Our QA Lead Ms. Yamini Dobhal delivers a highly technical lecture on EED best practices. In the world of cutting edge large scale web and mobile apps, Performance, Security and Scalability are Key. This goes hand in hand with solid engineering design. This talk covered some best practices and core guidelines that Atlogys inculcates in the development of each of its apps. Yamini talks about the checklist set of tests and the tools developers and QA associates should install and use to account for the coding guidelines. Developers are informed about basic browser extensions and safe coding techniques that can incorporate aspects of fast performance, GDPR and security from the ground up. DevOps are informed about core fundamental server settings that expedite responses.
2. Engineering Eye for Detail
(The Fundamentals & Best Practices)
Yamini Dobhal
Quality Technical Lead
Under the direction of
Mr. Rajiv Madan
(COO, Atlogys)
TECH TALK
3. INTRODUCTION
EED- It is the process used to identify the performance, security
and scalability related issues of a developed web based
applications or websites
It is the process of executing a program/ application under
positive and negative conditions by manual or automated
means. It checks for the :-
Performance
Security
Scalability
Copyright 2018 Automated Logical Software (P) Ltd.
4. OBJECTIVES
Uncover as many as errors (or bugs) as possible in a given
product.
Demonstrate a given software product matching its
performance specifications.
Validate the quality of a software testing using the minimum
cost and efforts.
Generate high quality test cases, perform effective tests, and
issue correct and helpful problem reports.
Copyright 2018 Automated Logical Software (P) Ltd.
5. GUIDELINES
• Develop an extensive and comprehensive test plan
• Start early
• Test Often
• Use authenticated tools- Inspect element of the browser,
yslow, page speed, gmetrics etc
• Analysis and test the work of testers or your own work
Copyright 2018 Automated Logical Software (P) Ltd.
6. Performance Related
• Ordering of various files and components loading- It’s preferred to load
CSS of the web page and then the scripts and the JS at the bottom
• Compressed files- Compression reduces response times by reducing the
size of the HTTP response.
• JS Optimization- Poorly written JavaScript code can slow your website,
negatively affecting load times and rendering speed
• Splitting of servers- Dynamic and static content should be spllited in two
servers
• Error handlings- Following are some error codes which should be handled
well-
– 400 Bad Request. ...
– 401 Unauthorized. ...
– 403 Forbidden. ...
– 404 Not Found. ...
Copyright 2018 Automated Logical Software (P) Ltd.
7. – 500 Internal Server Error. ...
– 502 Bad Gateway. ...
– 503 Service Unavailable. ...
– 504 Gateway Timeout.
• Logs- Testing if everything is logged properly. Application logs are
generated at various levels debug vs. non debug mode. The mode must be
set correctly for production vs, staging vs. qa vs. dev machines.
• Modularization-
• Use of CDN- A content delivery network (CDN) is a system of distributed
servers (network) that deliver pages and other Web content to a user,
based on the geographic locations of the user, the origin of the webpage
and the content delivery server. ... CDNs also provide protection from
large surges in traffic.
Copyright 2009 Automated Logical Software (P) Ltd.
8. • DNS look Ups
• Web Caching- A web cache (or HTTP cache) is an information technology
for the temporary storage (caching) of web documents, such as HTML
pages and images, to reduce server lag.
• Minifications- Minification (also minimisation or minimization), in
computer programming languages and especially JavaScript, is the process
of removing all unnecessary characters from source code without
changing its functionality.
• Image sprites- It is good to implement CSS sprites for combining multiple
images into one - usually images which are repeated across many pages
should be combined into 1 sprite.
• Intelligent DOM Manipulation- Functionality that is needed at multiple
locations in page (like a file add widget etc) should be created once and
dom and then added again and again
Copyright 2009 Automated Logical Software (P) Ltd.
9. Security Related
Security related- Check for-
• SQL injections- SQL Injection (SQLi) refers to an injection attack
wherein an attacker can execute malicious SQL statements (also
commonly referred to as a malicious payload) that control a web
application's database server– RDBMS
• XSS attacks- XSS attacks occur when an attacker uses a web application
to send malicious code, generally in the form of a browser side script, to a
different end user.
• CSRF attacks- It a type of malicious exploit of a website where
unauthorized commands are transmitted from a user that the web
application trusts.
Copyright 2018 Automated Logical Software (P) Ltd.