Web Application Testing

Professor: Student:
Anca Udristoiu Solea Cosmin Gabriel
What is Web Application Testing?

Web application testing, a software testing technique exclusively adopted

to test the applications that are hosted on web in which the application
interfaces and other functionalities are tested. Web testing is the name given
to software testing that focuses on web applications. Complete testing of a web-
based system before going live can help address issues before the system is
revealed to the public. Issues such as the security of the web application, the
basic functionality of the site, its accessibility to handicapped users and fully
able users, its ability to adapt to the multitude of desktops, devices, and
operating systems, as well as readiness for expected traffic and number of users
and the ability to survive a massive spike in user traffic, both of which are
related to load testing
Web Application Testing - Techniques:

1. Functionality Testing – Test for – all the links in web pages, database
connection, forms used for submitting or getting information from user
in the web pages, Cookie testing etc.

Check all the links:

 Test the outgoing links from all the pages to specific domain under
test.
 Test all internal links.
 Test links jumping on the same pages.
 Test links used to send email to admin or other users from web
pages.
 Test to check if there are any orphan pages.
 Finally link checking includes, check for broken links in all above-
mentioned links.

Let’s take example of the search engine project currently I am working

on, in this project we have advertiser and affiliate signup steps. Each sign up
step is different but its dependent on the other steps. So sign up flow should get
executed correctly. There are different field validations like email Ids, User
financial info validations etc. All these validations should get checked in
manual or automated web testing.

The below are some of the checks that are performed but not limited to
the below list:

 Verify there is no dead page or invalid redirects.

 First check all the validations on each field.

 Wrong inputs to perform negative testing.

 Verify the workflow of the system.

 Verify the data integrity.

2. Usability testing - To verify how the application is easy to use with.

 Test the navigation and controls.

 Content checking.

 Check for user intuition.

Test for navigation:

Navigation means how an user surfs the web pages, different controls like
buttons, boxes or how the user uses the links on the pages to surf different
pages.Usability testing includes the following:

 Website should be easy to use.

 Instructions provided should be very clear.
 Check if the instructions provided are perfect to satisfy its purpose.
 Main menu should be provided on each page.
 It should be consistent enough.

Content checking:

Content should be logical and easy to understand. Check for spelling

errors. Usage of dark colours annoys the users and should not be used in the
site theme. You can follow some standard colours that are used for web page
and content building. These are the common accepted standards like what I
mentioned above about annoying colours, fonts, frames etc.Content should
be meaningful. All the anchor text links should be working properly. Images
should be placed properly with proper sizes.These are some of basic
important standards that should be followed in web development. Your task
is to validate all for UI testing.

3. Interface testing - Performed to verify the interface and the dataflow

from one system to other. The main interfaces are:

Web server and application server interface. Application server and

Database server interface.

Check if all the interactions between these servers are executed and
errors are handled properly. If database or web server returns any error
message for any query by application server then application server
should catch and display these error messages appropriately to the users.
Check what happens if user interrupts any transaction in-between?
Check what happens if connection to the web server is reset in between?
4. Compatibility testing- Compatibility testing is performed based on the
context of the application.

 Browser compatibility

 Operating system compatibility

 Compatible to various devices like notebook, mobile, etc.

Browser compatibility:
In my web-testing career I have experienced this as the most
influencing part on web site testing.
Some applications are very dependent on browsers. Different browsers
have different configurations and settings that your web page should
be compatible with. Your website coding should be a cross browser
platform compatible. If you are using java scripts or AJAX calls for
UI functionality, performing security checks or validations then give
more stress on browser compatibility testing of your web
application.Test web application on different browsers like Internet
explorer, Firefox, Netscape navigator, AOL, Safari, Opera browsers
with different versions.

OS compatibility:
Some functionality in your web application is that it may not be
compatible with all operating systems. All new technologies used in
 web development like graphic designs, interface calls like different
API’s may not be available in all Operating Systems.
Hence test your web application on different operating systems like
Windows, Unix, MAC, Linux, Solaris with different OS flavors.

Mobile browsing:
We are in new technology era. So in future Mobile browsing will
rock. Test your web pages on mobile browsers. Compatibility issues
may be there on mobile devices as well.

Printing options:
If you are giving page-printing options then make sure fonts, page
alignment, page graphics etc., are getting printed properly. Pages
should fit to the paper size or as per the size mentioned in the printing
option.

5. Performance testing - Performed to verify the server response time and

throughput under various load conditions.

 Load testing - It is the simplest form of testing conducted to

understand the behaviour of the system under a specific load. Load
testing will result in measuring important business critical
transactions and load on the database, application server, etc. are also
monitored.

 Stress testing - It is performed to find the upper limit capacity of the

system and also to determine how the system performs if the current
load goes well above the expected maximum.

 Soak testing - Soak Testing also known as endurance testing, is

performed to determine the system parameters under continuous
expected load. During soak tests the parameters such as memory
utilization is monitored to detect memory leaks or other performance
issues. The main aim is to discover the system's performance under
sustained use.

 Spike testing - Spike testing is performed by increasing the number

of users suddenly by a very large amount and measuring the
performance of the system. The main aim is to determine whether the
system will be able to sustain the work load.
6. Security testing - Performed to verify if the application is secured on
web as data theft and unauthorized access are more common issues and
below are some of the techniques to verify the security level of the
system.

 Injection

 Broken Authentication and Session Management

 Cross-Site Scripting (XSS)

 Insecure Direct Object References

 Security Misconfiguration

 Sensitive Data Exposure

 Missing Function Level Access Control

 Cross-Site Request Forgery (CSRF)

 Using Components with Known Vulnerabilities

 Unvalidated Redirects and Forwards

Web application performance tool

A web application performance tool (WAPT) is used to test web

applications and web related interfaces. These tools are used for performance,
load and stress testing of web applications, web sites, web API, web servers and
other web interfaces. WAPT tends to simulate virtual users which will repeat
either recorded URLs or specified URL and allows the users to specify number
of times or iterations that the virtual users will have to repeat the recorded
URLs. By doing so, the tool is useful to check for bottleneck and performance
leakage in the website or web application being tested.
A WAPT faces various challenges during testing and should be able to conduct
tests for:

 Browser compatibility
 Operating System compatibility
 Windows application compatibility where required
WAPT allows a user to specify how virtual users are involved in the testing
environment.ie either increasing users or constant users or periodic users load.
Increasing user load, step by step is called RAMP where virtual users are
increased from 0 to hundreds. Constant user load maintains specified user load
at all time. Periodic user load tends to increase and decrease the user load from
time to time.