Test TEST--Style Essay--Part One

Chapter 1 – Testing Theory

software engineering

Software Lifecycle and Cycle Models

The software life cycle refers to the whole process of a computer software from function determination, design, development to successful use, and continuous modification and supplementation during use until the software is stopped (brewing to obsolete process); initial conception, demand analysis, function design, internal design, document plan, test plan, document preparation, integration, testing, maintenance, upgrade, retesting, phase-out,
etc.

waterfall model, iterative model, rapid prototyping model, spiral model

version control

Version control (Revision control) is a software engineering technique, the development process, to ensure that the same file edited by different people is updated.
Git (pronounced /gɪt/.) is an open source distributed version control system that can effectively and quickly handle project version management from small to very large.
Git is an open source version control software developed by Linus Torvalds to help manage Linux kernel development.
https://git-scm.com/doc
SVN is the abbreviation of Subversion. It is an open source version control system. Compared with RCS and CVS, it uses a branch management system.
Its design goal is to replace CVS. Many version control services on the Internet have migrated from CVS to Subversion.
https://tortoisesvn.net/support.html

The relationship between software testing and development

(1) Project planning stage: Responsible for the monitoring of the entire testing stage from unit testing to system testing.
(2) Requirements analysis stage: Determine the test requirements analysis, formulate the system test plan, and become a management project after review. The test requirements analysis is
the specification of the resources, configurations, and evaluations of each stage required for testing in the product life cycle; the system test plan is based on the software requirements specification to formulate the test plan
and design the corresponding test cases.
(3) Detailed design and general design phase: ensure that the integration test plan and unit test plan are completed.
(4) Coding stage: The developers are responsible for testing the part of the code they are responsible for. When the project is large, the test tasks in the coding phase are carried out by special personnel.
(5) Testing phase (unit, integration, system testing): test according to the test code, and submit the corresponding test status report and test end report.

Development and testing are an organic whole! Before the release of the product, development and testing are carried out in a cycle, and the detected defects must be modified by the developers
and then continue to be tested. While developing, the test manager starts to write test cases, and the test documents should refer to the development documents, so development and testing are inseparable, and no product can be developed without either one.
In terms of roles, like the relationship between theory and experiment, developers create a set of ideas through their own imagination, and then testers test and falsify it, and developers continue to enrich the product through the process of revising; in terms of methods, the relationship between deduction and induction, one needs to master a lot of technology, and the other needs to constantly learn from examples
;

test model

Common Test Models

Waterfall Model and V Model

Work Segmentation and Documentation for the V Model

Requirements definition stage: extract test requirements according to project requirements and form test requirements documents, formulate test plans and test plan documents according to extracted test requirements and project plans Design stage: draw up test plans according to test requirements and form test plan documents; formulate test cases according to test plans and form test case documents Coding stage: execute tests and improve test case documents System integration stage: test summary report, stage problem statistics report
,
test
problem
report

W model description

Test Plan

Purpose: To make the testing work go on smoothly; to make the project participants communicate more comfortably; to make the testing work more systematic.
Tasks: Find bugs; avoid software development flaws; measure software quality; focus on user needs. The overall goal is: to ensure the quality of the software.
Six elements of the plan:
why—why to conduct these tests
what—what aspects to test, the work content of different stages
when—the start and end time of different stages of testing where—
corresponding documents, defect storage locations, test environment, etc.

test type

Black-box and white-box testing

Black-box testing: The test object is regarded as a black box, and the testers do not consider the logical structure and internal characteristics at all, and only check
whether the function of the program meets its function description according to the requirements specification of the program.
White-box testing: Treat the test object as a transparent box, allowing testers to use the internal logic structure and related information of the program to design or select test
cases to test all logical paths of the program.
Unit testing: A type of white box testing that tests unit modules in software design.
Integration test: Based on unit test, test the connection and assembly between unit modules.
System Testing: The system is tested with all things considered.
Acceptance testing: Testing performed by a third party to confirm that the software satisfies the requirements.

