One of the often forgotten aspect of development is web application testing. This article is an overview of web application testing and is trying to show what types of testing you should do in order to achieve better results.
Web application testing is done by following a Test instructions document which explains the whole testing process in details.
Testing can be divided into several main areas:
- Functionality Testing
- Usability testing
- Interface testing
- Compatibility testing
- Performance testing
- Security testing
Testing for – all the links in web pages, database connection, forms used in the web pages for submitting or getting information from user, Cookie testing.
Checking if the application meets all the requirements and if all developed parts work as defined in Requirement specification documents.
Check all the links:
- Test the outgoing links from all the pages from specific domain under test.
- Test all internal links.
- Test links jumping on the same pages.
- Test links used to send the email to admin or other users from web pages.
- Test to check if there are any orphan pages.
- Lastly in link checking, check for broken links in all above-mentioned links.
Test forms in all pages:
Forms are the integral part of any web site. Forms are used to get information from users and to keep interaction with them. So what should be checked on these forms?
- First check all the validations on each field.
- Check for the default values of fields.
- Wrong inputs to the fields in the forms.
- Options to create forms if any, form delete, view or modify the forms.
Cookies are small files stored on user machine. These are basically used to maintain the session mainly login sessions. Test the application by enabling or disabling the cookies in your browser options. Test if the cookies are encrypted before writing to user machine. If you are testing the session cookies (i.e. cookies expire after the sessions ends) check for login sessions and user stats after session end. Check effect on application security by deleting the cookies.
If you are optimizing your site for Search engines then HTML/CSS validation is very important. Mainly validate the site for HTML syntax errors. Check if site is crawlable to different search engines.
Data consistency is very important in web application. Check for data integrity and errors while you edit, delete, modify the forms or do any database related functionality.
Check if all the database queries are executing correctly, data is retrieved correctly and also updated correctly. Check that no database errors are shown to the user.
More on database testing could be load on database, we will address this in web load or performance testing below.
Usability testing includes:
Web site should be easy to use. Instructions should be provided clearly. Check if the provided instructions are correct means whether they satisfy purpose of the web application.
Main menu should be provided on each page. It should be consistent.
Test of navigation:
Navigation means how the user follows the flow of web pages, different controls like buttons, boxes or how user is using the links on the pages to find different pages.
Content should be logical and easy to understand. Check for spelling errors. Use of dark colors annoys users and should not be used in site theme. You can follow some standards that are used for web page and content building. These are common accepted standards like as I mentioned above about annoying colors, fonts, frames etc.
Content should be meaningful. All the anchor text links should be working properly. Images should be placed properly with proper sizes and alt and title attributes.
These are some basic standards that should be followed in web development. Your task is to validate all for UI testing
Other user information that help the user
Like search option, sitemap, help files etc. Sitemap should be present with all the links in web sites with proper tree view of navigation. Check for all links on the sitemap.
“Search in the site” option will help users to find content pages they are looking for easily and quickly. These are all optional items and if present should be validated.
The main interfaces are:
- Web server and application server interface
- Application server and Database server interface
- External application interfaces
Interface testing includes checking the interactions between interfaces, error handling, negative scenarios like interrupting database transactions etc.
One of the most popular Interface testing tool is Selenium .
Primarily it is for automating web applications for testing purposes, but is certainly not limited to just that. Boring web-based administration tasks can also be automated as well.
Compatibility of your web site is very important testing aspect. It includes:
- Browser compatibility
- Operating system compatibility
- Mobile browsing
- Printing options
Web application should sustain to heavy load. Web performance testing should include:
- Web Load Testing
- Web Stress Testing
Test application performance on different internet connection speed.
In web load testing test if many users are accessing or requesting the same page. Can system sustain in peak load times? Site should handle many simultaneous user requests, large input data from users, Simultaneous connection to database, heavy load on specific pages etc.
Stress testing: Generally stress means stretching the system beyond its specification limits. Web stress testing is performed to break the site by giving stress and checked how system reacts to stress and how system recovers from crashes.
Stress is generally given on input fields, login and sign up areas.
All performance tests are conducted using jMeter software which can be fine-tuned for any situation.
Following are some test cases for web security testing:
- Test by pasting internal URL directly into browser address bar without login. Internal protected pages should not open.
- If you are logged in using username and password and browsing internal pages then try changing URL options directly. I.e. If you are checking some publisher site statistics with publisher site ID= 123. Try directly changing the URL site ID parameter to different site ID which is not related to logged in user. Access should be denied for this user to view others stats.
- Try some invalid inputs in input fields like login username, password, input text boxes. Check the system reaction on all invalid inputs.
- Web directories or files should not be accessible directly unless given download option.
- Test the CAPTCHA for automated scripts logins.
- All transactions, error messages, security breach attempts should get logged in log files somewhere on web server. This messages should never be displayed in a browser!
I hope that this overview will help you build even better applications.
How do you test your web applications? What tool are you using? Please share your thoughts in comment area.