* A glossary also known as a vocabulary or clavis, is an alphabetical list of terms in a particular domain of knowledge with the definitions for those terms. Traditionally, a glossary appears at the end of a book and includes terms within that book that are either newly introduced, uncommon, or specialized.
This glossary covers terms in SOFTWARE TESTING, API TESTING, DATABASE TESTING, SECURITY TESTING
A
- API
- API stands for Application Programming Interface.
A type of interface in which the components or systems involved exchange information in a defined formal structure.
- API Call
- The API call is simply the process of sending a request to your API after setting up the right endpoints. Upon receiving your information, it is processed, and you receive feedback. By entering your login and password into a website and hitting ‘enter,’ you made an API call.
- API Deprecation
- In some situations, the API is deprecated (no longer used). Various factors contribute to the deprecation of the APIs: project requirement changes, insecure APIs, inefficiency, or replacement, to name a few.
- API Design
Developing the APIs as per the business process and requirements. This serves as a single source of truth for the API. Good API design helps to minimize the problems. The Design-First approach helps in developing stable APIs that meet expectations.
- API Documentation
- The complete set of technical information and capabilities of the API. It carries all the sufficient information to work with that API.
- API Economy
- The API economy is just another term to describe the exchange of value between a user and an organization. The API economy enables businesses to leverage APIs from other providers such as Google to power their own apps, allowing an ecosystem that makes it possible for users to get value from a platform without having to build the APIs, like Uber does when it uses API calls to connect with Google Maps.
- API Endpoint
- An endpoint is the end of a communication channel. When APIs interact with other systems, each touchpoint of interaction is considered an endpoint. For example, an API endpoint could include a server, a service, or a database where a resource lives. API endpoints specify where resources live and who can access them.
- API Endpoint
This is referred to from the application point of view. The end of the communication channel of an application that allows other applications to interact with is called an API Endpoint. Endpoint is the boundary of the application which ends the responsibility of the application.
- API Gateway
- An API gateway is an API management tool that serves as an intermediary between the client and a set of different backend services. API gateways act as gatekeepers and proxies that moderate all your API calls, aggregate the data you need, and return the correct result. Gateways are used to handle common tasks such as API identification, rate limiting, and usage metrics.
- API Gateway
- A single entry point for all clients. It helps balance the load to the endpoints received from different clients. It also helps in handling the API traffic.
- API Governance
- API governance refers to the set of practices, policies, and procedures that define how an organization plans, designs, manages, and secures its APIs (Application Programming Interfaces). Effective API governance is essential to ensure that APIs are consistent, reliable, secure, and compliant with all relevant standards and regulations.
API governance typically includes the following key elements:
API strategy: A well-defined API strategy is necessary to ensure APIs deliver value, meet business needs and are aligned with overall organizational goals.
API design: Standardized API design practices help ensure consistency, ease of use, and avoid misunderstandings between developers.
API documentation: Clear and comprehensive documentation is essential for developers to navigate and integrate with APIs properly.
API implementation: The implementation phase involves setting up the infrastructure to support the API, such as creating secure connections and configuring API gateways.
API testing: Comprehensive testing is necessary to ensure that the API is reliable, functional, and meets all requirements.
- API Integration
- In simple terms, API integration connects two or more applications to exchange data between them and connect to the outside world.
- API Keys
- An API key is a unique identifier that enables other software to authenticate a user, developer, or API calling software to an API to ensure that this person or software is who it says it is. API keys authenticate the API instead of a user and offer a certain degree of security to API calls.
- API Keys
- The unique code used for authentication of the API. One of the authorization methods to access the API. Some APIs use the keys in the params, and some use them in the headers.
- API Layer
- An API layer is a proxy that joins together all your service offerings using a graphic UI to provide greater user interactivity. API layers are language-agnostic ways of interacting with apps and help describe the services and data types used to exchange information.
- API Lifecycle
- The API lifecycle is an approach to API management and development that aims at providing a holistic view of how to manage APIs across its different life stages, from creation to retirement. The API lifecycle is often divided into three stages, the creation stage, the control stage, and the consumption stage.
