Tools that may be used for testing
Test classification
The test is basically divided into the following aspects:
- function test
- Performance Testing
- Safety test
- Data quality
- Browser compatible
- incremental testing
- Regression Testing
Let’s first understand the testing pyramid :
- The lowest level is unit testing, then business logic (API) testing, and finally UI testing (end-to-end, GUI or CLI).
- The higher you go, the slower the testing and the higher the development cost.
1 Functional test
UI layer testing:
- E2E (end-to-end) testing
- Component Test
- Unit Test
Service layer testing
- API INT Test
- API Contract Test
- API(Component) Test
API testing is divided into synchronous (Http) and asynchronous (Message Queue)
Unit layer testing
- Unit Test
In addition to functional testing, there are also boundary tests : each HTTP interface/messaging interface needs to have boundary requirements .
For example: How many orders can be placed in a shopping cart?
2 Performance test
UI layer testing
- Page Loading Test
Service layer testing
- Backend Performance Test
3 Security testing
UI layer testing:
- SAST - Static Application Security Testing (scanning source code during development to discover security vulnerabilities)
Service layer test:
- DAST - Dynamic Application Security Testing (black box testing, testing the functionality of web applications)
Unit layer test:
- IAST - Interactive Application Security Testing
- SAST - Static Application Security Testing
4 Data quality
- Verify data integrity in data streams
- Verify data synced across different sources
- Pre-code verification, pure data verification requirements
5 browser compatible
- Cross-browser: Firefox, Chrome, Edge, Safari
- Cross-browser version
6 Incremental testing
Test new user descriptions or bug fixes
- Automated Unit Test, Contract Test, API Test (Local env, TDD)
- Automated INT, E2E Test (INT env)
- Manual exploratory testing (INT env, test unknown)
7 Regression testing
Test side effects. Systematic and mandatory regression testing is critical for systems in production.
- Core End2end regression test cases (business-oriented)
- Full regression: all Unit Tests, API tests, Contract tests, INT Tests, E2E tests
- Regression based on manual effects as a complement
Tools that may be used for testing
- Static Code Analysis: SonarQube
- E2E: Sahi + APIBOT, RobotFramework,
- FIRE: APIBOT
- Contract: Pact / Spring Contract
- Unit Test:
- Java: Junit, Mockito, Jacoco, etc.
- JavaScript: Karma, Mocha, Istanbul, etc.
- Data Quality: DATABOT
- Security:
- SAST: SonarQube
- IAST: Contrast Access
- DAST: AppScan
- RASP: OpenRASP