Software Testing Training CATALOGUE
TABLE OF COURSES
TMAP NEXT TEST ENGINEER CERTIFICATION ..................................................................................................6 INTRODUCTION TO TESTING ...............................................................................................................................7 TECHNICAL SKILLS FOR TESTERS ......................................................................................................................8 INTRODUCTION TO TESTING MOBILE APPS ......................................................................................................9 TMAP NEXT TEST MANAGER..............................................................................................................................10 END TO END TESTING ………………………………………………………………………………………………… 10 CONTEXT DRIVEN TESTING .............................................................................................................................. 11 TEST COORDINATION IN PRACTICE .................................................................................................................11 TEST OUTSOURCING WITH TOGA ……………………………………………………………………………………13 REQUIREMENTS VALIDATION …………………………………………………………………………………………14 SECURITY TESTING ……………………………………………………………………………………………….. 15 - 17
2|P age
TRAINING OPTIONS PRACTICAL TRAINING
Onsite Training
The practical courses we offer are aimed in particular at acquiring practical experience. Practical information, tips and tricks are provided to help the course participants in their daily (testing) activities. The objective is that participants will be able to directly put what they have learned during these courses into practice. Our trainers have comprehensive practical experience which they will gladly share with the course participants. During the course, there will be enough time and opportunity to discuss the participants’ own practical scenarios.
All of our courses may be taught on-site at your facilities, where required, provided that there are six or more delegates. Please contact us to discuss your specific course requirements, group size, and available training dates.
Public Training IndigoCube offers public classes at our offices on the Ground Floor, Victoria Gate South, Hyde Lane, Hyde Park, Sandton. Public classes allow students to meet and learn with business analysts from other companies and industries, offering a broader understanding of the business analysis profession.
BASIC TRAINING Basic courses are appropriate for anyone who needs a basic understanding of software testing. Participants attend these courses for an introduction to software testing or to increase their awareness of testing. These courses will also provide participants with general knowledge and tips and tricks that they can use to (better) implement their testing process.
Customisation Onsite classes can be tailored to address your unique organisational environment and the experience level and interest of the students. The level of customisation required is dependent upon a review of your needs and the outline of our course curriculum. This review will reveal areas that may need more or less focus during training. We will prepare a customised training programme, if needed, which includes topics from existing material that address specific areas of concern. Customisation requiring additional or new course development will incur a fee.
SPECIALISED TOPICS We have extensive experience in the testing profession and have gained a leading position in innovating in the area of software testing. We have developed several courses on specialized subjects, such as end-to-end testing, test outsourcing and Agile testing. TECHNICAL TRAINING The use of tools in the testing process is becoming increasingly important. That is why we have developed a number of courses such as optimization of test automation, testing the API behind a mobile app and two Selenium courses.
We are a Certified Training Provider
3|P age
TRAINING CURRICULUM Curriculum:
Introduction to Testing TMap® Next Test Engineer Certification Prep The Whole Team Approach to Agile Testing Introduction to Testing Mobile Apps Technical Skills for Testers
Test Outsourcing with TOGA CBT Security Testing Courses
Formal Certification Curriculum:
4|P age
Testing Coordination in Practice TMap® Next Test Manager Certification Prep Context Driven Testing End to End Testing
• Requirements Validation for Team Members • User Acceptance Testing
T R A I N I N G PARTNERS
Polteq is one of the largest independent specialist in software testing in Europe and market leader in the area of test training. Their test solutions are in demand worldwide to solve testing issues and run testing projects. Thanks to their investment in R&D, they can create their own vision of and solutions for new IT developments. In this way they keep innovating their company, employees, partners and, in fact, testing itself. As a trendsetter and innovator in the international testing scene, they keep reaffirming their role as an expert and pioneer. Polteq’s pioneers – Martin Pol and Ruud Teunissen, – have put software testing on the map. Pioneering is still important for them and is, together with a personal approach, the core of their service. That’s the difference their customers notice!
