Test planning is an important skill for testers who wish to communicate the purpose and value of their testing in meaningful ways. When choosing a test planning strategy, it is important to consider the strengths that a strategy offers before implementation. Risk, Session, and Heuristic Based strategies can be used separately or in conjunction with one another to create targeted, effective testing on any product.
Get TestRail FREE for 30 days!
Risk-based test planning involves planning testing around areas of greatest risk. This method of test planning, while useful in any environment as risk is always a factor, is especially useful for people working in highly regulated environments: finance, medicine, and automotive or air travel. Risk-based test planning involves risk assessment as the key factor, and then determining the kind of testing that will be done to address key areas of risk. OWASP has a threat-risk modeling framework that is useful in determining risk for application design and development.
Let’s take a look at testing for availability risks. First, the test manager, along with feature/product designers, need to identify areas of risk to availability. Among these areas might be security-based risks (safety from denial of service attacks), load-based risks around guaranteed uptime (if your app guarantees 99.999% uptime, can your app handle all of the load that might be placed on the application during spikes in traffic at peak times?) or other types of risk (do you have any service level agreements that need to be considered?).
Once risks are identified and prioritized, then test planning can take place. In our scenario, we discussed security, load, and SLA risks as parts of app availability. We might first plan security scans and identify attack vectors that are specific to denial of service attacks. Then, we can identify load test tools and test cases for distributed load as well as sudden load spikes that our app might face. Finally, we might look at service level agreements that we have with users of our application and make sure that their needs are maintained. We can plan and execute these tests using everything from strictly written test cases to exploratory test sessions.
Session-Based Test Management
Session-based test management (SBTM) can be used in nearly any testing scenario, and is especially well-suited for products that require the measurement of exploratory testing efforts. Session-based test management has been around for nearly twenty years, and was first presented by John Bach at Star WEST in 2000. Much of the effort involved in using SBTM revolves around planning the time-based sessions that focus on directing the testing focus and recording how time is spent during the exploratory test session.
Session-based test management is flexible enough that it could theoretically be used to plan testing against areas of risk, and might be used to do exploratory tests in a risk-based model. When using SBTM, testers gather information about a feature from the developer and make test charters for the session, based on the areas of the feature that they would like to explore. This might involve creating a mind-map or other inclusive diagram of the feature(s) under test. Once the application under test has been thoroughly mapped, the team can work together to decide the priority of any testing that needs to be done.
During the testing phase, testers time-box their testing efforts into short (45 minute) or long (90 minute) sessions, where they make a claim about what they will achieve in their test session, and then work through their testing in a responsive manner, using feedback from one test to create new tests and explore the software. Once completed, testers organise a 15 – 20 minute meeting with management to discuss results of their testing and create new charters.
Heuristic Test Strategy Model
The Heuristic test strategy model (HTSM) is a “set of patterns for determining test strategy”. Where risk-based and session-based models of test planning focus on the what, the HTSM focuses on the how: how will you approach the testing of the application under test? As identified by James Bach, there are considerations about product, project, and quality that must be made in order to determine what strategy to apply to testing. Each of the considerations is a series of philosophical explorations into the product, which in turn reveal knowledge that aids in test planning, allowing product, project, and quality concerns to be considered together.
In the HTSM, there are nine general techniques that can be used to address test questions and concerns: function, domain, stress, flow, user, regression, risk, claims, and random. Each technique provides a heuristic, or problem-solving method, that can be used to manage testing. Heuristic strategies can be used to plan scripted-testing (regression), or in conjunction with session-based strategies for more exploratory projects (risk, function, user).
All three strategies discussed in this article provide a better vocabulary for communicating the need and purpose of testing to stakeholders in an organization. Have you thought about which approach might be best suited to the needs of your product and team?
Consider discussing the approaches during your next planning or retrospective meetings to determine whether one or more of them can be used to enhance testing efforts and, if you have any questions or feedback – please do let us know by leaving a comment below!
This is a guest posting by Jess Ingrassellino. Jess is a software engineer in New York. She has perused interests in music, writing, teaching, technology, art and philosophy. She is the founder of TeachCode.org