Black box has equivalence class division method, boundary analysis method, causal diagram method and error guessing method.
The advantages are:

1. Relatively simple, no need to understand the code and implementation inside the program;
2. has nothing to do with the internal implementation of the software;
3. From the user's point of view, it is easy to know which functions the user will use and what problems they will encounter;
4. Based on the software development documentation, it is also possible to know which functions the software implements in the documentation;
5. It is more convenient when doing software automation testing.
   The disadvantages are:
6. It is impossible to cover all the code, and the coverage rate is low, which can only reach 30% of the total code amount;
7. The reusability of automated testing is low.
   White box has logical coverage method, loop test path selection, basic path test.
   The advantage is to help software testers increase code coverage, improve code quality, and discover hidden problems in code.
   The disadvantage is that there are many different paths in the running of the program, and it is impossible to test all the running paths; the test is based on the code, and it can only test whether the developer is right, but cannot know whether the design is correct or not, and some
   functional requirements may be missed; when the system is huge, the testing overhead will be very high.

Beta testing and Alpha testing

Alpha testing is a test conducted by a user in a development environment, or it can be a controlled test conducted by users within the company in a simulated actual operating environment. Alpha testing cannot be done by programmers or testers. The errors found in the Alpha test can be immediately fed back to the developers at the test site, and the developers can analyze and deal with them in a timely manner. The purpose is to evaluate the functionality, usability, reliability, performance and support of software products. Pay special attention to the interface and features of the product. Alpha testing can start after the coding of the software product is completed, or after the module (subsystem) test is completed, or it can be started after the product has reached a certain level of stability and reliability during the testing process. Related manuals (drafts) etc. should be prepared before Alpha testing.
Beta testing is a test performed by multiple users of the software under the actual use environment of one or more users. Developers are usually not present at the testing site, and beta testing cannot be done by programmers or testers. Thus, beta testing is the live application of software in an environment beyond the developer's control. In Beta testing, the user records all the problems encountered, including real ones and those identified by the supervisor, and regularly reports to the developer. The developer makes revisions after comprehensive user reports, and finally delivers the software product to all users. Beta testing focuses on product supportability, including documentation, customer training, and production support for the product. Beta testing can only begin when Alpha testing has reached a certain level of reliability. Since the primary goal of beta testing is to test supportability, beta testing should be managed as much as possible by the same people who lead the product release.

test process

Test End Criteria

The first type of standard: If the test exceeds the predetermined time, the test will be stopped.
The second category of criteria: all test cases are executed, but no faults are found, then the test is stopped.
The third type of standard: use a specific test case design scheme as the basis for judging the stop of the test. The
fourth type of standard: positively point out the specific requirements for stopping the test, that is, the standard for stopping the test can be defined as finding a predetermined number of faults.
The fifth type of standard: decide whether to stop the test according to the number of faults detected per unit time.

Principles of Software Testing

1. "Testing software early and continuously" should be the motto of software developers.
2. A test case should consist of two parts: test input data and corresponding expected output results.
3. Programmers should avoid checking their own programs.
4. When designing test cases, include reasonable input conditions and unreasonable input conditions.
5. Principles of Software Testing
6. Pay full attention to the clustering phenomenon in the test. Experience has shown that the number of bugs remaining in a program after testing is directly proportional to the number of bugs found in that program
7. Strictly implement the test plan and exclude the randomness of the test.
8. A thorough review of each test result should be performed.
9. Properly save test plans, test cases, error statistics and final analysis reports to facilitate maintenance.

use case design

Basic elements of a test case

A test case is a set of test inputs, execution conditions, and expected results compiled for a specific purpose, in order to test a program path or verify whether
a specific requirement is met.
The basic elements of a test case: test index, test environment, test input, test operation, expected result, evaluation criteria.

