You are on page 1of 64

The ISTQB Advanced Syllabus

Guiding the Way to Better Software Testing

ISTQB Ad
Advancedd SSyllabus
ll b
Goals of this presentation
p
Familiarize you with the ISTQB program and certifications
in general
Explain the Advanced level certification and its benefits
Ill t t the
Illustrate th ki
kinds
d off abilities
biliti candidates
did t mustt ddemonstrate
t t
to gain the certificate
Topics to cover
An overview of the ISTQB program and results so far
The structure and origin of the Advanced Syllabus
The Advanced Test Manager
The Advanced Test Analysty
The Advanced Technical Test Analyst
Each of the last three topics includes a training course
excerpt, an example of the kind of problem a certificate-
h ld can solve,
holder l and
d a samplel exam questioni
www.rbcs-us.com
ISTQB Advanced Syllabus Copyright (c) RBCS 2008 Page 2

The ISTQB Advanced Syllabus
Guiding the Way to Better Software Testing

ISTQB Overview
O i

Program and Results

rbcs-us. K Key Q ti T Questions To Add Address What is tester certification? What are the ASTQB and ISTQB? What are the levels of certification? What is the impact p of certification On the tester? On the O t eoorganization? ga at o ? On the testing profession? www.com ISTQB Advanced Syllabus Copyright (c) RBCS 2008 Page 4 .

trainers trainers.com ISTQB Advanced Syllabus Copyright (c) RBCS 2008 Page 5 . and academics Training is not required to take exams Last two points in particular distinguish ISTQB’s approach from other testing certifications www. SSoftware ft T t C Tester tifi ti Certification Tester certification confirms. the professional capabilities of software testers ISTQB’s approach Practical.rbcs-us. consultants. objective carefully-designed exams. real-world focused Supports a career path with levels of certification Promotes the software testing profession Represents the distilled wisdom of many experts including practitioners consultants practitioners. confirms through objective.

and academics Patricia McQuaid. Vice President (practitioner) Randy Rice. Treasurer (trainer) Debra Friedenberg. Directors Lois Kostroski. Jerry Everett (trainer). ISTQB Representative (consultant) Taz Daughtrey (academic/practitioner). Andrew Pollner (trainer).com ISTQB Advanced Syllabus Copyright (c) RBCS 2008 Page 6 . Kostroski Managing Director Develops and administers exams Accredits trainers Participates in ISTQB activities www. Technical Advisory Group Chair (practitioner) Rex Black. trainers. President (academic) Joe Gance. ASTQB Composed p of recognized g experts p Mix of practitioners. and Wayne Middleton (trainer). consultants.rbcs-us.

These working parties distill the collective experience and wisdom represented across boards (>2. Belgium. processes. Erik V d l Vice Vi President Horst Pohlmann.000 person-years) www. Treasurer Chris Carter. glossary. th doubled d bl d iin scope in the last four years Based in Brussels. etc. President E ik van Veenendaal. ISTQB Composed of 41 National B d more than Boards. ll i l sharing h i organization i ti Working parties (composed of National Board delegates) define syllabi (bodies of knowledge). EU Rex Black.com ISTQB Advanced Syllabus Copyright (c) RBCS 2008 Page 7 . Secretary A collegial.rbcs-us.

F d ti C
Foundation tifi ti
Certification
Entry level certification: 00+ years of experience
Entry-level
Goals
Ensure a broad understanding of the fundamental best
practices and key concepts in software testing
Provide a foundation for professional growth
Syllabus/body of knowledge covers
Fundamentals
F d t l off testing,
t ti testing
t ti iin th
the software
ft lif
lifecycle,
l
static techniques, white-box and black-box test design, test
management, and testing tools
Syllabus-based training courses are typically 3-5 days
Status: Version 2007, an incremental improvement on
version 2005, released, with exams and training
courses widely available
www.rbcs-us.com
ISTQB Advanced Syllabus Copyright (c) RBCS 2008 Page 8