- API Monetization
API monetization is a process by which a business can create revenue from its APIs. Since APIs enable users to access and integrate data from different sources, they can be used by different developers to integrate relevant services within their products, digital services, or applications, which could, in turn, become a source of revenue for both public and private services and applications.
- API Orchestration
- The unification/merging of different APIs into a single front-end. It is now a central component of creating and designing enterprise workflows. API orchestration layer is an abstraction layer that collects data from one or more services and prepares them in favor of client applications.
- API Portal
- An API portal is a bridge between the API provider and the API consumer. An API portal provides information about the APIs at every stage of the API lifecycle. API portals serve to make APIs public and offer content to educate developers about them, their use, and how to make the most of them.
- API Request
- API request is the set of details needed to submit to the server to understand and respond properly.
- API Request
APIs are everywhere and are part of every aspect of the web. An API request happens when a developer adds an endpoint to a URL and uses that endpoint to call the server or the database.
- API Response
- After sending the details as a request, the server interprets and sends the response back to the client.
- API Security
- Focused strategies that protect APIs from attacks. Any security breach will lead to data leakage and become a serious threat. API security is an umbrella term that defines a set of practices that aim to prevent malicious attacks, misuse, and exploit APIs. API security includes basic authentication and authorization, tokens, multi-factor authentication, and other advanced security measures.
- API Testing
- Is a type of Testing performed by submitting requests to the test object using its application programming interface. It checks whether the API meets expectations in terms of functionality, reliability, performance, and security.
- API Testing
- API testing is a type of software testing where application programming interfaces (APIs) are tested to determine if they meet expectations for functionality, reliability, performance, and security.
- API Version
- Similar to document versioning, API versioning tracks changes in the API. Proper versioning supports maintenance and tracking. A new API version is created when major changes to the endpoints/payload are made.
- API Virtualization
API Virtualization is the process of mirroring your production APIs that promotes testing efficiency. It helps to test the team with realistic test data.
- API management
API management is the process of creating and publishing web application programming interfaces, enforcing their usage policies, controlling access, nurturing the subscriber community, collecting and analyzing usage statistics, and reporting on performance.
- API-First
A development approach that considers application programming interfaces (APIs) before anything else. It ensures that all of the platform/application functionalities are accessible through the APIs.
- Alpha testing
- A type of acceptance testing performed in the developer’s test environment by roles outside the development organization. (ISTQB)
- Apigee
Apigee is an API gateway management tool offered by Google to exchange data across cloud services and applications. It enables developers to build and manage APIs. As a proxy layer, Apigee enables you to expose your backend APIs in abstraction or facade and helps protect your APIs, limit their rate, and provide analytics and other services.
- Authentication
identifying the users by confirming who they are
- Authorization
The process of assigning rights and privileges to the user
OAuth — Open Authorization. Official website oauth.net
B
- Base URL
The consistent part of a URI
- BaseURI
- Base Uniform Resource Identifier is the complete path used to locate a specific resource (Base URL, which is the application URL + path)
- Beta testing
- A type of acceptance testing performed at an external site to the developer’s test environment by roles outside the development organization. (ISTQB)
- Burp Suite
Burp —also called Burp Suite— is a set of tools used for penetration testing of web apps. Burp is an all-in-one penetration testing suite that offers users a one-stop shop for all their pen testing needs. BurpSuite contains an intercepting proxy that lets the user see and modify the contents of requests and responses while they are in transit for granular control of your APIs.
- batch processing
- The execution of a series of jobs or transactions grouped together in a set and executed off-line
C
- CI/CD
Continuous integration (CI) and continuous deployment (CD) are a set of operating principles and a collection of practices and agile methodologies that enable development teams to deliver better and faster changes to their code. CI/CD is one of the most important DevOps practices as it gives teams the tools to focus on meeting their business requirements, code quality, and security needs.
- CORS
Cross-Origin Resource Sharing (CORS) is an HTTP-header-based mechanism that allows a server to indicate any origins (domain, scheme, or port) other than its own from which a browser should permit loading resources. Additional HTTP headers are used to instruct the browsers.
