Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
Risk Oriented Testing of Web-Based Applications
1. Risk-Oriented Testing of Web-Based Applications
Risk-Oriented Testing of Web-Based Applications
Overview-:
Web-based testing should be “RISK ORIENTED”. This article describes the risks, presents the types of
testing that can be used to address those risks in testing and provides guidance in using web-based
test tools. The approach for testing web-based systems should be incorporated into a test plan and
that plan should be followed during test execution.
This article will be helpful for beginners as well as professional testers
Web-Based Systems/Applications- : In general.....
Web based application is a software package that can be accessed through the web browser.
The software and database reside on a central server rather than being installed on the desktop
system and is accessed over a network.
“Testers CONCERN Checklist” while conducting Web-based Testing
S.No. Parameter Description Verified Not- N/A
Verified
1 Browser Should validate consistent application performance on
Compatibility a variety of browser types and configurations.
2 Functional Should validate that the application functions
Correctness correctly. This includes validating links, calculations,
displays of information, and navigation.
3 Integration Should validate the integration between browsers and
servers, applications and data, and hardware and
software.
4 Usability Should validate the overall usability of a web page or a
web application, including appearance, clarity, and
navigation
5 Security Should validate the adequacy and correctness of
security controls, including access control and
authorizations.
6 Performance Should validate the performance of the web
application under load.
7 Verification Should validate that the code used in building the web
of code application (HTML, Java, and so on ) has been used in a
2. Risk-Oriented Testing of Web-Based Applications
correct manner.
For example, no nonstandard coding practices should
be used that would cause an application to function
incorrectly in some environments.
WORKBENCH - for WEB-BASED TESTING
Following are the Steps-:
Step-1 INPUT
Step-2 Task-1 Web based Risks
Step-3 Task-2 Web based Tests
Step-4 Task-3 Web based Test Tools
Step-5 Test Web based Systems
Step-6 OUTPUT
3. Risk-Oriented Testing of Web-Based Applications
Step-1 INPUT-: is the hardware / software that will be incorporated in the web-based system to
be tested.
Input to this test process is the description of web based technology used in the systems being tested.
Following list shows how web based systems differ from other technologies
S.No Parameter Description Verified Not- N/A
Verified
1 Uncontrolled Web-browsers-: a web page must be functional on
user-interfaces those browsers that you expect to be used in
(browsers) accessing your web applications. Furthermore, as
new releases of browsers emerge, your web
applications will need to keep up with compatibility
issues.
BROWSER-:
http://www.webdevelopersnotes.com/articles/latest-
browser-versions.php
2 Complex In addition to being complex and distributed, web-
distributed based applications are also remotely accessed, which
systems adds even more concerns to the testing effort. While
some applications may be less complex than others, it
is safe to say that the trend in web applications is to
become more complex rather than less.
3 Security issues Protection is needed from unauthorized access that
can corrupt applications and/or data. Another
security risk is that of access to confidential
information.
4 Multiple layers These layers of architecture include application
in architecture. servers, web servers, back-end processing, data
warehouses, and secure servers for electronic
commerce
5 New Just as in making the transition to client/server, new
terminology skills are needed to develop, test, and use web-based
and skill sets. technology effectively.
6 Object- Object-oriented languages such as Java are the
oriented. mainstay of web development.
STEP-2 Task 1: Select Web-Based Risks to Include in the Test Plan
Risks are important to understand because they reveal what to test. Each risk points to an entire area
of potential tests. In addition, the degree of testing should be based on risk.
The risks are briefly listed here, followed by a more detailed description of the concerns associated
4. Risk-Oriented Testing of Web-Based Applications
with each risk
1. Risk -1 SECURITY- One of the major risks of Internet applications is security. It is very
important to validate that the application and data are protected from outside intrusion or
unauthorized access.
Security Concerns
Following are some of the detailed security risks that need to be addressed in an Internet
application test plan-:
S.No Parameter Description Verified Not- N/A
Verified
1 External Protecting the system from external intrusion - include
intrusion intrusion from
a) people who are trying to gain access to sensitive
information,
b) people who are trying to intentionally sabotage
information
2 Protection Protecting transactions over the Internet- Especially true
of secured in dealing with e-commerce transactions.
transactions Many consumers are reluctant to give credit card
information over the Internet for fear that information
will be intercepted and used for fraudulent purposes
3 Viruses The Internet has become a vehicle for propagating tens
of thousands of new viruses. These viruses are
contained in downloaded files that can be distributed
from web sites and e-mail.