Ad
Advancedd C tifi ti
Certification
Mid-level certification: 5+ y
years experience
p
Goals
Ensure an understanding of advanced best practices and key
p in software testing
concepts g by
y committed test p
professionals
Support on-going professional growth
Syllabus/body of knowledge covers
Advanced
d a ced behavioral
be a o a (black-box)
(b ac box) test
testing
g for
o teste
tester aanalysts,
a ysts, test
automation and advanced non-functional testing for technical
test analysts, and sophisticated test management concepts
Syllabus-based training courses are typically 5 days for each
module
d l (three
(th modules
d l total)
t t l)
Status: Version 2007, a merge and expansion of the older
Practitioner and Advanced syllabi, is released. Exams and
accredited training are running against this version now.
now
www.rbcs-us.com
ISTQB Advanced Syllabus Copyright (c) RBCS 2008 Page 9

E p tC
Expert tifi ti
Certification
Guru level certification: 8+ years experience
Guru-level
Goals
Ensure consistent understanding and execution of proven
cutting-edge techniques by seasoned test professionals
Lead the software testing profession
Syllabi/bodies of knowledge may cover
Test process improvement, test automation, test
management, and more
Syllabus based training courses will be offered
Syllabus-based
Status: A working party is developing new expert
syllabi. We expect the Expert Test Manager syllabi an
Improving Test Processes syllabi this year.
www.rbcs-us.com
ISTQB Advanced Syllabus Copyright (c) RBCS 2008 Page 10

Vi li i th Visualizing the Levels L l off Certification C tifi ti Expert Expert … Expert Expert [TBD] [TBD] [TBD] [TBD] Advanced Advanced Advanced Technical Functional Manager Foundation Relative size of figures indicates expected relative numbers of potential certificate holders (not to scale). www.com ISTQB Advanced Syllabus Copyright (c) RBCS 2008 Page 11 . There will be more than four expert certifications.rbcs-us.

com ISTQB Advanced Syllabus Copyright (c) RBCS 2008 Page 12 . ISTQB bby th the Numbers N b www.rbcs-us.

com ISTQB Advanced Syllabus Copyright (c) RBCS 2008 Page 13 . ISTQB C Certification tifi ti Growth G th www.rbcs-us.

rbcs-us. V l off C Value tifi ti Certification To the tester Demonstrate mastery of the best practices and key concepts in the field Advance career and opportunities pp in competitive p market To the organization Ensure better testing g for better software and lower costs of poor quality Achieve consistency and re-usability of testing To the profession Build on our best work and stop going in circles Define the profession and what professional testers know www.com ISTQB Advanced Syllabus Copyright (c) RBCS 2008 Page 14 .

A An E pl off C Example tifi ti ROI Certification One RBCS client ran a Foundation course as a pilot in one of its many offices in the US The week after the course.com ISTQB Advanced Syllabus Copyright (c) RBCS 2008 Page 15 . effort which accounts for most of their testing This client now requires q all new testers to hold the Foundation certificate. and is gradually training its entire staff of testers www.rbcs-us. a tester applied a technique he’d learned to reduce the regression test set from 800 test cases to 300 That is a 60% reduction in regression test effort.

The ISTQB Advanced Syllabus Guiding the Way to Better Software Testing ISTQB Advanced Ad d Syllabus S ll b Structure and Origin .

000 000 person-years person years of experience The ISTQB and the authors are the source of the syllabus y which is used byyppermission as the basis for all accredited training courses (including RBCS’ courses) www.rbcs-us. ISTQB Ad Advancedd SSyllabus ll b 2007 Developed by a team of 15 authors spanning 10 countries Sixty-nine primary reviewers spanning nine countries Final review and approval by 33 National Boards Distills over 22.com ISTQB Advanced Syllabus Copyright (c) RBCS 2008 Page 17 .

www.rbcs-us. + Indicates an author who has 20 or more years of software or systems experience.com ISTQB Advanced Syllabus Copyright (c) RBCS 2008 Page 18 . Ad Advancedd SSyllabus ll b A th Authors Graham Bath Bath*+ + Klaus Olsen Rex Black*+ Randy Rice*+ Sigrid g Eldh+ JJürgen g Richter Bernard Homès (chair)+ Eric Riou Du Cosquer Jayapradeep Jiothis Mike Smith+ Paul Jorgensen*+ Geoff Thompson (vice Vipul Kocher chair)*+ J d McKay*+ Judy M K * Erik Van Veenendaal*+ * Indicates an author who has also written or edited one or more books on testing.

rbcs-us.com ISTQB Advanced Syllabus Copyright (c) RBCS 2008 Page 19 . Fundamentals of testing 2. F d ti SSyllabus: Foundation ll b The Th Six Si Chapters Ch pt 11. Tool support for testing www. Static techniques 4. Test design techniques 5. Testing throughout the software lif lifecycle l 3. Test management 6.

