博客

所有关于基于风险的测试-安全和可持续的质量方法

Risk-Based-Testing

无论是哪个软件项目,都有既定的目标. 要按时把一个项目准备好涉及到很多事情, 资源, 预算, 基础设施, 和更多的. One thing that can hamper the timely 实现 of the project is the inclusion of risks that can be of any type – internal or external, big, 或小. 这些风险会对项目的顺利运行造成严重破坏. 一个可以保护软件项目免受这些风险的解决方案是 基于风险的测试.

When we say ‘risk’, it means the happening of an unclear activity that can cause harm to the project. 它可以对不同的参数产生很大的影响,比如预算, 质量, 实现, 客户满意度, 等.

当整个项目准备就绪时,引入测试的时间已经过去了. Today’s modernized way of software development looks at testing as an integral component of the entire software development cycle. 现在在项目的每个开发阶段都要完成测试, 尝试在遇到错误时立即删除错误. 同样的道理, risk-based testing can be of great help if introduced at the right time at the right place.

基于风险的测试-简介

Risk-based testing (RBT) is a type of software testing that functions as an organizational principle used to prioritize the tests of features and functions in software, 基于失败的风险, 它们重要性的作用, 失败的可能性或影响. – 维基百科

Risk-based testing (RBT) is a type of testing that is dependent upon the chances of risk occurrence. It considers those factors and features of the project that could have a direct impact on the project. 有不同的参数被考虑-特征的临界性, 事件的复杂性, 的发生, 等. RBT的基本目标是:

  • 设计并执行涉及最高业务风险的测试事件
  • 使客户执行过程顺畅,不让风险妨碍执行
  • Find out possible risks or failures way ahead of time to prevent it from occurrence
  • Avoid the impact of risks on organizational 最后期限, costs, and business prospects
  • 帮助实现敏捷和DevOps流程
  • 确保为客户提供高质量、无错误的软件

 

Effective risk-based testing does not mean that there will be no risk involved in the project. 这是过于乐观的要求. What it implies is attempting to minimize all risks that can hamper project parameters and achieve a smooth run. 这里涉及的风险可以是产品风险、项目风险和过程风险. They could also be classified as business risks, non-business risks or financial risks.

基于风险的测试可能涉及, 技术测试-环境/集成测试, 功能测试——特性/模块/功能/程序, 以及非功能测试——负载/性能/配置/安全测试.

Some of the key metrics that are required for performing risk-based testing are – planned vs executed 测试用例, 关键开放风险的数量, 测试覆盖率报告, 风险识别/缓解/泄漏的百分比, 测试总结报告, 时间表vs实际工作.

基于风险的测试的主要优势

  • 用户焦点的增加将直接提供更多的客户满意度, 业务性能, 以及更好的工作质量
  • 及时发现高风险区域, 在实际实施过程中,对项目造成的破坏最小
  • 它提供了更好的测试覆盖率, 确定需要测试的特定区域, 如何以及何时开始, 找出风险的影响
  • The overall software 质量 is bound to enhance since all possible risks are well tested and hence all 功能ities now can reach customer expectations
  • 有一个定义明确的工作范围的结构更好的测试, 最后期限, 优先级, 测试用例, 测试数据, 以及最新的测试工具
  • 它提高了生产率, 降低成本, det365性能, 市场机会, 和市场推广时间

何时执行这种类型的测试?

基于风险的测试可以在以下情况下实现

  • 项目有一个有限的时间进度、预算、资源分配等.
  • There is an 实现 of incremental, iterative, agile, and DevOps project methodologies
  • 新项目涉及到高风险因素,比如新技术, 缺乏技术资源, 规划不足等.
  • 其中包括基于云的det365或最新的项目方法
  • 该项目是面向研究的或更复杂的挑战

基于风险的测试方法和路线图

风险识别

可以通过风险检查表来识别风险, 研讨会, 面试, 头脑风暴会议, 根本原因分析, 等. 可以识别风险以及可能的应对措施. 电子表格可以用来进行有效的监控和跟踪. A risk breakdown structure can be constructed that can identify the risk-prone zones and thereby, 评估所涉及的风险. 它有助于为这些活动提供大量的时间和资源.

