Software Testing Books

This book does not contain any useful information for software test professionals. It is little more than a whitepaper that takes a ten-thousand foot view of web testing and why it should be done, with lightweight examples.

However, this book does highlight activities and milestones that are essential to deploying web-based solutuions. From this point of view it does have value for managers and PMs who are responsible for making a business case for web-based projects.

For professional testers I recommend either Testing Applications on the Web by Hung Quoc Nguyen or Client Server Testing on the Desktop and Web by Daniel J. Mosley.

For project sponsors and project managers this book would nicely augment Web Project Management: Delivering Successful Commercial Web Sites by Ashley Friedlein.

Overall a good book, but OO analysis and design are covered in more "practical" detail in Booch's book. If you are a testing professional, methinks your first choice had rather be Robert Binder's book on OO Testing.

This book basically attempts to address a rather new segment in the engineering discipline of building software, namely the OO way. The OO design's pros and cons are very nicely outlined. In testing, namely, the testing of objects, he doesnt cover significant ground.

While the author's style is commendable, the organization of the chapters isnt very helpful.

Expectedly so, the first few chapters go ga-ga on the OO philosophy and how it will help everyone on the planet, fight crime and save the environment !! ;-) Testing OO designs or reviewing an OO design seems to be pushed into the background. Despite all this, the author makes use of compelling examples. And there are even a couple of ideas that could be pulled out for immediate use. I recommend that this be the second or third book you read, after you finish with the classics.

What attracts me to this book is that it has "A Tools Approach" in the title. It does have a pretty comprehensive coverage on tools currently available for model based testing. There are a dozen examples and case studies in the book to illustrate different approaches/tools for building good models specific to the SUT.

Another thing I like about the book is the literature listed at the end of each chapter for further reading.

One thing on my wish list for the book is a guide to building model based test frameworks (for housing the models) due to the fact that lots of times testers need to build such a customized framework before building models (again, due to lack of mature commercialized model based testing frameworks).

This book's author scrutinized the software testing in a totally different way from most software testing books. The author focused on modern OO software testing, mainly glass box testing. It is very helpful, because it covers some important changes for OO system testing, which are not included in most software testing books.

Here are some points that impressed me most:

1) Information Hiding and Abstraction: Although information hiding brings many benefits to programmers, it may be a strain on the life of a software tester. To test a method, if a tester wants to check the state of an object before and after the invocation of the method, he needs to access the internal state or data of that object. However, it is hidden to testers. Abstraction separates the essential behavior of an object form its implementation. An object can be tested as a black box using the abstraction of the object.

2) Testability of Object-Oriented Systems: The author's definition of testability is a prediction of the probability of software failure occurring due to the existence of a fault. The definition implies the software testability is related to the ability of software to hide faults for a selected input distribution. Obviously, OO system's testability is lower than procedural counterpart.

3) More opportunities for testers: Object orientation is employed to improve productivity and efficiency. Higher-complexity software is being produced in less time. This increased complexity is conducive to more error opportunities in novel ways. - Hai Huang

Verifiable programming means to write programs that can be verified using formal methods. The idea is that whenever you create a program, you should also think about how to construct a formal specification, and a partial-correctness proof of the program in question (you won't always actually generate the proof, but by thinking about it when programming, it will usually result in programs that are more correct, and simpler to understand).

While this is the idea, the book quickly looses sight of this, instead focusing on mechanical techniques for correctness-proofs, focusing on Hoare-logic, Guttag-style type-definitions with generator induction functions, and proving theorems in first-order logic with backward proof construction. This leads to an expressive and easily extended formalism, suitable for common imperative languages like C or Java. Certainly this material is necessary for an understanding of what verifiable programming means, but I wouldn't mind if the book at least tried to keep some kind of perspective throughout the text. Another problem is the lack of exercises helping you to digest the relatively theoretical material.