The complete process of use case design

First, subdivide the test items of each functional module according to the requirements document, outline design, test plan, and test plan, and then
subdivide the test sub-items according to the coverage of the test in the outline design, detailed design, and test plan according to each test item. Finally,
write test cases according to the test sub-items and the design method of the test case (causality diagram, boundary value, equivalence class, etc.).

:::info
tip
Choose a suitable use case management tool (such as word, excel)
 The use case must be updated in time (add new ideas, delete outdated requirements)
 Do a good job in grading the use case
 Do a good job in the use case review, you can ask for opinions from relevant personnel.
 You can consider writing in pairs, this is a good idea
 Be comprehensive, including functions, performance, compatibility, security, ease of use, fault tolerance, etc.
 Pay attention to the appropriate granularity
:::

Defect BUG

Chapter 2 – Linux Basics

Common commands

View CPU information

/proc/meminfo

View the last 50 lines of the file

tail -n 50 /etc/profile10 lines before head -n 10 /etc/profile

View the line of error

grep "ERROR" file_name cat file_name | grep "ERROR"

Check the port number

netstat -anp | grep port_number

Check the process number

ps -ef | grep ps_name

view ip

ifconfig

Create and delete multi-level directories

mkdir -p ./a/b
rm -rf ./a

Find the xx.txt file in the current user's home directory

find ~/ -name xx.txt

Check the tomcat process and kill it

ps -ef | grep tomcat
kill -9 tomcat_port

View log files dynamically

tail -f log_file

View all ports of the current machine listen

netstat -tlnp

Compression

tar zcvf xx.tar.gz file tar zxvf xx.tar.gz

Take the first five lines of d /etc/passwd as an example to extract the username

cat /etc/passwd | head -n 5 | cut -d : -f 1

The difference between find and grep

The grep command in the Linux system is a powerful text search tool that can use regular expressions to search for text and print out the matching lines.

• The full name of grep is Global Regular Expression Print, which means the global regular expression version, and its usage permission is for all users.

• find under linux:

  • Function: Search for files in the directory structure and perform specified operations. This command provides quite a lot of search conditions and is very powerful.
  • Syntax: find start directory search condition Operation description: find command starts from the specified start directory, recursively searches each subdirectory, finds files that meet the search conditions and takes relevant operations on them.

To put it simply, grep is to find lines that match conditions, and find is to search for files that match conditions.

Chapter 3 – MySQL Basics

DB related introduction

Database (Database) is a warehouse that organizes, stores and manages data according to the data structure.
Relational database (RDBMS) is a database composed of multiple two-dimensional row-column tables that can be connected to each other.
Primary key (primary key) is one or more fields in the table, and its value is used to uniquely identify a record in the table
. A table with a foreign key of another relationship as its primary key is called a primary table, and a table with a foreign key is called a secondary table of the primary table. Foreign key, also known as foreign key
In a relational database, an index is a separate, physical storage structure that sorts the values ​​of one or more columns in a database table. It is a collection of one or several column values ​​in a table and a corresponding list of logical pointers to data pages that physically identify these values ​​in the table.

SQL query statement execution order

1. The from clause assembles data from different data sources;
2. The where clause filters the record rows based on the specified conditions;
3. The group by clause divides the data into multiple groups;
4. Uses the aggregate function for calculation; 5.
Uses the having clause to filter the groups; 6. Calculates
all expressions ;

The principle of Mysql database storage

A stored procedure is a programmable function that is created and saved in the database. It can consist of SQL statements and some special control structures.
Stored procedures are useful when you want to execute the same function on different applications or platforms, or to encapsulate specific functionality. The stored procedure in the database
can be seen as a simulation of the object-oriented method in programming. It allows control over how data is accessed. Stored procedures usually have the following advantages:
1. Stored procedures can achieve faster execution speed
2. Stored procedures allow standard components to be programmed.
3. Stored procedures can be written with flow control statements, which have strong flexibility and can complete complex judgments and complex calculations.
4. Stored procedures can be fully utilized as a security mechanism.
5. Stored procedures can reduce network traffic