TMap® Next is a practical, world-renowned test methodology and is an acronym for ‘Test Management Approach’, a pragmatic, business-driven, risk-based methodology for structured software testing, designed to address the key issues of quality, time and cost across the whole software development lifecycle. TMap® Next can help you to deliver “more for less, faster and better”. TMap® was first conceived in 1995 and later further developed in 2002. TMap® has evolved over recent years to become a standard for testing information systems. TMap® Next is the result of this evolution and is now a product of Sogeti, a multinational corporation.
Security Innovation is comprised of application security trailblazers - one of the first companies to focus solely on this critical aspect of Product & IT Security. They are a team of world-class engineers, developers, testers, security analysts, and business thinkers who collectively address business issues with technical solutions. Their work spans seamlessly across industries, platforms and technologies. It is creative and elegant, simple and intelligent.
Since its inception in 2000, B2T Training has focused solely on providing business analysis training and professional development. They bring over 25 years’ experience to provide the highest quality business analysis training and support for ongoing development of business analysis professionals.
5|P age
First comprehensive business analysis training program in North America. Instructors, mentors, and course developers that are business analysis experts. Founding members of the International Institute of Business Analysis (IIBA®). Extensively involved in the development of the IIBA® Business Analysis Body of Knowledge®. First BA certification program
3 Days
Intended Audience This course is intended for everyone who wants to take the TMap® Next Test Engineer examination. The TMap® Next Test Engineer certificate is intended for everyone involved in the testing of information systems and other software products. This does not only include testers, but also end-users, developers and administrators.
Core Courses TMap®Next Test Engineer Certification Course Overview The main objective of the course is to prepare participants to pass the TMap® Next Test Engineer examination. The topics covered in this course are therefore linked to the requirements for the examination and are: (1) The relative importance of testing, (2) The testing phases and test design. In addition to the theory, practice examination questions are attempted and then discussed with the trainer.
Program
6|P age
Context and importance of testing • Structured testing • TMap® essentials Phases in acceptance and system testing • TMap® test management phases • TMap® test execution phases Test design • Coverage types and basic techniques • Test design techniques Development tests Practice examinations and final examination
3 Days
Introduction to testing: Testing in Practice Overview
Intended Audience This course is intended for (junior) testers. After the course they will be able to apply the most frequently used test design techniques and can be assigned to any test process.
The course covers the specific tasks of a tester in detail, not tied to any specific test methods. The objective of this course is to acquire practical experience of the tasks a tester performs, focusing in particular on creating test cases using test design techniques. After the course, participants will be able to perform the basic tasks of a test engineer: evaluate functional designs, create logical and physical test cases and define preconditions, create data sets, execute test cases (dynamic testing), perform static analysis, register incidents and preserve testware.ne of the most important aspects of agile development training is estimating and planning. These are important, even for agile software development. Although agile is a fluid and iterative process, it does not mean that planning doesn’t have a place in its programming and project management.
Outcomes They will be able to apply the most frequently used test design techniques and can be assigned to any test process.
Program
7|P age
Introduction to structured testing Introduction to test design techniques Evaluate the test basis Basic techniques • Pseudo code • Test depth Test design techniques • Equivalence classes • Data combination test • Boundary value analysis • Error guessing/exploratory testing • Elementary comparison test • Decision table test • Process cycle test • State transition test Dynamic and static analysis Test execution Incident registration
1 Day
Technical Skills for Testers Overview
Intended Audience This course is intended for both junior and more experienced testers.
Testing software requires typical testing skills, but knowledge of and experience in supporting tools is almost indispensable. Examples are database interaction using a query language (e.g. SQL), analyzing message transfer in end-to-end or web environments (XML or HTML), using macro functionality and VBA (Visual Basic for Applications) in Microsoft Office when creating test cases, analyzing test results, etc. The objective of this course is to provide insight to using this type of supporting tool from a tester’s perspective. It’s not the intention to teach you how to become a developer. The course is mainly hands-on training. After a short explanation of the theory the participants will practice by performing exercises. This course is essential in an overall training program of a professional tester. The course is given by experienced Polteq teachers who are using these supporting tools in their daily work.
