Risk Based e-Business Testing (Computing Library) [Hardcover]

Among the strong points of this book are it's clear writing, which is full of examples, and the logical sequence in which the material is presented. In addition, the clear definitions of general risk management and associated processes and procedures, and how it all ties together are among the most succinct I've read. However, the best aspect of this book is the way the chapters build upon each other, and the complete coverage of risk-based testing.

Specifics include a general chapters on risk-based e-business testing and types of web site failures that lay the foundation for the technical aspects of the book. These are followed by chapters that show how to develop an e-business test strategy, how to fit risk analysis to a test process, and a comprehensive treatment of test techniques and tools. The latter is especially valuable because it covers the full range of testing techniques that are tailored to e-business testing, which includes static, web page integration, functional, service and usability testing. This part of the book also includes security testing and large scale integration testing - both of which make this one of the most complete collections of test techniques for e-business as well as general testing.

The remainder of the book covers the context of e-business testing (including brief advice on how it fits within Extreme Programming and the Unified Process), E-business test organization, planning and specifications (a wealth of information for the test manager), and E-business test execution (which also addresses important topics such as incident management and testing in a live environment). The two appendices, Essential Web Technologies for Testers and Web Testing Using Home Brew Tools are also valuable.

I highly recommend this book to anyone who is involved in E-business testing, and also recommend that it be used in conjunction with Systematic Software Testing by Rick D. Craig and Stefan P. Jaskiel (ISBN 1580535089), which nicely augments this book.

The authors use very practical examples from real life testing to illustrate points. A continuous analogy of an individual E-Business being like a shop, with potential walk-in customers, works very well. Some rather startling facts emerge too; the average visit to the Systeme Evolutif web-site (of which Paul Gerrard is the web-master) is less than two minutes. I am sure that is true of a lot of sites, including those that are payment-now, real business sites.

Everyone in testing seems to promote 'risk'. Here is a strategy for answering the inevitable questions on ready-for-live issues based on whether risks have been addressed. "When enough tests have been prepared, executed and passed to convince the risk-owners that the risk has been addressed, enough testing has been done".

I have dabbled in web testing, both formally and informally (the latter probably every time I use the internet). The techniques for addressing real and perceived E-Business risks have a large carry over into other (i.e. non E-Business) test forms. The sections on performance, usability and Large Scale Integration rung some bells with me, and the use of tools is both encouraged, and discouraged. Strange as it may seem, the way of doing this did not seem to be contradictory. The sections on why the concept of E-Business is different only seeks to place MORE emphasis on why a coherent risk strategy is necessary. With web applications, not only is the time-to-market critical, but the price of failure can be so much more disastrous.

Use of American spelling and currency (everything is quoted in dollars) jars for the British reader, and look out for the words "we", "us", and "our". These are sometimes used a little ambiguously. (Ask who "us" refers to). However, expect to be challenged, and encouraged on to the land of better testing. There is a wealth of source material provided, especially on tools, and toll providers. There are lots of web-based references; additionally, a significant number of articles and books referenced are from 2001 or 2002.

The preface gives one of the reasons for the book being the ordering of the vast quantities of information that there is around. What was set out as an aim has been achieved, and both Paul and Neil have brought their experience, knowledge and communications skills to benefit us all. One of the dedications says: "To all those testers who do the best they can, but always think they should do more". I for one appreciate that the book was written for me. Thanks.

Each of the 20 chapters reads like an individual essay allowing you to dip in and out for reference purposes and, given that some of the sections have a lot of useful information buried in them, I suspect that you will want to do this.

The approach to risk based testing presented in chapters 2 and 4 is a useful one for helping the reader plan and approach test planning. From an identified risk, the tester builds a test objective. These are used as high-level test conditions which, hopefully, help determine if the risk has been mitigated or not. The later technique chapters provide examples of the risk->test objective translation and that is obviously a useful thinking technique.

Chapter 4 in particular 'Risk-Based Test Strategy' will be a popular reference source for many testing projects.

The web testing coverage is pragmatic, introduced in good order and provides a good overview of the technicalities of web testing. There is an interesting section in the Appendix which demonstrates how effective simple homegrown automation can be for web testing.

More important for this text though, than the drilling down to extreme testing of web technicalities, is the extended coverage of web testing over the life of the project and understanding how the traditional phases of the testing life cycle apply to e-business projects.

In summary then, a good book for management, and for testers that want to look beyond their collection of test scripts and concern themselves with the needs of the business.