Inside this Chapter:

11.0.Abstract

11.1.Introduction

11.2.Methodology

Today everyone depends on websites for business, education, and trading purposes. Websites are related to the Internet. It is believed that no work is possible without Internet today. There are many types of users connected to websites who need different types of information. So, websites should respond according to the user requirements. At the same time, the correct behavior of sites has become crucial to the success of businesses and organizations and thus should be tested thoroughly and frequently. In this chapter, we are presenting various methods (functional and non-functional) to test a website. However, testing a website is not an easy job because we have to test not only the client-side but also the server-side. We believe our approach will help any website engineer to completely test a website with a minimum number of errors.

The client end of the system is represented by a browser which connects to the website server via the Internet. The centerpiece of all web applications is a relational database which stores dynamic contents. A transaction server controls the interactions between the database and other servers (often called “application servers”). The administration function handles data updates and database administration.

Web Application Architecture

It is clear from Figure 11.1 that we have to conduct the following tests:

What are the expected loads on the server and what kind of performance is required under such loads? This may include web server response time and database query response times.

What kinds of browsers will be used? What kinds of connection speeds will they have? Are they intra-organization (with high-connection speeds and similar browsers) or Internet-wide (with a wide variety of connection speeds and browser types)?

What kind of performance is expected on the client side (e.g., how fast should pages appear, how fast should animations, applets, etc. load and run)?

There are many possible terms for the web app development life cycle including the spiral life cycle or some form of the iterative life cycle. A more cynical way to describe the most commonly observed approach is to describe it as the unstructured development similar to the early days of software development before software engineering techniques were introduced. The “maintenance phase” often fills the role of adding missed features and fixing problems.

Will down time for server and content maintenance/upgrades be allowed? How much?

What kinds of security (firewalls, encryptions, passwords, etc.) will be required and what is it expected to do? How can it be tested?

How reliable are the Internet connections? And how does that affect the backup system or redundant connection requirements and testing?

What processes will be required to manage updates to the website’s content, and what are the requirements for maintaining, tracking, and controlling page content, graphics, links, etc.?

Will there be any standards or requirements for page appearance and/or graphics throughout a site or parts of a site?

How will internal and external links be validated and updated? How often?

How many times will the user login and do they require testing?

How are CGI programs, Applets, Javascripts, ActiveX components, etc. to be maintained, tracked, controlled, and tested?

The table below shows the differences between testing a software project that is not web based and testing a web application project.

This type of test includes

The operating system platforms used.

The type of network connection.

Internet service provider type.

Browser used (including version).

The real work for this type of test is ensuring that the requirements and assumptions are understood by the development team, and that test environments with those choices are put in place to properly test it.

For usability testing, there are standards and guidelines that have been established throughout the industry. The end-users can blindly accept these sites because the standards are being followed. But the designer shouldn’t completely rely on these standards. While following these standards and guidelines during the making of the website, he or she should also consider the learnability, understandability, and operability features so that the user can easily use the website.

Performance testing involves testing a program for timely responses.

The time needed to complete an action is usually benchmarked, or compared, against either the time to perform a similar action in a previous version of the same program or against the time to perform the identical action in a similar program. The time to open a new file in one application would be compared against the time to open a new file in previous versions of that same application, as well as the time to open a new file in the competing application. When conducting performance testing, also consider the file size.

In this testing the designer should also consider the loading time of the web page during more transactions. For example, a web page loads in less than eight seconds, or can be as complex as requiring the system to handle 10,000 transactions per minute, while still being able to load a web page within eight seconds.

Another variant of performance testing is load testing. Load testing for a web application can be thought of as multi-user performance testing, where you want to test for performance slow-downs that occur as additional users use the application. The key difference in conducting performance testing of a web application versus a desktop application is that the web application has many physical points where slow-downs can occur. The bottlenecks may be at the web server, the application server, or at the database server, and pinpointing their root causes can be extremely difficult.

Typical steps to create performance test cases are as follows:

Identify the software processes that directly influence the overall performance of the system.

For each of the identified processes, identify only the essential input parameters that influence system performance.

Create usage scenarios by determining realistic values for the parameters based on past use. Include both average and heavy workload scenarios. Determine the window of observation at this time.

If there is no historical data to base the parameter values on use estimates based on requirements, an earlier version, or similar systems.

If there is a parameter where the estimated values form a range, select values that are likely to reveal useful information about the performance of the system. Each value should be made into a separate test case.

Performance testing can be done through the “window” of the browser, or directly on the server. If done on the server some of the performance time that the browser takes is not accounted for taken into consideration.

