Logo
blank Skip to main content

Discuss Your Secure SDLC with Apriorit Team

Meet Us at Booth 1866

San Francisco

|

May 6 – 9

|

Moscone Center

Meet Us at Booth 1866

|

May 6 – 9

Book time slot
RSA Conference participants

4 Rules for Building a Successful Testing Strategy for Blockchain-Based Projects

QA
Blockchain
Web3
Thu, 30 January 2020 7:15 am

Share this article

Testing a software application without a well-planned strategy is like trying to find your way out of a dark forest with no map and no flashlight — your chance of success is close to zero. When it comes to blockchain application testing, dedicating enough time and effort to planning your testing strategy is critical.

Today, blockchain technology is often used for improving the overall security of a product and adding more transparency to its inner processes. Having a well-planned testing strategy can help you make sure this additional layer won’t cause any negative side effects.

At Apriorit, we have blockchain experts who know how to ensure the quality of blockchain systems and how to test software performance. In this article, we highlight the most important nuances of preparing a testing strategy for a blockchain-based project. This article will be useful for testing managers, blockchain testers, and anyone who wants to better plan their testing activities.

Contents:

In software testing, planning every step is crucial. You need to have a clear vision of what you need to test and how and when it should be tested. Missing a single little test can result in releasing your product with critical bugs that will affect its performance and security. To prevent this from happening, you need to dedicate enough time and effort to preparing your testing strategy.

Your overall testing strategy will depend on the nature and goals of your project, though general testing rules are the same for any application, whether or not it’s blockchain-based.

Let’s analyze each of these rules in detail.

Related services

Blockchain-based Solution Development

Rule #1: Always have a plan

Testing managers with limited experience tend to skip the planning stage of their testing strategy, clearly underestimating the importance of a good plan. However, a testing plan is more than just a document. It’s a tool that helps you see the bigger picture and effectively manage all testing-related processes.

Plan your actions carefully before you start any testing activities — this should be the ground rule for any testing manager. Without a clear plan and a well-thought-out strategy, achieving the desired result is nearly impossible.

Planning your testing activities can help you:

  • Save time on product testing
  • Ensure the required level of product quality

And one more thing: having a plan for your product testing activities in the first place is more important than building this plan in a particular way. At Apriorit, we have our own web application testing methodology for blockchain projects. Additionally, our specialists follow the IEEE 829-2008 standard and Rational Unified Process requirements for writing test documentation.

Read also:
Testing Metrics: Are You Really Sure about the Quality of Your Product?

Rule #2: Organize project processes

As unexpected as it may sound to a testing manager, project managers are not the only ones who should care about organizing all processes within your project. Before you start any critical activities, you need to understand the rules for communication within the project team.

Based on our previous blockchain-related projects, we’ve outlined three major tasks worth your attention:

  1. Having a continuous integration and continuous delivery (CI/CD) system
  2. Planning development processes
  3. Deploying a monitoring system

But why are these three tasks so important? Let’s find out!

1. Having a CI/CD system. Your choice of CI/CD system will depend on the general structure of your software development processes and the choice of DevOps tools for blockchain. Usually, different parts of a CI/CD system are maintained by DevOps engineers, developers, and quality assurance (QA) specialists.

Carefully choosing a CI/CD system is vital, as this system strongly affects the performance and stability of the overall system. Therefore, a testing manager needs to at least know how exactly such a system will be used and what components it will include if not participate in choosing it. This will make it easier for you to properly configure the CI/CD system and get the most out of it.

2. Planning development processes. To ensure quality testing of the end product, all development processes need to be planned wisely. 

When talking about development processes, we mostly mean:

  • Working with the source code
  • Creating and working with branches
  • Working with the master branch
  • Merging code from other branches to the master and vice versa
  • Using different types of environments (dev, testing, production, and so on)

Furthermore, even though testers aren’t directly involved in development processes, they should participate in the discussions and implement the chosen development approaches. Otherwise, there’s a risk that you won’t be able to introduce critical and much-needed changes to the project because of some peculiarities in the development processes.

For example, one thing that needs to be discussed early is the way you will make hotfixes updates in the production environment. Ideally, you need to be able to introduce such updates pointwise.

Read also:
Smart Contract Security Audit: Penetration Testing and Static Analysis

3. Deploying a monitoring system. Modern projects, whether or not they’re based on blockchain technology, require tools such as Zabbix, Tick Stack, and ELK Stack. These tools allow you to monitor the status of your testing and production environments and notify your team members about detected anomalies.

When properly configured, a monitoring system can also serve as a cybersecurity tool, helping you to detect cybersecurity incidents, suspicious events, and even cyber attacks on your resources. For example, in blockchain ecosystems, a monitoring system can effectively detect various node anomalies and suspicious node activities in the network.

Read also:
Infrastructure Automation: 7 DevOps Tools for Orchestration, Secrets Management, and Monitoring

Rule #3. Use the right set of tools

In blockchain-related projects, the speed and quality of testing strongly depend on the tools you use. We use the following tools and frameworks:

Truffle is a popular framework for building, testing, and deploying Ethereum-based applications. This framework is mostly used at the development stage as part of CI/CD, but it can be used for testing purposes as well. In particular, Truffle makes it easier to call smart contracts via the command-line interface. It also allows for writing human-readable unit tests. Thanks to included libraries, these tests can also be used as specifications.

Such a test would look something like this:

ShellScript
contract 'MyContract': describe 'basic functions': it 'should perform some actions': call contract.doYourThing(params); somevalue.should.become(true);

Note: The example above demonstrates the basic logic of the test and not the actual code you could use.

