Book Reviews

Testing it right

Critical Testing Processes Author(s): Rex Black Publisher: Pearson Education ISBN: 81-297-0266-5 Price: Not mentioned No of pages: 571

In the Indian context today, software production is no more the traditional waterfall model, but rather it’s an accelerated and proactive, well-planned, incremental or rapid-development environment. In such environments software-testing framework play an impacting and effective role. Today, we need agile testing methodologies entwined with the production life cycle of the project. It is this output that this book provides for and addresses testing challenges for the organisation to test the ‘right product’ and ‘test the product right’. The book is a good read for programmers, project managers, test managers and quality assurance professionals.

The book looks at the big picture of testing in a project with 12 critical testing processes. Illustrated case studies demonstrate the use in various organisational, operational, and technological contexts. Instead of cumbersome regulations, this book provides checklists—lightweight, flexible tools for implementing process-oriented testing, gathering metrics, and making incremental process changes. Specifically, Rex Black shows test professionals how to handle recurrent tests efficiently and consistently, build a reputation for reliability through effective communication of test results, focus tests to maximise customer satisfaction and meet organisational goals. Whatever your role in testing— from test engineering to managing hundreds of test engineers, ‘Critical Testing Processes’ will offer valuable insights into what you do, why it’s important, and how you can perform better. The book is especially strong in its discussion of often overlooked ‘human’ factors of software engineering, including the interactions of testers with each other and with outside organisations. Rather than viewing testing as an isolated activity, Rex has described how the testing group and individual testers work within the context of the entire development effort. He discusses interpersonal and cultural issues in-depth since testing requires the participation of staff throughout the organisation and is a collaborative process.

In the book, the chapters on analysing quality risks are very useful for the initial planning process and convincing stakeholders to be timely and realistic. The unique feature of the book is its coverage on estimating the test process and fine-tuning the realistic path to planning. Also, a chapter on test releases is very rare in testing books. It ensures a successful project, a completely tested release and a satisfied customer. There are elaborate details for Indian readers on designing and implementing test systems. Testing also requires developing a cohesive, co-operative team building activity by hiring the right skills and abilities. Motivation, soft skills, leadership and communication are the areas where the career path for testers may soar.

The chapter on defect collection, reporting and analysis can be especially useful for a test manager and quality assurance professionals. Also, the book has elaborate insights on test metrics and defect metrics that can be extremely useful for estimation and defect prevention activities.

Rex Black is a president and principal consultant of Rex Black Consulting services, Inc. He has also written a book on managing a test process before.

This book can find a place in most of software organisations who are quality conscious and comply with the practices of ISO, CMM or CMMi.

Protecting digital assets

IPSec (Second Edition) Author(s): Naganand Doraswamy, Dan Harkins Publisher: Pearson Education ISBN: 81-297-0225-8 Price: Not printed No of pages: 262

Over the last few years the Internet has taken over as the primary mode of communication. Technically, all data during communication is passed using IP (Internet Protocol), which sadly doesn’t provide any security.

IPSec is a suite of protocols that provide much-needed security. IPSec in its second edition talks about the techniques and insights you need to protect all your digital assets, wherever they are—on the Internet, your intranet, your extranet, or your VPN. It is the most authoritative, comprehensive, accessible, and up-to-date guide to IPSec technology.

Two leading authorities in IPSec standarisation and implementation cover every facet of IPSec architecture and deployment, review important technical advances since IPSec was first standardised, and present new case studies that show how IPSec can provide end-to-end security in real business environments.

Whether you are a networking or Web professional, software developer, or security specialist, you will find it indispensable. Clearly and well-written, it provides the reader with an overall view and rationale, together with necessary hands-on details. This book is intended for an audience with an interest in network security as well as those who will be implementing secure solutions using IPSec, including building VPNs and e-commerce, and providing end-to-end security.

The book has been aptly divided into three sections according to the coverage and issues handled. The first section, ‘Overview’, gives a bird’s-eye view of the history and the need for security, TCP/IP and IP security.

These topics let professionals refresh their basics and even a novice can get the hang of the basic concepts. Cryptography and networking basics are discussed in early chapters for those who are neither cryptography nor networking professionals. The second section analyses in detail the architecture of IPSec and then each component of the suite.

All the components are examined in an integrated form as a suite on the whole and then individually, explaining format, modes and processing. Coverage includes: New, in-depth deployment guidance i.e. policy definition, representation, distribution, and management; New IPSec enhancements i.e. compression, multicast, key recovery, L2TP support, PKI integration; IPSec architecture and components i.e. payloads, headers, Internet Key Exchange and security associations.

Finally, the third section discusses implementation and deployment issues and policies that guide the user to implement the protocol in real life. This part includes implementation architecture and techniques, including overlapping and shared security associations, nested and chained tunnels; IPSec security in host-to-host, host-to-gateway, and gateway-to-gateway scenarios; establishing secure VPN tunneling and also a detailed look inside the IPSec kernel.

The guide to productive testing

Effective Software Testing Author(s): Elfriede Dustin Publisher: Pearson Education ISBN: 81-297-0048-4 Price: Not printed No of pages: 271

‘Effective Software Testing’ provides 50 critically important best test practices, problems and solutions. It is helpful to testers as well as quality assurance professionals. Proactive testing practices in a software organisation may help save effort and cost on defect detection and repairs. If the 50 practices are implemented systematically with interpretation of business goals, it can create a state-of-the-art testing program laboratory. The book is easy to read and use, written in simple English, and is good for new programmers, testers and test managers. However, in India, as software roles mature faster, experienced hands will have to select the appropriate chapters, or hunt for a level above.

Isolating the testing effort into one box in the work flow (at the end of the software life cycle) is a common mistake that must be avoided. Testing needs to be seamlessly integrated throughout the life cycle of any project. The material in the book ranges from process and management-related topics, such as managing changing requirements and the makeup of the testing team, to technical aspects such as ways to improve the testability of the system and the integration of unit testing into the development process. Although some pseudocode is given where necessary, the content is not tied to any particular technology or application platform. For a test manager, the book provides useful insights for test estimates, test planning, test plan understanding of the system architecture, testing risks, managing the testing team and non-functional testing. For a programmer or tester there is a lot in store on design, documentation, unit testing, automated testing, usability and performance testing, regression testing, execution of test cases and defect resolutions.

‘Effective Software Testing’ provides experience-based practices and key concepts that can be used by an organisation to implement a successful and efficient testing program.

This book places special emphasis on the integration of testing into all phases of the software development life cycle, from requirements definition to design and final coding. A chapter on automated testing best practices can really impact the testing framework. Testing and debugging takes 25-45 percent of software production costs, and implementing a defect tracking lifecycle and effective testing practices may contribute to profits. Also, a chapter on test team planning can be helpful to managers in organising the right resource framework. The book also provides information on testing non-functional aspects of a software application.

Books have been reviewed by Hitesh Sanghavi