Software Quality Assurance: Integrating Testing, Security, and Audit, 1st Edition (Hardback) book cover

Software Quality Assurance

Integrating Testing, Security, and Audit, 1st Edition

By Abu Sayed Mahfuz

Auerbach Publications

356 pages | 46 B/W Illus.

Purchasing Options:$ = USD
Hardback: 9781498735537
pub: 2016-04-27
SAVE ~$17.19
eBook (VitalSource) : 9780429185878
pub: 2016-04-27
from $42.98

FREE Standard Shipping!


Software Quality Assurance: Integrating Testing, Security, and Audit focuses on the importance of software quality and security. It defines various types of testing, recognizes factors that propose value to software quality, and provides theoretical and real-world scenarios that offer value and contribute quality to projects and applications. The practical synopsis on common testing tools helps readers who are in testing jobs or those interested in pursuing careers as testers. It also helps test leaders, test managers, and others who are involved in planning, estimating, executing, and maintaining software.

The book is divided into four sections: The first section addresses the basic concepts of software quality, validation and verification, and audits. It covers the major areas of software management, software life cycle, and life cycle processes. The second section is about testing. It discusses test plans and strategy and introduces a step-by-step test design process along with a sample test case. It also examines what a tester or test lead needs to do before and during test execution and how to report after completing the test execution.

The third section deals with security breaches and defects that may occur. It discusses documentation and classification of incidences as well as how to handle an occurrence. The fourth and final section provides examples of security issues along with a security policy document and addresses the planning aspects of an information audit. This section also discusses the definition, measurement, and metrics of reliability based on standards and quality metrics methodology CMM models. It discusses the ISO 15504 standard, CMMs, PSP, and TSP and includes an appendix containing a software process improvement sample document.

Table of Contents


Quality Concept and Perspectives


Software Quality Concept

Software Quality Characteristics

ISO/IEC 9126

Control Objectives for Information and Related Technology (COBIT)

Validation and Verification

Reviews and Audit

Management and Process


Software Management

Software Life Cycle Models

Life Cycle Processes


Testing: Concept and Definition


Testing in the Software Life Cycle


Software Testing Life Cycle

Kinds/Types of Testing

Suggested Readings

Testing: Plan and Design


Plan and Strategy

Test Plan

Test Tools

Test Scope

Test Approach and Stages

Test Schedule

Defect Reporting and Tracking

Roles and Responsibilities

Reference Documents

Testing Estimation

Lessons Learned

Test Design Factors

Test Case Specification and Design

Test: Execution and Reporting


Starting Test Execution

Test Result Reporting

View and Analyze Test Results


Incident Management


Overview on Incident Management

Why Incident Management Is Important


Investigation and Analysis

Response and Recovery


Security Incidents

Defect Management


Definition and Analysis

Process and Methodology

Root Cause Analysis

Defect Prevention

Risk Vulnerability and Threat Management


Risk Management

Vulnerability, Risk, and Threat Analysis

Risk Management Life Cycle

Effective methods to identify Risks

Risk Assessment Matrix

Risk Response Strategy

Risk Assessment & Contingency Plan

Vulnerability Risk and Threat Analysis

OCTAVE and Risk Management

Appendix A: Sample

Appendix B: Risk Factors


Information Security


Definition and Importance


Security Policy Document

Information Audit


Definition and Planning

Audit Process and Procedure

Auditing and Information Security

Software Reliability and Process Improvement


Definition and Measurement

Measurement-Based Assurance

Quality Metrics Methodology

Software Reliability Measurement & Estimation

CMMs The Capability Maturity Model SEI/CMM

Software Process Improvement and Capability Determination (SPICE)

Appendix: Software Process Improvement

About the Author

Abu Sayed Mahfuz, ITIL, MIS, MA, has over 15 years of experience in the business and information technology profession, including database manager, technology manager, software quality lead, and technology instruction in several prestigious multinational companies. He is a distinguished trainer, speaker, and book author. Mr. Mahfuz earned his master’s degree in computer and information systems from the University of Detroit Mercy and two other master’s degrees from Malaysia and Bangladesh. He also holds ITIL Foundation certification and several software quality, cyber security, and phishing related internal certifications from Hewlett Packard.

About the Series

Internal Audit and IT Audit

Learn more…

Subject Categories

BISAC Subject Codes/Headings:
COMPUTERS / Information Technology
COMPUTERS / Software Development & Engineering / General
COMPUTERS / Security / General