Still, Truffle is first and foremost a development tool, so you’ll need to write a lot of code and consider multiple technical nuances when working with it.

MetaMask is a web browser extension that works as an Ethereum wallet and can be rather helpful for testing blockchain-based applications. MetaMask can execute Ethereum decentralized applications (dApps) in the browser without actually running an Ethereum node.

Testers highly appreciate this extension for its ability to interact not only with Ethereum but with any Ethereum-compatible network. In particular, you can connect MetaMask with a blockchain simulator to test how your solution processes transactions on the front end.

Read also:
Capturing Suspicious Transactions on the Ethereum Blockchain

Ganache and Solo Chain are two popular blockchain simulators used for developing and testing blockchain applications. They come in handy when you need to launch a blockchain fast and without any extra effort.

With blockchain simulators, you can test nearly any feature manually or with autotests. However, it’s best not to use these tools for final confirmation testing, as the way such a simulator works differs significantly from the way a real-life blockchain network functions. There’s a chance of missing some bugs and performance issues because of these differences.

In addition, there are performance and load testing tools like Hyperledger Caliper and JMeter. These tools allow you to test your solution’s performance under different loads and in various use cases. Hyperledger Caliper also enables direct communication with smart contracts without using an API and allows you to design complex test plans for a specific smart contract.

As for the drawbacks, both Hyperledger Caliper and JMeter aren’t exactly user-friendly and well-documented. To customize JMeter to a specific network, you’ll need to analyze and use the API. Caliper, in turn, can only be used for testing Hyperledger smart contracts.

Here are a few more blockchain app testing tools you may find helpful:

  • Hyperledger Composer is an open-source tool for building and testing blockchain applications. It supports interactive testing, automated system testing, and automated unit testing.
  • Populus is a development environment that can also be used for testing Ethereum-based applications through the Python testing framework pytest. Populus allows you to write smart contracts specifically for tests and use built-in pytest fixtures as well as create custom fixtures.
  • Ethereum Tester is an open-source testing library for Ethereum-based solutions. It covers various testing requirements and has API support for such critical functionalities as forking and mining.

Of course, your choice of blockchain testing tools will fully depend on the network you use (Ethereum, Bitcoin, Tron, etc.) and the specifics of your project.

Read also:
Hyperledger Fabric: Concepts, Configuration, and Deployment

Rule #4: Apply proper tests

Now that you know what processes to pay special attention to and what tools to use, it’s time to take care of the quality of your blockchain solution. There are five key points to focus your testing efforts on:

Functional testing mostly focuses on two key aspects:

  • Block generation
  • Transaction processing

Once your network is deployed, its key nodes should start generating blocks. The speed of block generation is usually configured in basic settings at the network launch. At first, blocks are empty, as you haven’t created and processed any transactions yet.

Transaction processing is the second critical aspect that should be tested carefully. To see whether data is recorded on the network, you need to either access the blockchain network using an API or use a so-called Explorer system where you can usually see all network data. Ethereum Blockchain Explorer and Ontology Blockchain Explorer are two examples of such systems.

API testing is a must for ensuring the flawless performance of your solution. As with any other solution, all components of the blockchain ecosystem should communicate properly with each other. The best way to ensure that is by using a well-written API. Also, you may use API testing to find weaknesses such as injection flaws and security misconfigurations that can lead to breaches.

One more important aspect to include in your on-premise or cloud testing strategy is checking the availability of and testing API documentation.

Read also:
5 Most Popular Web App Security Testing Methodologies

Load testing is one of the most important parts of the testing strategy for a blockchain-based project. Quality and well-timed load testing can help you detect key weaknesses in your product and determine the necessary costs of maintaining your system’s environment.

As nodes are one of the key elements of a blockchain network, node testing is also a must. These are the key points to focus on when testing blockchain nodes:

  • Node consensus — It’s critical to make sure that all data in the network is synchronized properly.
  • Request processing — To ensure stable network performance, check if requests are well distributed and shared across the network.
  • Failure recovery check — For nodes controlled by your project, make sure to check how fast and well they are recovered after a failure.

Finally, consider applying test automation to as many tests as possible. Test automation is your key to spending less time on tests while getting better results and finding errors that would otherwise have made their way into the final product.

In general, the process of planning and automating tests remains the same. Although in blockchain-based systems, developers usually automate work with the blockchain itself using JSON-RPC instead of REST.

Automated tests also protect your system from regression defects, as autotests often include regression checks. Manual tests, on the contrary, focus on the current functionality and the impact it’s supposed to have on the end product, so some regression defects might be missed.

Related services

Specialized Quality Assurance & Testing Solutions

Conclusion

While the basic testing principles are the same as for traditional software, testing of blockchain-based applications has its peculiarities. In this article, we shared our experience planning a strategy for testing blockchain-based solutions and highlighted key nuances to consider regarding different project processes, tools and types of testing, and the overall planning of testing activities.

However, when it comes to choosing specific blockchain system testing techniques and tools, there can’t be a one-size-fits-all solution. Your choice will fully depend on the type and goals of your application as well as the network it’s based on.

At Apriorit, we have professional teams of blockchain developers, testers, and QA specialists. We’ll gladly assist you in building a blockchain-based application, testing application performance, ensuring blockchain security testing, or planning and performing blockchain systems penetration testing. Get in touсh with us to learn how you can ensure the stable performance and security of your blockchain-based solution.

Tell us about your project

Send us a request for proposal! We’ll get back to you with details and estimations.

By clicking Send you give consent to processing your data

Book an Exploratory Call

Do not have any specific task for us in mind but our skills seem interesting?

Get a quick Apriorit intro to better understand our team capabilities.

Book time slot

Contact us