Software Quality Assurance: Integrating Testing, Security, and Audit (Paperback)

Software Quality Assurance: Integrating Testing, Security, and Audit focuses on the importance of software quality and security. It defines various types of testing, recognizes factors that propose value to software quality, and provides theoretical and real-world scenarios that offer value and contribute quality to projects and applications. The practical synopsis on common testing tools helps readers who are in testing jobs or those interested in pursuing careers as testers. It also helps test leaders, test managers, and others who are involved in planning, estimating, executing, and maintaining software.

The book is divided into four sections: The first section addresses the basic concepts of software quality, validation and verification, and audits. It covers the major areas of software management, software life cycle, and life cycle processes. The second section is about testing. It discusses test plans and strategy and introduces a step-by-step test design process along with a sample test case. It also examines what a tester or test lead needs to do before and during test execution and how to report after completing the test execution.

The third section deals with security breaches and defects that may occur. It discusses documentation and classification of incidences as well as how to handle an occurrence. The fourth and final section provides examples of security issues along with a security policy document and addresses the planning aspects of an information audit. This section also discusses the definition, measurement, and metrics of reliability based on standards and quality metrics methodology CMM models. It discusses the ISO 15504 standard, CMMs, PSP, and TSP and includes an appendix containing a software process improvement sample document.

《軟體品質保證：整合測試、安全性和審計》專注於軟體品質和安全性的重要性。本書定義了各種測試類型，認識到對軟體品質提供價值的因素，並提供了理論和實際案例，以提供價值並為項目和應用程式貢獻品質。對於從事測試工作或有興趣從事測試人員職業的讀者，本書提供了對常見測試工具的實用概述。它還幫助測試領導者、測試經理和其他參與軟體規劃、估算、執行和維護的人員。

本書分為四個部分：第一部分介紹了軟體品質、驗證和驗證的基本概念，以及審計。它涵蓋了軟體管理、軟體生命週期和生命週期流程的主要領域。第二部分是關於測試的。它討論了測試計劃和策略，介紹了一個逐步的測試設計過程以及一個樣本測試案例。它還檢查了測試人員或測試領導在測試執行之前和期間需要做的事情，以及如何在完成測試執行後進行報告。

第三部分處理可能發生的安全漏洞和缺陷。它討論了事件的文檔和分類，以及如何處理事件。第四部分提供了安全問題的示例，以及一份安全政策文件，並討論了信息審計的計劃方面。本部分還討論了基於標準和品質指標方法論CMM模型的可靠性的定義、測量和指標。它討論了ISO 15504標準、CMM、PSP和TSP，並包含一個附錄，其中包含一份軟體流程改進的樣本文件。

Abu Sayed Mahfuz, ITIL, MIS, MA, has over 15 years of experience in the business and information technology profession, including database manager, technology manager, software quality lead, and technology instruction in several prestigious multinational companies. He is a distinguished trainer, speaker, and book author. Mr. Mahfuz earned his master's degree in computer and information systems from the University of Detroit Mercy and two other master's degrees from Malaysia and Bangladesh. He also holds ITIL Foundation certification and several software quality, cyber security, and phishing related internal certifications from Hewlett Packard.

Abu Sayed Mahfuz先生擁有ITIL、MIS、MA等專業資格，並在商業和資訊技術領域擁有超過15年的經驗，包括數據庫經理、技術經理、軟體品質主管以及在幾家知名跨國公司擔任技術指導。他是一位傑出的培訓師、演講者和書籍作者。Mahfuz先生在底特律慈悲大學獲得了計算機和資訊系統的碩士學位，並在馬來西亞和孟加拉國獲得了另外兩個碩士學位。他還擁有ITIL基礎認證以及來自惠普公司的幾項軟體品質、網絡安全和釣魚相關的內部認證。