Transaction characteristics ACID

1. Atomicity: All operations in a transaction are inseparable in the database, either all are completed or none are executed.
2. Consistency: The execution results of several transactions executed in parallel must be consistent with the results of serial execution in a certain order.
3. Isolation: The execution of a transaction is not interfered with by other transactions, and the intermediate results of transaction execution must be transparent to other transactions.
4. Durability: For any committed transaction, the system must ensure that the transaction's changes to the database are not lost, even if the database fails

database index

A database index is a sorted data structure in a database management system to help quickly query and update data in database tables. The implementation of the index
usually uses B_TREE. The B_TREE index speeds up data access, because the storage engine does not scan the entire table to obtain the required data; instead, it
starts from the root node, which stores pointers to child nodes, and the storage engine quickly finds data based on the pointers.

PS: After MySQL version 5.5, the default InnoDB search engine is used, and the underlying B+ tree index structure is used;

How to optimize the query efficiency of the database

1. Storage engine selection: If the data table requires transaction processing, InnoDB should be considered because it fully complies with ACID characteristics. If transaction processing is not required, it is more sensible to use the default storage engine MyISAM (the default is MyISAM before 5.5)
2. Sub-table and sub-database, master-slave.

project	MyISAM	** InnoDB**
affairs	not support	Support transactions, can be rolled back and restored
Application Scenario	Suitable for query and insertion	Suitable for frequent modification and involving high security
foreign key	not support	support
version default engine	Default before 5.5	5.5 and later default
		Indexes of type FULLTEXT are not supported
	Save the number of rows (but the where condition also needs to scan the entire table)	Do not save the number of rows in the table, (scan the entire table to calculate rows)
lock granularity	Only table locks are supported	Support row lock, table lock
	joint index	Auto-increment field, must contain only the index of this field

Optimize query commands

a. Full table scan should be avoided as far as possible. First, index should be established on the columns involved in where and order by.
b. Try to avoid judging the null value of the field in the where clause, avoid using != or <> operators, avoid using or connection conditions, or use parameters in the where clause, perform expression or function operations on fields, otherwise it will cause token scanning c. Do not perform functions, arithmetic operations or other expression operations on the left side of "=" in the where clause, otherwise the system may not be able to use the index correctly
.
d. When using an index field as a condition, if the index is a composite index, the first field in the index must be used as the condition to ensure that the system uses the index, otherwise the index will not be used.
e. In many cases, you can consider using exists instead of in.
f. Try to use numeric fields.
g. Use varchar/nvarchar instead of char/nchar as much as possible.
h. Do not use select from t anywhere, replace "" with a specific field list, and do not return any fields that are not used.
i. Try to use table variables instead of temporary tables.
j. Avoid frequent creation and deletion of temporary tables to reduce the consumption of system table resources.
k. Try to avoid using cursors, because the efficiency of cursors is poor.
l. Set SET NOCOUNT ON at the beginning and SET NOCOUNT OFF at the end of all stored procedures and triggers.
m. Try to avoid large transaction operations and improve system concurrency.
n. Try to avoid returning a large amount of data to the client. If the amount of data is too large, you should consider whether the corresponding demand is reasonable.

Database optimization

1.优化索引、SQL 语句、分析慢查询；
2.设计表的时候严格根据数据库的设计范式来设计数据库；
3.使用缓存，把经常访问到的数据而且不需要经常变化的数据放在缓存中，能节约磁盘 IO
4.优化硬件；采用 SSD，使用磁盘队列技术(RAID0,RAID1,RDID5)等
5.采用 MySQL 内部自带的表分区技术，把数据分层不同的文件，能够提高磁盘的读取效率；
6.垂直分表；把一些不经常读的数据放在一张表里，节约磁盘 I/O；
7.主从分离读写；采用主从复制把数据库的读操作和写入操作分离开来；
8.分库分表分机器（数据量特别大），主要的的原理就是数据路由；
9.选择合适的表引擎，参数上的优化
10.进行架构级别的缓存，静态化和分布式；
11.不采用全文索引；
12.采用更快的存储方式，例如 NoSQL 存储经常访问的数据。