The lack of perspective and the lack of exercises are the main faults of the book. The last is the lack of interesting examples. Surely you can write a correctness-proof for your binary search routine, but since the problem is so simple, the advantages of the formal approach doesn't really shine, since testing all possible cases is just as efficient. It is when a combinatorial explosion occurs in the state-space of your problem that formal methods are really necessary, and this book fails to give any examples.

Still, there are few other books in this field, and if you are interested in an introduction to formal methods, you have at your disposal a book that provides a surprisingly usable and extendable formalism, capable of modelling nearly any program or algorithm. It is suitable for anyone who can program, but a more than passing interest in logic is probably required.

Overall I found this book to be helpful in understanding the inner workings of the Zend Framework. The low score I gave this book is attributed to the several errors in the code examples. It seems this book was rushed to publication and nobody verified that the code examples worked.

If you are like me and like to build the code as you read each chapter then this book is NOT for you. I could never get the code to work as written in the book. I would advise that you download the companion code from the publisher's website. The code from the site seems to have been tweaked after the publication of the book and does run correctly. Problem is it does not match the code in the book therefore you have to investigate why the book says one way while the code shows it another way. Very frustrating the say the least!

I can only recommend this book if the publisher decides to release a second edition with these errors fixed.

Regards.

As anyone who pre-ordered this book knows, it was way off its release schedule. That may explain the numerous errors in the book.
I am only on day 2 of the book and so far I have found at least 5 errors. These are not misprints but clear technical errors. The errors are in differing areas too, so not like the author simply misunderstood something, which leads me to believe this book, while already late, was rushed out of the door.
The book comes with online source code, and my advice would be to get it. If you follow the source in the book you will get errors both from the database code and the PHP code. In chapter 3, for example, the author lays out a database table schema which clearly states that certain fields cannot be NULL and have no default value, and then goes on to state INSERT statements that miss these fields out...thus generating an error. Another example is where on one page the application library folder is called just that in an image, but then i the PHP code it is referred to as "lib", again creating an error when the code is ran.

On the plus side the detail is very good. The first couple of chapters lay out the "why"s and "where"s of Zend Framework, and the real world example that the book builds on gives you a much more usable path of learning than someone simply telling you the details of the framework itself. Definitely a preferred approach for me!

I would like to rate the book higher but having to wait for almost an extra month to get it and then penciling in the errata certainly does not build confidence in it.

Paul Allsopp
Webtop-Designs

After successfully passing 4 of 6 exams, I was wondering which exam to hold for last... After purchasing this book purely by Amazon's readers recomendations it's pretty clear that IIS will be that last and final exam for me. As I will need to find additional study material for the IIS4 exam - this book has lots of sample questions but the explanations are too simple and quick.

Thicker books may be the way to for further and more applicable study in conjunction with this book. Use additional material to index and explain a concept or question in depth with this cram guide. Questions are great but without much detail in explaining a particular set of questions, this will not be your only study guide to successfully pass the IIS 4 exam.

At the time of my purchase of this book, it was rated above 4 stars - I hope to justify lowering that review a tad.

Not a bad book but it could have gone into more detail. A bit disappointing for one of the Exam Cram series.

This book plus the Transcenders testing software is a good combination to pass. Those two with a little hands-on and you should pass this test. I got an 854 out of 1000 on the test without too much effort. DO read up on ODBC error messages (SQL) as it was heavily tested. This book does not delve into much depth on that subject. Otherwise a good buy, especially used.

I passed the test with an 854 out of 1000 using only this book and the Transcenders plus some hands-on time in IIS 4.0 . My best EXTRA piece of advice is to go to Microsoft's web site and look at what the exam will test on. I got a lot (3 or 4 out of 55 questions) of ODBC error messages questions (SQL) on the version of the test that I took (non-adaptive version) and this book did not delve very much into this area. Other than that, it was very good.

I use this book solely to study for about a month and pass the exam! However, there are so many simulation questions in the exam that I think the examples in the book are not enough. Therefore this book is best suited for revision BUT NOT FOR BEGINNERS.

