Database Testing Fundamentals

Questions and Answers

Which of the following is NOT a primary focus of database testing?

• Trigger functionality
• GUI aesthetics (correct)
• Data integrity and consistency
• Schema validation

In a banking application, what is a key objective of database testing concerning transaction information?

• Ensuring the GUI is visually appealing during transactions.
• Optimizing the application's code for faster transaction processing.
• Verifying that transactions are stored correctly, no information is lost, and unauthorized access is prevented. (correct)
• Confirming that the application uses the latest version of the operating system.

What knowledge is highly valuable for testers performing database testing?

• Extensive knowledge of GUI design principles.
• Familiarity with various operating systems.
• A strong understanding of SQL. (correct)
• Expertise in network administration.

What is another name for User-Interface testing?

Graphical User Interface testing (C)

Which of the following is primarily validated during User-Interface testing?

Text boxes and dropdowns (B)

What is the primary focus of database or data testing, as opposed to User-Interface testing?

Validating internal processes and storage (B)

A tester performing backend testing needs to have a strong background in what?

Database server and SQL (B)

Which type of database testing validates elements inside the data repository that are not directly manipulated by end-users?

Structural Testing (A)

What is the main purpose of schema testing in database testing?

To ensure schema mapping between front-end and back-end are similar. (B)

Which tool is mentioned as being suitable for mapping testing?

DBUnit integrated with Ant (D)

When developers modify the structure of a table, what should a tester ensure regarding stored procedures and views?

They are compatible with the table's new structure. (C)

During stored procedure testing, what coding aspects should be verified?

Adoption of required coding standard conventions (D)

What TRIM operation should be verified during stored procedure testing?

Whether it is properly applied whenever data is fetched from tables. (B)

What should be validated regarding database fields and columns?

Their compatibility with front-end mappings. (A)

What aspect of database fields needs validation with respect to business requirement specification documents?

Whether they allow the user to provide desired inputs. (C)

What is a key check performed during keys and indices testing?

Whether the required primary and foreign keys have been created (A)

What does functional database testing primarily validate?

The functional requirements of a database from the end-user's perspective. (C)

In functional database testing, what condition should be observed for field validations?

Whether the field is mandatory while allowing NULL values. (D)

What must be validated regarding data integrity and consistency?

Whether the data is logically well-organized. (D)

What action should the application take in the case of an invalid username and password?

Prevent the user from proceeding further. (D)

What security measure should be in place for sensitive data in a database?

Encrypt sensitive data, such as passwords and credit card numbers. (D)

Which testing method involves verifying the integration of database to check the functionality?

Black Box Testing (D)

What does white box testing deal with?

The internal structure of the database (C)

What can coding errors detected in white-box testing help eliminate?

Internal bugs in the database (C)

What is a limitation of white-box testing?

SQL statements are not covered. (A)

Which type of testing can be categorized into load testing, stress testing, security testing, usability testing and compatibility testing?

Non-Functional Testing (B)

In the context of non-functional testing, what does risk quantification help stakeholders ascertain?

Various system response time requirements under required levels of load. (C)

What is the term for testing a database system with a heavy load to identify its breakdown point?

Stress Testing (B)

What is a common cause of data breaches in cloud databases and storage services?

Insecurely configured cloud databases. (D)

What is a primary method to prevent SQL injection vulnerabilities?

Avoiding dynamic queries and using prepared statements. (A)

What is a key mitigation strategy for weak authentication?

Implementing multi-factor authentication. (C)

What technical measure can help mitigate privilege abuse?

User access rate limiting. (C)

What is the best approach to address the risk of excessive privileges?

Ensuring role-based access controls accurately map permissions to job function. (C)

What is a common defense against network-level Denial of Service (DoS) attacks?

Cloud-based DoS protection services. (A)

What is the recommended approach to handling database backups?

Encrypt all backups and include proper key management. (C)

Which ACID property ensures that a transaction either completes entirely or not at all?