Topics Covered
8|P age
Introduction The role of supporting tools in the test process SQL • Introduction and terminology • Basic theory and skills XML/HTML • Introduction and terminology • Basic theory and skills Macros and VBA • Introduction and terminology • Basic theory and skills Dos and Don’ts
1 Day
Introduction to Testing Mobile Apps Overview
Intended Audience This course is intended for people involved in the (selection and) testing of mobile apps, testing of APIs or testing cloud services.
The world of mobile devices is a world with many different aspects. The first mobile devices were basic mobile phones with some additional functionality; now there are smart phones and smart TVs; next year we will walk around with Google Glass and communicate with an Apple iWatch. Mobile apps on these devices offer a bigger variety of interaction than a website and are also more dynamic. The existence of a mobile app is determined by the ‘like’ and ‘don’t like’ judgment of endusers. A tester can be overwhelmed by the magnitude and complexity of this world. To have a good understanding of the mobile world, knowledge is needed from many domains, such as telecoms, mobile platforms, mobile devices, type of mobile apps, test types for mobile apps, simulators and fragmentation. Only with this knowledge can you create a real test environment and test cases to detect the critical defects. This course gives insight to the mobile world and helps you to get up to speed.
Program
9|P age
Basis concepts of testing mobile apps • The world of mobile apps and its users • Learn the basic concepts • What is different about testing mobile apps? • A typical mobile app project • Typical risks with testing mobile apps Required test tools • Experiment with a mobile app and search for problems • Devices: local, simulated and cloud • Set up a test environment • Analysis tools: device and environment • Fragmentation: the many different aspects of the mobile world Testing mobile apps • Getting the test object: the System Under Test (SUT) app • Selection of a test technique to find defects fast • A first exploration: which test do you perform? • Testing of native, web (HTML5) and hybrid apps • Testing from different perspectives • A complete test process with real-life examples of mobile app Test coordination of mobile app testing • Deal with a very diverse market • Use data from the installed base • Maintain a test environment locally and in the cloud • How to handle an ‘app store’ • Learning new trends useful template for writing user stories
Advanced Courses 4 Days
TMap®Next Test Manager Overview Intended Audience This course is intended for everyone who wants to take the TMap® Next Test Manager examination.
The main course objective is to prepare the participants to pass the TMap® Next Test Manager examination. The topics covered in this course are therefore linked to the requirements for the examination and are: the master test plan, business driven test management and test process control. In addition to the theory, practice examination questions are attempted and then discussed with the trainer.
The TMap® Next Test Manager certificate is intended for everyone involved in test management activities.
Program
This applies to test managers, test coordinators, test consultants and test advisors, but also project managers who occasionally fulfil the role of test manager within a project.
Upon completion of the course, participants should be able to:
Master test plan and control of the total test process • Planning phase in the total test process • Control phase in the total test process • Generic test agreements • Product risk analysis • Estimation techniques • Incident management Management phases of acceptance and system testing • Phases in acceptance and system testing • Product risk analysis • Estimation techniques • Inspection techniques Development tests Supporting processes • Test policy • Permanent test organization • Test environment • Test tools • Test professionals and test roles Practice examination questions and final
Course Code RP250
Intended Audience This intermediate course is for: 10 | P a g e
1 Day
End to End Testing Overview
Intended Audience This intermediate course is for: -
This course is intended for everyone involved in the testing of complex, multisystem or multi-organization processes. Participants are expected to be experienced testing professionals.
The complexity of systems is increasing, they are connected to each other and automation is common in our daily life and in processes both inside and outside organizations. Agile development, service-orientated architecture, cloud and outsourcing makes testing the connection between systems more difficult and absolutely critical. Testing of interfaces and system integration testing are not new. These tests, however, do not fully cover the high risk of dependencies between processes, actual usage and the systems involved. E2E testing covers these risks by evaluation of the business processes in the overall application landscape. E2E testing is not the same as system testing or even system integration testing.
