Skip to main content

Testing and Validation

Overview

Testing and validation were performed throughout the development lifecycle of the Secure Controlled Guns and Ammunition Inventory Management System (SCGAIMS) to verify functionality, ensure data integrity, validate business logic, and confirm that security controls operated as intended.

The testing approach focused primarily on validating the core objectives of the system:

  • Inventory accountability
  • Inventory traceability
  • Auditability
  • Discrepancy detection
  • Investigation management
  • Data integrity
  • Security governance

Testing was conducted through a combination of:

  • Functional Testing
  • API Testing
  • Workflow Validation
  • Data Validation
  • Negative Testing
  • Security Validation

Postman was utilized as the primary API testing platform.


Testing Objectives

The primary objectives of testing were to verify that:

  • Inventory transactions are processed correctly.
  • Inventory quantities are updated accurately.
  • Audit logs are generated correctly.
  • Discrepancy detection functions as expected.
  • Investigations can be resolved successfully.
  • Data integrity is maintained.
  • Business rules are enforced consistently.

Testing Environment

Application Environment

ComponentPlatform
BackendDjango
DatabasePostgreSQL
Cloud DatabaseSupabase
API FrameworkDjango REST Framework
Testing ToolPostman
Source ControlGitHub

Development Environment

URL:
http://127.0.0.1:8000/

All testing activities were conducted within the development environment prior to production deployment.


Functional Testing

Purpose

Functional testing was performed to validate that system features behaved according to business requirements.


Components Tested

Inventory Retrieval

GET /inventory/

Inventory Issuance

POST /issue-item/

Inventory Returns

POST /return-item/

Issue Record Retrieval

GET /issue-records/

Audit Log Retrieval

GET /audit-logs/

Investigation Resolution

POST /resolve-investigation/

API Testing

Testing Methodology

Each endpoint was tested through Postman using valid and invalid requests.

Testing focused on:

  • Request processing
  • Response validation
  • Database updates
  • Audit logging
  • Error handling

Test Case 1

Inventory Retrieval

Objective

Verify inventory records can be successfully retrieved.


Endpoint

GET /inventory/

Expected Result

Inventory records returned successfully.

Actual Result

PASS

Inventory records were returned correctly.


Evidence

Insert Postman Screenshot

Test Case 2

Inventory Issuance

Objective

Verify inventory can be issued successfully.


Endpoint

POST /issue-item/

Test Data

{
"inventory_id": 1,
"quantity": 120,
"issued_to": "Officer A"
}

Expected Result

Issue record created.

Inventory quantity reduced.

Audit log generated.

Actual Result

PASS

All expected operations completed successfully.


Evidence

Insert Postman Screenshot

Test Case 3

Inventory Return

Objective

Verify successful inventory returns.


Endpoint

POST /return-item/

Test Data

{
"issue_id": 1,
"quantity_returned": 120
}

Expected Result

Inventory updated.

Transaction completed.

Actual Result

PASS

Inventory successfully returned.


Evidence

Insert Postman Screenshot

Test Case 4

Discrepancy Detection

Objective

Validate discrepancy detection logic.


Test Scenario

Issued Quantity:

120

Returned Quantity:

100

Expected Result

Discrepancy flagged.

Investigation generated.

Audit log generated.

Actual Result

PASS

System correctly identified discrepancy.


Evidence

Insert Postman Screenshot

Test Case 5

Investigation Resolution

Objective

Verify investigation resolution workflow.


Endpoint

POST /resolve-investigation/

Test Data

{
"investigation_id": 1,
"resolution_notes": "Inventory discrepancy reviewed and resolved."
}

Expected Result

Investigation status updated.

Resolution notes saved.

Audit record generated.

Actual Result

PASS

Investigation successfully resolved.


Evidence

Insert Postman Screenshot

Test Case 6

Audit Log Retrieval

Objective

Verify system audit records.


Endpoint

GET /audit-logs/

Expected Result

Audit records returned successfully.

Actual Result

PASS

Audit entries retrieved correctly.


Evidence

Insert Postman Screenshot

Data Integrity Validation

Purpose

Verify that inventory quantities remain accurate following transactions.


Validation Areas

Inventory Quantities

Confirmed inventory quantities are updated correctly after:

Issuance

Returns

Issue Records

Confirmed issue records accurately maintain:

Quantity Issued

Quantity Returned

Discrepancy Status

Investigation Records

Confirmed discrepancies generate corresponding investigations.


Result

PASS

Data integrity was maintained.


Business Rule Validation

Rule 1

Inventory Availability

Requirement:

Cannot issue more inventory than available.

Validation

Attempted issuance exceeding available stock.


Result

PASS

Transaction rejected.


Rule 2

Discrepancy Detection

Requirement:

Returned quantity must be compared to issued quantity.

Result

PASS

Discrepancies correctly identified.


Rule 3

Investigation Workflow

Requirement:

Discrepancies require investigation.

Result

PASS

Investigation workflow triggered successfully.


Negative Testing

Purpose

Negative testing verifies system behavior when invalid data is submitted.


Scenario 1

Invalid Inventory Identifier

Request:

{
"inventory_id": 9999
}

Expected Result

Transaction rejected.

Actual Result

PASS

Scenario 2

Excessive Inventory Request

Request:

Requested quantity exceeds inventory quantity.

Expected Result

Transaction rejected.

Actual Result

PASS

Scenario 3

Invalid Investigation Identifier

Request:

{
"investigation_id": 9999
}

Expected Result

Investigation not found.

Actual Result

PASS

Security Validation

Audit Logging

Verified that critical operations generate audit records.


Inventory Transactions

Verified:

Issue Inventory

Return Inventory

generate audit entries.


Investigation Resolution

Verified investigation updates generate audit records.


Environment Variable Validation

Verified sensitive values are stored outside application source code.

Examples include:

DB_PASSWORD

AUTH0_CLIENT_SECRET

Result

PASS

Security controls functioned as expected.


User Acceptance Validation

The implemented functionality was evaluated against the project objectives.

RequirementStatus
Inventory VisibilityComplete
Inventory IssuanceComplete
Inventory ReturnsComplete
Audit LoggingComplete
Discrepancy DetectionComplete
Investigation ResolutionComplete
PostgreSQL IntegrationComplete
Supabase IntegrationComplete
Environment VariablesComplete
GitHub IntegrationComplete
Auth0 ConfigurationIn Progress

Testing Summary

CategoryResult
Functional TestingPASS
API TestingPASS
Workflow ValidationPASS
Data Integrity TestingPASS
Discrepancy TestingPASS
Investigation TestingPASS
Negative TestingPASS
Security ValidationPASS

Lessons Learned

Testing demonstrated that automated accountability workflows significantly improve inventory governance by:

  • Reducing manual tracking errors.
  • Improving transaction traceability.
  • Supporting investigations.
  • Increasing operational visibility.
  • Enhancing auditability.

The discrepancy detection and audit logging capabilities proved particularly effective in supporting accountability objectives.


Conclusion

Testing and validation activities confirmed that SCGAIMS successfully meets its core operational objectives relating to inventory accountability, traceability, auditability, discrepancy detection, and investigation management. The system demonstrated reliable behavior across all tested workflows and established a strong foundation for future enhancements including Auth0 authentication workflows, MFA enforcement, and DevSecOps automation.