How does .Sql injection occur and how to prevent it

In the process of program development, the standard writing of sql statements and filtering of special characters are not paid attention to, so that the client can submit some sql statements through global variables POST and GET for normal execution. Generate Sql injection. The following are preventive methods:
a. Filter out some common database operation keywords, or filter through system functions.
b. Set Register_globals=off; in the PHP configuration file to off
c. Try not to omit small quotes (the one above the tab key) and single quotes when writing SQL statements d. Improve
database naming skills. For some important fields, name them according to the characteristics of the program, and choose something that is not easy to guess e. Encapsulate commonly used methods to avoid directly leaking SQL
statements f. To prevent
SQL injection h. Control error messages: close the error message, write the error message to the system log. i. Use mysqli or pdo preprocessing.

NoSQL and relational databases

a. SQL data is stored in tables with a specific structure; while NoSQL is more flexible and scalable, and the storage method can be saved as JSON documents, hash tables or other methods.
b. In SQL, you must define the table and field structure before adding data, such as defining the primary key of the table (primary key), index (index), trigger (trigger), stored procedure (stored procedure), etc. Table structures can be updated after they have been defined, but this can get complicated if there are major structural changes. In NoSQL, data can be added anytime and anywhere without first defining tables.
c. If it is necessary to add external associated data in SQL, the standardized method is to add a foreign key to the original table to associate the external data table. In NoSQL, in addition to this normalized external data table approach, we can also use the following non-normalized methods to directly put external data into the original data set to improve query efficiency. The shortcomings are also obvious, and it will be more troublesome to update the reviewer data.
d. In SQL, you can use the JOIN table link method to query the data in multiple relational data tables with a simple query statement. NoSQL does not yet provide a query method similar to JOIN to query data in multiple datasets. So most NoSQL stores data using non-normalized data storage.
e. It is not allowed to delete external data that has been used in SQL, but there is no such strong coupling concept in NoSQL, and any data can be deleted at any time.
f. In SQL, if the data of multiple tables needs to be updated in the same batch, that is, if one of the tables fails to be updated, other tables cannot be updated successfully. This scenario can be controlled through transactions, and the transactions can be submitted uniformly after all commands are completed. However, there is no transaction concept in NoSQL, and the operation of each data set is atomic.
g. Under the premise of the same level of system design, because NoSQL omits the consumption of JOIN queries, the performance is theoretically better than SQL.

The essence of MySQL and MongoDB

MongoDB is written in C++ language and is an open source database system based on distributed file storage. In the case of high load, adding more nodes can guarantee server performance;
MongoDB aims to provide scalable high-performance data storage solutions for WEB applications.
MongoDB stores data as a document, and the data structure consists of key-value (key=>value) pairs. MongoDB documents are similar to JSON objects. Field values ​​can contain other documents, arrays and arrays of documents.
MongoDB is a document-oriented database, which is currently developed and maintained by 10gen. It has rich functions, so it can completely replace MySQL.

Compared with relational databases such as MySQL, MongoDB has the following advantages:
① weak consistency, which can better guarantee the user's access speed.
②The storage method of the document structure can obtain data more conveniently.
③Built-in GridFS supports large-capacity storage.
④ Built-in Sharding.
⑤ Abundant third-party support. (This is an advantage that MongoDB also has compared to other NoSQL)
⑥Superior performance:
MongoDB itself is still a relatively young product, so its problem is that its maturity is definitely not as mature and stable as traditional MySQL.
So when using it:
try to use the stable version instead of the development version online, this is a big principle;
**Backup and index; ** MongoDB also has one of the biggest disadvantages, that is, it takes up a lot of space, because it belongs to the typical space-for-time principle type. Then its disk space will be wasted more than ordinary databases, and so far it has not implemented the online compression function. When frequent data additions, deletions and changes are performed in MongoDB, if the records change, such as the data size changes, some data fragments are likely to occur at this time. The results caused by fragmentation, one is that the index will have performance problems.

paging

select * from table** limit (start-1) limit,limit *; where start is the page number and limit is the number of items displayed on each page.

select * from table limit (beg-1)*size,limit; where beg is the page number, and size is the number of items displayed on each page.