Quite often there’s no clear and complete test basis available and the E2E testers have to find out the dependencies between the processes and systems themselves. In designing test cases the traditional test design techniques are not sufficient. The E2E test team consists of E2E testers, experienced end-users, administrators and designers. Traditional techniques for estimation and planning cannot be used for an E2E test as there are too many variables. This course covers these and other aspects of E2E testing in detail. The E2E test approach developed by Polteq is used as a basis. Exercises are done for the most important activities, using realistic scenarios.
Program What is E2E? • How it differs from testing interfaces and system integration • Processes and systems Phases within E2E testing E2E risks • Project risks • Product risks • Measures to limit the risks Organization • E2E test team • E2E testing in the organization Infrastructure • Test environments • Test data • Tools and automation Techniques • Risk analysis • Making an E2E inventory • Test design • Test planning • Regression testing
11 | P a g e
1 Day
Context Driven Testing Overview
Intended Audience This course is intended for test engineers, test coordinators, test managers, test consultants and other IT-related roles that have testing experience and have experience in using test methods.
Originating from a wish or urgency to structure testing, many test methods have been developed over the past decades. A test method is, however, not a remedy in all practical cases. The challenge is to flexibly apply existing test methods to make sure testing is done in the leanest and meanest way.
The (technical) skills of the team members are important in selecting a method and/or approach. Based on the context, modern methods and techniques such as exploratory testing and session-based testing are covered in the course. These will be complemented with aspects from ‘traditional’ methods. The course also covers the effect of the dynamic context of testing. Participants will learn to recognize the real-life situations a tester is confronted with and will be capable of working towards a practical solution to determine the appropriate test activities.
Outcomes This course helps testers to combine structured and creative ways of testing. It is important to analyze the context.
What exactly is the objective of the test? Is it to prove that a system works correctly? Is finding the most important defects in the software of greatest importance?
Dependent on the context, analysis will result in a number of options for determining the test approach. The outcome of the analysis could be to apply specific aspects from existing test methods. But it is also possible that applying creative techniques such as ‘the shoestring approach’ or ‘mind mapping’ is a solution.
Topics Covered
12 | P a g e
Recognizing the context • Type of business • Development methods • Application environment • Organization Testing in the context using • Exploratory testing • Session-based test management • Creative techniques Managing the context dynamics Exercises
2 Days
Intended Audience This course is intended for (junior) test coordinators looking for practical information, tips and tricks to improve their test activities
Test Coordination in Practice Based on our experience, we have developed a course for test coordinators. This course covers the activities, focus points and pitfalls that a test coordinator faces in practice. The purpose of the course is to prevent test coordinators from going back to the beginning each time they start in a new environment and/or role. The participants are given the opportunity to learn from our experience. Practical information, tips and tricks are provided to help them in their daily activities as a test coordinator.
Program
13 | P a g e
Define a test strategy Risks in the test process Planning Determine test techniques Define the infrastructure Control Metrics Reviews
1 Day
Specialised Courses Test Outsourcing with TOGA A growing number of companies want to outsource parts of their IT processes, including software testing, to external suppliers. Selecting the right outsourcing partner and location are important aspects. Outsourcing the IT development process has a major impact on testing. In some cases testing itself is being outsourced. But even if only development is outsourced there is an impact on testing. The customer has to manage the process of accepting the software. Contractual agreements need to be drawn up with the supplier regarding the type and level of testing that the supplier is expected to perform. This also includes agreements on communication and control.
Topics Covered The course covers the necessary steps to be taken for successful outsourcing. Polteq’s proven TOGA® approach is available for this. The four steps defined in TOGA® are explained in detail during the course. 1. Initiation - Determine objectives, scope and strategy. 2. Set up - Supplier selection, creation of contract and key performance indicators, organization set-up and monitoring. 3. Implementation - Transfer of knowledge, documentation, infrastructure, data and, if applicable, employees. 4. Operation - Monitoring and control, end-to-end testing, reporting. Three essential elements of TOGA® are covered and detailed training provided: 1. Scope - Techniques to get to a clear decision about what to outsource and what not to outsource. 2. Generic agreements - How to draw up agreements with the supplier about services and products. 3. Metrics for test outsourcing - Create, maintain and report an appropriate set of metrics about the outsourcing activities.