This book gives a viable testing process and some excellent artifacts that will get new test engineers and QA specialists quickly up-to-speed.

Although the title claims that this book is an *automated* web testing toolkit, there is little test automation coverage. However, getting past the title, this book does lay an excellent foundation for testing processes and procedures. The artifacts on the CD ROM add to the value, and although more experienced software test and QA personnel might find this book basic, I think that it does an excellent job.

Among the things I like most include the system independent approach that the author takes - UNIX and Microsoft technologies are given equal and unbiased treatment, and the tools that the author does use as examples reflect her objectivity.

While some may lament the fact that this book is basic, I believe that the "basics" are sorely needed in the web environment because the testing that I have observed isn't rigorous if it's done at all. From that perspective, this book may be basic, but it introduces web development and support teams to a methodical approach to testing and its importance.

As long as you know the strengths and weaknesses of this book you can make an informed purchasing decision. If you are an advanced QA practitioner, or are seeking information on automated web testing this book will probably disappoint you. However, if you are feeling the pain of poor web QA (defects routinely caught after code or content is released), or need to learn the basics of web testing, then you might find this book to be a valuable resource. In my opinion the artifacts on the CD ROM alone are worth many times the price of the book. Your opinion may differ. This book merits five stars for the right audience.

This book is a good addition to any manager's library. It goes through the steps it takes to go through a web project. It is a good toolkit since it gives the reader a list of tools for many types of web testing.
It also talks about Business Requirements and types of testing that can be done on web applications.
As a novice tester the book may not answer all your questions but for testers who are looking for quick answers and want to reserach tools this is a must buy.
The CD also offers several templates for the Test Process that I found useful.

The book is not organized at all. Headings and sub-headings are not structured either so you can't understand what are you reading exactly. Examples are rarely introduced and it is very easy to lose focus while reading. I don't recommend this book at all and indeed it needs a quick major revision.

I tried real hard to find something to like about this book. I was disappointed. Testing of web sites and web applications is an area which desperately needs some good books, but this is not one of them.

The author seems to have cobbled this book together from some old course notes, inserted the word "web" here and there and put some obviously obsolete material in the past tense. It baldly assumes a heavyweight and ill-considered development process, and makes unsubstantiated statements about an unrepresentative selection of software packages. Automated testing is mentioned only in passing, between superficial descriptions of project- and risk- management. Virtually no mention is made of the things which make web applications hard to test - browser differences, massive concurrency, stateless protocols, network issues ...

It lacks the depth for a developer or tester, but I can't even recommend this book as a management overview - so much of the content is either dangerously misleading, obsolete, or just plain wrong.

Very misleading title. I bought the book thinking it would discuss tools for automated web testing (gee, I got that idea from the title somehow); but the book is only about basic procedures in general testing. "Testing Computer Software" and "Testing Web Applications" by Cem Kaner, et al. had better information on basic testing procedures AND automated testing. I really wanted the authors to give me my money back since the book is NOT about test automation. And the "load testing for e-confidence" pdf on the CD is available FREE OF CHARGE from Segue's web site.

This is the only item you should buy if you feel confident about taking the CBT TOEFL test, that is your English is already pretty good. The GUI is the same as test day so at least there is no suprise. I could not get the program to work under WIN98 SE, the sound would not come on. However, and very surprisingly, it works fine under XP!
In sum, try to buy it used because it is not worth paying the full price.

I expect more, especially when it comes from ETS. The excercise from the book were not helpfull at all and there are only a few tests. But, as I say if you don't have anything else this could give a realistic idea of the test.

The listening section on Test 1 works fine only before the start of the test and voice is not coming up during the actual test questions. This doesn't reflect the company's professionalism, and i'm really upset about the way the software messed up with my preparation. I'm going to have to let BBB know about this complaint and let the rest of the aspirants know the mediocre quality of your product.
They must have real professionals devolop these kind of products. I'm a software professional too, i really didn't expect this out of your product.
Above that, the customer support is not operational 24 hrs a day, and i've been slogging these days with my preparation and could not reach your team when i really need help.