4 Access Access control means that only authorized users have
control security access to a particular application or portion of
an application. This access is typically granted with a
user ID and password.
5 Authorizatio Ability of the application to restrict certain transactions
n levels only to those users who have a certain level of
authorization
2. Risk-2 PERFORMANCE-: An Internet application with poor performance will be judged
hard to use. Web sites that are slow in response will not retain the visitors they attract and will
be frustrating to the people who try to use them.
Performance Concerns-: System performance can make or break an Internet application.
5. Risk-Oriented Testing of Web-Based Applications
Several types of performance testing can be performed to validate an application’s performance
levels.
Performance testing is a very precise kind of testing and requires the use of automated tools for
testing to be accomplished with any level of accuracy and efficiency.
Unfortunately, manual approaches to performance testing fall short of the accuracy needed to
correctly gauge an application’s performance and may lead to a false level of confidence in the test.
Typically, the most common kind of performance testing for Internet applications is LOAD TESTING.
Load testing seeks to determine how the application performs under expected and greater-than-
expected levels of activity.
Application load can be assessed in a variety of ways:
S.No Parameter Description Verified Not- N/A
Verified
1 Concurrency Concurrency testing seeks to validate the performance
of an application with a given number of concurrent
interactive users
2 Stress Stress testing seeks to validate the performance of an
application when certain aspects of the application are
stretched to their maximum limits.
This can include maximum number of users, and can
also include maximizing table values and data values.
3 Throughput Throughput testing seeks to validate the number of
transactions to be processed by an application during
a given period of time.
For example, one type of throughput test might be to
attempt to process 100,000 transactions in one hour
3. Risk-3 CORRECTNESS-: Correctness is a very important area of risk. It is essential that the
functionality and information obtained from web-based applications are correct
Correctness Concerns
An important areas of concern is that the application functions correctly. This can include not only the
functionality of buttons and “behind the scenes” instructions but also calculations and navigation of
the application.
S.N Parameter Description Verified Not- N/A
o Verified
1 Functionality Functional correctness means that the application
performs its intended tasks as defined by a stated set of
specifications. The specifications of an application are
6. Risk-Oriented Testing of Web-Based Applications
the benchmark of what the application should do.
Functional correctness is determined by performing a
functional test. A functional test is performed in a
cause-effect manner. In other words, if a particular
action is taken, a particular result should be seen.
2 Calculations Many web-based applications include calculations.
These calculations must be tested to ensure correctness
and to find defects.
3 Navigation Navigation correctness can include testing links
,buttons, and general navigation through a web site or
web-based application.
4. Risk -4 COMPATIBILITY (Configuration)-: A web-based application must be able to work
correctly on a wide variety of system configurations including browsers, operating systems, and
hardware systems.
Compatibility Concerns
Compatibility is the capability of the application to perform correctly in a variety of expected
environments.
Two of the major variables that affect web-based applications are operating systems and browsers.
Currently, operating systems (or platforms) and how they support the browser of your choice will
affect the appearance and functionality of a web application. This requires that test the web-based
applications as accessed on a variety of common platforms and browsers.
Browser Configuration
Each browser has configuration options that affect how it displays information. These options vary
from browser to browser and are too diverse to address in this text. The most reasonable testing
strategy is to define optimal configurations on the most standard kinds of browsers and test based
on those configurations.
Some of the main things to consider from a hardware compatibility standpoint are the following:
S.No Parameter Description Verified Not- N/A
Verified
1 Monitors, If you have a web site that requires a
video cards, high standard of video capability, some users will not
and video be able to view your site, or will not have a positive
RAM experience at your site
2 Audio, video, Once again, you need to verify that
and a web application is designed to provide a level of
multimedia multimedia support that a typical end-user will need to
7. Risk-Oriented Testing of Web-Based Applications
support be able to access your site. If software plug-ins are
required, you should provide links on your page to
facilitate the user in downloading the plug-in.
3 Memory RAM is very important for increasing
(RAM) and the performance of a browser on a particular platform.
hard drive Browsers also make heavy use of caching, which is how
space a browser stores graphics and other information on a
user’s hard drive. This helps speed the display of web
pages the next time the user visits a web site.
4 Bandwidth Many corporate users have high-speed Internet access
access based on T-1 or T-3 networks, or ISDN telephone lines.
