Static Testing: We Know It Works, So Why Don’t We Use It?

W14

Test Techniques

5/6/2015 3:00:00 PM

Static Testing: We Know It

Works, So Why Don’t We Use It?

Presented by:

Meenakshi Muthukumaran

Tata Consultancy Services

Brought to you by:

340 Corporate Way, Suite 300, Orange Park, FL 32073 888-268-8770 ∙ 904-278-0524 ∙ [email protected] ∙ www.sqe.com

Meenakshi Muthukumaran

Tata Consultancy Services

Meenakshi Muthukumaran is a test automation strategist and consultant with Assurance

Services Unit of Tata Consultancy Services. Meena advises customers on product selection,

deployment, and effective use of static testing tools, and leads the professional research team

that evaluates and grades different static testing tools. She started her career as a software

developer and worked in the United States for several years in technology and management

roles. With more than ten years of experience in the IT industry, Meena works with customers

across geographies and industries to build high-quality software by addressing their challenges

related to code quality and post-production defects.

1Copyright © 2014 Tata Consultancy Services Limited

Static Testing: We Know It Works, Why

Don’t We Use It?

May 2015

2

With You Today…

Meena has 10+ years of overall experience in IT

industry and has been with TCS for past 4 years.

She is a Masters in IT and after engineering, she

started her career as a software developer.

Thereafter she has worked in multiple domains

spanning both technology as well as management

Meenakshi Muthukumaran

SQG Consultant, Assurance Services,

Tata Consultancy Services (TCS)

Meena has worked with multiple Fortune 500 customers across geographies and

industries in addressing their business objective by certifying and assuring high-

quality software

3

Agenda

Business

Drivers

The

Quality

Assurance

LensWhy

Static Testing ?

Putting

Static Testing

to work

Static Testing:

Delivered

results

4

Businesses today need to address…

Complexity

Digital

customers

New age

competitionSecurity

concerns

First time

right

5

Else will lead to…

Delays in time

to market

Increased

ops cost

Reduced

revenues

Dissatisfied

customer

6

Incomprehensive QA can erode your business…

SEC fines more than $40 million

compensations claims.

Reputational damage

Stocks declined 72% in 6 months

More than 500 death months

Lost $440 million in 30 minutes;

Loss of 75% in stock value in 2

business days

7

Having a holistic perspective…

WHAT YOU KNOW

WHAT SOME

MIGHT KNOW

WHAT YOU REALLY

SHOULD KNOW

T E

S T

RE

VIE

W

Correctness

Efficiency

Reliability

Maintenance Cost

Program

Structure

Coding

Practices

Coupling

Complexity

Readability

Flexibility

Reusability

Maintainability

Testability

8

Will get you to..

Inspection

Software walk-

throughs

Peer reviews

Static

Testing

9

Why do I need Static Testing?

Think OUT of BUGS

10

Static Analysis: Effective way of Static Testing

Code baseStatic code

analyzerDefects/Violation

Automating

Code Inspections

Analyzing the code without executing

Making effective

• Tracks suggestions

• Allows follow-up tasks

• Aids comparing before/after changes

• Integrates source code repositories

11

Although research shows Static analysis is effective…

Static Analysis has comparatively higher defect removal efficiency

Source: Caper Jones: SOFTWARE QUALITY IN 2013: A SURVEY OF THE STATE OF THE ART

12

It isn’t flying high as it should

Limited Awareness

Tools

Unavailability

Time shortage

Mindset

13

Increasing awareness…

Static testing

champions

across

teams

14

Bringing mindset change…

Top down

approach can

drive static

testing

15

With a 7 Point Strategy for Tool Selection…

Deployment Strategy

Technology Coverage

Supporting Environment

Product Update

Triage & Remediation Support

Reporting Capabilities

Enterprise Level Support

16

Will Deliver Certainty

Early defect detection

Faster time to Market

Reduction in TCO

Progressive improvement in Quality

17

Success story: Leading Oilfield Services Company

Challenges

• Performance: Slow response rates. Irritated users

• Stability: Systems hang during key transactions

• Increased # of problem tickets/ issues to be resolved

Solution

• Analysis of the base code

• Identification of exact elements causing issues

• In-depth analysis of the code post fixing issues

Results

• Improvement in overall application health with respect to Performance, Robustness and Security

• Actual performance of the application improved by up to 50% on some transactions.

Maintainability 3%

Reliability 10%

Efficiency 13%

Security 22%

18

Success story: Leading Oilfield Services Company

0

0.5

1

1.5

2

2.5

3

3.5

Maintainability Reliability Efficiency Security

3.092.91

2.822.71

3.19 3.21 3.2 3.31

Quality Evolution

Before After

Maintainability 3%

Reliability 10%

Efficiency 13%

Security 22%

19

Some useful directions and …

Inefficient error

handling

expensive

loops performance problems

Select *

null pointer

dereferences

database

connection

leaks

SQL

injection

Cross-site

Scripting

Hardcoded

Credentials

Insecure File

Upload

Insufficient

Session Expiration

Poor

Memory/

Network

Mgmt

Improper SQL and

Data Handling

Dynamic

Instantiation

20

And Best practices from the engagement

Create

Awareness

Measure

QualityEmbed in

lifecycle

Integrate with

existing tools

Mandate it

Improve &

Control

21

Prevention is better than cure

Quality cannot be monitored or tracked unless

measured

Quality should not be a practice – rather be the WAY

of life.

A quick recap

Thank You

IT Services

Business Solutions

Consulting

Please visit us at Booth# 17

or write to us at: [email protected]