Atomicity (C)

What aspect of the software is tested during database testing?

Aspects of the software that are not visible to the user (C)

Which activity is most generically performed by developers in technical aspects while requirement conditions can be done by Customers/Business Analysts?

Test environment setup (C)

What database testing scenario involves writing UPDATE statements or updating stored procedures and triggers?

Modifying existing records (C)

Imagine a scenario where a junior tester, fresh out of training, is tasked with setting up a database test environment but accidentally configures the test database to directly mirror the production database without any anonymization or masking of sensitive data. The tester then proceeds to execute a series of performance tests which inadvertently trigger automated email notifications to thousands of real customers with test data. Later, during database integrity tests, a script overwrites a critical table in the production database.What key principle of database testing has been violated in this scenario?

Mimicking the production environment without compromising data integrity or security (C)

Flashcards

Database Testing

Software testing that verifies the schema, tables, triggers, data integrity, and consistency of a database.

Importance of Database Testing

Validates data values and information received and stored in a database.

Banking Application Testing

Verifies application transaction data is stored correctly, no information is lost, and unauthorized access is prevented.

User-Interface Testing

Testing that focuses on elements visible and open for user interaction in an application.

Database/Data Testing

Testing that focuses on hidden elements like internal processes and data storage.

Structural Database Testing

Validates all the elements inside data repository that are mainly used for data storage.

Schema Testing

Validates schema formats associated with the database.

Stored Procedures Testing

Ensures coding standards and error handling are adopted for stored procedures.

DBUnit

Integration tool suitable for mapping testing

Trigger Testing

Checking coding conventions and conditions fulfillment for triggers.

Database Table, Column Testing

Verifying the mapping, length, and naming conventions of database fields and columns.

Database Server Check

Checking server configurations and user authorizations to meet business requirements.

Keys and Indexes Testing

Verifying primary and foreign key constraints on tables.

Functional Database Testing

Validates the functional requirements of a database from the end-user's perspective.

Basic Conditions for Database Validations

Verifies conditions for field validations like NULL values and field lengths.

Checking Data Integrity

Ensure that data is logically organized and correct according to business requirements.

Login and User Security

Validates login and user security credentials to prevent unauthorized access.

Black Box Testing of Databases

Verifies the integration of database functionality using simple test cases.

White Box Testing

Deals with the internal structure of the database and specification details are hidden from the users.

Non-Functional Testing

Categorized into load, stress, security, usability, and compatibility testing based on business needs.

Risk Quantification

Evaluate system response times and identify issues under required load levels.

System Equipment Requirement

Find the system configuration that meets performance expectations with minimal hardware.

Requirements for Load Testing

Determine the potential impact of user transactions on overall system performance.

Database Stress Testing

Used to stress test database system with heavy load to find its breaking point.

Cloud Database Configuration Errors

A new data breach caused by insecurely configured cloud databases or storage services.

SQL injection

Occur when application code dynamically includes user-supplied input in database queries.

Weak Authentication

Ranges from brute forcing the user interface to insecure storage of database credentials.

Privilege Abuse

Users abuse data access privileges improperly.

Excessive privileges

Users hold privileges that exceed job requirements.

Denial of service

Attackers send complex search queries to exhaust server resources.

Inadequate Backup

Includes encrypted keys by data.

Database testing

Checking the database to ensure it is functioning correctly.

ACID Properties

Atomicity, Consistency, Isolation, and Durability of database transactions

Atomicity

The data must remain atomic

Consistency

The value should remain maintained after the transaction is completed

Isolation

All the transactions should be completed in one go so that we won't affect one another and change the database state

Durability

Ensures permanency of data

Data Mapping

Validating the data that pass through back and forth between the application and the backend database.

Test environment setup

Setup with software, hardware and network configured for test execution.

Structured Database Testing

Verifies database, device, and log names, space allocation, and option settings.