The term “scalability” can be defined as a web application’s ability to sustain its required number of simultaneous users and/or transactions while maintaining adequate response times to its end users.

When testing scalability, configuration of the server under test is critical. All logging levels, server timeouts, etc. need to be configured. In an ideal situation, all of the configuration files should be simply copied from test environment to the production environment with only minor changes to the global variables.

In order to test scalability, the web traffic loads must be determined to know what the threshold requirement for scalability should be. To do this, use existing traffic levels if there is an existing website, or choose a representative algorithm (exponential, constant, Poisson) to simulate how the user “load” enters the system.

Probably the most critical criterion for a web application is that of security. The need to regulate access to information, to verify user identities, and to encrypt confidential information is of paramount importance. Credit card information, medical information, financial information, and corporate information must be protected from persons ranging from the casual visitor to the determined hacker. There are many layers of security from password-based security to digital certificates, each of which has its pros and cons. The test cases for security testing can be derived as follows:

The web server should be setup so that unauthorized users cannot browse directories and the log files in which all data from the website stores.

Early in the project, encourage developers to use the POST command wherever possible because the POST command is used for large data.

When testing, check URLs to ensure that there are no “information leaks” due to sensitive information being placed in the URL while using a GET command.

A cookie is a text file that is placed on a website visitor’s system that identifies the user’s “identity.” The cookie is retrieved when the user revisits the site at a later time. Cookies can be controlled by the user, regarding whether they want to allow them or not. If the user does not accept cookies, will the site still work?

Is sensitive information in the cookie? If multiple people use a workstation, the second person may be able to read the sensitive information saved from the first person’s visit. Information in a cookie should be encoded or encrypted.

A website should have a backup or redundant server to which the traffic is rerouted when the primary server fails. And the rerouting mechanism for the data must be tested. If a user finds your service unavailable for an excessive period of time, the user will switch over or browse the competitor’s website. If the site can’t recover quickly then inform the user when the site will be available and functional.

Reliability testing is done to evaluate the product’s ability to perform its required functions and give responses under stated conditions for a specified period of time.

For example, a web application is trusted by users who use an online banking web application (service) to complete all of their banking transactions. One would hope that the results are consistent and up to date and according to the user’s requirements.

This type of test covers the objects and code that executes within the browser but does not execute the server-based components. For example, JavaScript and VB Script code within HTML that does rollovers and other special effects. This type of test also includes field validations that are done at the HTML level. Additionally, browser-page tests include Java applets that implement screen functionality or graphical output. The test cases for web browser testing can be derived as follows:

If all mandatory fields on the form are not filled in then it will display a message on pressing a submit button.

It will not show the complete information about sensitive data like full credit card number, social security number (SSN), etc.

Hidden passwords.

Login by the user is a must for accessing the sensitive information.

It should check the limits of all the fields given in the form.

In this testing, test cases are designed to confirm that information entered by the user at the web page level makes it to the database, in the proper way, and that when database calls are made from the web page, the proper data is returned to the user.

It is clear from this chapter that for the failure-free operation of a website we must follow both non-functional and functional testing methods. With these methods one can test the performance, security, reliability, user interfaces, etc. which are the critical issues related to the website. Web testing is a challenging exercise and by following the methods described in this chapter, some of those challenges may be mitigated.

1.Websites can be tested using

a.Black-box techniques

b.White-box techniques

c.Both (a) and (b)

d.None of the above.

2.Which of the following is a functional testing technique?

a.Transaction testing

b.Web-browser page testing

c.Both (a) and (b)

d.None of the above.

3.Maintenance of websites may involve

a.2 months (average)

b.4 months (average)

c.6 months (average)

d.None of the above.

4.Which type of testing involves testing a program for timely responses?

a.Usability testing

b.Performance testing

c.Scalability testing

d.None of the above.

5.User’s identity is identified by a

a.Cookie file

b.EOF

c.Header files

d.All of the above.

ANSWERS

1.  c.   2.  c.    3.  b.    4.  b.    5.  a.

a.Number of static web pages used in a web-project. By static, we mean no databases.

b.Number of dynamic web pages used in a web-project. By dynamic, we mean databases are also connected to the web-pages.

c.Word count metric which counts the total number of words on a page.

1.How is website testing different from typical software testing?

2.Discuss various white-box testing techniques for websites.

3.Discuss various black-box testing techniques for websites.

4.Write short paragraphs on:

a.Scalability testing of websites.

b.Transaction testing of websites.