How to test a web application – II

Interested in a quick checklist for testing a web application? The following 10 steps cover the most critical items that I have found important in making sure a web application is ready to be deployed. Depending on size, complexity, and corporate policies, modify the following steps to meet your specific testing needs.

Step 1 – Objectives

Make sure to establish your testing objectives up front and make sure they are measurable. It will make your life a lot easier by having written objectives that your whole team can understand and rally around. In addition to documenting your objectives, make sure your objectives are prioritized. Ask yourself questions like “What is most important: minimal defects or time-to-market?”

Here are two examples of how to determine priorities:

If you are building a medical web application that will assist in diagnosing illnesses, and someone could potentially die based on how correctly the application functions, you may want to make testing the correctness of the business functionality a higher priority than testing for navigational consistency throughout the application.

If you are testing an application that will be used to solicit external funding, you may want to put testing the aspects of the application that impact the visual appeal as the highest testing priority.

Your web application doesn’t have to be perfect; it just needs to meet your intended customer’s requirements and expectations.

Step 2 – Process and Reporting
Make sure that everyone on your testing team knows his or her role. Who should report what to whom and when? In other words, define your testing process. Use the following questions to help you get started:

* How will issues be reported?
* Who can assign issues?
* How will issues be categorized?
* Who needs what report and when do they need it?
* Are team meetings scheduled in advance or scheduled as needed?

You may define your testing process and reporting requirements formally or informally, depending on your particular needs. The main point to keep in mind is to organize your team in a way that supports your testing objectives and takes into account the individual personalities on your team. One size never fits all when dealing with people.

Step 3 – Tracking Results
Once you start executing your test plans, you will probably generate a large number of bugs, issues, defects, etc. You will want a way to easily store, organize, and distribute this information to the appropriate technical team members. You will also need a way to keep management informed on the status of your testing efforts. If your company already has a system in place to track this type of information, don’t try to reinvent the wheel. Take advantage of what’s already in place.

If your company doesn’t already have something in place, spend a little time investigating some of the easy-to-setup online systems such as the one found at AdminiTrack.com. By using an online system, you can make it much easier on yourself by eliminating the need to install and maintain an off-the-shelf package.

Step 4 – Test Environment

Set up a test environment that is separate from your development and production environment. This includes a separate web server, database server, and application server if applicable. You may or may not be able to utilize existing computers to setup a separate test environment.

Create an explicitly defined procedure for moving code to and from your test environment and make sure the procedure is followed. Also, work with your development team to make sure each new version of source code to be tested is uniquely identified.

Step 5 – Usability Testing

In usability testing, you’ll be looking at aspects of your web application that affect the user’s experience, such as:

* How easy is it to navigate through your web application?
* Is it obvious to the user which actions are available to him or her?
* Is the look-and-feel of your web application consistent from page to page, including font sizes and colors?

The book, “Don’t Make Me Think! A Common Sense Approach to Web Usability” by Steve Krug and Roger Black, provides a practical approach to the topic of usability. I refer to it often, and recommend it highly.

In addition to the traditional navigation and look-and-feel issues, Section 508 compliance is another area of importance. The 1998 Amendment to Section 508 of the Rehabilitation Act spells out accessibility requirements for individuals with certain disabilities.

For instance, if a user forgets to fill in a required field, you might think it is a good idea to present the user with a friendly error message and change the color of the field label to red or some other conspicuous color. However, changing the color of the field label would not really help a user who has difficulty deciphering colors. The use of color may help most users, but you would want to use an additional visual clue, such as placing an asterisk beside the field in question or additionally making the text bold.

For more details, refer to http://www.section508.gov. Another great resource that can help analyze your HTML pages for Section 508 compliance can be found at http://www.cast.org/bobby/. If you are working with the United States federal government, Section 508 compliance is not only good design, it most likely is a legal requirement. You may want to utilize the following information regarding techniques for accessibility evaluation and repair tools, which can be found at http://www.w3.org/TR/AERT.

Step 6 – Unit Testing

Unit testing is focused on verifying small portions of functionality. For example, an individual unit test case might focus on verifying that the correct data has been saved to the database when the Submit button on a particular page is clicked.

An important subset of unit testing that is often overlooked is range checking. That is, making sure all the fields that collect information from the user, can gracefully handle any value that is entered. Most people think of range checking as making sure that a numeric field only accepts numbers. In addition to traditional range checking make sure you also check for less common, but just as problematic exceptions. For example, what happens when a user enters his or her last name and the last name contains an apostrophe, such as O’Brien? Different combinations of databases and database drivers handle the apostrophe differently, sometimes with unexpected results. Proper unit testing will help rid your web application of obvious errors that your users should never have to encounter.

