Web Application Testing and Standards for Web Application

What is a Web Application?
A web application is a dynamic extension of web or application server. Ability to update and maintain web applications without distributing and installing software on any of the client computers is a key reason for the popularity and vast adoption in today's application development approach. A significant advantage for building web applications being that they should perform as specified, regardless of the operating system or OS version installed on the given client. In addition, web applications are typically storing both the program and data on the centralized hosting server, make it easy to maintain and backup, at the same time require very minimal disk space on the client PC.

How is Web Application different from Desktop Application and Client-Server Application?
Desktop Application
-- Runs on personal computers and work stations, so when you test the desktop application you are focusing on a specific environment. --- Testing of complete application can be divided broadly into categories like GUI, functionality, Load, and backend i.e DB.

How is Web Application different from Desktop Application and Client-Server Application?
Client Server Application
--- 2 different components to test. A client-server application is a distributed system comprising both client and server software. --- Testing of complete application can be divided broadly into categories like, GUI on both sides, functionality, Load, client-server interaction, backend, Manual support testing, Functionality testing, Compatibility testing & configuration testing, Intersystem testing --- This environment is mostly used in Intranet networks. We are aware of number of clients and servers and their locations in the runtime scenario.

How is Web Application different from Desktop Application and Client-Server Application?
Web Application
-- Is a bit different and complex to test as there is not much control over the application. -- Application is loaded on the server whose location may or may not be known and no exe is installed on the client machine, this runs on different web browsers. -- Web applications are supposed to be tested on different browsers and OS platforms so broadly Web application is tested mainly for browser compatibility and operating system compatibility, error handling, static pages, backend testing and load testing. -- User interface testing, Functionality testing, Security testing, Browser compatibility testing, Load / stress testing, Interoperability testing/intersystem testing, Storage and data volume testing.

Different Types of Web Architecture
2-Tier architecture ● 3-Tier architecture ● Model-View-Controller (MVC) Architecture ● Service-Oriented Architecture (SOA)

Different Types of Web Architecture
2-Tier architecture -- In the early days of web computing, most websites deployed a 2tier architecture, which consisted of a web server that processed HTTP requests and a database server that provided a back-end data store. -- Application logic that served the website resided on the web server, which interacted directly with databases and generated dynamic web pages based on the query results. -- Because of its simplicity, 2-tier architecture is still vastly in use nowadays, but it is only recommended for simple application only.

Different Types of Web Architecture
3-Tier Architecture -- The 3-tier architecture model adds an application server tier to handle the business logic of a web application. -- With a 3-tier architecture, adding more web server tier machines can address the problem of slow static web page response times. If response times for processing transaction requests are slow, adding more application-server tier machines can improve their performance.

Different Types of Web Architecture
Model-View-Controller (MVC) Architecture -- The main aim of MVC architecture is to separate the business logic and application data from the presentation data to the user. -- MVC architecture is triangular: the View sends updates to the Controller, the Controller updates the Model, and the View gets updated directly from the Model. -- MVC is often seen in web applications, where the View is the actual HTML page, and the Controller is the code that gathers dynamic data and generates the content within the HTML.

Different Types of Web Architecture
Service-Oriented Architecture (SOA) -- Service Oriented Architecture (SOA) is an architectural style for creating and using business processes, packaged as services, throughout their lifecycle. -- SOA separates functions into distinct units (services), which can be distributed over a network and can be combined and reused to create business applications. -- SOA may be implemented using a wide range of technologies, including SOAP, RPC, DCOM, CORBA, Web Services or WCF, and it can be implemented using one or more of these protocols.

Identify WEB Applications Testing Strategy
Techniques for Web Application Testing: 1. Page Flow Testing/Navigation Testing 2. Security Testing 3. Cookies and Session Testing 4. Links Testing 5. Performance Testing 6. Connectivity Testing 7. Cross-Browser Testing 8. Usability Testing 9. Navigation Testing 10. Content Testing 11. Fail Over Testing

Page Flow Testing/Navigation Testing

It deals with ensuring that each page can be viewed via specific previous pages and that the application does not confuse the Users by jumping to random pages. A page flow diagram is a very useful aid for checking the correctness of the navigation/page flow within the application.

