web application testing and standards for web

8/14/2019 Web Application Testing and Standards for Web

1/34

Web Application Testing

andStandards for Web Application


2/34

What is a Web Application?

A web application is a dynamic extension of web or application

server.Ability to update and maintain web applications without

distributing and installing software on any of the client computers

is a key reason for the popularity and vast adoption in today's

application development approach.A significant advantage for building web applications being that

they should perform as specified, regardless of the operating

system or OS version installed on the given client.

In addition, web applications are typically storing both the

program and data on the centralized hosting server, make it easy

to maintain and backup, at the same time require very minimal

disk space on the client PC.


3/34

How is Web Application different from DesktopApplication and Client-Server Application?

Desktop Application

-- Runs on personal computers and work stations, so when you test

the desktop application you are focusing on a specific environment.

--- Testing of complete application can be divided broadly into

categories like GUI, functionality, Load, and backend i.e DB.


4/34


Client Server Application--- 2 different components to test. A client-server application is a

distributed system comprising both client and server software.

--- Testing of complete application can be divided broadly intocategories like, GUI on both sides, functionality, Load, client-server

interaction, backend, Manual support testing, Functionality

testing, Compatibility testing & configuration testing, Intersystem

testing--- This environment is mostly used in Intranet networks. We are

aware of number of clients and servers and their locations in the

runtime scenario.


5/34


Web Application-- Is a bit different and complex to test as there is not much controlover the application.

-- Application is loaded on the server whose location may or may

not be known and no exe is installed on the client machine, thisruns on different web browsers.

-- Web applications are supposed to be tested on different browsers

and OS platforms so broadly Web application is tested mainly for

browser compatibility and operating system compatibility, errorhandling, static pages, backend testing and load testing.

-- User interface testing, Functionality testing, Security testing,

Browser compatibility testing, Load / stress testing, Interoperability

testing/intersystem testing, Storage and data volume testing.


6/34

Different Types of Web Architecture

2-Tier architecture 3-Tier architectureModel-View-Controller (MVC) Architecture

Service-Oriented Architecture (SOA)


7/34


2-Tier architecture-- In the early days of web computing, most websites deployed a 2-

tier architecture, which consisted of a web server that processed

HTTP requests and a database server that provided a back-end data

store.-- Application logic that served the website resided on the web

server, which interacted directly with databases and generated

dynamic web pages based on the query results.

-- Because of its simplicity, 2-tier architecture is still vastly in usenowadays, but it is only recommended for simple application only.


8/34


3-Tier Architecture

-- The 3-tier architecture model adds an application server tier to

handle the business logic of a web application.

-- With a 3-tier architecture, adding more web server tier machinescan address the problem of slow static web page response times. If

response times for processing transaction requests are slow, adding

more application-server tier machines can improve their

performance.


9/34


Model-View-Controller (MVC) Architecture

-- The main aim of MVC architecture is to separate the business

logic and application data from the presentation data to the user.

-- MVC architecture is triangular: the View sends updates to theController, the Controller updates the Model, and the View gets

updated directly from the Model.

-- MVC is often seen in web applications, where the View is the

actual HTML page, and the Controller is the code that gathersdynamic data and generates the content within the HTML.


10/34


Service-Oriented Architecture (SOA)-- Service Oriented Architecture (SOA) is an architectural style for

creating and using business processes, packaged as services,

throughout their lifecycle.

-- SOA separates functions into distinct units (services), which canbe distributed over a network and can be combined and reused to

create business applications.

-- SOA may be implemented using a wide range of technologies,

including SOAP, RPC, DCOM, CORBA, Web Services or WCF,and it can be implemented using one or more of these protocols.


11/34

Identify WEB Applications Testing Strategy

Techniques for Web Application Testing:1. Page Flow Testing/Navigation Testing

2. Security Testing

3. Cookies and Session Testing

4. Links Testing5. Performance Testing

6. Connectivity Testing

7. Cross-Browser Testing

8. Usability Testing9. Navigation Testing

10. Content Testing

11. Fail Over Testing


12/34

Page Flow Testing/Navigation Testing

It deals with ensuring that each page can be viewed via specific

previous pages and that the application does not confuse the

Users by jumping to random pages.

A page flow diagram is a very useful aid for checking thecorrectness of the navigation/page flow within the application.


13/34

Page Flow Testing/Navigation Testing

Testing strategies: Manual Execution Use of Bookmarks Establish a session - navigate through pages in random order Navigate through the pages in unnatural path (Negative) Use faked session interaction (Negative)


14/34

Security Testing

It is the process to determine that an IS (Information System)

protects data and maintains functionality as intended.

Security testing is providing evidence that an application

sufficiently fulfills its requirements in the face of hostile andmalicious inputs.


15/34

Security Testing

Testing strategies: Unauthenticated access to the application

Unauthorized access to the application Unencrypted data passing (if encyption of data is being done) Protection of data Log files to be checked to ensure they do not contain sensitive

information


16/34

Security Testing

Testing Strategies:

Multiple login testing by a single user from several clients

Automatic Logout after "N" minutes of inactivity

Attempt to break into the application by running password

cracking programs

Faked sessions. Checking for valid and secure session

information (URL containing a Session indentifier should not beallowed to be copied into another system and the application be

continued from different system without being detected)


17/34

Cookies and Session Testing

What is a Cookie?

Cookie is a small information stored in a text file on user's harddrive by the web server and this information is later used by the web

browser to retrieve information from the machine. Generally cookie

contains persinalized user data or information that is used to

communicate between different web pages.Types of Cookies:

(i) Session Cookies - This cookie is active till the browser that

invoked the cookie is active. The session cookie gets deleted when the

browser is closed. Some time session of few minutes can be set forthe session cookie to expire.

