You are on page 1of 34

Web Application Testing

Standards for Web Application
What is a Web Application?

A web application is a dynamic extension of web or application

Ability to update and maintain web applications without
distributing and installing software on any of the client computers
is a key reason for the popularity and vast adoption in today's
application development approach.
A significant advantage for building web applications being that
they should perform as specified, regardless of the operating
system or OS version installed on the given client.
In addition, web applications are typically storing both the
program and data on the centralized hosting server, make it easy
to maintain and backup, at the same time require very minimal
disk space on the client PC.
How is Web Application different from Desktop
Application and Client-Server Application?

Desktop Application

-- Runs on personal computers and work stations, so when you test

the desktop application you are focusing on a specific environment.

--- Testing of complete application can be divided broadly into

categories like GUI, functionality, Load, and backend i.e DB.
How is Web Application different from Desktop
Application and Client-Server Application?

Client Server Application

--- 2 different components to test. A client-server application is a
distributed system comprising both client and server software.
--- Testing of complete application can be divided broadly into
categories like, GUI on both sides, functionality, Load, client-server
interaction, backend, Manual support testing, Functionality
testing, Compatibility testing & configuration testing, Intersystem
--- This environment is mostly used in Intranet networks. We are
aware of number of clients and servers and their locations in the
runtime scenario.
How is Web Application different from Desktop
Application and Client-Server Application?
Web Application
-- Is a bit different and complex to test as there is not much control
over the application.
-- Application is loaded on the server whose location may or may
not be known and no exe is installed on the client machine, this
runs on different web browsers.
-- Web applications are supposed to be tested on different browsers
and OS platforms so broadly Web application is tested mainly for
browser compatibility and operating system compatibility, error
handling, static pages, backend testing and load testing.
-- User interface testing, Functionality testing, Security testing,
Browser compatibility testing, Load / stress testing, Interoperability
testing/intersystem testing, Storage and data volume testing.
Different Types of Web Architecture

2-Tier architecture

3-Tier architecture

Model-View-Controller (MVC) Architecture

Service-Oriented Architecture (SOA)
Different Types of Web Architecture

2-Tier architecture
-- In the early days of web computing, most websites deployed a 2-
tier architecture, which consisted of a web server that processed
HTTP requests and a database server that provided a back-end data
-- Application logic that served the website resided on the web
server, which interacted directly with databases and generated
dynamic web pages based on the query results.
-- Because of its simplicity, 2-tier architecture is still vastly in use
nowadays, but it is only recommended for simple application only.
Different Types of Web Architecture

3-Tier Architecture
-- The 3-tier architecture model adds an application server tier to
handle the business logic of a web application.
-- With a 3-tier architecture, adding more web server tier machines
can address the problem of slow static web page response times. If
response times for processing transaction requests are slow, adding
more application-server tier machines can improve their
Different Types of Web Architecture

Model-View-Controller (MVC) Architecture

-- The main aim of MVC architecture is to separate the business
logic and application data from the presentation data to the user.
-- MVC architecture is triangular: the View sends updates to the
Controller, the Controller updates the Model, and the View gets
updated directly from the Model.
-- MVC is often seen in web applications, where the View is the
actual HTML page, and the Controller is the code that gathers
dynamic data and generates the content within the HTML.
Different Types of Web Architecture

Service-Oriented Architecture (SOA)

-- Service Oriented Architecture (SOA) is an architectural style for
creating and using business processes, packaged as services,
throughout their lifecycle.
-- SOA separates functions into distinct units (services), which can
be distributed over a network and can be combined and reused to
create business applications.
-- SOA may be implemented using a wide range of technologies,
including SOAP, RPC, DCOM, CORBA, Web Services or WCF,
and it can be implemented using one or more of these protocols.
Identify WEB Applications Testing Strategy
Techniques for Web Application Testing:
1. Page Flow Testing/Navigation Testing
2. Security Testing
3. Cookies and Session Testing
4. Links Testing
5. Performance Testing
6. Connectivity Testing
7. Cross-Browser Testing
8. Usability Testing
9. Navigation Testing
10. Content Testing
11. Fail Over Testing
Page Flow Testing/Navigation Testing

It deals with ensuring that each page can be viewed via specific
previous pages and that the application does not confuse the
Users by jumping to random pages.