Page Flow Testing/Navigation Testing

Testing strategies: – Manual Execution – Use of Bookmarks – Establish a session - navigate through pages in random order – Navigate through the pages in unnatural path (Negative) – Use faked session interaction (Negative)

Security Testing

It is the process to determine that an IS (Information System) protects data and maintains functionality as intended. Security testing is providing evidence that an application sufficiently fulfills its requirements in the face of hostile and malicious inputs.

Security Testing

Testing strategies: ● Unauthenticated access to the application ● Unauthorized access to the application ● Unencrypted data passing (if encyption of data is being done) ● Protection of data ● Log files to be checked to ensure they do not contain sensitive information

Security Testing
Testing Strategies:

Multiple login testing by a single user from several clients Automatic Logout after "N" minutes of inactivity Attempt to break into the application by running password cracking programs Faked sessions. Checking for valid and secure session information (URL containing a Session indentifier should not be allowed to be copied into another system and the application be continued from different system without being detected)

Cookies and Session Testing
What is a Cookie? Cookie is a small information stored in a text file on user's hard drive by the web server and this information is later used by the web browser to retrieve information from the machine. Generally cookie contains persinalized user data or information that is used to communicate between different web pages. Types of Cookies: (i) Session Cookies - This cookie is active till the browser that invoked the cookie is active. The session cookie gets deleted when the browser is closed. Some time session of few minutes can be set for the session cookie to expire. (ii) Persistent Cookies - These cookies that are written permanently on the user machine last for months or years.

Cookies and Session Testing
Testing strategies: (Cookies)

Privacy Policy (No sensitive data or personal data is stored in the cookie. If data is used inside the cookie then should be encrypted) No overuse of cookies Check with enabling and disabling of Cookies in the browser settings Accept/Reject some cookies Delete a cookie Corrupt the cookie Cookies testing in multiple browsers

Cookies and Session Testing
Testing strategies: (Session testing)

Application session should get expired after a predefined period of time Back-Forward button functionality Check for multiple logins from the same machine (Using same browser or multiple browsers)

Links Testing
It deals with all the elements which are responsible for proper viewing of the web pages in the application. Testing strategies: ● Can the page be downloaded and displayed? ● Do all the objects on a page load correctly? ● Do all the objects on a page load in an acceptable time? ● If User turns off umages, uses a non-graphical or no-frames browser, does it still work? ● Do all the text and graphical links work?

Links Testing
● ●

Linked pages (Clicking hyperlinks to navigate to other pages) Frame pages (Does each HTML page inside a frame load accurately when a page is divided into different frames) Do Images used for graphical appearance or as buttons to navigate function properly? Form handlers, where these are CGI scripts, Active Server Pages, etc. Do Active X, Java Applets and other objects that are downloaded and executed within the browser act properly? Do other content files, such as video (AVI, MPEG). and audio (WAV, AU, MIDI, MPEG) files work properly? Do other Internet protocols such as email links, FTP, Newsgroup links and feeds work properly?

Performance Testing , Load Testing and Stress Testing
It deals with assessing the system's capacity for growth, identifying the weak points in the architecture, detect obscure bugs in software, tuning requiremnts of the system, verifying resilience and reliability of the application. -- Performance - is about response, time lapses, duration ... etc. -- Load testing - is about test behavior under normal/peak workload conditions. Load is more about characterizing / simulating your actual workload. -- Stress testing - is about surfacing issues under extreme conditions and resource failures.

Performance Testing , Load Testing and Stress Testing

Testing strategies: Multiple User transactions ● Multiple Users accessing same page ● Multiple Users performing transactions including huge data, entering huge data onto forms, huge data file uploads etc.