Program
14 | P a g e
(Out)sourcing • Scope and terms • Types of (out) sourcing The TOGA® approach • Initiation • Set up • Implementation • Operation Points to note • Knowledge transfer • Continuous alignment • Control • System integration and end-to-end test • Acceptance process Experiences, pitfalls and success stories
2 Days
Requirements Validation for Team Members Intended Audience This course is designed for all IT team members, or anyone interested in improving and validating the quality of their requirements.
This course takes you through the steps to ensure that business requirements are validated, that the solution is usable and meets the business needs. Validating requirements improves the likelihood of project success, making sure that we are building the right solution. The cost to correct a software defect may be as high as 2900 times the cost to correct a requirement. Finding missing requirements and requirements inconsistencies decreases the overall project length and cost. IT professionals must use risk assessments to prioritise requirements and requirements validation activities. The highest risk areas of the business must be addressed first. This course teaches IT professionals to design efficient requirements validation tests to make the best use of limited resources and time. Solution Assessment and Validation is one of the key knowledge areas in the IIBA BABOK® Guide V2.0. This course addresses many of the important tasks in the knowledge area along with giving IT professionals the ability to design efficient and effective tests to demonstrate that the application solutions meet their user’s needs.
Topics Covered This course answers many of the key questions about requirements validation including:
This course answers many of the key questions about requirements validation including: How do we validate requirements? Which types of validation and verification processes are appropriate for my project? How does the team ensure that the solution meets the business stakeholder needs? Where does validation fit in the software development life cycle (SDLC)? What is software usability? Why is it important? How does the team correct problems when they are discovered? How do I work with technical members of the solution team? What do they need from a business analyst to be successful?
Program
15 | P a g e
Introduction to Requirements Validation Validating and Testing Requirements Usability Testing Working with IT Stakeholders Documenting Requirements Validation Deliverables Solution Assessment and Validation BABOK Knowledge Area
Security Testing Courses We have partnered with Security Innovations, a US based company, and providing their world leading security testing training through a CBT format. The courses have been split up into practical units and can be combined to suit the needs of your organisation.
CBT Course Name
Short Description
Duration
Fundamentals of Security Testing
This course introduces security-testing concepts and processes that will help you analyse an application from a security perspective and to conduct effective security testing.
2 hours
The course focuses on the different categories of security vulnerabilities and the various testing approaches that target these classes of vulnerabilities. Several manual and automated testing techniques are presented which will help you identify common security issues during testing and uncover security vulnerabilities. Upon completion of this course, you will be able to: Recognize how security testing fits in the Security Development Life Cycle (SDL) Understand how security testing differs from functional testing Categorize and test for common and dangerous security vulnerabilities Leverage manual techniques and automated tooling for security testing Security Testing Fundamentals – Embedded Systems
This course module provides additional Fundamentals of Security Testing training of particular importance to embedded software engineers.
30 minutes
The module contains the following features: Mapping of content to specific compliance and regulatory requirements Links to key reference resources that support the topics covered in the module “Knowledge Check” quiz that assesses mastery of key concepts. Recommended Prerequisite Course: Fundamentals of Security Testing. Classes of Security Defects
This course equips you with the knowledge you need to create a robust defence against common security defects. You will learn why and how security defects are introduced into software and be presented with common classes of attacks, which will be discussed in detail. Along with examples of real life security bugs, you will be shown techniques and best practices that will enable you and your team to identify, eliminate, and mitigate each class of security defects. Additional mitigation techniques and technologies are described for each class of security defect. Upon completion of this course, you will be able to: Understand and outline the classes of security defects Recognize the potential impact that common security defects can have Identify the programming errors that are responsible for common security defects Apply coding best practices in order to avoid common security vulnerabilities Find common security defects in an application’s source code Map common security defects with specific technologies Test software in order to detect common security bugs Locate additional resources on common security defects.