Testing of software characteristics 6. Reviews 7. Ad Advanced d SSyllabus: ll b TheTh Ten T ChChapters pt 11. Test techniques 5.com ISTQB Advanced Syllabus Copyright (c) RBCS 2008 Page 20 . Testing processes 3.rbcs-us. Incident (defect) management 8 8. g Test management 4. Test tools and automation 10 10. St d d and Standards d test t t process improvement i t 9. People skills (team composition) www. Basic aspects of software testing 2.

8 K4 Referenced books: 21 Referenced standards: 7 www. Ad Advancedd SSyllabus ll b bby th the N b Numbers Number of pages: 114 Number of learning objectives Test Manager: • 64 total t t l • 43 K2.rbcs-us. 7 K3. 9 K4 Test Analyst: • 29 total t t l • 18 K2. 12 K3.com ISTQB Advanced Syllabus Copyright (c) RBCS 2008 Page 21 . 4 K4 Technical Test Analyst: • 44 total t t l • 25 K2. 11 K3.

rbcs-us.. and standards to y your p projects j K4: analyze facts. techniques. techniques. test analyst. q . and K4 learning objectives defined against each chapter www. techniques. technical test analyst) has its own set of K2. and standards. the entire Advanced syllabus is implicitly p y covered at the K1 level Each module (test manager. L i Obj Learning ti Objectives The Foundation and Advanced exams are based on l learning i objectives. and standards and how they inter-relate K3: apply pp y facts.com ISTQB Advanced Syllabus Copyright (c) RBCS 2008 Page 22 . and adapt or select them for your project For the Advanced exams. techniques. and standards K2: understand the facts. bj i which hi h state what h you should h ld b be able bl to do The learning objectives are at four levels of increasing sophistication p K1: remember basic facts. K3.

com ISTQB Advanced Syllabus Copyright (c) RBCS 2008 Page 23 .rbcs-us. Ad Advancedd E Exam Q ti Questions The lower levels.. are allowed www. are covered implicitly within higher level questions Unlike the Foundation exam. the Advanced exams are heavily focused on K3 and K4 questions Many exam questions consider a scenario Scenario described Sequence of questions about scenario asked Simulates real-world use of various advanced testing concepts The h Foundation d syllabus ll b is also l examinablebl Cross-section questions. including joining Foundation and Advanced sections. K1 and K2.

or technical test analyst) M Must be b at least l five fi days d llong (for (f lilive.rbcs-us. test analyst. instructor-led courses) Must include real-world examples for all K2. and K4 learning objectives Must include realistic exercise for all K3 and K4 learning objectives (which must be done in class for live.com ISTQB Advanced Syllabus Copyright (c) RBCS 2008 Page 24 . K3. Ad Advancedd T i i C Training Courses Must cover all learning objectives defined for the module (test manager. instructor-led courses) www.

0 0% 9 1.0 0% 0.0 6% 8 2.0 6% 3.0 9% 7 1.7 53% 2.0 6% 4 0.0 51% 15.0 0% 3.0 6% 2.0 100.5 10% 10 4.5 1% Total 35.0 0% 18.0 3% 1.rbcs-us.0 9% 3.0% 35.0 6% 2.5 1% 0.5 1% 0.3 4% 2.5 10% 4.5 7% 0.5 4% 3.0 9% 3 18.0 3% 1 2.0 100% 35. T i i C Training Course B Breakdown kd Test Manager g Test Analyst y Tech Test Analyst y Chapter Hours Percent Hours Percent Hours Percent Intro 1.0 6% 0.0 100% www.5 4% 1.0 9% 3.0 3% 1.5 44% 5 0.0 11% 0.0 11% 6 2.5 1% 2 2.0 6% 3.com ISTQB Advanced Syllabus Copyright (c) RBCS 2008 Page 25 .

certificate one must: Hold a Foundation Level certificate issued by an ISTQB-recognized Exam Board or Member Board Have appropriate experience in software testing or development.com ISTQB Advanced Syllabus Copyright (c) RBCS 2008 Page 26 . years depending on degree held and certificate(s) sought Subscribe to the h Code d of Ethics h in theh syllabus ll Accredited training is recommended but not required www. R i t ffor Ad Requirements Advancedd C tifi t Certificates To earn a certificate. development between 2-5 years.rbcs-us.