Browser differences can make a web application
appear differently to different people. These
differences may appear in any of the following areas
(this is not intended to be an exhaustive list; these are
merely the more common areas of browser
differences)
5 Print To make printing faster and easier, some pages add a
handling link or button to print a browser-friendly version of the
page being viewed.
6 Reload Some browser configurations will not automatically
display updated pages if a version of the page still
exists in the cache. Some pages indicate if the user
should reload the page
7 Navigation Browsers vary in the ease of navigation, especially
when it comes to visiting pages previously visited
during a session. A web application devel-
oper may need to add navigational aids to the web
pages to facilitate ease of navigation
8 Graphics Browsers may handle images differently, depending on
filters the graphic filters supported by the browser. In fact,
some browsers may not show
an image at all. By standardizing on JPG and GIF images
you should be able to eliminate this concern.
9 Caching How the cache is configured (size, etc.) will have an
impact on the performance of a browser to view
information.
10 Dynamic This includes how a user receives information from
page pages that change based on input. Examples of
generation dynamic page generation include:
1) Shopping cart applications
8. Risk-Oriented Testing of Web-Based Applications
2) Data search applications
3) Calculation forms
11 File Movement of data from remote data storage for user
downloads processing
12 E-mail Because e-mail activities can consume excessive
functions processing time, guidelines should be developed.
Each browser has its own interface and functionality
for e-mail. Many people use
separate e-mail applications outside of a browser, but
for those who don’t, this can be
a concern for users when it comes to compatibility.
5. Risk-5 RELIABILITY-: An Internet application must have a high level of availability and the
information provided from the application must be consistent and reliable to the user.
Reliability Concerns
Because of the continuous uptime requirements for most Internet applications, reliability is a key
concern.
Reliability can be considered in more than system availability it can also be expressed in terms of the
reliability of the information obtained from the application:
1. Consistently correct results 2. Server and system availability
6. Risk-6 DATA INTEGRITY-: The data entered into an Internet application must be validated to
ensure its correctness. In addition, measures must be taken to ensure the data stays correct after it is
entered into the application
Data Integrity Concerns
Not only must the data be validated when it is entered into the web application, but it must also be
safeguarded to ensure the data stays correct:
S.No Parameter Description Verified Not- N/A
Verified
1 Ensuring only This can be achieved by validating the data at the page
correct data level when it is entered by a user.
is accepted
2 Ensuring data This can be achieved by procedures to back up data
stays in a and ensure that controlled methods are used to
correct state update data.
9. Risk-Oriented Testing of Web-Based Applications
7. Risk – 7 USABILITY-: Application must be easy to use. This includes things like navigation,
clarity, and understandability of the information provided by the application.
Usability Concerns
If users or customers find an Internet application hard to use, they will likely go to a competitor’s site.
Usability can be validated and usually involves the following
S.No Parameter Description Verified Not- N/A
Verified
1 Easy to use Ensuring the application is easy to use and understand
2 To use Ensuring that users know how to interpret and use the
information delivered from the application
3 Navigation Ensuring that navigation is clear and correct
8. Risk -8 RECOVERABILITY-: In the event of an outage, the system must be recoverable. This
includes recovering lost transactions, recovering from loss of communications, and ensuring
that proper backups are made as a part of regular systems maintenance.
Recoverability Concerns
Internet applications are more prone to outages than systems that are more centralized or located on
reliable, controlled networks. The remote accessibility of Internet applications makes the following
recoverability concerns important:
S.No Parameter Description Verified Not- N/A
Verified
1 Lost No Connections
connections
2 Timeouts Time Outs
3 Dropped lines Ensuring that navigation is clear and correct
4 Client system Client system crashes
crashes
5 Server system Server system crashes or other application problems
crashes or other
application
problems
10. Risk-Oriented Testing of Web-Based Applications
STEP-3 Task 2: Select Web-Based Tests
Once Risks has been addressed in the web-based applications,time to examine the types and phases
of testing needed to validate them.
S.No Parameter Description Verified Not- N/A
Verified
1 Unit or This includes testing at the object, component, page,
Component or applet level. Unit testing is the lowest level of
testing in terms of detail. During unit testing, the
structure of languages, such as HTML and Java, can be
verified. Edits and calculations can also be tested at
the unit level.
2 Integration Integration is the passing of data and/or control
between units or components, which includes testing
navigation (i.e., the paths the test data will follow).
In web-based applications, this includes testing links,
data exchanges, and flow of control in an application.
