CHAPTER 20 TESING WEB APPLICATIONS. Overview



Similar documents
Testing Web Applications. Software Engineering: A Practitionerʼs Approach, 7/e by Roger S. Pressman

Table of Contents. CHAPTER 1 Web-Based Systems 1. CHAPTER 2 Web Engineering 12. CHAPTER 3 A Web Engineering Process 24


Introduction site management software

Apache Server Implementation Guide

Software Configuration Management. Software Engineering: A Practitionerʼs Approach, 7/e by Roger S. Pressman

OCR LEVEL 3 CAMBRIDGE TECHNICAL

Topics in Website Testing. [Reading assignment: Chapter 14, pp ]

Web Testing. Main Concepts of Web Testing. Software Quality Assurance Telerik Software Academy

Checklist for Web Application Testing

Chapter 5. Regression Testing of Web-Components

Interwise Connect. Working with Reverse Proxy Version 7.x

How To Test Your Web Site On Wapt On A Pc Or Mac Or Mac (Or Mac) On A Mac Or Ipad Or Ipa (Or Ipa) On Pc Or Ipam (Or Pc Or Pc) On An Ip

Course Information Course Number: IWT 1229 Course Name: Web Development and Design Foundation

Smarter Balanced Assessment Consortium. Recommendation

Business Application Services Testing

2311A: Advanced Web Application Development using Microsoft ASP.NET Course 2311A Three days Instructor-led

FINAL DoIT v.8 APPLICATION SECURITY PROCEDURE

Load testing with. WAPT Cloud. Quick Start Guide

How to Monitor and Identify Website Issues. 2013, SolarWinds Worldwide, LLC. All rights reserved. Share:

Server Installation Manual 4.4.1

Step into the Future: HTML5 and its Impact on SSL VPNs

Citrix EdgeSight User s Guide. Citrix EdgeSight for Endpoints 5.4 Citrix EdgeSight for XenApp 5.4

Enterprise Security Interests Require SSL with telnet server from outside the LAN

Code Estimation Tools Directions for a Services Engagement

Levels of Software Testing. Functional Testing

(WAPT) Web Application Penetration Testing

Product Summary of XLReporter with OPC Servers

Apache Web Server Execution Tracing Using Third Eye


Case Study. Data Governance Portal Brainvire Infotech Pvt Ltd Page 1 of 1

Important. Please read this User s Manual carefully to familiarize yourself with safe and effective usage.

Hack Proof Your Webapps

SECTION 4 TESTING & QUALITY CONTROL

Application security testing: Protecting your application and data

Semantic based Web Application Firewall (SWAF V 1.6) Operations and User Manual. Document Version 1.0

Chapter 2 TOPOLOGY SELECTION. SYS-ED/ Computer Education Techniques, Inc.

TEST PLAN Issue Date: <dd/mm/yyyy> Revision Date: <dd/mm/yyyy>

SECURE APPLICATION DEVELOPMENT CODING POLICY OCIO TABLE OF CONTENTS

The OSI Model and the TCP/IP Protocol Suite PROTOCOL LAYERS. Hierarchy. Services THE OSI MODEL

Information Supplement: Requirement 6.6 Code Reviews and Application Firewalls Clarified

Network Test Labs (NTL) Software Testing Services for igaming

Software Testing. Knowledge Base. Rajat Kumar Bal. Introduction

Computer Information Systems (CIS)

A Tool for Evaluation and Optimization of Web Application Performance

COMPUTER SCIENCE/ COMPUTER NETWORKING AND TECHNOLOGIES (COSC)

Magento Security and Vulnerabilities. Roman Stepanov

Appendix N INFORMATION TECHNOLOGY (IT) YOUTH APPRENTICESHIP WEB & DIGITAL COMMUNICATIONS PATHWAY WEB & DIGITAL MEDIA UNIT UNIT 6

Streaming Media System Requirements and Troubleshooting Assistance

Frequently Asked Questions

Check list for web developers

How To Test A Web Based System

Intelligent Analysis of User Interactions with Web Applications

Pro/INTRALINK 9.0/9.1 Curriculum Guide

How To Protect A Web Application From Attack From A Trusted Environment

Basic Unix/Linux 1. Software Testing Interview Prep

PaperSave IT Prerequisites for Blackbaud s The Financial Edge

Chapter 8 A secure virtual web database environment

Criteria for web application security check. Version

Information Technology Engineers Examination. Network Specialist Examination. (Level 4) Syllabus. Details of Knowledge and Skills Required for

Performance TesTing expertise in case studies a Q & ing T es T

DFW INTERNATIONAL AIRPORT STANDARD OPERATING PROCEDURE (SOP)

The Evolution of Load Testing. Why Gomez 360 o Web Load Testing Is a

Christchurch Polytechnic Institute of Technology Information Systems Acquisition, Development and Maintenance Security Standard

Source Code Translation

Sample Exam Foundation Level Syllabus. Mobile Tester

Software Requirements. Specification. Day Health Manager. for. Version 1.1. Prepared by 4yourhealth 2/10/2015