Connectivity Testing

It involves determining if the servers and clients behave appropriately under varying circumstances. Involves two aspects: ● "Voluntary", where a user actively interacts with the system in an unexpected way; ● "Involuntary", where the system acts in an unpredictable manner.

Connectivity Testing
Testing strategies: (Voluntary) ● Quit from session without the User saving state ● Quit from session with the User saving state ● Server-forced quit from session due to inactivity ● Server-forced quit from session due to server problem ● Client forced quit from session due to visiting another site in the middle of the session for a brief period of time ● Client forced quit from session due to visiting another site / application for an extended period of time ● Client forced quit from session due to client PC crashing ● Client forced quit due to browser crashing

Connectivity Testing
Testing strategies: (Involuntary) ● Forcing the browser to prematurely terminate during a page load using the task manager to kill the browser ● Hitting the ESC key and reloading or revisiting the same page via a bookmark ● Simulation of Hub failure between PC and the Web Server (While browsing remove the network cable from the PC, attempt to visit a page, abort the visit, then reconnect the cable.) ● Web Server On/Off Test - Shutdown the web server and then restart the server (User should be able to connect back to the application without being redirected to the login page proving statelessness of individual pages. Note: Shutdown only for the web server, not for the application server)

Connectivity Testing
Testing strategies: (Involuntary) ● Database Server On/Off Test. Shutdown the database server and then restart it (User should be able to connect back to the application without being redirected to the login page proving statelessness of individual pages. Note: Shutdown only for the Database server, not for the application server) ● Application Server On/Off Test. Shutdown the database server and restart it (2 possible outcomes: (i) Application redirects to an error page indicating loss of connectivity and the user is requested to login and retry. (ii) Application continues normally since no session information was lost as it was held in a persistent state that transcends application server restarts)

Browser Testing

Cross-browser testing and debugging can be the most frustrating. It is always advisable to discuss with the client about the browser compatibility at the early phase. To be at the safer side, it is good to have an agreement on which browsers the web application pages will match the approved layouts and make it clear that the rest of the browsers may match to the agreed upon layout.

Browser Testing
Testing strategies:

Use HTML Validator and CSS Validator to check HTML and CSS errors Use Browser Compatibility testing tools Manually test on different browsers

Usability Testing
It includes testing the application from User point of view and focus on the objectives, Informational Content, UI Functionality, User Performance, Load Imposed on the End-User, Satisfaction of End-User, Cost-Benefit Analysis.

Usability Testing
Testing strategies:

Checks the citation, credibility, coverage, currency, continuity, language and objectivity of the Content Checks for advance components to make things simpler for Users Checks for Colors and Backgrounds, Alignment and Layout, Consistency of the application Focus on Form designs, Graphic designs, labelling, Page/site Design, Search functionality etc

Navigation Testing
This deals with the readiness if finding required content or section within the application. Testing strategies: ● Global, Local, Contextual Navigation ● Indication of "Where am I" ● Grouping of like objects ● Positioning and placement ● Site structure (Site Map) ● Clearly Marked Exits ● Bookmark - Easily undestandable names ● Consistency throughout the web application

Content Testing
Two types of content - (i) Static Content, (ii) Dynamic Content Testing strategies: (Static Content)
● ● ●

Verify for correctness Verify for accuracy Verify organization of content Test by feeding new content Try all possible combinations (wrong data, huge amount of data, not matching the expected type of content, with and without graphics)

Testing strategies: (Dynamic Content)
● ●

Fail Over Testing
Failover Tests verify of redundancy mechanisms while the system is under load. Failover testing allows technicians to address problems in advance, in the comfort of a testing situation, rather than in the heat of a production outage. It also provides a baseline of failover capability so that a 'sick' server can be shutdown with confidence, in the knowledge that the remaining infrastructure will cope with the surge of failover load. Testing strategies:

In a web environment, failover testing determines what will happen if multiple web servers are being used under peak anticipated load, and one of them dies.

Sign up to vote on this title
UsefulNot useful