Testing Web Applications SEII-Lecture 19

Testing Web ApplicationsSEII-Lecture 19

Dr. Muzafar KhanAssistant ProfessorDepartment of Computer ScienceCIIT, Islamabad.

2

Recap

• Quality dimensions– Content, function, structure, usability, navigability,

performance, compatibility, interoperability, security• Testing strategy• Content testing• Database testing• User interface testing– Testing interface mechanisms, usability tests,

compatibility tests

3

Component-Level Testing [1/2]

• Function testing• Errors related to WebApp functions• Test cases are often derived from forms-level input• Equivalence partitioning– Input categories or classes– Input form is assessed for particular class– Test cases for each input class are derived and

executed– Other classes are held constant– Example: postal code

4

Component-Level Testing [2/2]

• Boundary value analysis– Forms data are tested for their boundaries– Example: minimum and maximum delivery time

• Path testing– Logical complexity of function– Every independent path should be tested

• Forced error testing– Purposely drive component into an error condition– Errors related to error handling e.g. incorrect message

and WebApp failure

5

Navigation Testing

• Visitor walks through a store• Many pathways, stops, things to look and learn,

activities, or decisions• Every visitor has a set of objectives• Navigation process can be unpredictable • Objectives of navigation testing are to ensure– Navigation mechanisms are functional– Navigation semantic unit can be achieved

6

Testing Navigation Syntax [1/2]

• Navigation links– Internal links– External links– Anchors within a specific web page

• Redirects– In case of nonexistent URL / contents removed– Appropriate message and redirection to other page

• Bookmarks– Browser function– Meaningful page title and creation

7

Testing Navigation Syntax [2/2]

• Frames and framesets– Frame contains the content of page– Frameset contains multiple frames– Nesting of frames and framesets– Testing for correct content, proper layout and sizing, download

performance, and browser compatibility• Site maps

– Complete table of contents• Internal search engines

– Thousands of content objects– Keyword search– Validates accuracy and completeness of search, error-handling

properties of the search engine, and advanced search feature

8

Testing Navigation Semantics [1/3]

• Navigation Semantic Unit (NSU)– A set of information and related navigation structures to

fulfill specific user’s goal– A set of navigation paths and associated navigation nodes

• Testing of NSU• Questions to answer• Is the NSU achieved in its entirety without error?• Is every navigation node (defined for an NSU)

reachable within the context of the navigation paths defined for the NSU?

9

Testing Navigation Semantics [2/3]

• If the NSU can be achieved using more than one navigation path, has every relevant path been tested?

• If guidance is provided by the user interface to assist in navigation, are directions correct and understandable as navigation proceeds?

• Is there a mechanism (other than the browser "back" arrow) for returning to the preceding navigation node and to the beginning of the navigation path?

• Do mechanisms for navigation within a large navigation node (i.e. a long web page) work properly?

• If a function is to be executed at a node and the user chooses not to provide input, can the remainder of the NSU be completed?

10

Testing Navigation Semantics [3/3]

• If a function is executed at a node and an error in function processing occurs, can the NSU be completed?

• Is there a way to discontinue the navigation before all nodes have been reached, but then return to where the navigation was discontinued and proceed from there?

• Is every node reachable from the site map? Are node names meaningful to end users?

• If a node within an NSU is reached from some external source, is it possible to process to the next node on the navigation path? Is it possible to return to the previous node on the navigation path?

• Does the user understand his location within the content architecture as the NSU is executed

11

Configuration Testing [1/3]

• Configuration variability and instability• Different factors e.g. hardware and operating

system are difficult to predict for each user• Users’ experience varies• Objective is to test probable set of client-side and

server-side configurations

12

Configuration Testing [2/3]

• Server-side issues– Test cases for the projected server configuration

• Questions to answer• Is the WebApp fully compatible with the server OS?• Are system files, directories, and related system data

created correctly when the WebApp is operational?• Do system security measures (e.g., firewalls or

encryption) allow the WebApp to execute and service users without interference or performance degradation?

13

Configuration Testing [3/3]

• Has the WebApp been tested with the distributed server configuration (if one exists) that has been chosen?

• Is the WebApp properly integrated with database software? Is the WebApp sensitive to different versions of database software?

• Do server-side WebApp scripts execute properly?• Have system administrator errors been examined for

their effect on webApp operations?• If proxy server are used, have differences in their

configuration been addressed with on-site testing?

14

Client-Side Issues

• Possible configurations• Hardware

– CPU, memory storage, and printing devices• Operating systems

– Linux, Macintosh OS, Microsoft Windows, a mobile-based OS• Browser software

– Firefox, safari, internet explorer, opera, chrome, and others• User interface components

– Active X, java applets, and others• Plug-ins

– QuickTime, RealPlayer, and many others• Connectivity

– cable, DSL, regular modem, WiFi

15

Security Testing [1/2]

• Hackers, employees, competitors• Modified content, degrade performance, disable

functionality• Objective is to probe vulnerabilities– Client-side, communication, server-side

• Firewall– Filtering mechanism– Examines incoming packet

• Authentication– Verification mechanism

16

Security Testing [2/2]

• Encryption– An encoding mechanism– Digital certificates

• Authorization– Filtering mechanism– Authorized users

• Sometimes outsourced to others

17

Performance Testing [1/6]

• Performance problems• Lack of server-side resources, inappropriate

network bandwidth, inadequate database capabilities, faulty/weak operating system capabilities, poorly designed WebApp functionality

• Objectives are to – Understand how system responses as loading

increases– Collect metrics to improve performance

18

Performance Testing [2/6]

• Questions to answer• Does the server response time degrade to a point

where it is noticeable and unacceptable?• At what point (in terms of users, transactions, or

data loading) does performance become unacceptable?

• What system components are responsible for performance degradation?

• What is the average response time for users under a variety of loading conditions?

19

Performance Testing [3/6]

• Does performance degradation have an impact on system security?

• Is WebApp reliability or accuracy affected as the load on the system grows?

• What happens when loads that are greater than maximum server capacity are applied?

• Does performance degradation have an impact on company revenues?

20

Performance Testing [4/6]

• Load testing– N, number of concurrent users– T, number of online transactions per unit of time– D, data load processed by the server per transaction– P = N * T * D

• Stress testing– Spike / bounce testing– Continuation of load testing– Operational limits exceed

21

Performance Testing [5/6]

• Stress testing– Questions to answer– Does the system degrade gently or does the server

shutdown as capacity is exceeded?– Does server software generate "server not available"

messages? More generally, are users aware that they cannot reach the server?

– Does the server queue resource requests and empty the queue once capacity demands diminish?

– Are transactions lost as capacity is exceeded?– Is data integrity affected as capacity is exceeded?

22

Performance Testing [6/6]

• Stress testing– What values of N, T and D force the server

environment to fail? How does failure manifest itself? Are automated notifications sent to technical support staff at the server site?

– If the system does fail, how long will it take to come back on line?

– Are certain webApp functions (e.g., compute intensive functionality, data streaming capabilities) discontinued as capacity reaches the 80 or 90 percent level?

23

Summary

• Component-level testing– Equivalence partitioning, boundary value analysis, path testing

• Navigation testing– Testing navigation syntax and semantics

• Configuration testing– Server-side and client-side issues

• Security testing– Firewall, authentication, encryption, authorization

• Performance testing– Load and stress testing