Software Testing Methodologies And Techniques

There are a variety of different software testing methodologies development organizations use. The software testing technique an organization uses and the software testing lifecycle it follows are tied to the model it employs to develop its software. The more well-known software development models include the waterfall model, the V-model, the Agile model, the spiral model, the Rational Unified Process (RUP) and the Rapid Application Development (RAD) model. Each of these models employs a different testing methodology — testing the quality and security of software in different ways and at different stages.


Agile has become the most popular software development methodology in recent years. According to a 2014 InfoQ poll, the majority of firms use Agile techniques in some capacity for software development projects.

With Agile, developers build software incrementally. They break projects down into small segments of user functionality called user stories, prioritize them, and then continuously deliver them in two-week cycles called sprints. The testing methodology is also incremental — each small release is thoroughly tested to ensure quality.

Advantages of the Agile model

  • Increased customer satisfaction due to rapid, continuous delivery of useful software
  • An emphasis on people and interactions rather than process and tools
  • Regular adaptation to changing circumstances

Disadvantages of the Agile model

  • Difficulty predicting the time and effort larger projects will require
  • Dependent on clear customer requirements upfront

Security testing with Agile

Veracode developers use the Agile methodology and find it the most effective method for both code development and testing, in particular security testing. Since testing occurs during the development phase in Agile, coding issues are found earlier when they are easier to fix. With Agile’s software testing techniques, security becomes part of the coding process, not something tacked on at the end — ensuring developers can more easily identify and fix vulnerabilities and deliver a more secure product.

In a recent blog post, Veracode’s director of platform engineering said of security testing with Agile, “By finding vulnerabilities during the coding phase instead of during a separate security hardening sprint, developers need not switch context to work on code written long ago. This saves time and increases velocity — while at the same time ensuring the security of the software being developed, tested and shipped.”

What Developers Don't Know About Security (But Should)

Get the eBook

Rapid Application Development (RAD)

RAD is also an incremental model of software development. But with RAD, the focus is on building a prototype that looks and acts like the final product — in order to test its usefulness.

In the RAD model, functions are developed in parallel like mini projects. The developments are time boxed, delivered and then assembled into a working prototype. With this model, customers quickly receive a deliverable they can see, use and provide feedback on.

The RAD approach also emphasizes a flexible process that can adapt as the project evolves.

The RAD model features a slightly different software testing method — prototypes are tested during each iteration, then the finished application is tested at the end of development.

RAD phases

  • Business modeling: Information flow between business functions identified
  • Data modeling: Information gathered from business modeling used to define data objects needed for the business
  • Process modeling: Data objects defined in data modeling converted
  • Application generation: Automated tools used to convert process models into code
  • Testing and turnover: New components and all interfaces tested

RAD advantages

  • Lower costs due to reduced cycle time and improved productivity
  • Less cost and schedule risk due to time-box approach
  • Higher customer satisfaction due to customer involvement throughout the cycle

RAD disadvantages

  • Risk of never achieving closure
  • Hard to use with legacy systems
  • Requires a system that can be modularized

Rational Unified Process (RUP)

The Rational Unified Process (RUP) is an iterative software development process framework created by the Rational Software Corporation, a division of IBM.

The RUP framework provides guidelines, templates and examples for all aspects and stages of development.

It divides the development process into four distinct phases that each involve business modeling, analysis and design, implementation, testing, and deployment. The four phases are:

  1. Inception: The development team determines if the project is worth pursuing and what resources will be needed.
  2. Elaboration: Developers consider possible applications of the software and costs associated with the development.
  3. Construction: The project is developed and completed. The software is designed, written and tested.
  4. Transition: The software is released to the public. Final adjustments or updates are made based on feedback from end users.

RUP advantages

  • Emphasis on accurate documentation
  • Ability to accommodate changing requirements
  • Availability of online training and tutorials

RUP disadvantages

  • The development process is too complex and disorganized.
  • Reuse of components is not possible with cutting-edge, new technology.

Spiral Model

The spiral model is similar to the incremental model, with more emphasis placed on risk analysis. The spiral model has four phases: Planning, Risk Analysis, Engineering and Evaluation. A software project repeatedly passes through these phases in iterations (called spirals in this model). In the baseline spiral, requirements are gathered and risk is assessed. Each subsequent spiral builds on the baseline spiral.

Spiral advantages

  • Lower risk due to high amount of risk analysis
  • A good fit for large and mission-critical projects
  • Strong approval and documentation control
  • Ability to add additional functionality at a later date

Spiral disadvantages

  • With spiral’s software testing method, testing is started only after coding.
  • It can be a costly model to use.
  • Risk analysis requires highly specific expertise.
  • The project’s success is highly dependent on the risk analysis phase.
  • It doesn’t work well for smaller projects.


V-model means Verification and Validation model. The V-shaped life cycle in this model is sequential —each phase must be completed before the next phase begins. Testing of the product is planned in parallel with a corresponding phase of development.

V-model disadvantages

  • Too simple to accurately reflect the software development process
  • No inherent ability to respond to change
  • Leads to testing being squeezed in at the end of development

V-model advantages

  • It is simple and easy to use.
  • Works well for small projects where requirements are easily understood.

Waterfall Model

In the waterfall model, software development progresses steadily downward (like a waterfall) through conception, initiation, analysis, design, construction, testing, production/implementation and maintenance.

Once a phase of development is completed, the development proceeds to the next phase and there is no turning back.

Waterfall advantages

The advantage of waterfall development is that it allows for departmentalization and managerial control. Each stage of development features a schedule with set deadlines, moving products through the development process step-by-step and, theoretically, to delivery on time.

Waterfall disadvantages

The disadvantage of waterfall development is that it does not allow for much revision. Once an application is in the testing stage, it is very difficult to go back and change something.

As Greg Nicastro, EVP of Software Development and SaaS Operations at Veracode, says of waterfall, “developers end up working on fixes for code they haven't seen in months (talk about unproductive context switching) and QA ends up with enormous and unfair pressure to ship low-quality software. It's impractical to hope for a perfect product without room for trial, error, and iteration.”

5 principles of Secure DevOps

Learn best practices from the pros at Veracode.

Get the Handbook