- CRUD
CRUD is an acronym for create, read, update and delete. It refers to the necessary functions to implement a storage application, such as a hard drive. Unlike random access memory and internal caching, CRUD data is typically stored and organized into a database, which is simply a collection of data that can be viewed electronically.
- Cache
- A cache is an infrastructure component that temporarily stores frequently accessed data so that it can be served more quickly and efficiently. When an API client makes a request, the server can check the cache to see if the requested data is already available. If it is, the server can return the cached response directly to the client, without having to execute the full request again. This approach significantly improves the performance of the API by reducing the number of requests that the server needs to process, which minimizes latency and improves scalability.
There are many types of cache implementations, such as in-memory caches, disk-based caches, or distributed caches. They can also be configured with various caching policies— such as time-to-live (TTL), cache eviction, and cache invalidation—to ensure that the cached data remains fresh and up-to-date. (Src: Postman)
- Cache
- The cache is a software or hardware component that stores data so users can access and retrieve that data faster. Cached data might be the result of a copy of certain data stored elsewhere. Cache reads data and retrieves it faster than you would otherwise.
- Client
A client is a device that communicates with a server. A client can be a desktop computer, a laptop, a smartphone, or an IoT-powered device. Most networks allow communication between clients and servers as it flows through a router or switch.
- Composite APIs
Composite APIs are the combined APIs that help us access several endpoints through a single API call.
- Content API
These APIs provide or transfer the contents. Not just a mere communication mode, it also helps to retrieve or collect important content.
- Contract
An agreement details what the consumer can expect from the API. It details how the API works. It is the same as API documentation.
- cURL (Client URL)
- a cURL is a command-line tool for transferring data from or to a server designed to work without user interaction. cURL helps get information from APIs, download web pages, or submit data to an API.
- concurrency
- A measure of the number of simultaneous or parallel threads of execution
D
- DDoS
A distributed denial of service (DDoS) attack is a malicious attack that aims at disrupting the target’s traffic. It usually overwhelms the target’s infrastructure with a flurry of internet traffic aimed at saturating the servers and causing them to shut the page down.
- DELETE
- DELETE is a standard HTTP method that is used to delete data on a server. When a client sends a DELETE request, it is requesting that the resource at the specified URL be removed. If the server accepts the request, it will delete the resource and return a response indicating success. For instance, a delete request to the
/users/123
endpoint should result in the removal of the user resource with anID
of123
.
It’s worth noting that the DELETE method is powerful and should be used with caution to avoid accidentally deleting important data. Proper authentication and authorization mechanisms should be put in place to ensure that only authorized users can delete data.
- DevOps
DevOps —a blending of development and operations— combines cultural philosophies, agile practices, and tools. DevOps practices aim at increasing an organization’s ability to deliver software products and services faster than ever before. DevOps uses a toolchain made of interconnected technologies to build a software development infrastructure based on automation to achieve greater time-to-market speeds.
- DevSecOps
DevSecOps —a blending of development, security, and operations— refers to the automation and integration of security at every step of the DevOps lifecycle, from the initial design process all the way to software delivery. DevSecOps emphasizes the need for proper security practices along the pipeline to enhance accountability and minimize data breaches.
- Developer Portal
Developer portals are interfaces that bridge the gap between API providers and API consumers. It’s called a developer portal because most of the API consumers are developers. Developer portals aim at educating developers on how to use APIs and provide all the information users need to leverage APIs.
E
- Endpoint
- An API endpoint is a URL that is used to retrieve, create, update, or delete data on a server. A well-designed API should have clear and intuitive endpoints that provide a consistent and predictable way for clients to interact with the server’s resources. For example, a simple RESTful API might have the following endpoints:
/users
– to retrieve a list of all users (GET)/users/:id
– to retrieve a specific user by ID (GET)/users
– to create a new user (POST)/users/:id
– to update an existing user by ID (PUT)/users/:id
– to delete an existing user by ID (DELETE)
In this example, the endpoints define the actions that a client can perform on the server’s user resource. Some endpoints include an ID parameter, which enables the client to specify which specific user resource it would like to interact with. The endpoints are accessed using standard HTTP methods, such as GET, POST, PUT, and DELETE.