A page flow diagram is a very useful aid for checking the
correctness of the navigation/page flow within the application.
Page Flow Testing/Navigation Testing

Testing strategies:
– Manual Execution
– Use of Bookmarks
– Establish a session - navigate through pages in random order
– Navigate through the pages in unnatural path (Negative)
– Use faked session interaction (Negative)
Security Testing

It is the process to determine that an IS (Information System)
protects data and maintains functionality as intended.

Security testing is providing evidence that an application
sufficiently fulfills its requirements in the face of hostile and
malicious inputs.
Security Testing

Testing strategies:

Unauthenticated access to the application

Unauthorized access to the application

Unencrypted data passing (if encyption of data is being done)

Protection of data

Log files to be checked to ensure they do not contain sensitive
Security Testing

Testing Strategies:

Multiple login testing by a single user from several clients

Automatic Logout after "N" minutes of inactivity

Attempt to break into the application by running password
cracking programs

Faked sessions. Checking for valid and secure session
information (URL containing a Session indentifier should not be
allowed to be copied into another system and the application be
continued from different system without being detected)
Cookies and Session Testing
What is a Cookie?
Cookie is a small information stored in a text file on user's hard
drive by the web server and this information is later used by the web
browser to retrieve information from the machine. Generally cookie
contains persinalized user data or information that is used to
communicate between different web pages.
Types of Cookies:
(i) Session Cookies - This cookie is active till the browser that
invoked the cookie is active. The session cookie gets deleted when the
browser is closed. Some time session of few minutes can be set for
the session cookie to expire.
(ii) Persistent Cookies - These cookies that are written
permanently on the user machine last for months or years.
Cookies and Session Testing
Testing strategies: (Cookies)

Privacy Policy (No sensitive data or personal data is stored in
the cookie. If data is used inside the cookie then should be

No overuse of cookies

Check with enabling and disabling of Cookies in the browser

Accept/Reject some cookies

Delete a cookie

Corrupt the cookie

Cookies testing in multiple browsers
Cookies and Session Testing

Testing strategies: (Session testing)

Application session should get expired after a predefined period
of time

Back-Forward button functionality

Check for multiple logins from the same machine (Using same
browser or multiple browsers)
Links Testing

It deals with all the elements which are responsible for proper
viewing of the web pages in the application.

Testing strategies:

Can the page be downloaded and displayed?

Do all the objects on a page load correctly?

Do all the objects on a page load in an acceptable time?

If User turns off umages, uses a non-graphical or no-frames
browser, does it still work?

Do all the text and graphical links work?
Links Testing

Linked pages (Clicking hyperlinks to navigate to other pages)

Frame pages (Does each HTML page inside a frame load
accurately when a page is divided into different frames)

Do Images used for graphical appearance or as buttons to
navigate function properly?

Form handlers, where these are CGI scripts, Active Server
Pages, etc.

Do Active X, Java Applets and other objects that are
downloaded and executed within the browser act properly?

Do other content files, such as video (AVI, MPEG). and audio
(WAV, AU, MIDI, MPEG) files work properly?

Do other Internet protocols such as email links, FTP,
Newsgroup links and feeds work properly?
Performance Testing , Load Testing and Stress
It deals with assessing the system's capacity for growth, identifying
the weak points in the architecture, detect obscure bugs in software,
tuning requiremnts of the system, verifying resilience and
reliability of the application.
-- Performance - is about response, time lapses, duration ... etc.
-- Load testing - is about test behavior under normal/peak workload
conditions. Load is more about characterizing / simulating your
actual workload.
-- Stress testing - is about surfacing issues under extreme
conditions and resource failures.
Performance Testing , Load Testing and Stress

Testing strategies:
Multiple User transactions

Multiple Users accessing same page

Multiple Users performing transactions including huge data,
entering huge data onto forms, huge data file uploads etc.
Connectivity Testing