CHAPTER 4 – WEB TESTING

The process of a browser accessing a web page

先要解析出 baidu.com 对应的 ip 地址：
 要先使用 arp 获取默认网关的 mac 地址
 组织数据发送给默认网关(ip 还是 dns 服务器的 ip，但是 mac 地址是默认网关的 mac 地址)
 默认网关拥有转发数据的能力，把数据转发给路由器
 路由器根据自己的路由协议，来选择一个合适的较快的路径转发数据给目的网关
 目的网关(dns 服务器所在的网关)，把数据转发给 dns 服务
 dns 服务器查询解析出 baidu.com 对应的 ip 地址，并原路返回请求这个域名的 client
得到了 baidu.com 对应的 ip 地址之后，会发送 tcp 的 3 次握手，进行连接
 使用 http 协议发送请求数据给 web 服务器
 web 服务器收到数据请求之后，通过查询自己的服务器得到相应的结果，原路返回给浏览器
 浏览器接收到数据之后通过浏览器自己的渲染功能来显示这个网页
 浏览器关闭 tcp 连接，即 4 次挥手结束，完成整个访问过程

sql injection cross site scripting cross site request forgery

SQL injection attack is the most common form of injection attack (there is also OS injection attack (the high-risk vulnerability of Struts 2 is caused by OS injection attack through OGNL)). When the server uses request parameters to construct SQL statements, malicious SQL is embedded into SQL and handed over to the database for execution. SQL injection attacks require the attacker to have an understanding of the database structure. There are many ways for the attacker to obtain the table structure: (1) If an
open source system is used to build a website, the database structure is also public (currently there are many ready-made systems that can directly build forums and e-commerce websites. Although it is convenient and fast, the risks must be carefully evaluated); principle, on the one hand to shield the error echo information that may bring danger to the system); (3) Blind
injection
. To prevent SQL injection attacks, disinfection can also be used to verify request parameters through regular expressions. In addition, parameter binding is also a good means, so that malicious SQL will be executed as SQL parameters instead of commands. PreparedStatement in JDBC is a statement object that supports parameter binding, which is obviously better than Statement in terms of performance and security.
**XSS (Cross Site Script, cross-site scripting attack)** is an attack method that injects malicious scripts into web pages and executes malicious scripts in the user's browser when the user browses the web page. There are two types of cross-site scripting attacks:
reflective attacks (to lure users to click on a link embedded with malicious scripts to achieve the target of the attack, many attackers use forums and microblogs to publish URLs containing malicious scripts)
.
**CSRF attack (Cross Site Request Forgery, cross-site request forgery)** is that the attacker performs illegal operations (such as transferring money or posting, etc.) as a legitimate user through a cross-site request. The principle of CSRF is to use the browser's Cookie or the server's Session to steal the user's identity. The principle is shown in the figure below. The main means of preventing CSRF is to identify the identity of the requester, mainly in the following ways:
(1) Add a token (token) to the form;
(2) Verification code;
(3) Check the Referer in the request header (this method is also used to prevent image theft links mentioned earlier).
Both token and verification have the feature of one-time consumption, so they are consistent in principle, but the verification code is a bad user experience. Do not use the verification code lightly if it is not necessary. At present, the practice of many websites is to provide a verification code after submitting a form multiple times in a short period of time without success, which will get a better user experience.

Parts to be added:

#Chapter Five – API Testing

Chapter 6 – APP Testing

Chapter 7 - Management Tools
Chapter 8 - Other Supplements