2. Testing Web-Based Software
2
Objectives
•
•
•
•
•
•
•
•
•
•
• How is testing of web-based system is different from traditional
software?
Challenges in testing a web-based system
Interface Testing
Usability Testing
Content Testing
Navigation Testing
Configuration/Compatibility Testing
Security Testing
Performance Testing
Load Testing
Stress Testing
3. Evolution of Software Testing
Web-based System
3
• Web page
• Web site
• Web application
• web-based applications
• web-enabled applications
4. Evolution of Software Testing
Web Technology Evolution
• First Generation/ 2-tier Web system
• Modern 3-tier & n-tier architecture
4
5. Challenges in Testing for
Web-based Software
5
• Diversity and Complexity
• Dynamic Environment
• Very short development time
• Continuous evolution
• Compatibility & Interoperability
9. Software Testing Myths
Testing of Web-Based Systems
9
• Interface Testing- web server ,application server, db server
• Usability Testing
The general guidelines for usability testing are:
• Present information in a natural and logical order.
• Indicate similar concepts through identical terminology and graphics.
Adhere to uniform conventions for layout, formatting, typefaces,
labeling, etc.
• Do not force users to remember key information across documents.
• Keep in consideration that users may be from diverse categories
with various goals. Provide understandable instructions where
useful. Lay out screens in such a manner that frequently accessed
information is easily found.
• The user should not feel irritating while navigating through the web
application. Create visually pleasing displays. Eliminate information
which is irrelevant or distracting.
10. Usability Testing
10
• Content writer should not mix the topics of information. There
should be clarity of the information being displayed.
• Organize information hierarchically, with more general
information appearing before more specific detail. Encourage
the user to delve as deeply as needed, but to stop whenever
sufficient information has been received.
• Check that the links are active such that there are no erroneous
or misleading links.
11. Content Testing
11
•
• Static contents can be checked as part of verification. For
instance, Forms are the integral part of any web site. Forms are
used to get information from users and to keep interaction with
them. First check all the validations on each field. Check for the
default values of fields and also wrong inputs to the fields in the
forms. Options to create forms if any, form delete, view or
modify the forms must also be checked.
There may be dynamic contents on a web page also. Largely
dynamic testing will be suitable in testing these dynamic
contents. These dynamic contents can be in many forms. One
possibility is that constantly changing contents are there, e.g.
weather information web pages or online news paper. Another
case may be that web applications are generated dynamically
from information contained in a data base or in a cookie.
12. Navigation Testing
12
• The links should not be broken due to any reasons.
• The redirected links should be with proper messages
displayed to the user.
• Check that all possible navigation paths are active.
• Check that all possible navigation paths are relevant.
• Check the navigations for the Back and Forward buttons,
whether these are properly working if allowed.
13. Configuration/Compatibility Testing
13
• The web application has to be designed to be compatible for a
majority of the browsers.
• The graphics and other objects to be tested on multiple
browsers.
• Some of the things to check are centering of objects, table
layouts, colors, monitor resolution, forms, and buttons.
• The code that executes from the browser also has to be tested.
•
• There are different versions of HTML.
14. Configuration/Compatibility Testing
14
• All new technologies used in web development like
graphics designs, interface calls like different API’s may
not be available in all Operating Systems.
• Test your web application on different operating systems
like Windows, Unix, MAC, Linux, Solaris with different OS
flavors.
15. Security Testing
15
Security Test Plan
Securing testing can be planned into two categories:
testing the security of the infrastructure hosting the Web application
and
testing for vulnerabilities of the web application.
Firewalls and port scans can be the solution for security of
infrastructure. For vulnerabilities, user authentication, restricted and
encrypted use of cookies, data communicated must be planned.
Moreover, users should not be able to browse through the
directories in the server.
16. Security Testing
16
Various Threat Types and their corresponding Test cases
Unauthorized User / Fake Identity / Password
Cracking
Cross-site scripting (XSS)
Buffer overflows
URL Manipulation
SQL Injection
Denial of Service