This software only helps you see how you'll score on the real exam and that's it! You can get an idea of how you'll score on the essay part too. There are several essays written by people who took the exam in the past. The ones with scores of 1 or 2 are really funny. I don't understand why one would take TOEFL with such terrible English. If you can understand what Americans are saying when they are talking slowly and clearly, and if you can read and understand articles in newspapers or magazines, you certainly don't need this software to tell you what your score range will be like. Take the real exam and see for yourself! You'll pass for sure. I took TOEFL 8 years ago with no TOEFL test preparation whatsoever and scored 617. TOEFL is an easy exam...but if your English sucks (sorry), then either take a TOEFL course or buy something which can teach you something, point out your weaknesses and give you plenty of exercise. THIS SOFTWARE WON'T HELP YOU IMPROVE YOUR ENGLISH! As you can guess, it won't improve your score either! There are no answers to the questions on the exams so you'll never know which questions you answered wrong and what the correct answers are.

... .

The only reason I bought this product was because I had never taken a computerized exam and was scared that I'd screw up in the exam. Now I feel I paid too much just to get a feel for the exam. If you can read this review, you know enough about computers and you'll have no problems at all with the exam software.

Summary:
BUY IF you have perfect English, but you feel uncomfortable taking an exam not knowing what it will be like, and you don't mind spending this much money to see a sample exam.
DO NOT BUY IF you are not the person I've described above!

Hello.
I bought this software and It do not work on Windows 2000. I sent on mail to the customer service and the never answered me.
I've enough skills to install any software but this on just don't work... waste of money!

This book may have had some value when it was written, but most of the content is obsolete by now.

Moreover, it spends a good portion of the text describing how to install the products and most of the rest is dedicated to the description of the options (essentially a cut-and-paste) from the manuals.

A waste of time (money and paper).

I expected this book to cover security audits.

This book is a step by step guide to using a handfull of auditing tools (including installation).

If you have never seen an auditing tool like Nessus or hping then this book may teach you something. However, after reading this book alone, you will by no means have the knowledge required to conduct a security audit. You are only shown how a few tools work. Not what to do with the information provided, not what it means, nothing.

I enjoyed the detail in this book and the configurations are technically sound. The author covered the best known software with clear instructions on getting up and running and then performing an audit with each package. The book closes with an interesting evaluation ranking chart and compares each package based on number of issues detected. The text is easy to follow and formatted well. This is a good beginner guide to vulnerability assessments (veterans need not apply).

John Chirillo routinely stuffs his books with a wide variety of hard to find technical gems. This book is no exception as he has created an exceptional manual on security auditing. His compilation of tools is excellent and the book descriptions and how-to's, even better. For those that are inclined, he outlines the building of a Tiger Box (testing system) which takes full advantage of the tools contained on the CDROM. The head to head comparisons of the popular security tools help you in selecting the security tool that is right for you. If you are playing catch up in the mad-cap world of Internet security, this book can help you level the playing field. The CDROM also contains the highly functional Tiger Tools Suite which takes the difficult job of security testing to the level of simple mouse clicks. This is a good book to break in a beginner and is full of information to satisfy the security veteran.

I find this to be a rather confusing book.

The title suggests I will learn how to conduct my own security audit,
but when I've finished the book, all that seems to remain is how
I install Windows 2000 Server and Linux/Solaris, a number of brief
user guides about various vulnerability scanners, and a short comparison
of them. Where did the audit bits go? Looking for them in the table of
contents produces nothing.

There is a description of what a security audit should include in the
introductory text of Part I. It's almost hidden away -- Part I is
titled "Building a Multisystem Tiger Box", and not even the table of
contents hints that there's more important information here.