Workday Mobile Security FAQ

Outline. CIW Web Design Specialist. Course Content


Performance Testing Process A Whitepaper

Last Updated: July STATISTICA Enterprise Server Security

Guide to Analyzing Feedback from Web Trends

Release: 1. ICTNWK607 Design and implement wireless network security

Computer Science and Engineering MacOS Cisco VPN Client Installation and Setup Guide

ArcGIS Server Security Threats & Best Practices David Cordes Michael Young

DIABLO VALLEY COLLEGE CATALOG

CS 665: Computer System Security. Network Security. Usage environment. Sources of vulnerabilities. Information Assurance Module

Preventive Approach for Web Applications Security Testing OWASP 10/30/2009. The OWASP Foundation

Mitra Innovation Leverages WSO2's Open Source Middleware to Build BIM Exchange Platform

POLAR IT SERVICES. Business Intelligence Project Methodology

Advanced Web Application Development using Microsoft ASP.NET

Designing and Deploying Messaging Solutions with Microsoft Exchange Server 2010 Service Pack B; 5 days, Instructor-led

Client Requirement. Why SharePoint

THE SMARTEST WAY TO PROTECT WEBSITES AND WEB APPS FROM ATTACKS

WEB CONTENT MANAGEMENT PATTERNS

Dynamics AX. Microsoft Dynamics AX 4.0. Microsoft Dynamics ISV Software Solution Test Guidelines


Application Security Testing. Generic Test Strategy

Test Run Analysis Interpretation (AI) Made Easy with OpenLoad

Detecting Web Application Vulnerabilities Using Open Source Means. OWASP 3rd Free / Libre / Open Source Software (FLOSS) Conference 27/5/2008

Transcription:

CHAPTER 20 TESING WEB APPLICATIONS Overview The chapter describes the Web testing. Web testing is a collection of activities whose purpose is to uncover errors in WebApp content, function, usability, navigability, performance, capacity, and security. A testing strategy involving both reviews and executable testing is applied throughout the WebE process. The WebApp testing process involves all project stakeholders. Web testing begins with user-visible aspects of WebApps and proceeds to exercise technology and infrastructure. Seven testing steps are performed: content testing, interface testing, navigation testing, component testing, configuration testing, performance testing, and security testing. Sometimes a test plan is written. A suite of test cases is always developed for every testing step and an archive of testing results is maintained for future use. Dimensions of Quality Content evaluated at both syntactic and semantic levels Function tested to uncover lack of conformance to requirements Structure is assessed to ensure proper content and function are delivered Usability is tested to ensure that each category of user can be supported as new content or functionality is added Navigability is tested to ensure that all navigation syntax and semantics are exercised Performance is tested under a variety of operating conditions, configurations, and loading to ensure a reasonable level of user response Compatibility tested by executing WebApp using a variety of client and server configurations Interoperability tested to ensure proper interfaces to other applications and databases Security is tested by assessing potential vulnerabilities and trying to exploit each of them Characteristics of WebApp Errors Many types of WebApp tests uncover problems evidenced on the client side using an specific interface (e.g., may be an error symptom, not the error itself) It may be difficult to reproduce errors outside of the environment in which the error was originally encountered Many errors can be traced to the WebApp configuration, incorrect design, or improper HTML It is hard to determine whether errors are caused by problems with the server, the client, or the network itself Some errors are attributable to problems in the static operating environment and some are attributable to the dynamic operating environment

Testing WebApps for Errors 1. WebApp content model is reviewed to uncover errors. 2. Interface model is reviewed to ensure all use-cases are accommodated. 3. Design model for WebApp is reviewed to uncover navigation errors. 4. User interface is tested to uncover presentation errors and/or navigation mechanics problems. 5. Selected functional components are unit tested. 6. Navigation throughout the architecture is tested. 7. WebApp is implemented in a variety of different environmental configurations and the compatibility of WebApp with each is assessed. 8. Security tests are conducted. 9. Performance tests are conducted. 10. WebApp is tested by a controlled and monitored group of end-users (looking for content errors, navigation errors, usability concerns, compatibility issues, reliability, and performance). Web Engineering Test Plan Elements 1. Task set to be applied during testing 2. Work products to be produced as each testing task is executed 3. Evaluation and recording methods for testing results Web Testing Process Content testing - tries to uncover content errors Interface testing - exercises interaction mechanisms and validates aesthetic aspects of user interface Navigation testing - makes use of use-cases in the design of test cases that exercise each usage scenario against the navigation design (used as part of WebApp integration testing) Component testing - exercises the WebApp content and functional units (used as part of WebApp integration testing) Configuration testing - attempts to uncover errors traceable to a specific client or server environment (cross-reference table is useful) Performance testing - series of tests designed to assess: WebApp response time and reliability under varying system loads Which WebApp components are responsible for system degradation How performance degradation impacts overall WebApp requirements Security testing - tests designed to exploit WebApp or environment vulnerabilities WebApp Testing Task Set 1. Review stakeholder requirements 2. Establish priorities to ensure each user goal will be adequately tested