A risk assessment matrix can be created that offers the teams a fast look at the risks and involved occurrence levels. Risks could be occurring at different levels – frequent, probable, occasional, remote, improbable. 在此基础上,可以确定进一步的行动方针和优先事项.

甚至风险的严重性对决策也是至关重要的——严重、高、中、低. The degree to which harm is caused due to the risks is important for finding out which risks must be addressed to and when. Risks could be having harsh consequences, could be critical, marginal, or negligible.

风险分析、缓解和应急

Analyzing risk is important and based on that, it must be decided how best to respond to that risk. 有些风险可能需要快速反应,有些可以等待. This can be done through a risk matrix through which the impact and probability of the risks can be understood, 可以采取相关的行动.

Mitigating risks is also equally important since that helps in decreasing the effect of the possible risks. It can be addressed to by lowering the chances of its occurrence or at least get it down to a bearable level.

Even a back plan or a contingency plan must be kept ready through which any type of impulsive risk can be attended. 它指的是一个不确定的事件,它的影响也不知道. 基本上, the contingency plan is to cater to the risks that are uncertain and could turn out to be harmful to the project.

风险应对计划

Once the analysis is done, stakeholders come to know if the risk needs a response or not. 在计划项目时,可能需要对一些风险做出反应, 有些人在测试和监控项目时可能需要它. 有些甚至可以忽略不计,甚至根本不需要回应. This phase of risk-based testing is important to bring out the major risks and attend to them all instead of wasting time over miniscule risks.

风险监测与控制

不管你怎么努力,总有一些风险会发生. 在这种情况下,必须制定一个适当的监测和控制机制. 它有助于识别风险, 监控他们, 发现新的, 分析了其产生的基本原因, 执行风险计划, 并密切关注其指标. 各类评估, 审计, 趋势分析, 性能测量, 状态更新是这种方法的一部分. It also depends upon different parameters that are involved in the projects like technology updates, 项目规模, 资源的数量和技能, time, 和精力估计, 和许多更多.

基于风险的系统测试

RBT包括由技术人员组成的系统级测试, 功能, 以及非功能性系统测试. 它包括环境测试, 集成测试, 功能级测试, 负载测试, 压力测试, 安全性测试, 等. A system-level testing approach is a must since that forms the core of any system and is hence highly recommended.

基于风险的平滑测试的最佳实践

在一般情况下, the different activities involved while performing risk-based testing involve the following steps, 除个别情况外:

  • 通过检查表准备一份可能涉及的风险的详细清单, 面试, 研讨会, 根本原因分析, 专家意见, 等.
  • 记录所有风险的可能原因、响应和根本原因
  • 准备涉及每个风险的测试用例、测试文档和测试数据
  • Map test coverage with risk 评估 to ensure all risks are covered in the test documents
  • 随着项目的进展,要不断适应新的风险
  • 利用风险矩阵进行定量和定性的风险分析
  • 决定是否需要对风险做出回应
  • 尽可能降低风险
  • 准备好应急计划,以防万一
  • 透过不同的风险审核,是否有适当的监察及控制机制, 评估, 趋势分析, 状态会议, 等.
  • Collaborate with different management and development teams for understanding the risks better
  • Have proper communication with the team and keep changing risks assessment plans accordingly so that any change in project activities can be embedded in risk management
  • 根据项目的更新,不断更新测试覆盖计划

一些关键的测试报告和度量证明对RBT至关重要

  • 测试用例的数量——计划的与实际的对比
  • 缺陷的数量,优先级,状态
  • 测试总结/覆盖报告
  • 风险降低效率
  • 要求稳定指数
  • 测试效果
  • 测试设计范围
  • 缺陷检测效率
  • 环境的失败

 

和更多的……

临别赠言

Risk-based testing is now one of the most important and smart testing strategies in det365娱乐官网det365. Organizations are now giving it due importance and enjoying successful and secure outputs. As projects are getting complicated, software testing is becoming smarter and effective. 测试不能简单地通过获取所有项目相关的功能来完成. It needs to embed the risk assessment effectively and that is what forms the crux of risk-based testing – the smart way to effective testing!

作者: det365

相关的博客