Step 7 – Verifying the HTML

Hyper Text Markup Language (HTML) is the computer language sent from your web server to the web browser on your users’ computer to display the pages that make up your web application. The World Wide Web Consortium (http://www.w3.org) manages the HTML specification. One major objective of HTML is to provide the ability for anyone from anywhere to access information on the World Wide Web. This concept generally holds true if you conform strictly to the relevant version of the HTML specification that you will support. Unfortunately, in the real world, it is possible for a developer to inadvertently use a proprietary HTML tag that may not work for all of your intended users.

Verifying HTML is simple in concept but can be very time consuming in practice. A good place to start is with the World Wide Web Consortium’s free HTML Validation Service (http://validator.w3.org). There are also other online and downloadable applications to help in this area such as Net Mechanic (http://www.netmechanic.com). There are two main aspects of verifying the validity of your HTML. First, you want to make sure that your syntax is correct, such as verifying that all opening and closing tags match, etc. Secondly, you want to verify how your pages look in different browsers, at different screen resolutions, and on different operating systems. Create a profile of your target audience and make some decisions on what browsers you will support, on which operating systems, and at what screen resolutions.

In general, the later versions of Microsoft Internet Explorer are very forgiving. If your development team has only been using Internet Explorer 5.5 on high-resolution monitors, you may be unpleasantly surprised when you see your web application on a typical user’s computer. The sooner you start verifying your HTML, the better off your web application will be.

Step 8 – Load Testing

In performing load testing, you want to simulate how users will use your web application in the real world. The earlier you perform load testing the better. Simple design changes can often make a significant impact on the performance and scalability of your web application. A good overview of how to perform load testing can be found on Microsoft’s Developer Network (MSDN) website:

http://msdn.microsoft.com/msdnmag/issues/03/01/LoadTesting/default.aspx

A topic closely related to load testing is performance tuning. Performance tuning should be tightly integrated with the design of your application. If you are using Microsoft technology, the following article is a great resource for understanding the specifics of tuning a web application.

http://msdn.microsoft.com/library/default.asp?url=/library/en-us/vsent7/html/vxconPerformance.asp

People hate to wait for a web page to load. As general rule, try to make sure that all of your pages load in 15 seconds or less. This rule will of course depend on your particular application and the expectations of the people using it.

Step 9 – User Acceptance Testing

By performing user acceptance testing, you are making sure your web application fits the use for which it was intended. Simply stated, you are making sure your web application makes things easier for the user and not harder. One effective way to handle user acceptance testing is by setting up a beta test for your web application.
Step 10 – Testing Security

With the large number of highly skilled hackers in the world, security should be a huge concern for anyone building a web application. You need to test how secure your web application is from both external and internal threats. The security of your web application should be planned for and verified by qualified security specialists.

Some additional online resources to help you stay up to date on the latest Internet security issues include:

CERT Coordination Center
http://www.cert.org

Computer Security Resource Center
http://csrc.nist.gov

After performing your initial security testing, make sure to also perform ongoing security audits to ensure your web application remains secure over time as people and technology change.

Testing a web application can be a totally overwhelming task. The best advice I can give you is to keep prioritizing and focusing on the most important aspects of your application and don’t forget to solicit help from your fellow team members.

By following the steps above coupled with your own expertise and knowledge, you will have a web application you can be proud of and that your users will love. You will also be giving your company the opportunity to deploy a web application that could become a run away success and possibly makes tons of money, saves millions of lives, or slashes customer support costs in half. Even better, because of your awesome web application, you may get profiled on CNN, which causes the killer job offers to start flooding in.

Proper testing is an integral part of creating a positive user experience, which can translate into the ultimate success of your web application. Even if your web application doesn’t get featured on CNN, CNBC, or Fox News, you can take great satisfaction in knowing how you and your team’s diligent testing efforts made all the difference in your successful deployment.

How to test a web application

Let’s have first web testing checklist.
1) Functionality Testing
2) Usability testing
3) Interface testing
4) Compatibility testing
5) Performance testing
6) Security testing

1) Functionality Testing:

Test for – all the links in web pages, database connection, forms used in the web pages for submitting or getting information from user, Cookie testing.

Check all the links:

* Test the outgoing links from all the pages from specific domain under test.
* Test all internal links.
* Test links jumping on the same pages.
* Test links used to send the email to admin or other users from web pages.
* Test to check if there are any orphan pages.
* Lastly in link checking, check for broken links in all above-mentioned links.

Test forms in all pages:
Forms are the integral part of any web site. Forms are used to get information from users and to keep interaction with them. So what should be checked on these forms?

* First check all the validations on each field.
* Check for the default values of fields.
* Wrong inputs to the fields in the forms.
* Options to create forms if any, form delete, view or modify the forms.

Let’s take example of the search engine project currently I am working on, In this project we have advertiser and affiliate signup steps. Each sign up step is different but dependent on other steps. So sign up flow should get executed correctly. There are different field validations like email Ids, User financial info validations. All these validations should get checked in manual or automated web testing.