3. Define WebApp testing strategy by describing the types of tests that will be conducted 4. Develop test plan o Define test schedule and assign testing responsibilities o Specify automated testing tools o Define acceptance criteria for each class of test o Specify defect tracking mechanisms o Define problem reporting mechanisms 5. Perform unit tests o Review content for syntax and semantics errors o Review content for proper permissions o Test operation of interface mechanisms o Test each component for proper function 6. Perform integration tests o Test interface semantics against use-cases o Conduct navigation tests 7. Perform configuration tests o Assess client-side compatibility o Assess server-side configurations 8. Conduct performance tests 9. Conduct security tests Content Testing Objectives Uncover syntactic errors in all media (e.g., typos) Uncover semantic errors (e.g., errors in completeness or accuracy) Find errors in organization or structure of content presented to end-user Database Testing Problems The original query must be checked to uncover errors in translating the user's request to SQL Problems in communicating between the WebApp server and Database server need to be tested. Need to demonstrate the validity of the raw data from the database to the WebApp and the validity of the transformations applied to the raw data. Need to test validity of dynamic content object formats transmitted to the user and the validity of the transformations to make the data visible to the user. User Interface Testing Strategy Interface features are tested to ensure that design rules, aesthetics, and related visual content is available for user without error. Individual interface mechanisms are tested using unit testing strategies. Each interface mechanism is tested in the context of a use-case of navigation semantic unit (e.g., thread) for a specific user category

Complete interface is tested against selected use-cases and navigation semantic unit to uncover interface semantic errors Interface is tested in a variety of environments to ensure compatibility Testable WebApp Interface Mechanisms Links (each link is listed and tested) Forms (check labels, field navigation, data entry, error checking, data transmission, meaningful error messages) Client-side scripting (black box testing and compatibility tests) Dynamic HTML (correctness of generated HTML and compatibility tests) Client-side pop-up windows (proper size and placement of pop-up, working controls, consistent with aesthetic appearance of Web page) CGI scripts (black box, data integrity, and performance testing) Streaming content (demonstrate existence, accuracy, and control over content display) Cookies (check that server constructs cookie correctly, cookie transmitted correctly, ensure proper level of persistence, check to see WebApp attaches the correct cookies to server requests) Application specific interface mechanisms Usability Testing Define set of usability testing categories and identify goals for each Interactivity - interaction mechanisms are easy to understand and use Layout - navigation, content, and functions allows user to find them quickly Readability - content understandable Aesthetics - graphic design supports easy of use Display characteristics - WebApp makes good use of screen size and resolution Time sensitivity - content and features can be acquired in timely manner Personalization - adaptive interfaces Accessibility - special needs users Design tests will enable each goal to be evaluated Select participants to conduct the tests Instrument participants' interactions with the WebApp during testing Develop method for assessing usability of the WebApp Compatibility Testing Define a set of commonly encountered client-side computing configurations and their variants Organize this information (computing platform, typical display devices, operating system, available browsers, connection speeds) in a tree structure

Derive compatibility validation test suite from existing interface tests, navigation tests, performance tests, and security tests Goal is to uncover execution problems that can be traced to configuration differences Component-Level (Function) Testing Black box and white box testing of each WebApp function Useful test case design methods Equivalence partitioning Boundary value analysis (esp. form field values) Path testing Forced error testing Navigation Testing Need to ensure that all mechanisms that allow the WebApp to user to travel through the WebApp are functional Need to validate each navigation semantic unit Testing Navigation Syntax Links Redirects Bookmarks Frames and framesets Site maps Internal search engines Testing Navigation Semantics Navigation semantic units are defined by a set of pathways that connect navigation nodes Each NSU must allows a user from a defined user category achieve specific requirements defined by a use-case Testing needs to ensure that each path is executed in its entity without error Every relevant path must be tested User must be given guidance to follow or discontinue each path based on current location in site map Configuration Testing Server-side Issues Compatibility of WebApp with server OS Correct file and directory creation by WebApp System security measures do not degrade user service by WebApp

Testing WebApp with distributed server configuration WebApp properly integrated with database software Correct execution of WebApp scripts Examination system administration errors for impact on WebApp On-site testing of proxy servers Client-side issues Hardware Operating systems Browser software User interface components Plug-ins Connectivity Testable Security Elements Firewalls Authentication Encryption Authorization Performance - Load Testing Determine combinations of N, T, and D that cause performance to degrade N = number of concurrent users T = number of on-line transactions per unit of time D = data load processed by server per transaction Overall through put is computed using the equation P = N * T * D Performance - Stress Testing Does system degrade gracefully? Are users made aware that they cannot reach the server? Does server queue resource requests during heavy demand and then process the queue when demand lessens? Are transactions lost as capacity is exceeded? Is data integrity affected when capacity is exceeded? How long till system comes back on-line after a failure? Are certain WebApp functions discontinued as capacity is reached?

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information