Software Quality Assurance : Integrating Testing, Security, and Audit book cover
1st Edition

Software Quality Assurance
Integrating Testing, Security, and Audit

ISBN 9780367567972
Published August 2, 2021 by Auerbach Publications
390 Pages 46 B/W Illustrations

FREE Standard Shipping
USD $47.95

Prices & shipping based on shipping country


Book Description

Software Quality Assurance: Integrating Testing, Security, and Audit focuses on the importance of software quality and security. It defines various types of testing, recognizes factors that propose value to software quality, and provides theoretical and real-world scenarios that offer value and contribute quality to projects and applications. The practical synopsis on common testing tools helps readers who are in testing jobs or those interested in pursuing careers as testers. It also helps test leaders, test managers, and others who are involved in planning, estimating, executing, and maintaining software.

The book is divided into four sections: The first section addresses the basic concepts of software quality, validation and verification, and audits. It covers the major areas of software management, software life cycle, and life cycle processes. The second section is about testing. It discusses test plans and strategy and introduces a step-by-step test design process along with a sample test case. It also examines what a tester or test lead needs to do before and during test execution and how to report after completing the test execution.

The third section deals with security breaches and defects that may occur. It discusses documentation and classification of incidences as well as how to handle an occurrence. The fourth and final section provides examples of security issues along with a security policy document and addresses the planning aspects of an information audit. This section also discusses the definition, measurement, and metrics of reliability based on standards and quality metrics methodology CMM models. It discusses the ISO 15504 standard, CMMs, PSP, and TSP and includes an appendix containing a software process improvement sample document.

Table of Contents


Quality Concept and Perspectives
Software Quality Concept
Software Quality Characteristics
ISO/IEC 9126
Control Objectives for Information and Related Technology (COBIT)
Validation and Verification
Reviews and Audit

Management and Process
Software Management
Software Life Cycle Models
Life Cycle Processes


Testing: Concept and Definition
Testing in the Software Life Cycle
Software Testing Life Cycle
Kinds/Types of Testing
Suggested Readings

Testing: Plan and Design
Plan and Strategy
Test Plan
Test Tools
Test Scope
Test Approach and Stages
Test Schedule
Defect Reporting and Tracking
Roles and Responsibilities
Reference Documents
Testing Estimation
Lessons Learned
Test Design Factors
Test Case Specification and Design

Test: Execution and Reporting
Starting Test Execution
Test Result Reporting
View and Analyze Test Results


Incident Management
Overview on Incident Management
Why Incident Management Is Important
Investigation and Analysis
Response and Recovery
Security Incidents

Defect Management
Definition and Analysis
Process and Methodology
Root Cause Analysis
Defect Prevention

Risk Vulnerability and Threat Management
Risk Management
Vulnerability, Risk, and Threat Analysis
Risk Management Life Cycle
Effective methods to identify Risks
Risk Assessment Matrix
Risk Response Strategy
Risk Assessment & Contingency Plan
Vulnerability Risk and Threat Analysis
OCTAVE and Risk Management
Appendix A: Sample
Appendix B: Risk Factors


Information Security
Definition and Importance
Security Policy Document

Information Audit
Definition and Planning
Audit Process and Procedure
Auditing and Information Security

Software Reliability and Process Improvement
Definition and Measurement
Measurement-Based Assurance
Quality Metrics Methodology
Software Reliability Measurement & Estimation
CMMs The Capability Maturity Model SEI/CMM
Software Process Improvement and Capability Determination (SPICE)
Appendix: Software Process Improvement

View More



Abu Sayed Mahfuz, ITIL, MIS, MA, has over 15 years of experience in the business and information technology profession, including database manager, technology manager, software quality lead, and technology instruction in several prestigious multinational companies. He is a distinguished trainer, speaker, and book author. Mr. Mahfuz earned his master’s degree in computer and information systems from the University of Detroit Mercy and two other master’s degrees from Malaysia and Bangladesh. He also holds ITIL Foundation certification and several software quality, cyber security, and phishing related internal certifications from Hewlett Packard.