This document discusses testing approaches for web-based applications. It outlines that web applications have increased in complexity and need to be thoroughly tested. It describes different types of testing including functional testing (unit, integration, system), non-functional testing (performance, load, stress, compatibility, usability, accessibility, security) and different techniques like model-based testing, mutation testing, scanning and fuzz testing. The document emphasizes the importance of testing given the heterogeneous nature of web applications and outlines that automation and adapted traditional testing approaches are important.
2. INTRODUCTION
▰ The wide explosion of the Internet has increased the demand
for Web-based applications with stricter quality requirements
▰ Due to time-to-market pressures, developers neglect testing of
Web applications
▰ This bad habit, therefore triggers the need for efficient and
cost-effective testing approaches for verifying and validating
the quality of the applications
2
3. INTRODUCTION (CONTD.)
▰A Web application can be considered as a distributed system,
with multi-tier architecture, including the following main
characteristics
▻ a wide number of users accessing it concurrently
▻ heterogeneous nature (e.g. web servers, programming
languages, browsers, operating systems, databases)
▻ the ability of dynamically generating software components
3
4. AIM
▰The aim of Web application testing is to reveal failures.
▰A failure is the manifested inability of a system or component
to perform a required function within specified performance
requirements
4
5. TESTING NON-FUNCTIONAL REQUIREMENTS
▰ Performance testing: verify specified system performances (e.g.
response time) by simulating hundreds, or more, simultaneous users
accesses over a defined time interval
▰ Load testing: form of performance testing with a pre-defined load
level. A failure is reported if system fails under load level.
▰ Stress testing: testing the application beyond the limits of specified
requirement to see if system crashes or is able to successfully
recover
5
6. TESTING NON-FUNCTIONAL REQUIREMENTS
▰Compatibility testing: uncover failures due to the usage of
different Web server platforms or client browsers, or different
releases or configurations of them. Also deals with rendering
on mobile devices.
▰Usability testing: testing how users interact with the interface
of the application and how easy to use it is. Tests elements of
navigation, help options and content (spelling, fonts, colours)
6
7. TESTING NON-FUNCTIONAL REQUIREMENTS
▰ Accessibility testing: verify that access to the content of the
application is allowed even in presence of reduced hardware/
software configurations on the client side or of users with
disability. Testing should comply against accessibility standards.
▰ Security testing: verify the effectiveness of the web system
defenses against access of unauthorized users and to grant the
access to authorized users to authorized services and resources.
7
9. TESTING LEVELS
▰ Unit Testing: Verifies functionality of a particular section. Basic
unit of a web app are the web pages. Detects failures broken links,
incorrect data storage
▰ Integration Testing: Identifies failure in coupling of related web
pages. Ex. pages linked by hypertext links or submit buttons,
dynamically created pages
▰ System Testing: discover defects that affect the entire application.
Verifying that a completely integrated system meets its
requirements 9
10. TESTING APPROACHES
▰ White-box testing: tests the internal workings of an application.
Designs test cases based on knowledge of the source-code
▰ Black-box testing: tests the functionality of application without
knowledge of internal workings. Tester knows what? but not how?
▰ Grey-box testing: hybrid of white-box and black-box approaches
10
11. TESTING TECHNIQUES : MODEL BASED TECHNIQUE
▰Starts with developing a model of the application and then
traversing the model to create test cases.
▰The model represents components of the application and and
interconnections.
11
Web application Web Application
Is a partial description of
Model
generates
Executable Test Cases
Are run against
12. MUTATION TESTING
▰ Mutation testing is a form of testing in which a program P is taken as
input.
▰ A modified version of the program P is then created. The modified
versions of the program are called mutants.
▰ Mutants are designed based on mimicking typical programming
errors
▰ Test cases are designed with the aim of detecting program
modifications by causing the behavior of the original version to
differ from the mutant 12
13. SEARCH BASED TESTING
▰ The main aim of this form of testing is to cover as many branches as
possible and thus improve testing coverage
▰ Algorithm is designed to iterate through nearly all branches of the web
application
▰ The main advantage of Search Based technique is that testing is complete
and done thoroughly
▰ The limitation however, is that it is slow compared to other techniques
13
14. SCANNING TECHNIQUES
▰ Scanning techniques are mainly intended to check the security of Web
applications
▰ A Web application is injected with unsanitised input, which may result in
malicious modifications of the database if not detected
▰ Scanners are tools which detect these attacks and then determine the type
based on the behaviour of the Web application
▰ Most common injection attacks detected are cross-site scripting (XSS)
and SQL injection
14
15. FUZZ TESTING (RANDOM TESTING)
▰Involves providing invalid, unexpected, or random data as
inputs to the web application
▰The app is the monitored for crashes or critical and exploitable
bugs
▰An effective “fuzzer” generates semi-valid inputs that are not
directly rejected, but do create unexpected behaviors deeper in
the app
15
16. WEB TESTING AUTOMATION
▰Testing can be automated by using tools that carry out test-case
generation and execution, as well as evaluation of test results.
▰Most can be categorized into:
▻ Performance, load and stress tools
▻ Security test tools
▻ HTML validators
▻ Link checkers
▻ Usability and accessibility tools
▻ Web functional test tools 16
17. CONCLUSION
▰ Due to its heterogeneous nature and the ever growing complexity, it
is important that proper attention is given to testing Web applications
▰ Most knowledge and expertise in the field of ‘traditional software’
testing can still be applied to web application testing
▰ What is important is for testing technologies be adapted to the
heterogenous and dynamic nature of web applications
▰ Research is continually being done to come up with better
testing technologies. 17
network connections, operating systems, Web servers and Web browsers
divergent programming languages
user interactions, the application’s data, or other information (eg, current time and the user’s location
Performance is critical because users don’t like waiting too long
simultaneous connection to DB, heavy load on specific pages
Compatibility – mobile
Usability –real users, focus
Access- limit graphics if you don’t have flash installed, script execution
Security – critical , a lot to lose , heterogenous nature and large number of users that can access from anywhere
Levels – scope
Approaches – methods, degree of knowledge of tester
Techniqes – ways of coming up with test cases or plan
other units – forms, scripts, applets
Client page and server pages
Unit testing ensures units work independently
Ensure the structure of the web app is outline
Methods of designing test cases
Point of view of tester
White box testing – developer knows what app is supposed to do and how
White tester – efficient or susceptible to attack
Researchers well suited for web apps
such as using the wrong operator or variable name
The purpose is to help the tester develop effective tests or locate weaknesses
Form of white-box testing
Web applications to carry out a host of different tasks, including financial transactions, appointment booking and communications (emails, instant messaging and voice/video calls), it is important to ensure the privacy of users and the integrity of the transactions
Therefore, if a Web application is not properly tested, it means that a lot of potential users could risk losing their private data and/or facing severe financial losses