Cookies testing:
Cookies are small files stored on user machine. These are basically used to maintain the session mainly login sessions. Test the application by enabling or disabling the cookies in your browser options. Test if the cookies are encrypted before writing to user machine. If you are testing the session cookies (i.e. cookies expire after the sessions ends) check for login sessions and user stats after session end. Check effect on application security by deleting the cookies. (I will soon write separate article on cookie testing)

Validate your HTML/CSS:
If you are optimizing your site for Search engines then HTML/CSS validation is very important. Mainly validate the site for HTML syntax errors. Check if site is crawlable to different search engines.

Database testing:
Data consistency is very important in web application. Check for data integrity and errors while you edit, delete, modify the forms or do any DB related functionality.
Check if all the database queries are executing correctly, data is retrieved correctly and also updated correctly. More on database testing could be load on DB, we will address this in web load or performance testing below.

2) Usability Testing:

Test for navigation:
Navigation means how the user surfs the web pages, different controls like buttons, boxes or how user using the links on the pages to surf different pages.
Usability testing includes:
Web site should be easy to use. Instructions should be provided clearly. Check if the provided instructions are correct means whether they satisfy purpose.
Main menu should be provided on each page. It should be consistent.

Content checking:
Content should be logical and easy to understand. Check for spelling errors. Use of dark colors annoys users and should not be used in site theme. You can follow some standards that are used for web page and content building. These are common accepted standards like as I mentioned above about annoying colors, fonts, frames etc.
Content should be meaningful. All the anchor text links should be working properly. Images should be placed properly with proper sizes.
These are some basic standards that should be followed in web development. Your task is to validate all for UI testing

Other user information for user help:
Like search option, sitemap, help files etc. Sitemap should be present with all the links in web sites with proper tree view of navigation. Check for all links on the sitemap.
“Search in the site” option will help users to find content pages they are looking for easily and quickly. These are all optional items and if present should be validated.

3) Interface Testing:
The main interfaces are:
Web server and application server interface
Application server and Database server interface.

Check if all the interactions between these servers are executed properly. Errors are handled properly. If database or web server returns any error message for any query by application server then application server should catch and display these error messages appropriately to users. Check what happens if user interrupts any transaction in-between? Check what happens if connection to web server is reset in between?

4) Compatibility Testing:
Compatibility of your web site is very important testing aspect. See which compatibility test to be executed:

* Browser compatibility
* Operating system compatibility
* Mobile browsing
* Printing options

Browser compatibility:
In my web-testing career I have experienced this as most influencing part on web site testing.
Some applications are very dependent on browsers. Different browsers have different configurations and settings that your web page should be compatible with. Your web site coding should be cross browser platform compatible. If you are using java scripts or AJAX calls for UI functionality, performing security checks or validations then give more stress on browser compatibility testing of your web application.
Test web application on different browsers like Internet explorer, Firefox, Netscape navigator, AOL, Safari, Opera browsers with different versions.

OS compatibility:
Some functionality in your web application is may not be compatible with all operating systems. All new technologies used in web development like graphics designs, interface calls like different API’s may not be available in all Operating Systems.
Test your web application on different operating systems like Windows, Unix, MAC, Linux, Solaris with different OS flavors.

Mobile browsing:
This is new technology age. So in future Mobile browsing will rock. Test your web pages on mobile browsers. Compatibility issues may be there on mobile.

Printing options:
If you are giving page-printing options then make sure fonts, page alignment, page graphics getting printed properly. Pages should be fit to paper size or as per the size mentioned in printing option.

5) Performance testing:
Web application should sustain to heavy load. Web performance testing should include:
Web Load Testing
Web Stress Testing

Test application performance on different internet connection speed.
In web load testing test if many users are accessing or requesting the same page. Can system sustain in peak load times? Site should handle many simultaneous user requests, large input data from users, Simultaneous connection to DB, heavy load on specific pages etc.

Stress testing: Generally stress means stretching the system beyond its specification limits. Web stress testing is performed to break the site by giving stress and checked how system reacts to stress and how system recovers from crashes.
Stress is generally given on input fields, login and sign up areas.

In web performance testing web site functionality on different operating systems, different hardware platforms is checked for software, hardware memory leakage errors,

6) Security Testing:

Following are some test cases for web security testing:

* Test by pasting internal url directly into browser address bar without login. Internal pages should not open.
* If you are logged in using username and password and browsing internal pages then try changing url options directly. I.e. If you are checking some publisher site statistics with publisher site ID= 123. Try directly changing the url site ID parameter to different site ID which is not related to logged in user. Access should denied for this user to view others stats.
* Try some invalid inputs in input fields like login username, password, input text boxes. Check the system reaction on all invalid inputs.
* Web directories or files should not be accessible directly unless given download option.
* Test the CAPTCHA for automates scripts logins.
* Test if SSL is used for security measures. If used proper message should get displayed when user switch from non-secure http:// pages to secure https:// pages and vice versa.
* All transactions, error messages, security breach attempts should get logged in log files somewhere on web server.