Web app testing fundamentals

(a crash course with examples)

WWW.PENTALOG.COM
Web app testing
“A web application is a software application that runs on a remote server. In most
cases, Web browsers are used to access Web applications, over a network, such as the
Internet.”
(from Wikipedia, the free encyclopedia)

“In computing, a web application or web app is a client–server computer program

which the client (including the user interface and client-side logic) runs in a web
browser. Common web applications include Webmail, online retail sales, and online
auction.”
(from Wikipedia, the free encyclopedia)

WWW.PENTALOG.COM
Web app testing
Client-server or web-based? Or both?!

a. Client-server apps

These apps rely on the 'two-tier architecture', meaning that there is only the client and
the database. The client tier contains the front-end (a.k.a. User Interface) and the
business logic, while the back-end consists of the database (data tier).

Examples: POS terminals, ATMs, IM (instant messaging) apps that install and run from
your computer (Skype, Yahoo! Messenger, etc.), social media mobile apps (Facebook,
Twitter, LinkedIn, WhatsApp, etc.)

b.  Web-based apps

These apps rely on the 'three-tier architecture', which consists of the UI (presentation
layer), the business logic (application layer) and the database (data layer).

Examples: PentaStagiu, GitHub, Gmail, Yahoo!Mail, etc.

*** a graphical representation of these models comes up next

WWW.PENTALOG.COM
Web app testing

WWW.PENTALOG.COM
Web app testing

Web testing is the process of checking websites and/or web-based applications to

make sure they fulfill the required parameters for going live / into production.

The main types / techniques of testing to be carried out when dealing with web-based
applications are:

1. Functionality testing

2. Usability testing

3. Compatibility testing

4. Interface testing

5. Performance testing

6. Security testing

WWW.PENTALOG.COM
Web app testing
Functionality testing
(the app does what it's supposed to do)

 Links – check all internal, outgoing, mailto, anchor links (broken links, orphan
pages)

 Forms – check field validations, default values, min/max allowed length, types of
data accepted by the form / field, behavior on create / modify / delete

 Cookies & Local / Session Storage – check encryption, persistence, behavior on

clearing browser cache and when manually deleting cookies / data stored in the
browser (local & session storage)

 HTML & CSS – check standard compliance, check for syntax errors

 Data integrity – check data consistency when creating, editing, deleting, exporting
content, check query execution and behavior when errors occur

WWW.PENTALOG.COM
Web app testing
Usability testing
(the app is easy to understand and use)

 Test the navigation (menus, buttons, links are visible, accessible with ease and
consistent throughout the application)

 Color schema (the content is easy to read)

 Overall content rendering and correctness

 Readability in forms / fields

 Behavior when the content (text, image) does not fit the container (form, field)

WWW.PENTALOG.COM
Web app testing
Compatibility testing
(the app runs on targeted browsers, OS's, devices)

 The application is checked for consistency in rendering and printing content in

supported browsers, on target devices and operating systems

 The menus, buttons and other UI elements should be displayed consistently as well on
supported browsers, devices and OS's

WWW.PENTALOG.COM
Web app testing
Interface testing
(the app tiers connect and interact seamlessly with each other and with targeted apps / systems)

 Check the interaction between web server and application server

 Check the interaction between application server and database server

 Check error handling (relevant vs generic error messages, error logging) in various
scenarios (e.g. the communication among components is interrupted, invalid data is
sent between app tiers, etc.)

WWW.PENTALOG.COM
Web app testing
Performance testing
(the app behaves under normal conditions, as well as under stress / load conditions)

 Check response / load times for completing server calls, for retrieving data from the
database, for displaying the data in the UI

 Check how the app handles large volumes of data to read / write

 Check behavior on large number of simultaneous connections

 Ensure the app recovers gracefully from crashes (find the breaking point and go
beyond it)

10

WWW.PENTALOG.COM
Web app testing
Security testing
(the app handles writing, storing and retrieving sensitive data securely)

 Test the login security (e.g. how are the user credentials transmitted / stored,
access token lifetime, etc.)

 Verify access rights / permissions for restricted data (e.g. users without proper
permissions using a valid token of a user with full permissions)

 Test response to invalid input (e.g. specific error messages like 'Password invalid for
this user' are really bad)

 Check compliance with security standards that may apply

11

WWW.PENTALOG.COM
Web app testing
Worry less while testing with a couple of tips & tricks 

 Create checklists for each type of testing you will perform, so as to avoid leaving out
important aspects that should be verified about the web app

 Prioritize testing activities taking into account that the team must deliver the most
value possible for the client in a given time frame

 Make sure any potential risks remaining after the testing phase are acknowledged and
accepted by the client

 … and most importantly, have fun while testing, it's in the job description!

12

WWW.PENTALOG.COM
Thank you for your patience, see you next time!

13

WWW.PENTALOG.COM