PROFESSION . CLIENT AND EMPLOYER . and promote cooperation with software developers.rbcs-us.Certified software testers shall participate in lifelong learning regarding the practice of their profession and shall promote an ethical approach to the practice of the profession.Certified software testers shall maintain integrity and independence in their professional judgment. COLLEAGUES . consistent with the public interest. profession www.com ISTQB Advanced Syllabus Copyright (c) RBCS 2008 Page 27 .Certified C ifi d software f testers shall h ll b be ffair i to andd supportive i off their colleagues.Certified software testers shall ensure that the deliverables they provided (on ( theh products d and d systems theyh test)) meet the h highest h h professional f l standards possible. JUDGMENT.Certified C f d software f test managers and d leaders l d shall h ll subscribe b b to and promote an ethical approach to the management of software testing. PRODUCT . ISTQB T t Ethi Tester Ethics PUBLIC. MANAGEMENT A AG .Certified software testers shall act in a manner that is in the best interests of their client and employer.Certified software testers shall act consistently with the public interest. SELF .Certified software testers shall advance the integrity and reputation of the profession consistent with the public interest.

and Sample Exam Question .The ISTQB Advanced Syllabus Guiding the Way to Better Software Testing Ad Advanced dTTestt M Manager Goals. Excerpt Goals Excerpt.

organize and lead testing teams Organize the communication between the members of the testing teams. and between the testing teams and all the other stakeholders Justify the decisions and provide adequate reporting information where here applicable Advanced Test Manager exams (and courses) focus on these main concepts Let’ss look at sample course content and an exam question… Let question www. acquire and assign the adequate resources to the tasks Select.com ISTQB Advanced Syllabus Copyright (c) RBCS 2008 Page 29 . B i an Ad Being Advancedd T Testt M Manager You should be able to: Define the overall testing goals and strategy for the systems being tested Plan. schedule and track the tasks D Describe ib andd organize i the th necessary activities ti iti Select.rbcs-us.

test sequencing.rbcs-us. testing responds to risk: Allocation of effort.com ISTQB Advanced Syllabus Copyright (c) RBCS 2008 Page 30 . Ri kB dT Risk-Based ti Testing Risk: the possibility of an undesired outcome Product or quality risks Project or planning risks The level of risk varies varies. prioritization of defect repair Providing mitigation and contingency responses Reporting test results and project status These responses to risk occur throughout the lifecycle: Reduce risk by running tests and finding defects R Re-evaluate l risk i k and d risk i k llevels l bbased d on new iinformation f i www. often depending on: Likelihood Impact In risk-based risk based testing testing.

rbcs-us. the earlier the test coverage g Total level of quality risk reduced as testing continues Results reported in terms of residual risk Test triage (e. risk the more test effort The higher the risk. due to schedule compression) done in risk order More robust than requirements-based Best when blended with reactive strategies to detect missed riskswww.com ISTQB Advanced Syllabus Copyright (c) RBCS 2008 Page 31 . A l ti l Ri Analytical kB dT Risk-Based Testt St t Strategy The higher the risk.g..

H How Ri kB dT Risk-Based ti SSolves Testing l P bl Problems Insufficient time: All testing is time time-boxed. is 0%. boxed. have to prioritize and triage Coverage g q questions: All test coverage. g measured as a percentage of what could be tested.rbcs-us. choose smart subset P Poor specifications: ifi ti St Stakeholder k h ld iinvolvement l t fills gaps in documents End-game End game compression: Provides means to drop tests intelligently Release decisions: Can address residual risk rather than bug and test counts www.com ISTQB Advanced Syllabus Copyright (c) RBCS 2008 Page 32 .