3 System System testing examines the web application as a
whole and with other systems. The classic definition
of system testing is that it validates that a computing
system functions according to written requirements
and specifications. This is also true in web- based
applications. The differences apply in how the system
is defined. System testing typically includes hardware,
software, data, procedures, and people.
In corporate web-based applications, a system might
interface with Internet webpages, data warehouses,
back-end processing systems, and reporting systems.
4 User This includes testing that the web application
Acceptance supports business needs and processes.
Main idea in user acceptance testing (or business
process validation) is to ensure that the end product
supports the users’ needs. For business applications,
this means testing that the system allows the user to
conduct business correctly and efficiently. For
personal applications, this means that users are able
to get the information or service they need from a
web site efficiently.
In a corporate web page, the end-user testers may be
from end-user groups, management, or an
independent test team that takes the role of end
users. In public web applications, the end-user testers
11. Risk-Oriented Testing of Web-Based Applications
may be beta testers, who receive a prototype or early
release of the new web application, or independent
testers who take the role of public web users.
5 Performance This includes testing that the system will perform as
specified at predetermined levels, including wait
times, static processes, dynamic processes, and
transaction processes. Performance is also tested at
the client/browser and server levels.
6 Load/Stress This type of testing checks to see that the server
performs as specified at peak concurrent loads or
transaction throughput. It includes stressing servers,
networks, and databases.
7 Regression Regression testing checks that unchanged parts of the
application work correctly after a change has been
made. Many people mistakenly believe that
regression testing means testing everything you ever
tested in an application every time you perform a
test. However, depending upon the relative risk of the
application you are testing, regression testing may not
need to be that intense. The main idea is to test a set
of specified critical test cases each time you perform
the test. Regression testing is an ideal candidate for
test automation because of its repetitive nature.
8 Usability This type of testing assesses the ease of use of an
application. Usability testing may be accomplished in
a variety of ways, including direct observation of
people using web-applications, usability surveys, and
beta tests. Main objective of usability testing is
to ensure that an application is easy to understand
and navigate.
9 Compatibility Compatibility testing ensures that the application
functions correctly on multiple browsers and system
configurations. Compatibility testing may be
performed in a test lab that contains a variety of
platforms, or may be performed by beta testers. The
downside with beta testing is the increased risk of bad
publicity, the lack of control, and the lack of good data
coming back from the beta testers
12. Risk-Oriented Testing of Web-Based Applications
STEP-4 Task 3: Select Web-Based Test Tools
Effective web-based testing necessitates the use of web-based testing tools. A brief description of
categories of the more common web-based test tools follows:
S.No Parameter Description Verified Not- N/A
Verified
1 HTML tools Although many web development packages include
an HTML checker, there are ways to perform a
verification of HTML if you do not use/ have such a
feature.
2 Site validation Site validation tools check your web applications to
tools identify inconsistencies and errors, such as moved or
orphaned pages and broken links.
3 Load/stress Load/stress tools evaluate web-based systems when
testing tools subjected to large volumes of data or transactions
4 Test case Test case generators create transactions for use in
generators testing. This tool can tell you what to test, as well as
create test cases that can be used in other test tools.
STEP-5 Task 4: Test Web-Based Systems
The tests to be performed for web-based testing will be the types of testing.
S.No Parameter Description Verified Not- N/A
Verified
1 Organizing Organizing for testing
2 Test Plan Developing the test plan
3 Verification To perform Verification Testing
testing
4 Validation To perform Validation Testing
testing
5 Test Reports Analyzing and reporting test results
6 Acceptance Acceptance and operational testing
7 Post Post Implementation Analysis
Implementati
on Analysis
13. Risk-Oriented Testing of Web-Based Applications
STEP-6 OUTPUT-: Output is to report what works and what does not work, as well as any concerns
over the use of web technology.
The only output from this test process is a report on the web-based system. At a minimum, this report
should contain the following:
S.No Parameter Description Verified Not- N/A
Verified
1 Brief description A brief description of the web-based
system
2 Risks Risks addressed and not addressed by
the web-based test team
3 Types of Testing Types of testing performed, and types
of testing not performed
4 Tools Tools used or not
5 Performed Well Web-based functionality and structure
tested that performed correctly
6 Not Performed well Web-based Structure and functionality
tested that did not perform correctly
7 Tester's opinion Tester's opinion regarding the
adequacy of the web-based system to
be placed into a production status
Guideline
Successful web-based testing necessitates a portfolio of web-based testing tools. It is important that
these test tools are used effectively.