16 | P a g e
3 hours
How to test for the OWASP Top Ten
The Open Web Application Security Project (OWASP) Top Ten is a listing of critical security flaws found in web applications. Organizations that address these flaws greatly reduce the risk of a web application being compromised, and testing for these flaws is a requirement of the Payment Card Industry Standards (PCI-DSS) as well as other regulatory bodies.
1 hour
This course explains how these flaws occur and provides testing strategies to identify the flaws in web applications. Classes of Security Defects – Embedded Systems
This course module provides additional training on Security Defects Classes of particular importance to embedded software engineers. It includes mapping of content to specific compliance and regulatory requirements, links to key reference resources that support the topics covered in the module, and a “Knowledge Check” quiz that assesses mastery of key concepts. Recommended Prerequisite Course: Classes of Security Defects.
30 minutes
SW Security Testing – Tools & Techniques
In this course, you will learn about the basics of security testing. In addition, you will learn about the different types of security testing tools and techniques that you can use to perform advanced security tests.
90 minutes
This course consists of two modules 1. The first module introduces you to key terms and how these terms are used in this course. It covers the security attributes associated with information assets and the different types of threats. In addition, it explains the steps involved in creating a security test plan by using threat models. 2. The second module covers the different types of security testing techniques. It also describes, with examples, the popular tools used with those techniques. At the end of this course, you will be able to: Describe software security testing. Describe core security testing goals, the process for creating a security test plan, and the different security testing techniques and tools. How to Security
Break
Software
1. 2. 3. 4. 5. 6.
17 | P a g e
Introduction to Software Security Learn why security bugs are different and to recognize symptoms of insecure behaviors Assessing Risk Learn to master the art of translating threats into malicious abuse cases Attacking Dependencies Discover attacks that reveal if your application will respond securely should a dependency fail Attacking through the User Interface Learn how to expose common vulnerabilities via the user interface Attacking Design Learn to expose vulnerabilities that can creep into an application at the design stage Attacking Implementation Learn testing techniques that expose vulnerabilities due to implementation errors.
15 hours
Advanced Software Security Testing
In this course, you will learn how to test for prevalent weaknesses that plague the software industry today. This course consists of three modules that cover basic classifications of weaknesses caused due to insecure interaction between software components, risky resource management and porous defences.
2 hours
At the end of this course, you will know: How to test for common attacks caused by injection of malicious code in user input, such as SQL injection, OS command injection, cross-site scripting, and attacks using malicious files. How to test for attacks related to inappropriate management of memory and other system resources, such as buffer overflows, integer overflows, and format strings. How to test for attacks such as network data sniffing, forced browsing, and access spoofing. Exploiting Buffer Overflows
This course provides you with all the required information to help you understand and mitigate buffer-overflow exploits. It first introduces the concepts necessary to recognize the threats posed by these exploits and to comprehend the mechanisms behind exploitation of stack-based and heap-based buffer overflows. The course then delves into the different challenges faced by exploit code and how different exploitation techniques overcome environmental limitations.
2 hours
Upon completion of this course, you will be able to: Recognize the threats posed by exploitation of vulnerable programs Describe how buffer-overflow vulnerabilities are exploited Outline the challenges faced by exploit code during execution Describe common exploitation techniques Describe common exploit payloads Outline common exploitation tools Use existing mitigations to defend against exploitation Advanced Security Testing – Embedded Systems
This course module provides additional Software Security Testing of particular importance to embedded software engineers. The module contains the following features: Mapping of content to specific compliance and regulatory requirements Links to key reference resources that support the topics covered in the module “Knowledge Check” quiz that assesses mastery of key concepts. Recommended Prerequisite Course: Advanced Software Security Testing.
18 | P a g e
30 minutes
Certified Consulting, Training and Software Provider
+27 11 759 5950 (office) +27 11 759 5907 (fax) www.indigocube.co.za info@indigocube.co.za PO Box 408 | Gallo Manor | 2052 Hyde Park Lane | Victoria Gate South | Hyde Lane | Hyde Park