Craig Craig. precursors of iterative and agile lifecycles Mid 1980s: Separately. Black Black. and Redmill develop similar approaches for quality risks analysis and risk-based testing 2000s: Risk-based testing (in various forms) in wide usage www. Hi t off A History l ti l Ri Analytical kB dT Risk-Based ti Testing Early 1980s: Separately.com ISTQB Advanced Syllabus Copyright (c) RBCS 2008 Page 33 .rbcs-us. Beizer and Hetzel declare risk as driver of testing but leave out mechanisms 1990s: Separately Separately. Separately Boehm and Beizer develop risk-driven spiral lifecycle and risk-driven integration. Gerrard Gerrard.

com ISTQB Advanced Syllabus Copyright (c) RBCS 2008 Page 34 .rbcs-us. but are overlapping and iterative due to continuous risk management Ri k management id Risk ideally ll includes i l d all ll project j stakeholders. Ri kM Risk Managementt Risk management includes three primary activities: Risk identification Risk assessment or analysis Risk mitigation or risk control These activities start in sequence. though some stakeholders may act as surrogates for other stakeholders Test analysts bring particular expertise to risk management due to their defect-focused outlook Let’ss look at these activities more closely… Let www.

we can identify y risks via: Expert interviews Independent assessments Use of risk templates Project retrospectives Risk workshops and brainstorming Checklists C lli on pastt experience Calling i The broadest range of stakeholders yields the most complete.rbcs-us.. accurate. Ri k Id Risk tifi ti Identification Whether for p product or p project j risks.com ISTQB Advanced Syllabus Copyright (c) RBCS 2008 Page 35 . precise risk identification Risk identification can Stop at risk items Look downstream to identify potential effects of the risk item ((FMEA)) Look upstream at the source of the risk (Hazard Analysis) www.

often based on likelihood and impact Likelihood arises from technical risk Impact arises from business risk The level of risk is determined either quantitatively q y or qualitatively Typically the level of risk is determined qualitatively Either way.y. unless statistical data is used.com ISTQB Advanced Syllabus Copyright (c) RBCS 2008 Page 36 .. Ri kA Risk l i or A Analysis Assessmentt Risk analysis or assessment studies the identified risks Risks are categorized. using ISO 9126 or other quality categories Risks are assigned a level of risk. the level of risk reflects stakeholder opinions and consensus www.rbcs-us.

com ISTQB Advanced Syllabus Copyright (c) RBCS 2008 Page 37 . t iti costs. done risk control can make matters worse! www. Ri kC Risk t l Control Four options for risk control Mitigation: reduce likelihood and/or impact beforehand Contingency: prepare to reduce d impact after f theh fact Transference: transfer impact p of risk to another part Ignore/accept: hope for the best Each E h option ti has h benefits. b fit opportunities.rbcs-us. t and potentially additional risks to consider Poorly done.

identifying risks for functional quality q y characteristics only.rbcs-us. E i F Exercise: ti l Q Functional lit Risks Quality Ri k Analysis A l i Read the HELLOCARMS System Requirements Document Perform an informal quality risks analysis in groups of 3-5.com ISTQB Advanced Syllabus Copyright (c) RBCS 2008 Page 38 . y usingg the template shown earlier Spend 30 minutes identifying quality risks Spend 15 minutes assessing the level of each risk Discuss www.

execution www. S pl Exam Sample E Question Q ti An organization g follows a requirements-based q test strategy for most of its projects.g B.com ISTQB Advanced Syllabus Copyright (c) RBCS 2008 Page 39 . Past performance issues lead to an increased effort on p performance testing. D. Test estimation is based on the number of pages in the requirements specification.rbcs-us. Test execution is outsourced to a testing company based on a low-cost bid. C. Unit test effort is limited to ensure early commencement of system test execution. Which of the following is the best example of modifying the test approach pp for a p project j based on an understanding g of risks? A.

and Sample Exam Question . Excerpt Goals Excerpt.The ISTQB Advanced Syllabus Guiding the Way to Better Software Testing Ad Advanced dTTestt A Analyst l t Goals.

and report on the progress of these activities Provide the necessary evidence and data to support evaluations and findings Implement the necessary y tools and techniques to achieve the d fi d goals defined l Advanced Test Analyst exams (and courses) focus on these main concepts Let’s look at sample course content and an exam question www. B i an Ad Being Advancedd T Testt A l t Analyst You should be able to: Implement the test strategy with a focus on business domain requirements Analyze the system based on user quality expectations and apply that analysis to the testing to be done Evaluate the system requirements to determine whether the business objectives can be met by that system Prepare and execute adequate testing activities.com ISTQB Advanced Syllabus Copyright (c) RBCS 2008 Page 41 .rbcs-us.