- External APIs
An external API is designed to be accessed by the outside public. Unlike internal APIs, APIs are consumed by external developers outside of the company. External APIs represent a secure way of sharing information and content outside a company.
- emulator
- A device, computer program, or system that accepts the same
inputs and produces the same outputs as a given system
- endurance testing
- A type of performance testing conducted to evaluate the stability of the system over a time frame specific to the system’s operational context
F
- Flaky Test
- A test is considered to be flaky when it can pass and fail across multiple retry attempts without any code changes.
For example, a test is executed and fails, then the test is executed again, without any change to the code, but this time it passes.
G
- GET Method
There are two ways to structure HTML (HyperText Markup Language, GET, and POST. GET refers to a method for requesting information from a particular website using HyperText Transfer Protocol (HTTP). You can also use it to derive a specific variable from a group of variables.
- Gorilla Testing
- Gorilla Testing is a Software testing technique wherein a module of the program is repeatedly tested to ensure that it is working correctly and there is no bug in that module. A module can be tested over a hundred times, and in the same manner. So, Gorilla Testing is also known as “Frustrating Testing”.
- GraphQL
- GraphQL is an application-level query language and runtime for APIs. It is a more efficient, flexible, and powerful way of working with APIs when compared to REST.
- GraphQL
GraphQL is a query language that enables clients to define the structure of the data. That means that developers can use GraphQL to ask for specific data and return that data from multiple sources.
- gRPC (Google Remote Procedure Call)
A modern open-source RPC architecture framework designed by Google that can run in any environment. It is robust, scalable, and fast.
- geolocation
- The identification of the real-world geographical location of a device.
H
- HTTP Headers
- Headers are the additional but essential information sent as part of the request details from the client for the server to understand the client.
- HTTP Request
composed of the status line, request header, and request body. In simple terms, the client is asking a service to perform a task
- HTTP Response
composed of the status line, response header, and response body. The message sent back by the service for the request made by the client
- HTTP methods
- An HTTP (HyperText Transfer Protocol) request is an action to be performed on a resource identified by a given Request-URL. Request methods are case-sensitive. The most common ones are: GET, POST, PUT, and DELETE.
- hybrid application
- A mobile application that requires communication with the
web server but also utilizes plug-ins to access device
functionality
I
- Idempotency
- An API is idempotent if calling it multiple times with the same parameters has the same effect as calling it once. This can be difficult to test, as you need to ensure that the API does not change its state or return different results depending on how many times it is called.
- Idempotent
No change is expected/will happen on the server side when invoked even multiple times
J
- JSON
- (JavaScript Object Notation) – JSON is an open-standard file format or data interchange format in a human-readable style. It is language-independent and represents the data using a key/value pair.
K
- Karate DSL
A framework for API automation testing, running on Java and using Apache HTTP client to perform HTTP connections. It can be integrated with the Gatling framework for performance testing.
L
- Latent Bug
- Latent Bug is an uncovered or unidentified bug which exists in the system over a period of time is known as the Latent Bug. The bug may persist in the system in one or more versions of the software.
- load generator
- In performance testing, a tool used for the creation of a defined set of activities to be submitted to a target process or system
M
- MQTT (Message Queuing Telemetry Transport)
MQTT is the most commonly used messaging protocol for the Internet of Things (IoT). MQTT allows for messaging between devices to the cloud and the cloud to the device.
- Microservices
A modular software component that does one defined job. It is an architectural style that structures an application as a collection of small autonomous services modeled around a business domain. They are small, independent, and loosely coupled.
- Microservices
Microservices —also known as microservices architecture— is a software architecture style that structures apps as a collection of loosely coupled, independent, and highly maintainable services that are organized to enhance an app, website, or platform’s business capabilities.
- Middleware
- Middleware is computer software that provides services to software applications beyond those available from the operating system. It can be described as “software glue”.[1]
Middleware makes it easier for software developers to implement communication and input/output, so they can focus on the specific purpose of their application.