The book says a security audit consists of seven phases:
blind testing, knowledegable penetration, Internet security and services,
dial-up audit, local infrastructure audit, WAN audit and reporting.
It comes as a disappointment to find, then, that only
phase 1 (blind testing) and phase 4 (dial-up audit) will be covered.
I hoped I would get pointers where to look for information how to do
the remaining five phases, but it seems to have been omitted.

The dial-up audit, furthermore, seems to have been lost. The only place
where it is mentioned in the book (according to the index) is in this
description.

My personal reaction is of course to retitle the book: "How to
do 1/7ths of a security audit". I feel a bit cheated.

The book goes on to describe how to set up a multi-boot system to use
for security audits (chapters 1-3). As far as I see, it's just basic
installation walkthroughs, without any discussions of why a particular
configuration choice is made, or how it affects the purpose of using
the multi-boot system. Also, very little is said about the problems
involved in multi-booting (such as choosing good partition sizes), and
there is nothing on how much disk is required, though the Solaris
description suggests 5 Gb for Solaris alone. The problem of sharing
information between the different environments is not touched upon either,
but will be encountered very quickly by anyone actually using the system in practice.

Nor is there anything about why Windows 2000 Server is used for the
installation description (what with all the bits about Active Directory, domains,
trust etc.), and there's nothing at all about the problems
and benefits of being able to conduct an audit both entirely outside a Windows

domain, as well as being part of it.

Part II is about using security analysis tools on windows. Again it starts
off with an introductory part (again hidden away to anyone
using the table of contents) describing audits of the SANS Top 20 Vulnerabilities.
I can't imagine why the table of contents does not mention this: it
is important. Some of the suggestions, though, (such as the question of missing
backups) does not really come withing the scope of the book, or even the full
seven phase security audit described earlier: security policies are not
covered. This is rather confusing: it feels as if something was missing from the book.

The main chapters of Part II describe the capabilities of Cerberus
Internet Scanner, CyberCop Scanner, ISS Internet Scanner, Harris STAT,
and TigerSuite 4.0. The descriptions are more of the nature of short
user guides -- it would have been far more useful to have actual
pratical experience from using them.

The last product (TigerSuite 4.0) can hardly be compared with the other
vulnerability scanners, and it's not clear from the description in what way
it may complement them. The only practical application described in that
of tracerouting, but it could easily have been done with already available tools.

Part III does the same, but for Linux, Solaris and Mac OS X. The different chapters
describes various Unix programs: hping2, Nessus, nmap, SAINT, SARA.
As the introductory part gives a list of Linux commands, it appears to
be intended for the novice, but already in the chapter on hping2 the
reader is expected to read and understand substantial material from tcpdump
without any help from the text.

The reason hping2 is included seems to be
on the idea that it can be used for IP spoofing -- indeed, there's a
fairly long description how spoofing was used by Kevin Mitnick to gain access to
another system. But just how this connects with hping2 is not explained.

Part IV is titled "Vulnerability Assessment" and contains one single
chapter in which the result from running the various vulnerability scanners
against a specially designed target network are compared in various tables.
No interpretation is provided, unfortunately.

In addition to the odd lacunas in the table of contents that already have been
mentioned, the text appears to has been badly served by the editor: there are
numerous ambiguities sprinkled around. One if the best can be found on the very
first line of the introduction:

"The objective of this book is to fill a gap found in most books on
security: How security examinations can be conducted via illustrations
and virtual simulations."

Most readers will hopefully be able to figure out what the intended meaning is.

Those 'virtual simulations' (whatever they may be) are found on the CD:
short recorded demo walkthroughs of how to use some of the tools described in
the book.

The two stars are mainly for the information on the vulnerability scanners.
Had the book described the pitfalls in using automated tools (such as the
inevitable false positives) and went into the pratical issues around using
the tools it would easily have obtained a third star, provided the title had been
modified to indicate that the book is mainly about tools.

I would recommend the book "Hack I.T. -- security through penetration testing"
by Klevinsky, Laliberte and Gupta instead. It works with a smaller scope -- that
of the penetration test, not the full security audit -- but covers it far better.