Functional Database Testing

Finding schemas, triggers, and procedures to form functional groups for testing.

Study Notes

Database Testing

• Database Testing is a software testing type that reviews schemas, tables, triggers, and more.
• It verifies data integrity and consistency, potentially using complex queries to stress and assess database responsiveness.
• It is important to ensure the accuracy of data values and information stored in the database.
• It prevents data loss, secures aborted transaction data, and guards against unauthorized access.
• Testers require solid SQL knowledge given the database's importance in applications.
• It is crucial to validate database information, despite GUIs getting more attention as they are more visible.
• Application stores transaction information in the database and displays them correctly to the user.
• No information is lost.
• Partially performed or aborted operation information is saved by the application.
• No unauthorized individual is allowed to access the user's information.
• Data validation or data testing should be used to ensure all objectives.

User-Interface vs. Data Testing

• User-Interface testing, also known as Front-end Testing, focuses on testable items visible and interactive to the user like forms, presentations, and menus, often created with tools like VB.net, and VC++.
• Data Testing, or Backend Testing, concentrates on hidden elements such as internal processes and storage, like DBMS (Oracle, SQL Server, MYSQL).
• User-Interface validates text boxes, dropdowns, calendars, page navigation, images, and application appearance.
• Data testing validates schema, database tables, columns, keys/indexes, stored procedures, server validations and data duplication.
• User-Interface testers should know business needs, development tools, automation frameworks and tools.
• Data testers must be proficient in Structured Query Language and database server concepts.

Types of Database Testing

• Structural Testing validates database elements for data storage not manipulated by end-users, focusing on database servers and needing SQL expertise.
• Schema Testing validates database schema formats.
• It also verifies compatibility between table/view/column mapping formats and the user interface.
• This ensures front-end and back-end schema mapping similarity, sometimes called mapping testing.
• Schema testing involves validating schema formats related to databases, due to table mapping format incompatibility issues compared to the user interface level.
• It is important to verify unmapped tables/views/columns.
• Consistency requires validating heterogeneous databases in an environment according to overall application mapping
• DBUnit is integrated with Ant for mapping testing.
• SQL Server allows testers to check and query the database schema via simple queries, not code.

Stored Procedures Testing

• Ensure developmental teams adopt coding standards and exception/error handling for all stored procedures across modules.
• Verify the development team employs the TRIM operation on data fetched from database tables.
• Determine if manual stored procedure execution gives the end-user the needed outcome.
• Confirm manual stored procedure execution updates table fields as needed.
• Check if stored procedure runs enable required triggers implicitly.
• Validate unused stored procedures and "Allow Null" conditions at database level.
• Verify successful stored procedure and function execution with an empty database.
• Validate overall stored procedure module integration according to application needs.
• LINQ and SP Test Tool are used for testing stored procedures.

Trigger Testing

• Verify the required coding standards have been followed during the coding phase of the Triggers
• Confirm triggers for DML transactions meet needed conditions.
• Determine triggers update data correctly after execution.
• Validation of the required Update/Insert/Delete triggers functionality.

Database Table and Column Testing

• Determine if the backend database field and column mapping matches the front-end.
• Validate database field/column length and naming according to needs.
• Validation of any unused/unmapped database tables/columns.
• Validation of the compatibility of the datatype and field lengths of backend database columns against the frontend.
• The database field allows the user to input data as required by business documents.

Database Server Check

• Review database server settings as specified by business needs.
• Check required user authorization to perform actions.
• Verify the database server meets user-transaction needs as specified.

Keys and Indexes Testing

• Check for required primary and foreign keys.
• Check if there are constraints on requested tables.
• Determines if foreign key references are legitimate.
• Determine if the primary key's data type matches corresponding foreign keys in tables.
• Check that required naming conventions have been used.
• Check size and length of required fields.
• Determining if required clustered and non-clustered indexes were made on needed tables, as business specifies.