- Mock Servers
In some situations, the mock server behaves like a real server, but it responds with the same set of responses as mocked. It emulates the real server.
- Monkey Testing
- Monkey testing is a type of software testing in which a software or application is tested using random inputs with the sole purpose of trying and breaking the system. There are no rules in this type of testing. It completely works on the tester’s mood or gut feeling and experience.
- management console
- In performance testing, an interface to a load generation tool that provides the control to start and stop the load generation
- minimal essential test strategy
- A lightweight approach to risk analysis sometimes used when testing mobile applications Acronym: METS Ref: Paskal
- mobile application
- A general term for a software application that is used via a
mobile device such as a smart phone
- mobile application testing
- Testing that is conducted on mobile applications
- mobile web application
- A mobile application that is designed for use by a variety of
devices with the majority of the code residing on the web
server.
N
- native device
- The actual physical device that is running a mobile application
Synonym: real device
- native mobile application
- A mobile application that is designed for a specific device
family and is coded to access specific functionality of the
device normally via tools that have been specifically designed
for the device.
O
- OAuth
- OAuth is a delegated authorization framework used for REST/APIs. This is one of the efficient methods of authorizing, which restricts the improper usage of the APIs. For example, a user can sign in on one platform and then be authorized to perform actions and view data on another platform with OAuth.
- OWASP
- (Open Web Application Security Project): A non-profit organization dedicated to improving web application security. All of its resources are free of charge.
- OpenAPI
- OpenAPI is a specification that describes, produces, consumes, and visualizes RESTful APIs and web services.
- Over-Permissioned Container
An over-permissioned container is a container that has all the root capabilities of a host machine. That means that it can access resources that aren’t accessible to ordinary containers and users. The problem with over-permissioning is that it gives malicious actors a point where they can attack your infrastructure and compromise your implementation.
- operational profile
- The representation of a distinct set of tasks performed by
the component or system, possibly based on user behavior
when interacting with the component or system, and their
probabilities of occurrence. A task is logical rather than
physical and can be executed over several machines or be
executed in non-contiguous time segments
P
- Pagination of APIs
The pagination mechanism is used when the API returns a large data set. It is similar to how the Google search response is handled and split into pages. There are different types of Pagination:
Offset Pagination: is the simplest method; “limit” and “offset” values are used here.
Keyset Pagination: uses the filter values of the previous page to determine the next set of items.
Seek Pagination: this is the enhanced version of keyset pagination. It helps filter the particular limit.
Parameters: API Parameters are passed along with the endpoint URL, which helps filter resources. Path/Query params are the most frequently used ones.
- Parameters
Parameters are special types of variables used in computer programming to pass information between procedures and functions. An argument to a function is referred to as a parameter. Adding three numbers, for example, may require three parameters.
- Path params
Type of a parameter lives with the URI
- Payload
The actual body/content passed as part of the API request. It can be in different forms such as JSON, Text, HTML, XML, etc.
- Penetration Testing
Also called pen testing or ethical hacking, penetration testing simulates attacks on your computer system to identify exploitable vulnerabilities. Pen testing identifies, tests, and highlights vulnerabilities in an organization’s security posture. Web application firewalls (WAF) are generally augmented by penetration testing in the context of web application security.
- Persona
- A fictional character representing a certain type of users and how they will interact with the system.
- Postman
Postman is a platform to build, test, design, modify, and document APIs. It is a simple Graphic User Interface for sending and viewing HTTP requests and responses.
- Private APIs
Internal APIs are the opposite of open APIs in that they are inaccessible to external consumers and only available to an organization’s internal developers. Internal APIs can enable enterprise-wide initiatives from adopting DevOps and microservice architectures to legacy modernization and digital transformation.
- Production Environment
In a production environment, software and other products are actually put into operation in how their intended users intend them to be used. Developers generally use this term to refer to the setting where end-users will actually use the products. In a production environment, software programs and hardware are run in real-time, and they are relied on daily by organizations and companies for their daily operations.
- Public APIs
An open or public API saves developers time by allowing them to connect their platform with previously existing tools, reducing the need to create entirely new functions. Most public APIs require no authorization.