com ISTQB Advanced Syllabus Copyright (c) RBCS 2008 Page 42 . D ii T Decision bl Tables Concept: test the rules that govern handling of transactional situations Model: table ((or Boolean ggraph) p ) connecting g conditions with actions Test derivation: fulfill conditions. check actions ti Coverage criteria: at least one test per combination of conditions (DT column) Bug hypothesis: improper action or missing action www.rbcs-us.

rbcs-us. E Example: pl Decision D i i Table T bl (F (Full) ll) Conditions 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 Real account? Y Y Y Y Y Y Y Y N N N N N N N N Active account? Y Y Y Y N N N N Y Y Y Y N N N N Within limit? Y Y N N Y Y N N Y Y N N Y Y N N L ti okay? Location k ? Y N Y N Y N Y N Y N Y N Y N Y N Actions A Approve? ? Y N N N N N N N N N N N N N N N Call cardholder? N Y Y Y N Y Y Y N N N N N N N N Call vendor? N N N N Y Y Y Y Y Y Y Y Y Y Y Y www.com ISTQB Advanced Syllabus Copyright (c) RBCS 2008 Page 43 .

: Account not reall but A b account active? i ? Account not real but account within limit? Maybe we don’t need all the columns in our decision table? www. E pl D Example: ii T Deriving t Tests In the example just shown. each column of the table is a test case We will create the conditions (which are the test’s inputs) We will verify the actions (which are the test test’ss expected results) In some cases. some of the test cases don’t make much sense.com ISTQB Advanced Syllabus Copyright (c) RBCS 2008 Page 44 .g. e. we might generate more than one test case per column (more later) In this case.rbcs-us.

we can collapse the decision table This involves combining two or more columns Combinable columns often but not always next to each other Look for two or more columns that result in the same combination of actions (for all the actions in the table) Replace the conditions that are different in those columns with “-” ((for don’t care/doesn’t / matter/can’t / happen) pp ) Repeat this process until no further columns share the same combination of actions or where collapse would erase an important distinction Be careful with tables that have non-exclusive rules www.com ISTQB Advanced Syllabus Copyright (c) RBCS 2008 Page 45 .rbcs-us. C ll p i a D Collapsing ii T Decision bl Table If the value of one or more particular conditions can can’tt affect the actions for two or more combinations of conditions.

- rule 8 collapsing into rule 7.Y N .com ISTQB Advanced Syllabus Copyright (c) RBCS 2008 Page 46 . why h rulel 4 could ld collapse ll into i rule 3. but Actions not rule 7 into rule 6 Formula for number of columns A Approve? ? Y N N N N N N (2conditions) no longer applies Call cardholder? N Y Y N Y Y N Regular pattern of conditions no Call vendor? N N N Y Y Y Y l longer applies li www. but not rule 3 into rule 2 Within limit? Y Y N Y Y N - The same logic g also applies pp to L ti okay? Location k ? Y N .rbcs-us. E Example: pl Decision D i i Table T bl (C (Collapsed) ll p d) Conditions 1 2 3 5 6 7 9 Column numbers retained for ease of reference to full table Real account? Y Y Y Y Y Y N Study carefully to understand Active account? Y Y Y N N N .

E i H Exercise: Home E it L Equity Loan IInsurance A new HELLOCARMS feature will allow selling a life insurance policy for the amount of a home equity loan to the borrower (no applicants for lines of credit or reverse mortgages) t ) The premium is calculated annually.000 loan Premium increases by 50% based for each “yes” answer to the health questions on the next page Premium increases based on age and body mass index (BMI) table shown on following page www.com ISTQB Advanced Syllabus Copyright (c) RBCS 2008 Page 47 .rbcs-us.. at the beginning of each ppolicy ypperiod. based on the loan balance at that time The base premium is $1 per $10.

