Job Scope for Software Testing Engineers and How to Prepare for the Interview

by Vibrant Publishers
There’s a great hype for software developers in today’s digital world. But what happens next when the software is ready? That’s where software testing steals the show. With the world demanding more software upgrades than ever expected, the job for testing them gains all the more importance. 55% companies globally seek software testers in their ranks to create flawless software. It’s by these prodigies that errors from a software are ironed out and then served to the companies for actual usage of the software. Being a test engineer conducting tests or to manage the series of tests, this job has a wide scope with a good salary package complimenting it.



Leading companies such as QA Mentor Inc or Fleek IT solutions and so on seek the services of a smart software tester to bolster their companies manpower and make the software flawless. However between this position and you stands a tough interview to emerge victorious in.



To carve your path towards that interview we have our book ‘Software Testing: Interview Questions You’ll Most Likely Be Asked.’ With 300 questions giving insight to the interview to be asked, this prepares you well enough for your experience across the table with seniors and inches you closer to your job.



Check out some of these questions from the book:




1) What is a Black box testing stage?


This is the second type of traditional methods of testing. Black box testing is also known as Functional and /or Behavioral testing. There are functional requirements and test cases are written based on this specification. This phase is the second stage of SDLC process. It involves checking of the system or product or software according to the Functional requirement specification. It determines if the software does what it is supposed to serve. This method does not touch on internal code checking. That means exploring functionality without internal implementation knowledge. The testing name is such because it treats the software as a black box, meaning unknown system. Usually, the Tester is involved in black box testing and not a developer. A tester does not know how software performs but knows only what the software is supposed to react. Black box testing methods are many: boundary value analysis, equivalence partitioning, state transition tables, all pairs testing, fuzz testing, decision table testing, use case testing, model based testing, specification based testing and exploratory testing.




2) Explain email spoofing and content spoofing.


Email spoofing is to duplicate the email header (like the from id) and let it behave like the one originated from the actual id source. The duplicate ones will land only in the spam folders. With specific commands inserted the message information can be modified and
even message body can be altered too.
Content spoofing is another way of creating a fake website and then make-believe the audience that the website exists. Most of the fraud cases happen using the content spoofing, as the hacker can obtain the secured information from the user and use it.




3) What is Shakeout testing?


Shakeout testing is conducted to ensure that a load is successfully implemented without interrupting the actual process and all the other functions are working as expected. Until the installation of a build, encompassed here are a series of tests done on various builds. Shake out includes basic testing of the base desktop functionality, the GUI testing etc. Shake out testing is different from smoke testing and sanity testing.




4) What is forced-Error Testing?


The forced Error Test (FET) as the name signifies contains test cases that force errors to the applications. These test cases determine the errors prior to the executions of the software and are designed to bring out the error conditions. The situations in the test case require specific error messages to be generated. The system must act according to the error-handling schemes. Test cases are to be designed to meet the requirements of finding the error messages and the system must respond the same way. The list of errors is the baseline for developing various test cases.



5) What is Soak testing and Fuzz testing?


Soak testing means checking the performance of a system in depth for a long period to examine any potential discrepancy. The system is run under high loads for 12 or 24 hrs continuously during a heavy traffic. Here load refers to time. There may be performance issues after extending long period communication with the system. Some STLC process may also use soak testing for months with high temperatures or external stresses.
Example: A system behaves normally when tested for a couple of hours. But, when it is tested beyond two hours, problems like ‘memory leakage’ may arise and the system will fail or act unexpectedly.
Fuzz testing is also a Black box testing technique. Using bad data randomly to attack a code and observing breaks in the system is known as Fuzz testing. Automation is done for effective results of Fuzz testing of large applications. This kind of testing ensures the best practice for the application, is well protected.




6) What test cases are written for a Cookie setting?


There are many test cases to check cookie functionality and they are:
  • Accepting and Rejecting cookies to control the smooth functionality of a web application: To test for a good functionality of a website, all cookies must not be accepted. The testing should be done by setting browser options, to prompt when an HTML code wants to write a cookie to the disk. Divide the cookie acceptance into half of the size, say 5 accepted randomly and 5 rejected. Then the window prompts for each cookie to be accepted or rejected and can be managed accordingly. Now check the website major functionality to see if data is getting infected or pages are crumbling.

  • A Test to check the deletion of cookies from self web application page: Testing an action tracking on a web portal. A pixel is placed on the web page for tracking any action made by the user or business purchase done; the cookie tracks the action and/or purchase. While other testing is being done, to avoid multiple tracking of the actions logged from the same cookie, the cookie written to disk is deleted. Therefore, the cookie must be successfully deleted for our tests.

  • Test to delete a cookie: Check by allowing a website to insert cookies on browsers and then close it. Next, delete all cookies manually for a website under trial. Now, reopen the browsers of the web pages and check the behavior of the pages. In this case, cookies must be disabled and tracking of data should not happen.

