SDLC 3: Quality Assurance

Published by Matt Clemons on

Quality assurance (QA) plays a vital role in the Software Development Life Cycle (SDLC), ensuring that the software meets defined requirements and performs reliably in various conditions. This post covers two essential quality frameworks within SDLC: the Software Testing Life Cycle (STLC) and the Defect Life Cycle.

Software Testing Life Cycle (STLC)

The Software Testing Life Cycle (STLC) is a systematic process dedicated to validating the quality, performance, and security of a software product. It’s divided into several phases, each with specific activities, deliverables, and entry/exit criteria.

STLC Phases:

  • Requirement Analysis
    • QA teams study and analyze requirements, identifying key areas to focus on and testing requirements.
    • Deliverables: Requirement Traceability Matrix (RTM) mapping each requirement to corresponding test cases.
Example Test Case from RTM in Python's unittest format

import unittest

class TestLoginFunction(unittest.TestCase):def test_valid_login(self):response = login(username="user", password="pass")self.assertEqual(response.status_code, 200, "Expected successful login status")
def test_invalid_login(self):
    response = login(username="user", password="wrongpass")
    self.assertEqual(response.status_code, 403, "Expected forbidden status for invalid login")
if name == "main":
unittest.main()
  • Test Planning
    • The Test Manager defines the scope, objectives, resources, and test schedule.
    • Deliverables: Test Plan Document, defining test objectives, schedule, roles, and tool requirements.
  • Test Case Development
    • QA team writes detailed test cases, covering positive, negative, and edge cases for each functionality.
    • Deliverables: Test Cases and Test Scripts.
  • Environment Setup
    • Configuring the test environment to simulate the production environment.
    • Deliverables: Test Environment Setup Checklist.
  • Test Execution
    • QA engineers execute test cases and record results. Any failed test cases are logged as defects.
    • Deliverables: Test Execution Report with pass/fail results.
# Example YAML report format
Test_Results:
  - test_case_id: TC001
    description: Verify valid login
    result: PASS
  - test_case_id: TC002
    description: Verify invalid login
    result: FAIL
  • Test Closure
    • After all test cases are executed, a closure report summarizes testing activities, defects, and lessons learned.
    • Deliverables: Test Closure Report documenting testing outcomes and outstanding issues.

Defect/Bug Life Cycle

The Defect Life Cycle, also known as the Bug Life Cycle, is the process of identifying, reporting, managing, and resolving defects in the software. Understanding each phase in this cycle is crucial for managing defects efficiently.

Defect Life Cycle Stages:

  • New
    • A defect is identified and logged by the QA team in a defect tracking system (e.g., JIRA, Bugzilla). The initial status is set to “New.”
  • Assigned
    • The defect is reviewed and assigned to a developer for analysis.
  • Open
    • The developer investigates the issue and works on a fix.
  • Fixed
    • Once the issue is resolved, the developer marks it as “Fixed” and notifies the QA team.
  • Retest
    • QA verifies the fix by rerunning relevant test cases. If the issue persists, it’s reopened; otherwise, it’s closed.
  • Closed
    • If the defect no longer appears, QA marks it as “Closed.”
  • Deferred or Rejected
    • If the defect is low-priority or doesn’t align with current requirements, it’s either deferred for a future release or rejected.

Defect Management Example Table:

Defect IDStatusPriorityAssigned ToDescription
DEF-101NewHighDev TeamLogin fails when using special characters
DEF-102FixedMediumQA TeamUI layout issues on mobile
DEF-103DeferredLowMinor typo in the FAQ section

Example Workflow in JIRA:

In defect-tracking tools like JIRA, custom workflows can be created to track defect stages, with automatic notifications to team members when the defect status changes.

Tools for Effective QA in SDLC

Leveraging specialized tools can streamline QA processes across the STLC and Defect Life Cycle:

  • Test Management Tools: JIRA, TestRail, and Zephyr to manage test cases, link them to requirements, and track testing progress.
  • Defect Tracking Tools: JIRA, Bugzilla, and Azure DevOps for logging, prioritizing, and tracking defect resolution.
  • Automated Testing Tools: Selenium, Postman, and JUnit for automated test execution and CI/CD integration.
  • Continuous Integration Tools: Jenkins, GitLab CI, and CircleCI to automate test execution upon code changes.

Summary

Quality assurance within SDLC is a structured process that requires careful planning and tracking. Using frameworks like the STLC and Defect Life Cycle, QA teams ensure that software meets quality standards before deployment. Testing tools and automation further streamline this process, allowing teams to maintain quality as they scale.

In the next post, we’ll focus on how to select the most suitable SDLC model based on project requirements, timelines, and team dynamics.

Categories: ProgrammingSecurity

0 Comments

Leave a Reply

Avatar placeholder

Your email address will not be published. Required fields are marked *

Related Posts

Security

Nuclei

When it comes to automated vulnerability scanning, Nuclei is one of the best open source tools out there. It’s fast, flexible, and extensible with thousands of community templates. Masscan is like nmap on steroids. We’ll Read more…

Security

CISSP 3: Security and Risk Management Essentials

In the CISSP world, understanding Security and Risk Management is like building a solid foundation for a house. It supports everything else you do in cybersecurity. This domain forms the core of the CISSP Common Read more…

Security

T-Pot

T-Pot is an open-source honeypot framework designed to emulate multiple attack surfaces and gather data on malicious activities. This blog post walks through the installation process on an Ubuntu 20.04 server, and demonstrates how to Read more…