⇓ Subscribe Us ⇓
If you are not regular reader of this website then highly recommends you to Sign up for our free email newsletter!! Sign up just providing your email address below:
Happy Testing!!!
