Risk-Based E-Business Testing
This hands-on guide for business, project, and test managers and test practitioners presents an effective approach to using risk to construct test strategies for e-business systems. Using an easily learned risk-analysis technique, it teaches professionals how to employ risk in selecting and prioritizing test methods for e-business projects. This innovative resource explains how to select test techniques to address business risks and integrate them into a coherent test process.
"Risk-Based E-Business Testing" describes twenty-four test techniques that address failure modes found in Web applications. Grouped into seven categories, they are organized to make test strategy development easy. Each chapter includes a comprehensive list of references to papers, books, and Web resources. The book presents guidelines for postdeployment monitoring of availability, performance, security, and site integrity. It includes an overview of eight of the most important tool types with guidelines for selection and implementation. What's more, practitioners find discussions and recommendations on freeware, shareware, and proprietary tools.
Review By: Dale L. Perry
09/17/2003This hands-on guide for business, project and test managers, and test practitioners presents an effective approach to using risk and risk-based techniques to define and create a testing strategy for testing Web-based, e-business projects. This reference provides a set of risk-based techniques that can be used to address failures and faults typically found in e-commence applications. The book provides extensive lists of references to additional papers, books, and Web resources that can further aid the individual looking to test Web-based, e-business products. It also provides an overview of tools with some guidance on selecting and implementing tools, as well as references on where to find them.
As an instructor of Web testing courses, I am always in search of materials to help students and to complement my course content. I think this book fits this purpose to a tee. The book is particularly useful to those new to both Web testing and the use of risk-based testing concepts. The book provides excellent information in several key areas of Web testing and risk assessment.
The book has a very good definition of risk. It provides a well-balanced list of risks and risk characteristics, and how knowledge of various risks can be used in testing to prevent problems and reduce those risks. It also provides a little reality check when it points out that use of risk-based analysis and techniques alone is not without its own hazards. The general definitions the authors use are useful for more than just Web-based applications. I found their approach to be very compatible with other methods and techniques I have learned and taught.
Throughout the later chapters of the book, the authors do an excellent job of identifying basic risk types for Web applications as well as providing a general set of guidelines of where and how to address those risks.
I would have to say this book provides an excellent reference and starting point for those trying to come to grips with Web-based testing and those looking for a practical definition and set of guidelines on what risk is. The book shows you how to apply what you have learned to solving problems. I also think the book can people already familiar with risk-based approaches, because it provides a different perspective on a familiar topic. A different perspective never hurts.
User Comments
Not Just for eBusiness
This book is written for the software tester and/or test manager, but not just those professionals who test eBusiness Web sites. Rather, there is something in here for any software tester, or IT manager who has responsible for software quality.
In some ways this book is actually 4 books in one – the first part of the book focuses on using Risk to drive the test strategy for a product being evaluated, an approach that works as well for testing embedded software in aircraft engines, as for testing a Web site used for eCommerce. For example, in Chapter 3 Paul & Neil pose age-old software testing questions such as; “how good was your testing?” and “when can we stop testing”. Later providing answers based on a systematic (& defensible) approach, as opposed to good old fashioned “gut feel”.
Part II provides a high-level overview of some of the more common risks that a Web site might face, and then applies the risk based testing strategy discussed in part 1 to this particular problem domain. In effect, providing a high-level generic case study for risk based testing.
Part III is the largest section in the book, and is a series of 9 Chapters that go into the details of how to test Web sites. The last chapter in this section focusing on tools that can be used to automate many of these tests.
The last part of this book; looks at some of the common challenges a testing team might face when trying to implement any new approach to software testing (i.e. many of these aspects being applicable to any testing environment, not just eCommence Web sites).For example; how to handle incident management, staff retention, and Beta testing.
In summary; this book has something for anyone involved in software testing (whether it is as a test executioner or in a test management capacity). Please do not let the title lead you into believing that this book is only appropriate for testing Web app’s; there is plenty that is applicable for any software testing effort – especially the concepts of applying a risk based approach to determining what to test, and when to test it.
Note, additional details on this book can be found at http://www.riskbasedtesting.com/
Also, in the vain of "full disclosure", you should know that I've known Paul for many years, and consequently I cannot be considered a completely impartial reviewer.
I am first of all surprised that there are not already more comments on this book. The subject itself indicates the timeliness and importance of the subject. The "click-and-mortar" companies of the future are facing the same dynamics and challenges that the dot-coms of the last millennium faced. But they need to succeed since they are already established firms for the most part. In addition, many of the management teams are familiar with some of the concepts of structured risk taking.
I see this book as being exceptionally strong in support of those businesses that have traditionally been technology adverse. The book is well laid out, and starts by introducing the reader to the concept of risk and some of the approaches to manage risk. I especially like the transition from risk to risk-based testing. The authors have included a great deal of content that can’t be completely absorbed in one reading. If the reader is somewhat unfamiliar with the testing profession, this book is a good reference for IT testing, in general, and does a very credible job of introducing standard industry testing concepts as the books deftly ties in the risk based concepts.
I believe that this book needs to be a standard part of the IT testing practioners professional library of testing reference books and manuals. It’s essential for a serious web applications tester and invaluable for the novice. Well done Paul and Neil.