  • Testing for Cookie on Multiple browsers: An important test is to check if one web application page writes the cookies properly on all or different browsers as planned. The site should work properly by using these cookies. Testing is done on major browsers like Internet explorer, Opera, Chrome, Mozilla Firefox, Netscape and more.

  • Test for corrupt data in the cookie content: Cookies can be easily corrupted. A cookie is manually edited in a notepad and parameter is changed with some corrupt values for the content or the Name or expiry date. Check the site functionality. Our cookies should not allow reading data of another domain in spite of corrupted cookie.




7) Describe Penetration testing or Pen Test.


Penetration testing is testing the vulnerability of a system or network against hacking or unauthorized user access. Complicated methods are used to perform penetration testing. Unauthorized access is attempted to check the vulnerability of the security system in many ways. Ethical hacking or cracking is the term used for penetration testing. A known person who does not have the user authorities tries to hack into the network or system which discloses the security lapses that were overlooked. These are then worked upon and the process repeats till the cracker is unable to access the system in spite of repeated attempts. Ideally, a good ethical hacker needs to do this if you want 100% security ensured. The process reveals the following issues:



  • Inadequate or improper system configuration,

  • Known and/or unknown hardware or software flaws,

  • Operational weaknesses in process,

  • Technical surveillance countermeasures.



This analysis is considered from the point of an attacker, and may actively engage misuse of security vulnerabilities. The owner is given an account of the detailed evaluation of whatever security issues are found. The evaluation is based on the impact caused and a proposal given for technical solution or improvement. Penetration testing helps to find out the probability of a security attack over the system and what it will cost the business in terms of data, reputation, money and time. It involves the following processes:



The process is ongoing until the security vendor comes up with a all-inclusive solution that counters all known and unknown vulnerabilities.



  • Business Risks: Personal information modification, price-list modification, Everyday threat analysis, unauthorized funds transfer, unauthorized logins, breach of customer trust and more.

  • Technical vulnerabilities: Web application risks, SQL injection, URL manipulation, Cross-site scripting, password caching or hard-coding, possibilities of session hijacks, web server configuration, back end authentication, documentation management, buffer overflow, and more.




8) How is database testing done?


Database Testing is entirely based on the requirement specifications. There are a few things to consider related to database:



  • Default Correctness of data

  • Storage and/or Retrieval of data in database

  • The database is connected across multiple platforms

  • Indexing of database for better performance – Checking if the data insertion from the application into the database enforces restrictions on the data or not.

  • Data in the database is integrated

  • Security of the database



The in depth functionality aspects to look into being:



  • Checking for data constraints

  • Validation of the field size to see if it is correct.

  • The field size specifications in the application should match with the database field size.

  • Manually typing the query, to check if the table is providing the expected result.

  • Checking in Stored procedures

  • Checking for the insertion of data in two ways: One way is testing database from the backend, while inserting the values in the front end of the application. The second way is testing the front end of the application, while inserting the values in the backend of the database.

  • Database testing should check for performance, functioning, and loading testing. It removes any data redundancy.




9) What is the difference between an Iterative model and the Waterfall model?


Waterfall method is a process in which the testing process occurs in a flow. Every process has to go through the phase in the waterfall at least once. The major disadvantage is that once the process passes through the phase it cannot reenter. Mostly the method is not in much use because of the disadvantage. If there are any changes in the requirement, in the waterfall method, the modifications cannot be done. Iterative model is like a loop structure, wherein the modification to the requirement can be made in any phase and implemented in the SDLC at any time irrespective of whether the process has passed through the phase.




10) What are advantages and disadvantages in V Model?


Below are the V model pros and cons.



  • This model is a very good disciplined model and each phase is completed in a timely manner (one after the other).

  • Requirements are very well understood and therefore works fine with smaller projects.

  • The model is rigid and is easy to manage. Each phase consists of a review process and specific deliverables.

  • Easy to understand and apply and simple to use and manage

  • Most importantly, defects are identified at an early stage – User or Business Requirement analysis stage or System

  • Analysis stage. Hence bugs or defects are fixed early The Cost is less due to early defect repairs.



  • This model involves greater risk factors and uncertainty

  • This is not a good model for object oriented projects and complex projects

  • This is not suitable for those projects with fewer -unknown requirements and has a higher risk of changing

  • This model is not suitable for long and ongoing projects

  • Once a system or an application goes to the testing phase, it is difficult to go back and make a requested functionality change and this becomes expensive

  • Complete working software is not produced, until the last stage of testing in the life cycle




11) What is energy and utilities domain testing?


The domain knowledge is an important baseline requirement for testing. The energy and utility domain refers to any industry that indulges in the sale and production of energy in any form. The industry is very crucial. Electrical power industry, petroleum industry, including oil companies, coal industry, the nuclear power industry, traditional energy industry based on the collection and distribution of firewood etc. are the part of the utility domain. The industry overall deals with energy and supply related queries.




12) What are the challenges involved in Mobile web application testing?