- performance objective
- A goal for the various performance aspects of a system that can be verified through conducting tests in a controlled environment
- performance test script
- A simulation of user or component activity that contributes to the load on the system under test
- performance testing tool
- A tool to support performance testing that usually has three main facilities: load generation, a management console that provides an interface to a load generation tool, and a monitoring tool. (see also load generator, management console, monitoring tool)
- protocol
- Protocols define a set of communications rules between computers and systems.
Q
- Query params
Type of a parameter added to the end of the URI after “?”
R
- RAML
(RESTful API Modeling Language): RAML is a powerful YAML-based language used to define API contracts. RAML allows teams to define, build and collaborate on APIs rapidly and easily.
- REST
Created by Roy Fielding, a computer scientist, REST, which stands for representational state transfer, is an application programming interface that conforms to the constraints of REST architectural style and enables a quicker interaction between different RESTful web services. A stateless Web service must be able to read and modify its resources using a predefined set of operations and a textual representation.
- REST
(REpresentational State Transfer): REST is a software architectural style that defines a set of methods to build a web Application Programming Interface (API). REST is one of the most popular types of API due to its simplicity and client-friendly nature. Requests are sent via several formats: JSON, HTML, XML, plain text. JSON is the most commonly used format.
- RapidQL
RapidQL is a JSON-like query language implemented in JavaScript. This essentially helps describe the various inputs used in your queries.
- Rest Assured
REST Assured is a Java library used for testing and validating the REST APIs.
- Risk analysis
- The process of assessing identified project or product risks to
determine their level of risk, typically by estimating their impact
and probability of occurrence (likelihood)
- ramp down
- The act of decreasing the load on a system in a measurable
and controlled way
- ramp up
- The act of increasing the load on a system in a measurable and controlled way
S
- SDK
SDK stands for software development kit and is a set of instructions, integrated practices, pieces, code samples, and documentation that enables developers to create software applications on a specific software platform. SDKs can be seen as workshops with everything developers need to build specific software for a determined platform.
- SDLC
SDLC —also called software development lifecycle— is the process for planning, creating, testing, and deploying an information system. SDCL aims at producing quality software at the lowest cost in the shortest time possible. SDLC gives developers a structured flow divided into phases to help companies produce high-quality software.
- SLA
- A service-level agreement (SLA) is defined as an official commitment that prevails between a service provider and the customer.
- SOAP
Simple Object Access Protocol (SOAP) is a protocol specification for exchanging structured information to implement web services. SOAP leverages XML Information Set for message format and other application-layer protocols, such as HTTP or SMTP for message transmission. The messaging services provided by SOAP are exclusively XML-based. Microsoft originally developed the SOAP protocol to replace old technologies such as Distributed Component Object Model (DCOM) and Common Object Request Broker Architecture (CORBA) that cannot work over the internet.
- SOAP
(Simple Object Access Protocol): SOAP is an XML-based protocol for accessing web services over HTTP. The SOAP message is nothing but an XML document with an envelope, header, and body.
- SQL Injection
An SQL injection technique is a way to inject code into a database that may damage it. SQL injections are one of the most common web hacking techniques and rely on the placement of malicious SQL code in SQL statements via web input using forms or other editable fields.
- SSL Certificates
SSL certificates create a foundation of trust by establishing a secure connection. It is a small data file that cryptographically establishes an encrypted link between a web server and a browser. It protects client-server communication from vulnerable attacks.
- Schema
It defines the data format, including the data types. This schema validates the API requests.
- Server
A server is a computer program or device that provides a service to another computer program and its user, also known as the client. In a data center, the physical computer that a server program runs on is also frequently referred to as a server.
(a web server, a database server, a mail server, or something else)
- Status Codes
The list of numeric codes followed by a message returned from the server to the client. Each response code tells a different story about the API response.
- Story Mapping
- A technique ordering user stories on two dimensions, the horizontal axis representing their execution order, and the vertical axis representing the sophistication of the implemented product.
- Storyboard
- A visual representation of the system in which user stories are represented in context for the purpose of understanding the business processes.