As a result. S pl Exam Sample E Question Q ti An on-line shoe-sellingg e-commerce Web site stocks the following g options for f men’s ’ loafers: l f • Tassel: Tassel (T) or non-tassel (~T) • Color: Black (B). 13 ½. The full table has 12 rules. or white (W) • Size: all full and half sizes from 8 to 14 (S=n) The store is overstocked with tasseled loafers of all sizes and colors.com ISTQB Advanced Syllabus Copyright (c) RBCS 2008 Page 48 . along with white loafers in all sizes. the collapsed table has 7. The full table has 12 rules. D. as no combinations can collapse. they are offering a 10% discount (10%) and free shipping (FS) on these items. C. Both tables have 12 rules. B. items Design a full decision table that shows all combinations of conditions.rbcs-us. www. and 14. then collapse that table by using don’t care (“-“) notation where one or two conditions cannot influence the action. and cordovan loafers in sizes 13. the collapsed table has 5. Which of the following statements is true about these two tables? A. cordovan (C). The full table has 8 rules. the collapsed p table has 5.

Excerpt Goals Excerpt. and Sample Exam Question .The ISTQB Advanced Syllabus Guiding the Way to Better Software Testing Ad Advanced dTTechnical h i lT Testt A Analyst l t Goals.

Prepare and execute adequate testing and report on progress Conduct technical testing activities Provide the necessary evidence to support evaluations Implement the necessary tools and techniques Advanced Technical Test Analyst exams (and courses) focus on these main concepts Let’ss look at sample course content and an exam question Let www.com ISTQB Advanced Syllabus Copyright (c) RBCS 2008 Page 50 .rbcs-us. B i an Ad Being Advancedd T h i lT Technical Testt A l t Analyst You should be able to: Structure the tasks defined in the test strategy in terms of technical requirements Analyze the internal structure of the system in sufficient detail t meett the to th expected t d quality lit level l l Evaluate the system in terms of technical quality attributes such as performance. security. etc.

com ISTQB Advanced Syllabus Copyright (c) RBCS 2008 Page 51 . and external software Increased quality in security can decrease quality in usability perform. usability. function malicious code insertion.rbcs-us. encryption. and virus/ worms Vulnerabilities can arise from user interface. often arising from unintended side-effects Vulnerabilities (and thus tests) include data access. insertion denial of service. T h i l SSecurity Technical it T ti Testing Security is a key risk for many applications Security tests and failures are different from functional tests and failures. function. service sniffing. file system. perform and functionality www. operating system.

D i i T Designing h i l SSecurity Technical it T t Tests The following approaches can be used to develop security tests Information retrieval Vulnerability scan Attack ttack p plans a s Security attacks The last is very similar to the functional attacks described in Chapter 4 Let’ss take a closer look… Let www.rbcs-us.com ISTQB Advanced Syllabus Copyright (c) RBCS 2008 Page 52 .

rbcs-us.com ISTQB Advanced Syllabus Copyright (c) RBCS 2008 Page 53 . operation commands www. Att ki D Attacking p d i andd th Dependencies the UI Dependencies Block access to libraries Manipulate l registry (or similar information) Force use of corrupt files User interface Manipulate and Overflow inputs replace files Switches and options Force low-resource Characters.

rbcs-us. using scripts) Duplicate high- privilege p g files Use unusual workflows Force error messages Force resets Sniff temporary files www.com ISTQB Advanced Syllabus Copyright (c) RBCS 2008 Page 54 .g.. Att ki D Attacking i andd IImplementation Design pl t ti Design Common accounts and passwordsd Unprotected APIs Implementation Connect to all p ports Manipulate M i l t time ti Create loops (e.

rbcs-us.com ISTQB Advanced Syllabus Copyright (c) RBCS 2008 Page 55 . E Example: pl Security S it Setting S tti Attack Att k www.

Frequent system crashes www.rbcs-us. S pl Exam Sample E Question Q ti Which of the following is an example of a defect we would expect to find during technical security testing? A. Slow response time B.com ISTQB Advanced Syllabus Copyright (c) RBCS 2008 Page 56 . Invalid p privilege g elevation D. Resource over-utilization C.