(ii) Persistent Cookies - These cookies that are written

permanently on the user machine last for months or years.


18/34


19/34

Cookies and Session Testing

Testing strategies: (Session testing)

Application session should get expired after a predefined period

of time

Back-Forward button functionality

Check for multiple logins from the same machine (Using same

browser or multiple browsers)


20/34

Links Testing

It deals with all the elements which are responsible for proper

viewing of the web pages in the application.

Testing strategies:Can the page be downloaded and displayed? Do all the objects on a page load correctly? Do all the objects on a page load in an acceptable time?

If User turns off umages, uses a non-graphical or no-framesbrowser, does it still work? Do all the text and graphical links work?


21/34

Links Testing

Linked pages (Clicking hyperlinks to navigate to other pages)

Frame pages (Does each HTML page inside a frame loadaccurately when a page is divided into different frames)

Do Images used for graphical appearance or as buttons to

navigate function properly?

Form handlers, where these are CGI scripts, Active ServerPages, etc.

Do Active X, Java Applets and other objects that are

downloaded and executed within the browser act properly?

Do other content files, such as video (AVI, MPEG). and audio(WAV, AU, MIDI, MPEG) files work properly?

Do other Internet protocols such as email links, FTP,

Newsgroup links and feeds work properly?


22/34

Performance Testing , Load Testing and StressTesting

It deals with assessing the system's capacity for growth, identifyingthe weak points in the architecture, detect obscure bugs in software,

tuning requiremnts of the system, verifying resilience and

reliability of the application.

-- Performance - is about response, time lapses, duration ... etc.

-- Load testing - is about test behavior under normal/peak workload

conditions. Load is more about characterizing / simulating your

actual workload.

-- Stress testing - is about surfacing issues under extreme

conditions and resource failures.


23/34

Performance Testing , Load Testing and StressTesting

Testing strategies:

Multiple User transactions

Multiple Users accessing same page Multiple Users performing transactions including huge data,

entering huge data onto forms, huge data file uploads etc.


24/34

Connectivity Testing

It involves determining if the servers and clients behave

appropriately under varying circumstances. Involves two aspects:

"Voluntary", where a user actively interacts with the system in anunexpected way; "Involuntary", where the system acts in an unpredictable manner.


25/34


Testing strategies: (Voluntary) Quit from session without the User saving state Quit from session with the User saving state Server-forced quit from session due to inactivity

Server-forced quit from session due to server problem Client forced quit from session due to visiting another site in the

middle of the session for a brief period of time Client forced quit from session due to visiting another site /

application for an extended period of time Client forced quit from session due to client PC crashing Client forced quit due to browser crashing


26/34


27/34


Testing strategies: (Involuntary)Database Server On/Off Test. Shutdown the database server

and then restart it (User should be able to connect back to the

application without being redirected to the login page proving

statelessness of individual pages. Note: Shutdown only for theDatabase server, not for the application server) Application Server On/Off Test. Shutdown the database server

and restart it (2 possible outcomes: (i) Application redirects to an

error page indicating loss of connectivity and the user is requestedto login and retry. (ii) Application continues normally since no

session information was lost as it was held in a persistent state that

transcends application server restarts)


28/34

Browser Testing

Cross-browser testing and debugging can be the most

frustrating. It is always advisable to discuss with the client

about the browser compatibility at the early phase.

To be at the safer side, it is good to have an agreement on whichbrowsers the web application pages will match the approved

layouts and make it clear that the rest of the browsers may match

to the agreed upon layout.


29/34

Browser Testing

Testing strategies:

Use HTML Validator and CSS Validator to check HTML and

CSS errors

Use Browser Compatibility testing tools

Manually test on different browsers


30/34

Usability Testing

It includes testing the application from User point of view and

focus on the objectives, Informational Content, UI Functionality,

User Performance, Load Imposed on the End-User, Satisfaction of

End-User, Cost-Benefit Analysis.


31/34

Usability Testing

Testing strategies:

Checks the citation, credibility, coverage, currency, continuity,

language and objectivity of the Content

Checks for advance components to make things simpler for Users

Checks for Colors and Backgrounds, Alignment and Layout,

Consistency of the application

Focus on Form designs, Graphic designs, labelling, Page/siteDesign, Search functionality etc


32/34

Navigation Testing

This deals with the readiness if finding required content orsection within the application.

Testing strategies: Global, Local, Contextual Navigation Indication of "Where am I" Grouping of like objects Positioning and placement Site structure (Site Map) Clearly Marked Exits Bookmark - Easily undestandable names Consistency throughout the web application


33/34

Content Testing

Two types of content - (i) Static Content, (ii) Dynamic Content

Testing strategies: (Static Content)

Verify for correctness

Verify for accuracy

Verify organization of content

Testing strategies: (Dynamic Content)

Test by feeding new content Try all possible combinations (wrong data, huge amount of data,

not matching the expected type of content, with and without

graphics)


34/34

Fail Over Testing

Failover Tests verify of redundancy mechanisms while the system

is under load. Failover testing allows technicians to address

problems in advance, in the comfort of a testing situation, rather

than in the heat of a production outage. It also provides a baseline

of failover capability so that a 'sick' server can be shutdown with

confidence, in the knowledge that the remaining infrastructure will

cope with the surge of failover load.

Testing strategies: In a web environment, failover testing determines what will

happen if multiple web servers are being used under peak

anticipated load, and one of them dies.

web application testing and standards for web

Documents