Functional Database Testing

• Functional Database Testing is to validate database functional needs from the end-user's POV.
• Database testing checks if end-user transactions work as planned.
• The field must be mandatory when it has NULL fields, all like fields should possess same names across tables and whether there are computed fields?
• Testers conduct operations at the database and UI levels in turn to confirm adequate field validation.
• Tester should validate at backend and begin operations at the user interface.

Data Integrity and Consistency Checks

• Validate the organization of data
• Table data is accurate and satisfies business needs.
• There is no unnecessary data present.
• The data has been stored as per as the requirement with respect to data which has been updated from the user interface.
• Verify TRIM operations on data before database insertion.
• Verify if transactions follow business needs and give correct results.
• Is data committed upon transaction success?
• The data has been rolled backed successfully if the transaction has not been executed successfully by the end-user?

Login and Security Validations

• The application prevents the user from proceeding further if an invalid username but valid password, a valid username but invalid password, and an invalid username and invalid password.
• Review user access to specific operations as specified.
• Ensure data security against unauthorized entry.
• Are different user roles with permissions created?
• All users should have needed database access as business specifications require.
• Determine if sensitive information is encrypted rather than kept as plain text, using hard-to-guess passwords.

Black Box Testing

• Black Box Testing verifies database integration.
• Simple test cases are employed to verify data coming into and out of the function.
• Techniques like cause-effect graphing, equivalence partitioning, and boundary-value analysis are employed to assess database functionality.
• It is simple and done early in development.
• Test-case development is cheaper than white-box testing.
• This method does not detects a few errors and determine amount of needed programming.

White Box Testing

• White Box Testing addresses internal database design and user-hidden details.
• Module testing is done on functions, triggers, views, and SQL queries.
• It validates database tables, models, and schemas, along with Referential integrity.
• It tests on database consistency, selecting default values.
• Common techniques are condition, decision, and statement coverage.
• Errors are spotted early and so internal concerns are eliminated.
• The limitation is that SQL statements are not covered.

Non-Functional Testing

• Non-functional testing can be load testing, stress Testing, Security Testing, Usability Testing, and Compatibility Testing, and so on.
• Performance Testing encompasses load and stress testing, which has two purposes.
• Risk quantification shows stakeholders a variety of system response under various levels of load.
• It involves the processes of risk identification and risk quantification, presents corrective opportunities and an impetus for remediation that will mitigate risk.
• Minimum system equipment requirements include minimum system configuration that meets stakeholder performance expectations, in order to minimize extraneous hardware, software, and ownership costs.

Load Testing

• Load testing’s purpose should be clear and documented.
• The most frequently used user transactions have the potential to impact the performance of all of the other transactions if they are not efficient.
• Non-editing user transaction should be included in the final test suite, so that performance can be differentiated from other transactions.
• Key transactions should be included, as load failure has a significant impact.
• One editable transaction should be included so that performance of transactions can be differentiated from other transactions.
• Load testing require optimum response time under huge number of virtual users.
• They provide effective times for fetching of various records.
• LoadRunner, win runner, and JMeter are effective load testing tools.

Stress Testing

• Database Stress Testing tests database systems under heavy loads to identify breakdown points.
• Proper planning and execution is needed to avoid overuse.
• Torturous / Fatigue testing is data stress testing.
• LoadRunner and JMeter are crucial stress testing tools.

Cloud Database Configuration Errors

• Barely a week goes by without a new data breach caused by insecurely configured cloud databases or storage services.
• Knowing what data you hold, where it is located and implementing effective infrastructure configuration and change management procedures.
• Implementation of cloud databases should have configuration by service, such as firewall.
• Database configuration need authentication.
• Insecure data services should be monitored.

SQL Injection

• SQL injection vulnerabilities occur when dynamic database queries have user supplied input.
• Avoid the use of dynamic queries and implement user input validation.
• Include data tier monitoring/alerting for dynamic queries to find attackers who query the database directly.
• NoSQL databases are prone to injection attacks that necessitates controls such as input validation.