- Swagger
Swagger is an open-source set of rules, specifications, and tools for developing and describing RESTful APIs. Also, there is an open-source tool called Swagger, which is used to design, build, document, and use RESTful web services.
- service virtualization
- A method to emulate the behavior of specific components, services, of a system
- simulator
- A device, computer program or system used during testing,
which behaves or operates like a given system when provided
with a set of controlled inputs.
- spike testing
- A type of performance testing conducted to evaluate the ability of a system to recover from sudden bursts of peak loads and return afterward to a steady state
- stakeholder
- A party that has an interest in the activities of a project, system or organization
- system throughput
- The amount of data or data items passing through a system or process
T
- Test Basic
- Test Basic is a document or source of information that is needed to write test cases and perform test analysis.
- Test Basic
- Test Basic is a document or source of information that is needed to write test cases and perform test analysis.
- Test Oracles
- A source to determine expected results to compare with the actual result of the software under test. An oracle may be the existing system (for a benchmark), other software, a user manual, or an individual’s specialized knowledge, but should not be the code.
- Test strategy
- A test strategy is an outline that describes the testing approach of the software development cycle. The purpose of a test strategy is to provide a rational deduction from organizational, high-level objectives to actual test activities to meet those objectives from a quality assurance perspective.
- Teststorming
- A technique used to derive test cases using techniques such as brainstorming or mindmaps Ref: Rice
- think time
- The amount of time required by a user to determine and execute the next action in a sequence of actions
- transaction
- A set of activities performed by the system from the point of initiation to the point at which one or more processes have been completed
U
- URI
Identifier of a specific resource using both location (URL) and name (URN)
- URL
Subset of URI, often can be identified as a string directed to an address
V
- virtual user
- A simulation of the activities that would be performed by a user according to the operational profile
W
- WSDL
- WSDL (Web Services Description Language) is an XML-based language that is used to describe and define the functionality of web services. It is a standard way of describing a web service’s interface, which includes the me
thods available, the input and output parameters of each method, and the location of the service.
WSDL is often used in combination with SOAP (Simple Object Access Protocol), an XML-based messaging protocol used to transmit data over the internet. Together, they provide a standard way for different applications to communicate with each other through web services.
WSDL defines the contract between the client and the server that specifies how the communication takes place, what the client expects from the server, and what the server sends back to the client as a response. It allows developers to generate code for client-side applications to interact with web services without requiring knowledge of the underlying protocol or network communication.
- Web Scraping
Web scraping or web data extraction is data scraping used for extracting data from websites. The wanted content is segregated and separated from the list of long content.
- WebSockets
A WebSocket is a transport protocol defined by a persistent bi-directional communication channel between a client and the server. It was designed to overcome the limitations of HTTP’s basic request/response mechanism.
- Webhook
A webhook (also called a web callback or HTTP push API) is a way for an app to provide other applications with real-time information. Webhooks deliver data directly to other applications, so data is available immediately instead of standard APIs requiring frequent polling for real-time data. Webhooks are beneficial to both consumers and providers in this way, but the only drawback is the difficulty of setting them up at first.
- What is manual testing?
- Manual testing is a process of testing the software manually to identify any defects without the usage of automated tools or scripts. It involves the manual execution of test cases and comparison of the actual results with the expected results.
The process involves manual execution of test cases, analysis of results, and bug reporting. To perform manual testing, developers must have a good understanding of the functionality of the system and the requirement specifications. Additionally, they must have an eye for detail, problem-solving skills, and an understanding of the application domain.
X
- XML
Extensible Markup Language
Y
- YAML
(Yet Another Markup Language) YAML is a data serialization format similar to XML and JSON. YAML is a case-sensitive, human-readable data format.
Z
- ZAP
Also called OWASP Zed Attack Proxy (ZAP) is one of the world’s most popular free security tools, which lets you automatically find security vulnerabilities in your applications. With ZAP, you can also do nearly everything you can do with the desktop interface using its powerful API. By automating penetration testing and security regression testing, developers can automate an application’s security testing during the CI/CD process.