You're tasked with testing on data you don't control because it's part of the cloud and serviced by another party....
How do you know the data is accurate? What impact does the virtualization of your data in a remote data center have on your testing? How do you ensure it's available and accessible when you need it? How do you confirm your data is intact -- that it's YOUR data?
Granted, database testing is similar to security testing in that it requires specialized knowledge to fully test. However, we'll review database testing techniques that experienced testers can use to do effective database testing. Additionally, in this article we'll discuss what database testing is and its importance to both your application and the company as a whole. We'll also cover tips and techniques testers can use to effectively test an application's database, including specific areas to test when data is hosted in the cloud.
What is database testing?
First, what is database testing? Is it really necessary if you're using the cloud -- don’t "they" test that? Yes, it is necessary for you to test your data regardless of its location. If your data is accessed virtually from a cloud system, then it's essential to execute database testing. You have to remember that the data your company possesses is typically the company's most valuable asset. Applications can come and go, but no one throws away a database. Databases are generally migrated, massaged and secured, but rarely completely abandoned.
Why is database testing critical?
Let me repeat myself -- the database is a company's most valuable asset. Similar to security testing, it is unwise to ignore it. You may not be able to hire specialized database testers, but you can use effective techniques to verify the accuracy and consistency of your database, as well as your applications' integration with it. The fact that your data is hosted in the cloud adds only a small amount of additional testing. For example, you need to ensure your application gets a timely response from the database. Your application must be able to access the database anytime and it must always be available. That's the purpose of hosting in the cloud -- there is no downtime. Your data must be kept secure, accurate and always available, but you shouldn't rely on the host to test it. It's essential to verify by doing basic database testing.
What should you test?
Find out if your data is intact by executing boundary type testing. Enter invalid data that exceeds defined character limits -- what happens? Your application should error and, when you look for the data in the database, it should not be in the database if not successfully recorded as a save. Testers can develop relatively simple SQL statements to query data in an ad hoc fashion to check for irregularities. Spend time testing your applications' save, cancel and delete type features. Also, try modifying data and then saving or cancelling. Try entering invalid data types and test character lengths both large and small.
What other items can you check for? Try executing triggers and verify views and indexes. Testers can work with developers to create SQL queries if needed. However, most testing can be done via the application. It's important to verify default values where possible. Default values are an indicator of database consistency and it's important that users cannot produce an application error by entering invalid data, or null values, or other data the database cannot handle.
Your test team can also execute verifications for primary and foreign keys. Testers can also review table columns and check for column uniqueness. This is usually accomplished by entering and trying to save invalid data. For example, you might enter a negative value in a price field or a numeric value in a field that only allows alpha characters. Additionally, testers can verify that two users cannot have the same password, or one user cannot have more than one password. It's unbelievably common to find bugs that allow users to access data with non-unique passwords or by bypassing the login security all together.
As a test team manager, if you're hosting in the cloud and using a test database, ensure that the same database engine is used in test that is used in production -- otherwise you're not really testing the application in production. Test environments should be made to match production environments as closely as possible.
Database testing is essential because of the critical importance of data to a company. Yours is no different. Data stored in databases are typically a company's most valuable asset. As a test team manager, you can have your testers check for defects in the application and database early on. Whether your database is hosted in the cloud or locally only affects some simple additional tests around accessibility, availability and performance. More than likely, most test teams execute the same types of tests to verify data regardless of where the database resides. The important part is to test as effectively as possible. Don't skip database testing -- test it to the best of your test teams ability. Similar to security testing, database testing can offer an additional path to becoming a test specialist. Invest in your test team and it'll pay dividends in the testing coverage they're able to provide for the application and the future success of the company.
Dig Deeper on Software Security Test Best Practices