Weak Authentication

• Controls such as account lockout should be implemented.
• Use password blacklisting to prevent users choosing common passwords.
• Multi-factor authentication that an attacker needs more than knowledge of a username and password to illegally access data.
• Use a strong password hashing algorithm such as bcrypt and salt each password with a long, random, unique, string.
• Protect the application database credentials and make sure they are unguessable.

Privilege Abuse

• Users may abuse data access privileges for unauthorized purposes.
• Limit the number accessible to a reasonable maximum to mitigate this.
• The application and its databases should not expose interfaces which allow arbitrary queries and bulk export of data.
• Access to should be logged, regularly audited and limited to as few people as possible.

Excessive Privileges

• Privileges may be abused by the individual or an attacker who compromises their account.
• The problem is addressed by a combination of technical and procedural means like role based access controls.
• When staff change roles, their permissions are updated to reflect this.
• Regular, reviews confirm everyone's role, so, someone who left already still has an active account.

Denial of Service

• Network level Denial of Service (DoS) attacks overload your system regardless of capacity.
• Cloud based DoS protection services have become the usual defense here.
• Resource consumption-based attacks require a different approach, such as request rate limiting.
• Data theft by database backup and hard disks has also long been a concern.

Inadequate Backup

• Backups should be encrypted to protect data.
• Keys must not fall into the wrong hands but must be available when needed.
• Resilience within cloud services is not the same as backup. It's possible is that an attacker to delete so much cloud infrastructure and customer data that an organisation can't survive.

Database Testing

• Testing validates software application heart.
• It confirms database order via backend or data testing.
• Reviews schema, tables, triggers.
• Reveals non-user-facing software aspects, displaying data flow from app to database, as well as data integrity.
• Validates ACID properties: atomicity, consistency, isolation, durability.
• Ensures business rules are exact, as databases record the stored data.
• It is important to test DBs through all areas, information storage, and queries.

Database Testing Objectives

• Testing follows Transaction's ACID Properties.
• There is also Data Mapping.
• This will ensure Accuracy of business rule and also Data Integrity

ACID Properties

• It ensures that four properties such as Atomicity, Consistency, Isolation ad Durability.
• Atomicity signifies data should remain atomic.
• Consistency suggests values persist post-transaction.
• Isolation: This refers to completing all transactions at once, to prevent another change.
• Durability means keeping modifications without failure.

Data Mapping

• It is to check the data that passes though the application to the backend database.
• Front-end methods should constantly map to the equivalent back-end fields.
• Mapping details reside in the application's requirements.
• Each front-end action equates to a backend CRUD function.

Database Testing Processes

• Test Environment consists of configured software, hardware, and network.
• Environment configuration must mirror production.
• Test Environment Setup includes hardware setups, OS settings, software, and test terminals.
• QA needs a fully functional environment to begin testing.
• It can be started with test case development.
• Can be initially done by developers and then by Customers/Business Analysts.
• Smoke testing readies the environment and can undergo validation by the QA team.
• This phase has a criteria, preparation of test data and readiness.

Test Environment Setup Activities

• Design Test Environment includes archiving test environment, network verification, identify required databases and systems, and identify the number of licenses required.
• Environment setup involves reviewal to prepare a software and hardware list.
• Configuration should occur test environment.
• Team should have access to quickly perform testing on the test built.

Test Scenario Generation

• Scenarios include Structured, Function and Non-Functional Database Testing.
• Common Structured Database Testing is verifying database and device dump, log device, enough space and option settings.
• Common Structured Database Testing is verifying the table, column naming, key, value, or no value.
• Functional Database Tests are test scenarios as per schema, responsible triggers or stored procedures.
• It also includes to check and trace data flow.
• Writing function checks, test scripts, testing again a certain period of time, verify log files, writing queries from a frontend, and change values.
• Inserting new menu items, deleting items and repeating if all with invalid data.