Web Application Testing

Web Application Testing Types of Web Testing, Functional Testing, Performance Testing, Usability Testing, and Security Testing.

Web Testing in simple terms is checking your web application for potential bugs before its made live or before code is moved into the production environment.

Web Applications Testing

Overview:

Nowadays Web Applications are getting more popular in the IT Industry, having so many advantages like supporting more clients, no client-side installation and accessing from any ware etc…

Types of Web Applications

We can categorise web applications in two ways,

a. Business Classification

1) Web Sites (They provide information about Organisations or Industries or persons)
2) Web Portals (They are Business gateways, ex: Online Shopping sites, Job portals etc.)
3) Web Applications (They are Service providers (both Free and Paid), apart from information) Ex: Net Banking Applications, Insurance Applications etc…)

b) Technical Classification

1) Intranet Applications (They are private applications, uses local area network (LAN))
2) Internet Applications (They are Public applications, uses Wide area network (WAN)
3) Extranet Applications (They also Private applications over Internet (WAN))

Browser:

It is a Software Application, which retrieves, and Presents information in text, image and voice like different file formats.

The browser is the viewer of a Web Site and there are so many different browsers and browser options that a well-done Web Site is probably designed to look good on as many browsers as possible.

Popular Browsers:
1) Internet Explorer
2) Mozilla Firefox
3) Google Chrome
4) Safari
5) Opera
Etc…

Web Technologies:

Ø HTML (HyperText Markup Language) – for displaying web pages
Ø XML (Extensible Markup Language) –for Transporting the Data
Ø JavaScript – for Client-Side Validations
Ø VB Script – for Server-side Validations
Ø IIS, Apache, Tomcat, Pramathi – as Web servers
Ø JBoss, WebLogic, WebSphere, COM+ – as Application Servers
Ø Java, C#.NET, VB.NET, VC++.NET for Components development
Ø SQL Server, Oracle, MySQL as Database Servers
Ø HTTP, SOAP – as Protocols

Types of Web Testing

1. Web Functional Testing:

What is Functional Testing ?

Testing the features and operational behavior of a product to ensure they correspond to its specifications.

Test for – all the links in web pages, database connection, forms used in the web pages for submitting or getting information from users, Cookie testing.

Check all the links:

Test the outgoing links from all the pages from the specific domain under test.
Test all internal links.
Test links jumping on the same pages.
Test links are used to send the email to admin or other users from web pages.
Test to check if there are any orphan pages.
Lastly in link checking, check for broken links in all the above-mentioned links.

Test forms on all pages:

Forms are an integral part of any website. Forms are used to get information from users and to keep interacting with them. So what should be checked on these forms?
First, check all the validations on each field.
Check for the default values of fields.
Wrong inputs to the fields in the forms.
Options to create forms if any, form delete, view or modify the forms.

Cookies Testing:

Cookies are small files stored on user’s machine. These are basically used to maintain the session mainly login sessions. Test the application by enabling or disabling the cookies in your browser options. Test if the cookies are encrypted before writing to user machine. If you are testing the session cookies (i.e. cookies expire after the sessions ends) check for login sessions and user stats after session end. Check effect on application security by deleting the cookies.

Validate your HTML/CSS:

If you are optimizing your site for Search engines then HTML/CSS validation is very important. Mainly validate the site for HTML syntax errors. Check if site is crawl able to different search engines.

Web Functional Test Scenarios:

Test all the mandatory fields should be validated.
Test the asterisk sign should display for all the mandatory fields.
Test the system should not display the error message for optional fields.
Test that leap years are validated correctly & do not cause errors/miscalculations.
Test the numeric fields should not accept the alphabets and proper error message should display.
Test for negative numbers if allowed for numeric fields.
Test division by zero should be handled properly for calculations.
Test the max length of every field to ensure the data is not truncated.
Test the pop up message (“This field is limited to 500 characters”) should display if the data reaches the maximum size of the field.
Test that a confirmation message should display for update and delete operations.
Test the amount values should display in currency format.
Test all input fields for special characters.
Test the timeout functionality.
Test the Sorting functionality.
Test the functionality of the buttons available
Test the Privacy Policy & FAQ is clearly defined and should be available for users.
Test if any functionality fails the user gets redirected to the custom error page.
Test all the uploaded documents are opened properly.
Test the user should be able to download the uploaded files.
Test the email functionality of the system.
Test the Java script is properly working in different browsers (IE, Firefox, Chrome, safari and Opera).
Test to see what happens if a user deletes cookies while in the site.
Test to see what happens if a user deletes cookies after visiting a site.
Test all the data inside combo/list box is arranged in chronological order.

