SOFTWARE TESTING, VERIFICATION AND RELIABILITYSoftw. Test. Verif. Reliab. 2004; 14:283–285Published online in Wiley InterScience (www.interscience.wiley.com)

Book Reviews

A PRACTITIONER’S GUIDE TO SOFTWARE TESTDESIGN. By Lee Copeland. Published by ArtechHouse, Norwood, MA, U.S.A., 2004. ISBN:1-58053-791-X, 320 pages. Price: U.K. £41.00,U.S.A. $65.00, Hard Cover.

For some time now, many of us who teach softwaretesting to business and industry have felt the needfor a new text book on testing techniques. Much ofthe existing published material is academic, complex,lengthy or wedded to older technologies; somethingnew, practical and simple was needed.

My own students are typically test practitioners whousually have two aims: they want to improve theirown testing as they deal with real-world problems andthey are preparing to sit an examination in softwaretesting. What my students need is a book that provides asimple, practical introduction to several key techniquesthat they can apply to their own work, as well as asource of examples to prepare them for the software testexaminations. In addition, they need this information tobe presented clearly and concisely.

My anticipation and pleasure in receiving a copyof Lee Copeland’s A Practitioner’s Guide to SoftwareTest Design may therefore be imagined: could this bethe book for which I, and my students, have beenwaiting?

The book is divided into a number of parts, and isbased on two case studies: a fictitious online brokeragesystem and a fictitious university registration system.Examples throughout the book are based on these casestudies, but not confined to them. At the start of thebook, the author introduces the testing process, with adiscussion of the purpose of testing and the challengesfor testers. He discusses why it is important to designtest cases, the types of testing that may be needed,and he describes the levels of testing from componentto acceptance that may be required. This leads intosections about techniques:

• Section 1 discusses black box testing—it isdefined, and notes are given on when to apply it,its disadvantages and advantages. This isfollowed by a series of chapters describingseveral particular techniques: equivalence classpartitioning, boundary value analysis, decisiontable testing, pairwise testing, state transitiontesting, domain analysis testing and use casetesting.

• Section 2 looks at white box testing—using thesame pattern as the first section, the approach isdefined and notes are given on when to apply it,its disadvantages and advantages. Then there aretwo chapters on particular techniques: controlflow testing and data flow testing.

• Section 3 covers testing paradigms—here theauthor describes and compares scripted andexploratory testing, as well as discussing testplanning.

• The final section of the book describes whatthe author calls ‘supporting technologies’.This includes a description of several differentpublished taxonomies for classifying and hunt-ing out defects, for example, those given bythe Software Engineering Institute (SEI) andin the ISO 9126 standard, as well as othersfrom a number of writers on the subject: Beizer;Kaner, Falk and Nguyen; Binder; Whittaker;and Vijayaraghavan. Copeland also discussescoverage goals, defect discovery rates, costs andconsensus as mechanisms for deciding when tostop testing.

The book is slim (a big plus point!) and writtenin an engaging style which, while agreeably informaland friendly, also carries a confident authority andknowledge of the subject matter. It is well laid out andclear—this is not an intimidating book.

Copyright c© 2004 John Wiley & Sons, Ltd.

284 BOOK REVIEWS

Is it a simple and practical introduction to keytechniques that people can apply to their own work?Yes, it is.

• As an introduction to key techniques, the bookis excellent. The selection of techniques is good.Moreover, the chosen techniques are practicaland easy to understand.

• There are techniques suitable for testing object-oriented (OO) projects, as well as for traditionalprojects; the requirement for the newer tech-niques is increasing and they are presented inthis book in a concise, clear and understandableway.

The black box techniques are well covered ina simple, practical manner. Practitioners would beable to apply these techniques, and would under-stand their limitations, from studying these chapters.There are good explanations of the relationship of thetechniques to business processes and logic, and to code,where appropriate. The chapter on pairwise testing isextremely useful; increasingly test practitioners findthemselves dealing with systems where to test all thecombinations of options available would be excessivein time and cost, but the risks associated with not testingare also too great to bear. The example for orthogonalarray testing may take a little time and effort to workthrough, but that investment will be repaid; it is a good,sensible approach to a difficult problem.

The white box techniques can cause confusion fortesters who are not conversant with code, so it isgood to see such techniques so clearly and conciselydescribed. Control flow graphs are used to look at codecomplexity measures, test case selection and coveragemeasures. Data flow testing is well described, coveringthe definition, usage and killing of variables, patternsof use that indicate possible defects, and use of thetechnique both in static and dynamic testing.

Test practitioners will find the chapters on scriptedand exploratory testing very useful, both in understand-ing the two approaches, choosing between them andunderstanding that both approaches have advantagesand disadvantages. Chapter 14, on test planning, bringsthe two extremes together in a pragmatic way.

The chapter on defect taxonomies is usefully pre-sented as a way of identifying potential defects forwhich the tester may hunt, rather than as a meansof classifying discovered defects. It was helpful tosee a comparison of different classifications, with anencouragement to readers to build their own. Usefully,the taxonomies discussed are suitable for OO softwareas well as more traditional development approaches.

This is definitely a book for test practitioners, but isit a source of accurate examples which would helpprepare them for the software test examinations?The author does not claim to meet any particularsyllabus, so you would need to do your own comparisonfor a fit to your course. As an example of a typicalsyllabus, I looked at that of the British ComputerSociety’s Information Systems Examination BoardPractitioner Certificate in Software Testing.This requires either an introduction to, or practicalexamples of, a number of techniques. Many of theseare covered in this text, but some are not. Equivalencepartitioning, boundary value analysis, state transition,path testing, statement testing, branch testing, data flowtesting concepts, control flow graphing, and use casesare all required by the syllabus and are well describedin the book. However, there are gaps when comparingwith this specific syllabus; for example classificationtrees are not covered, so this book would not bethe only source of information which students wouldrequire. Nevertheless, despite these gaps, I personallythink this would be a useful text for those taking thequalification. Also, I would imagine the book would beuseful in supporting other courses on testing techniquesdirected at practitioners in industry or students still atcollege, whether their primary interest is as testers ordevelopers.

Overall then, this is a book which I am delighted torecommend, to students and practitioners of testing, andto their teachers. It is well worth buying; I am sure youwill find it does not stay on your book shelf, becauseyou will keep referring to it, and lending it to colleaguesover the years. It is, I believe, the book for which wehave been waiting.

ISABEL EVANSTesting Solutions Group Ltd.,

6th Floor, Walbrook House,23–29 Walbrook,

London EC4N 8BT, U.K.E-mail: ievans@testing-solutions.com

(DOI: 10.1002/stvr.305)

TESTING WEB SECURITY: ASSESSING THESECURITY OF WEB SITES AND APPLICATIONS.By Steven Splaine. Published by John Wiley andSons, New York, U.S.A., 2002. ISBN: 0-471-23281-5, 345 pages. Price: U.K. £25.50, Euro€34.80, U.S.A. $40.00, Soft Cover.

This is Steven Splaine’s second book, following upfrom The Web Testing Handbook by Steven Splaine,

Copyright c© 2004 John Wiley & Sons, Ltd. Softw. Test. Verif. Reliab. 2004; 14:283–285