The ISTQB Advanced Syllabus Guiding the Way to Better Software Testing Bibli ph Bibliography .

y. “IEEE Standard for Software Reviews” Institute of Electrical and Electronics Engineers. BS 7925-2 ((1998). “Software Engineering – Software Product Quality” International Software Testing Qualifications Board Board. “Software Considerations in Airborne Systems and Equipment Certification” www. IEEE Std 829 (1998/2007).rbcs-us. ISTQB Glossary (2007). IEEE Standard Classification for Software Anomalies Anomalies” International Standards Organization. “ISTQB Glossary of terms used in Software Testing. )..0” US Federal Aviation Administration. St d d Standards British Computer p Society. DO-178B/ED-12B. IEEE Std 1028 (1997).com ISTQB Advanced Syllabus Copyright (c) RBCS 2008 Page 58 . “IEEE Standard for Software Test Documentation” Institute of Electrical and Electronics Engineers. ISO/IEC 9126-1:2001. / . IEEE Std 1044 (1993) “IEEE (1993). Version 2. “Software Component Testing” Institute of Electrical and Electronics Engineers.

Software Inspection.rbcs-us. Critical Testing Processes. e e . Wiley. Risk-based e-Business Testing. Systematic Software Testing. Addison-Wesley. Black Pragmatic Software Testing. A Practitioner’s Guide to Software Test Design. B k Books Boris o s Beizer. Black-Box lack ox Testing. H 2003 Rick Craig and Stefan Jaskiel. Testing Wiley.com ISTQB Advanced Syllabus Copyright (c) RBCS 2008 Page 59 . 2002 Paul Gerrard and Neil Thompson. Addison- Wesley. Wiley. esting. Artech House. 1995 995 Rex Black. 2003 Lee Copeland. 2002 Tom Gilb and Dorothy Graham. Practical Software Testing. Artech House. 1993 www. 2002 Rex Black. 2003 Rex Black. A Artechh House. Springer. W ey. Wiley 2007 Ilene Burnstein. Managing the Testing Process (2nd edition).

“Test case design using Classification Trees”. Isabel Evans. Foundations of Software Testing. Erik van Veenendaal. The Art of Software Testing.rbcs-us. Thomson Learning. 2002 Tim Koomen. Bach Bret Pettichord Pettichord. Martin Pol. 2002 Cem Kaner. Lessons Learned in Software Testing.com ISTQB Advanced Syllabus Copyright (c) RBCS 2008 Page 60 . Kaner James Bach. Rex Black. Grochmann. Software Testing: A Guide to the T-map T map Approach. 1979 Martin Pol. Approach Addison-Wesley. Glenford Myers. Wiley. Wiley. 2007 M. Addison Wesley 2002 www. Ruud Teunissen. Software Testing: A Craftsman’s Approach (Second Edition). B k Books Dorothy Graham. Addison- Wesley 1999 Wesley. CRC Press. Conference Proceedings g of STAR 1994 99 Paul Jorgensen. Erik van Veenendaal. Test Process Improvement.

Addison-Wesley. Thompson How to Break Software Security. Failure Mode and Effect Analysis. 2001 D. 2002 James Whittaker. STQE Publishing.com ISTQB Advanced Syllabus Copyright (c) RBCS 2008 Page 61 . 1995 Erik van Veenendaal. Practitioner UTN Publishing. editor The Testing Practitioner.rbcs-us. The he Web Web-Testing esting Handbook. Addison-Wesley. andbook. B k Books Steve Sp Steven Splaine a e and a d Ste Stefan a Jask Jaskiel. 2003 James Whittaker and Herbert Thompson. ASQ Press. e . How to Break Software. Veenendaal editor. 2004 www. H. Stamatis.

The ISTQB Advanced Syllabus Guiding the Way to Better Software Testing F More For M Information… I f ti .

com ISTQB Advanced Syllabus Copyright (c) RBCS 2008 Page 63 .rbcs-us. RBCS.com. decreased tech support calls.rbcs-us. outsourcing and training for software and hardware testing testing.com b www.com W b Web: www. …Contact C t t RBCS For over a dozen years. improved corporate reputation and more. Add Address: RBCS Inc. Rangingg g from Fortune 20 companies p to start-ups. RBCS conducts product testing.rbcs-us. visit www. To learn more about RBCS. Employing the industry’s industry s most experienced and recognized consultants. TX 78163-3911 USA Phone: +1 (830) 438-4830 Fax: +1 (830) 438-4831 E-mail: info@rbcs-us. p RBCS clients save time and money through improved product development. builds and improves testing groups and hires testing staff for hundreds of clients worldwide. I 31520 Beck Road Bulverde. RBCS has delivered services in consulting.

.The ISTQB Advanced Syllabus Guiding the Way to Better Software Testing Q Questions. Comments. and Discussion? . .