It involves determining if the servers and clients behave

appropriately under varying circumstances. Involves two aspects:

"Voluntary", where a user actively interacts with the system in an
unexpected way;

"Involuntary", where the system acts in an unpredictable manner.
Connectivity Testing

Testing strategies: (Voluntary)

Quit from session without the User saving state

Quit from session with the User saving state

Server-forced quit from session due to inactivity

Server-forced quit from session due to server problem

Client forced quit from session due to visiting another site in the
middle of the session for a brief period of time

Client forced quit from session due to visiting another site /
application for an extended period of time

Client forced quit from session due to client PC crashing

Client forced quit due to browser crashing
Connectivity Testing

Testing strategies: (Involuntary)

Forcing the browser to prematurely terminate during a page load
using the task manager to kill the browser

Hitting the ESC key and reloading or revisiting the same page via
a bookmark

Simulation of Hub failure between PC and the Web Server (While
browsing remove the network cable from the PC, attempt to visit a
page, abort the visit, then reconnect the cable.)

Web Server On/Off Test - Shutdown the web server and then
restart the server (User should be able to connect back to the
application without being redirected to the login page proving
statelessness of individual pages. Note: Shutdown only for the web
server, not for the application server)
Connectivity Testing

Testing strategies: (Involuntary)

Database Server On/Off Test. Shutdown the database server
and then restart it (User should be able to connect back to the
application without being redirected to the login page proving
statelessness of individual pages. Note: Shutdown only for the
Database server, not for the application server)

Application Server On/Off Test. Shutdown the database server
and restart it (2 possible outcomes: (i) Application redirects to an
error page indicating loss of connectivity and the user is requested
to login and retry. (ii) Application continues normally since no
session information was lost as it was held in a persistent state that
transcends application server restarts)
Browser Testing

Cross-browser testing and debugging can be the most
frustrating. It is always advisable to discuss with the client
about the browser compatibility at the early phase.

To be at the safer side, it is good to have an agreement on which
browsers the web application pages will match the approved
layouts and make it clear that the rest of the browsers may match
to the agreed upon layout.
Browser Testing

Testing strategies:

Use HTML Validator and CSS Validator to check HTML and
CSS errors

Use Browser Compatibility testing tools

Manually test on different browsers
Usability Testing

It includes testing the application from User point of view and

focus on the objectives, Informational Content, UI Functionality,
User Performance, Load Imposed on the End-User, Satisfaction of
End-User, Cost-Benefit Analysis.
Usability Testing

Testing strategies:

Checks the citation, credibility, coverage, currency, continuity,
language and objectivity of the Content

Checks for advance components to make things simpler for Users
Checks for Colors and Backgrounds, Alignment and Layout,
Consistency of the application

Focus on Form designs, Graphic designs, labelling, Page/site
Design, Search functionality etc
Navigation Testing
This deals with the readiness if finding required content or
section within the application.
Testing strategies:

Global, Local, Contextual Navigation

Indication of "Where am I"

Grouping of like objects

Positioning and placement

Site structure (Site Map)

Clearly Marked Exits

Bookmark - Easily undestandable names

Consistency throughout the web application
Content Testing

Two types of content - (i) Static Content, (ii) Dynamic Content

Testing strategies: (Static Content)

Verify for correctness

Verify for accuracy

Verify organization of content
Testing strategies: (Dynamic Content)

Test by feeding new content

Try all possible combinations (wrong data, huge amount of data,
not matching the expected type of content, with and without
Fail Over Testing
Failover Tests verify of redundancy mechanisms while the system
is under load. Failover testing allows technicians to address
problems in advance, in the comfort of a testing situation, rather
than in the heat of a production outage. It also provides a baseline
of failover capability so that a 'sick' server can be shutdown with
confidence, in the knowledge that the remaining infrastructure will
cope with the surge of failover load.

Testing strategies:

In a web environment, failover testing determines what will
happen if multiple web servers are being used under peak
anticipated load, and one of them dies.