2. Web Database Testing:

Data consistency is very important in web applications. Check for data integrity and errors while you edit, delete, modify the forms or do any DB-related functionality. Check if all the database queries are executing correctly, data is retrieved correctly and also updated correctly. More on database testing could be load on DB, we will address this in web load or performance testing below.

Web Database Test Scenarios:

Verify the database name: The database name should match with the specifications.
Verify the Tables, columns, column types and defaults: All things should match with the specifications.
Verify whether the column allows a null or not.
Verify the Primary and foreign key of each table.
Verify the Stored Procedure.
Test whether the Stored procedure is installed or not.
Verify the Stored procedure name
Verify the parameter names, types and number of parameters.
Test the parameters if they are required or not.
Test the stored procedure by deleting some parameters
Test when the output is zero, the zero records should be affected.
Test the stored procedure by writing simple SQL queries.
Test whether the stored procedure returns the values
Test the stored procedure with sample input data.
Verify the behavior of each flag in the table.
Verify the data gets properly saved into the database after each page submission.
Verify the data if the DML (Update, delete and insert) operations are performed.
Check the length of every field: The field length in the back end and front end must be same.
Verify the database names of QA, UAT and production. The names should be unique.
Verify the encrypted data in the database.
Verify the database size. Also test the response time of each query executed.
Verify the data displayed on the front end and make sure it is same in the back end.
Verify the data validity by inserting the invalid data in the database.
Verify the Triggers.

3. Web Usability Testing:

Test for navigation:

Navigation means how the user surfs the web pages, different controls like buttons, boxes or how user using the links on the pages to surf different pages.
Usability testing includes:
The website should be easy to use. Instructions should be provided clearly. Check if the provided instructions are correct means whether they satisfy purpose. Main menu should be provided on each page. It should be consistent.

Content checking:

Content should be logical and easy to understand. Check for spelling errors. Use of dark colors annoys users and should not be used in site theme. You can follow some standards that are used for web page and content building. These are common accepted standards like as I mentioned above about annoying colors, fonts, frames etc.
Content should be meaningful. All the anchor text links should be working properly. Images should be placed properly with proper sizes.
These are some basic standards that should be followed in web development. Your task is to validate all for UI testing

Other user information for user help:

Like search option, sitemap, help files etc. Sitemap should be present with all the links in web sites with proper tree view of navigation. Check for all links on the sitemap.
“Search in the site” option will help users to find content pages they are looking for easily and quickly. These are all optional items and if present should be validated.

Web Usability Test Scenarios:

All fields on the page (For Example, text box, radio options, drop-down lists) should be aligned properly.
Numeric values should be justified correctly unless specified otherwise.
Enough space should be provided between field labels, columns, rows, error messages, etc.
The scrollbar should be enabled only when necessary.
Font size, style, and color for headline, description text, labels, infield data, and grid info should be standard as specified in SRS.
The description text box should be multi-lined.
Disabled fields should be greyed out and users should not be able to set focus on these fields.
Upon clicking on the input text field, the mouse arrow pointer should get changed to the cursor.
The user should not be able to type in the drop-down select list.
Information filled out by users should remain intact when there is an error message on the page submitted. The user should be able to submit the form again by correcting the errors.
Check if proper field labels are being used in error messages.
Drop-down field values should be displayed in defined sort order.
Tab and Shift+Tab order should work properly.
Default radio options should be pre-selected on the page load.
Field-specific and page-level help messages should be available.
Check if the correct fields are highlighted in case of errors.
Check if the drop-down list options are readable and not truncated due to field size limits.
All buttons on the page should be accessible with keyboard shortcuts and the user should be able to perform all operations using a keyboard.
Check all pages for broken images.
Check all pages for broken links.
All pages should have a title.
Confirmation messages should be displayed before performing any updates or deleting operations.
Hourglass should be displayed when the application is busy.
Page text should be left-justified.
The user should be able to select only one radio option and any combination for check boxes.