A Mobile Web application is viewed by users all round the world. Whether single country users or single network, mobile web applications help to understand the dynamic global.



There are several challenges offered by the mobile web global nature. By understanding the nature of each challenge, diverse technology options can be explored to manage problems and diminish risk. Some ways to achieve this can be,



  • Coming up with the right solutions with an evaluation of the Pros and Cons

  • Determining the technology that best suits the testing requirements

  • Testing naturally in each of the options available. The mobile web application testing challenges include scripting, network, platforms and devices.

  • Scripting – The array of devices challenges executing the test script (Scripting). Every Device differs in input methods, display properties, keystrokes, and menu structure. Every device does not support the function of single script.

  • Devices: Devices have different hardware capabilities and differ in screen resolution (sizes) and input methods (touch, QWERTY, normal).

  • Diverse Platforms (OS): There are different Operating Systems for the mobiles in the market with its own limitations. Foremost ones are IOS, Symbian, Android, BREWMP, BREW, BlackBerry and Windows Phone. Testing is a challenge for single application operating on the same OS or platform across several devices.

  • Network: There are hundreds of network operators. A few major operators are CDMA, GSM. Others use less common network standards like TD SCDMA and FOMA. A different network infrastructure kind is used by each network operator limiting the flow of information.




13) Explain Protocol testing.


Protocol testing is a generic term and is used by communication industries for testing of diverse protocols in the domains of Switching, Routing, VoIP, Wireless, Telecom, Security and more. Companies of products like Nortel, Cisco, Alcatel, Huawei, Juniper and others have devices for networking like routers, modems, switches, firewalls and wireless access points. Different protocols are used to communicate with these devices. For instance, Cisco routers use OSPF, EIGRP and more to switch over routing information. Here testing of the protocol means checking whether an OSPF protocol and EIGRP protocol are working fine as outlined in the respective standards.



Communication protocols are called as Datacom protocols are terms used for the protocol working in networking domain. These are mentioned in IP stack or TCP and its chief purpose is for routing and exchanging information.



Usually protocol testing is done by connecting a ‘device under test (DUT)’ to other devices like switches or routers and configuring the protocol within. Later, checking of the packet structure of the packets sent by the devices, checking protocol algorithm, scalability, performance and more is done by using tools like Spirent, IxNetworks, Wireshark, and many more.



14) Explain Cloud computing and its testing.


Cloud computing is an expression used to describe an array of computing concepts that involve a large number of computers in computer networking. These are connected through a real time communication network such as the Internet. Cloud computing is a synonym for distributed computing over a network, meaning the ability to run an application or a program at a given point of time on many connected computers. Testing approach to software causes high cost in simulating user activity from various geographical locations. Thus, testing of load balancers and firewalls brings expenditure on software, hardware and their maintenance. Cloud testing becomes effective when there is disparity in client requirement of the deployment environment. It can also be opted in case of increase in the number of users involved in the application. Cloud testing is a type of software testing in which cloud computing environments are used in web applications to simulate user traffic in the real world.



Load testing and performance testing is conducted on the applications. It also ensures scalability and stress testing under a broad variety of conditions. This testing generally involves supervising and reporting on conditions of practical (real world) user traffic and load balance for a range of simulated usage conditions. Companies like Trigent and IBM serve cloud testing. Companies practising testing are challenged by several struggles like meeting deadlines and limited test budget. In detail, there are a large number of test cases, no re-use or little use of tests and users’ geographical distribution add to the challenges. Testing needs to ensure inside or outside or both sides of the data centre to provide good quality service and delivery. This problem is taken care by Cloud Testing.




15) How does the Bugzilla tool function?


When new bugs are noticed, they are created in the Bugzilla tool and then they proceed through a series of conditions, based on the call for actions made by the clients or developer. Each change of state can be documented within bug record for the data that can be reported or reviewed at a later stage. This history will make sure that issues are not forgotten. Below are the steps involved in the functioning of the Bugzilla tool.



  • New bugs are entered.

  • Then they are set to the status as ‘Assigned or Resolved’.

  • Bugs ‘Assigned’ are either ‘Resolved’ and closed or changed with the ownership.

  • Resolved’ bugs can be Verified, Closed, or Reopened.

  • The developer takes control of a ‘Reopened’ bug, checks for confirmation and fixes it again as ‘Resolved’.

  • ‘Verified’ bugs can also be ‘Reopened’, ‘Unconfirmed’, or ‘Closed’.

  • ‘Closed’ bugs can be ‘Reopened’ or ‘Unconfirmed’.

  • ‘Unconfirmed’ bugs may be confirmed as a ‘New bug or Assigned or Resolved’.



A ‘Reopened’ bug may mean that it is not fixed; ‘Unconfirmed’ means bug is irregular or hard to trigger the case; and ‘Closed’ means bug is fixed.
Answering accurately in an interview helps you acquire your dream job. This book will exactly help you do that.



Good Luck!