Web Application Testing and Standards For Web
Web Application Testing and Standards For Web
Web Application Testing and Standards For Web
and
Standards for Web Application
What is a Web Application?
Desktop Application
●
2-Tier architecture
●
3-Tier architecture
●
Model-View-Controller (MVC) Architecture
●
Service-Oriented Architecture (SOA)
Different Types of Web Architecture
2-Tier architecture
-- In the early days of web computing, most websites deployed a 2-
tier architecture, which consisted of a web server that processed
HTTP requests and a database server that provided a back-end data
store.
-- Application logic that served the website resided on the web
server, which interacted directly with databases and generated
dynamic web pages based on the query results.
-- Because of its simplicity, 2-tier architecture is still vastly in use
nowadays, but it is only recommended for simple application only.
Different Types of Web Architecture
3-Tier Architecture
-- The 3-tier architecture model adds an application server tier to
handle the business logic of a web application.
-- With a 3-tier architecture, adding more web server tier machines
can address the problem of slow static web page response times. If
response times for processing transaction requests are slow, adding
more application-server tier machines can improve their
performance.
Different Types of Web Architecture
●
It deals with ensuring that each page can be viewed via specific
previous pages and that the application does not confuse the
Users by jumping to random pages.
●
A page flow diagram is a very useful aid for checking the
correctness of the navigation/page flow within the application.
Page Flow Testing/Navigation Testing
Testing strategies:
– Manual Execution
– Use of Bookmarks
– Establish a session - navigate through pages in random order
– Navigate through the pages in unnatural path (Negative)
– Use faked session interaction (Negative)
Security Testing
●
It is the process to determine that an IS (Information System)
protects data and maintains functionality as intended.
●
Security testing is providing evidence that an application
sufficiently fulfills its requirements in the face of hostile and
malicious inputs.
Security Testing
Testing strategies:
●
Unauthenticated access to the application
●
Unauthorized access to the application
●
Unencrypted data passing (if encyption of data is being done)
●
Protection of data
●
Log files to be checked to ensure they do not contain sensitive
information
Security Testing
Testing Strategies:
●
Multiple login testing by a single user from several clients
●
Automatic Logout after "N" minutes of inactivity
●
Attempt to break into the application by running password
cracking programs
●
Faked sessions. Checking for valid and secure session
information (URL containing a Session indentifier should not be
allowed to be copied into another system and the application be
continued from different system without being detected)
Cookies and Session Testing
What is a Cookie?
Cookie is a small information stored in a text file on user's hard
drive by the web server and this information is later used by the web
browser to retrieve information from the machine. Generally cookie
contains persinalized user data or information that is used to
communicate between different web pages.
Types of Cookies:
(i) Session Cookies - This cookie is active till the browser that
invoked the cookie is active. The session cookie gets deleted when the
browser is closed. Some time session of few minutes can be set for
the session cookie to expire.
(ii) Persistent Cookies - These cookies that are written
permanently on the user machine last for months or years.
Cookies and Session Testing
Testing strategies: (Cookies)
●
Privacy Policy (No sensitive data or personal data is stored in
the cookie. If data is used inside the cookie then should be
encrypted)
●
No overuse of cookies
●
Check with enabling and disabling of Cookies in the browser
settings
●
Accept/Reject some cookies
●
Delete a cookie
●
Corrupt the cookie
●
Cookies testing in multiple browsers
Cookies and Session Testing
It deals with all the elements which are responsible for proper
viewing of the web pages in the application.
●
Testing strategies:
●
Can the page be downloaded and displayed?
●
Do all the objects on a page load correctly?
●
Do all the objects on a page load in an acceptable time?
●
If User turns off umages, uses a non-graphical or no-frames
browser, does it still work?
●
Do all the text and graphical links work?
Links Testing
●
Linked pages (Clicking hyperlinks to navigate to other pages)
●
Frame pages (Does each HTML page inside a frame load
accurately when a page is divided into different frames)
●
Do Images used for graphical appearance or as buttons to
navigate function properly?
●
Form handlers, where these are CGI scripts, Active Server
Pages, etc.
●
Do Active X, Java Applets and other objects that are
downloaded and executed within the browser act properly?
●
Do other content files, such as video (AVI, MPEG). and audio
(WAV, AU, MIDI, MPEG) files work properly?
●
Do other Internet protocols such as email links, FTP,
Newsgroup links and feeds work properly?
Performance Testing , Load Testing and Stress
Testing
It deals with assessing the system's capacity for growth, identifying
the weak points in the architecture, detect obscure bugs in software,
tuning requiremnts of the system, verifying resilience and
reliability of the application.
-- Performance - is about response, time lapses, duration ... etc.
-- Load testing - is about test behavior under normal/peak workload
conditions. Load is more about characterizing / simulating your
actual workload.
-- Stress testing - is about surfacing issues under extreme
conditions and resource failures.
Performance Testing , Load Testing and Stress
Testing
Testing strategies:
Multiple User transactions
●
Multiple Users accessing same page
●
Multiple Users performing transactions including huge data,
entering huge data onto forms, huge data file uploads etc.
Connectivity Testing
●
Cross-browser testing and debugging can be the most
frustrating. It is always advisable to discuss with the client
about the browser compatibility at the early phase.
●
To be at the safer side, it is good to have an agreement on which
browsers the web application pages will match the approved
layouts and make it clear that the rest of the browsers may match
to the agreed upon layout.
Browser Testing
Testing strategies:
●
Use HTML Validator and CSS Validator to check HTML and
CSS errors
●
Use Browser Compatibility testing tools
●
Manually test on different browsers
Usability Testing
Testing strategies:
●
Checks the citation, credibility, coverage, currency, continuity,
language and objectivity of the Content
●
Checks for advance components to make things simpler for Users
Checks for Colors and Backgrounds, Alignment and Layout,
Consistency of the application
●
Focus on Form designs, Graphic designs, labelling, Page/site
Design, Search functionality etc
Navigation Testing
This deals with the readiness if finding required content or
section within the application.
Testing strategies:
●
Global, Local, Contextual Navigation
●
Indication of "Where am I"
●
Grouping of like objects
●
Positioning and placement
●
Site structure (Site Map)
●
Clearly Marked Exits
●
Bookmark - Easily undestandable names
●
Consistency throughout the web application
Content Testing
Testing strategies:
●
In a web environment, failover testing determines what will
happen if multiple web servers are being used under peak
anticipated load, and one of them dies.