Testing and Validation
Overview
Testing and validation were performed throughout the development lifecycle of the Secure Controlled Guns and Ammunition Inventory Management System (SCGAIMS) to verify functionality, ensure data integrity, validate business logic, and confirm that security controls operated as intended.
The testing approach focused primarily on validating the core objectives of the system:
- Inventory accountability
- Inventory traceability
- Auditability
- Discrepancy detection
- Investigation management
- Data integrity
- Security governance
Testing was conducted through a combination of:
- Functional Testing
- API Testing
- Workflow Validation
- Data Validation
- Negative Testing
- Security Validation
Postman was utilized as the primary API testing platform.
Testing Objectives
The primary objectives of testing were to verify that:
- Inventory transactions are processed correctly.
- Inventory quantities are updated accurately.
- Audit logs are generated correctly.
- Discrepancy detection functions as expected.
- Investigations can be resolved successfully.
- Data integrity is maintained.
- Business rules are enforced consistently.
Testing Environment
Application Environment
| Component | Platform |
|---|---|
| Backend | Django |
| Database | PostgreSQL |
| Cloud Database | Supabase |
| API Framework | Django REST Framework |
| Testing Tool | Postman |
| Source Control | GitHub |
Development Environment
URL:
http://127.0.0.1:8000/
All testing activities were conducted within the development environment prior to production deployment.
Functional Testing
Purpose
Functional testing was performed to validate that system features behaved according to business requirements.
Components Tested
Inventory Retrieval
GET /inventory/
Inventory Issuance
POST /issue-item/
Inventory Returns
POST /return-item/
Issue Record Retrieval
GET /issue-records/
Audit Log Retrieval
GET /audit-logs/
Investigation Resolution
POST /resolve-investigation/
API Testing
Testing Methodology
Each endpoint was tested through Postman using valid and invalid requests.
Testing focused on:
- Request processing
- Response validation
- Database updates
- Audit logging
- Error handling
Test Case 1
Inventory Retrieval
Objective
Verify inventory records can be successfully retrieved.
Endpoint
GET /inventory/
Expected Result
Inventory records returned successfully.
Actual Result
PASS
Inventory records were returned correctly.
Evidence
Insert Postman Screenshot
Test Case 2
Inventory Issuance
Objective
Verify inventory can be issued successfully.
Endpoint
POST /issue-item/
Test Data
{
"inventory_id": 1,
"quantity": 120,
"issued_to": "Officer A"
}
Expected Result
Issue record created.
Inventory quantity reduced.
Audit log generated.
Actual Result
PASS
All expected operations completed successfully.
Evidence
Insert Postman Screenshot
Test Case 3
Inventory Return
Objective
Verify successful inventory returns.
Endpoint
POST /return-item/
Test Data
{
"issue_id": 1,
"quantity_returned": 120
}
Expected Result
Inventory updated.
Transaction completed.
Actual Result
PASS
Inventory successfully returned.
Evidence
Insert Postman Screenshot
Test Case 4
Discrepancy Detection
Objective
Validate discrepancy detection logic.
Test Scenario
Issued Quantity:
120
Returned Quantity:
100
Expected Result
Discrepancy flagged.
Investigation generated.
Audit log generated.
Actual Result
PASS
System correctly identified discrepancy.
Evidence
Insert Postman Screenshot
Test Case 5
Investigation Resolution
Objective
Verify investigation resolution workflow.
Endpoint
POST /resolve-investigation/
Test Data
{
"investigation_id": 1,
"resolution_notes": "Inventory discrepancy reviewed and resolved."
}
Expected Result
Investigation status updated.
Resolution notes saved.
Audit record generated.
Actual Result
PASS
Investigation successfully resolved.
Evidence
Insert Postman Screenshot
Test Case 6
Audit Log Retrieval
Objective
Verify system audit records.
Endpoint
GET /audit-logs/
Expected Result
Audit records returned successfully.
Actual Result
PASS
Audit entries retrieved correctly.
Evidence
Insert Postman Screenshot
Data Integrity Validation
Purpose
Verify that inventory quantities remain accurate following transactions.
Validation Areas
Inventory Quantities
Confirmed inventory quantities are updated correctly after:
Issuance
Returns
Issue Records
Confirmed issue records accurately maintain:
Quantity Issued
Quantity Returned
Discrepancy Status
Investigation Records
Confirmed discrepancies generate corresponding investigations.
Result
PASS
Data integrity was maintained.
Business Rule Validation
Rule 1
Inventory Availability
Requirement:
Cannot issue more inventory than available.
Validation
Attempted issuance exceeding available stock.
Result
PASS
Transaction rejected.
Rule 2
Discrepancy Detection
Requirement:
Returned quantity must be compared to issued quantity.
Result
PASS
Discrepancies correctly identified.
Rule 3
Investigation Workflow
Requirement:
Discrepancies require investigation.
Result
PASS
Investigation workflow triggered successfully.
Negative Testing
Purpose
Negative testing verifies system behavior when invalid data is submitted.
Scenario 1
Invalid Inventory Identifier
Request:
{
"inventory_id": 9999
}
Expected Result
Transaction rejected.
Actual Result
PASS
Scenario 2
Excessive Inventory Request
Request:
Requested quantity exceeds inventory quantity.
Expected Result
Transaction rejected.
Actual Result
PASS
Scenario 3
Invalid Investigation Identifier
Request:
{
"investigation_id": 9999
}
Expected Result
Investigation not found.
Actual Result
PASS
Security Validation
Audit Logging
Verified that critical operations generate audit records.
Inventory Transactions
Verified:
Issue Inventory
Return Inventory
generate audit entries.
Investigation Resolution
Verified investigation updates generate audit records.
Environment Variable Validation
Verified sensitive values are stored outside application source code.
Examples include:
DB_PASSWORD
AUTH0_CLIENT_SECRET
Result
PASS
Security controls functioned as expected.
User Acceptance Validation
The implemented functionality was evaluated against the project objectives.
| Requirement | Status |
|---|---|
| Inventory Visibility | Complete |
| Inventory Issuance | Complete |
| Inventory Returns | Complete |
| Audit Logging | Complete |
| Discrepancy Detection | Complete |
| Investigation Resolution | Complete |
| PostgreSQL Integration | Complete |
| Supabase Integration | Complete |
| Environment Variables | Complete |
| GitHub Integration | Complete |
| Auth0 Configuration | In Progress |
Testing Summary
| Category | Result |
|---|---|
| Functional Testing | PASS |
| API Testing | PASS |
| Workflow Validation | PASS |
| Data Integrity Testing | PASS |
| Discrepancy Testing | PASS |
| Investigation Testing | PASS |
| Negative Testing | PASS |
| Security Validation | PASS |
Lessons Learned
Testing demonstrated that automated accountability workflows significantly improve inventory governance by:
- Reducing manual tracking errors.
- Improving transaction traceability.
- Supporting investigations.
- Increasing operational visibility.
- Enhancing auditability.
The discrepancy detection and audit logging capabilities proved particularly effective in supporting accountability objectives.
Conclusion
Testing and validation activities confirmed that SCGAIMS successfully meets its core operational objectives relating to inventory accountability, traceability, auditability, discrepancy detection, and investigation management. The system demonstrated reliable behavior across all tested workflows and established a strong foundation for future enhancements including Auth0 authentication workflows, MFA enforcement, and DevSecOps automation.