4. Web Compatibility Testing:

The compatibility of your website is a very important testing aspect. See which compatibility test to be executed:
Browser compatibility
Operating system compatibility
Mobile browsing
Printing options

Browser compatibility:

In my web-testing career I have experienced this as most influencing part on web site testing.
Some applications are very dependent on browsers. Different browsers have different configurations and settings that your web page should be compatible with. Your web site coding should be cross browser platform compatible. If you are using java scripts or AJAX calls for UI functionality, performing security checks or validations then give more stress on browser compatibility testing of your web application.
Test web application on different browsers like Internet explorer, Firefox, Netscape navigator, AOL, Safari, Opera browsers with different versions.

OS compatibility:

Some functionality in your web application is may not be compatible with all operating systems. All new technologies used in web development like graphics designs, interface calls like different API’s may not be available in all Operating Systems.
Test your web application on different operating systems like Windows, Unix, MAC, Linux, Solaris with different OS flavors.

Mobile browsing:

This is new technology age. So in future Mobile browsing will rock. Test your web pages on mobile browsers. Compatibility issues may be there on mobile.

Printing options:

If you are giving page-printing options then make sure fonts, page alignment, page graphics getting printed properly. Pages should be fit to paper size or as per the size mentioned in printing option.

5. Web Performance Testing:

The web applications should sustain to heavy load. Web performance testing should include:
Web Load Testing
Web Stress Testing
Test application performance on different internet connection speed.
In web load testing test if many users are accessing or requesting the same page. Can system sustain in peak load times? Site should handle many simultaneous user requests, large input data from users, Simultaneous connection to DB, heavy load on specific pages etc.

Stress testing:

Generally stress means stretching the system beyond its specification limits. Web stress testing is performed to break the site by giving stress and checked how system reacts to stress and how system recovers from crashes. Stress is generally given on input fields, login and sign up areas.
In web performance testing web site functionality on different operating systems, different hardware platforms is checked for software, hardware memory leakage errors,

6. Security Testing:

Security Testing involves the test to identify any flaws and gaps from a security point of view.

Web Security Test Scenarios:

Check for SQL injection attacks.
Secure pages should use the HTTPS protocol.
Page crash should not reveal application or server info. The error page should be displayed for this.
Escape special characters in the input.
Error messages should not reveal any sensitive information.
All credentials should be transferred over to an encrypted channel.
Test password security and password policy enforcement.
Check the application logout functionality.
Check for Brute Force Attacks.
Cookie information should be stored in encrypted format only.
Check session cookie duration and session termination after timeout or logout.
Session tokens should be transmitted over a secured channel.
The password should not be stored in cookies.
Test for Denial of Service attacks.
Test for memory leakage.
Test unauthorized application access by manipulating variable values in the browser address bar.
Test file extension handling so that exe files are not uploaded or executed on the server.
Sensitive fields like passwords and credit card information should not have to be autocomplete enabled.
File upload functionality should use file type restrictions and also anti-virus for scanning uploaded files.
Check if directory listing is prohibited.
Passwords and other sensitive fields should be masked while typing.
Check if forgot password functionality is secured with features like temporary password expiry after specified hours and security questions are asked before changing or requesting a new password.
Verify CAPTCHA functionality.
Check if important events are logged in log files.
Check if access privileges are implemented correctly.

Interface Testing:

The main interfaces are:

Web server and application server interface.

Application server and Database server interface.

Check if all the interactions between these servers are executed properly. Errors are handled properly. If database or web server returns any error message for any query by application server then the application server should catch and display these error messages appropriately to users. Check what happens if user interrupts any transaction in-between? Check what happens if connection to web server is reset in between?

Web Application Testing