Testing Web and E-Commerce Applications: Robert Sabourin President Montreal, Canada

Testing Web and E-Commerce
Applications
Robert Sabourin
President
AmiBug.Com, Inc.
Montreal, Canada
rsabourin@amibug.com
www.amibug.com
© Robert Sabourin, 2003 Slide 1
AmiBug.Com, Inc.
Testing Web and E-Commerce
Applications
Module 2
What Can Break?

AmiBug.Com, Inc.
Overview
– Types of Web Systems

– Basic Web Architecture
– Typical Transaction
– Exercise

AmiBug.Com, Inc.
Learning Objective
With the successful completion of this module the student will be

able to:
- Identify the types of Web Systems
- Describe the layers of a typical web/e-commerce
application
- Describe potential defects associated with each layer
- Describe the typical Internet transaction path
- Understand processing done on each layer

AmiBug.Com, Inc.
Types of Web Systems
• Informational
• Delivery
• Customized access
Any Combination
• User-provided content
• Interactive
• File sharing
• Transaction oriented
• Application service provider
• Database access
• Document access
• Workflow oriented
• Automatic content generator

AmiBug.Com, Inc.
Informational
www.canadascapital.gc.ca National Capital Web Site
• Brochureware sites
• Present information
Characteristics
• Kiosks
• Wrong, incorrect or
outdated information
Bug Potential
• Invalid or incorrect links
• Graphic user interface
problems

AmiBug.Com, Inc.
Delivery
ftp.w3.org/pub/ W3C ftp Site
• Download of content
• FTP sites
Characteristics
• Applications
• Wrong or incorrect download objects

Bug Potential • Performance

AmiBug.Com, Inc.
Customized Access
www.mylycos.com Custom Lycos Portal
• Special portal
• Customized
Characteristics
• End user preferences
• Functional bugs
Bug Potential • Wrong URLs in portal

AmiBug.Com, Inc.
User-provided content
Geocities.yahoo.com Web site creation
• Registration forms
• Requests for information
Characteristics
• Functional bugs
Bug Potential • GUI problems

AmiBug.Com, Inc.
Interactive
www.paypal.com e-Comm Payment
• Two way interaction

between sites
Characteristics • Such as B2B
• Incorrect business logic


AmiBug.Com, Inc.
File sharing
www.kazaa.com File sharing community
• Common site where files

are located
Characteristics • File access from end users
site
• Napster example
• Wrong or incorrect files


AmiBug.Com, Inc.
Transaction Oriented
www.amazon.com on-line e-store
• The end user buys

something
Characteristics
• Business logic errors

Bug Potential • Security
• Performance

AmiBug.Com, Inc.
Application service
provider
www.symantec.com Norton Anti-Virus Service
• End User rents an
application on a per-
Characteristics user, per month or per
transaction basis
• Functional bugs
• Scalability

AmiBug.Com, Inc.
Database access
www.usps.com/zip4/citytown_zip.htm US Zip Code
• Database of information
which a user can query
Characteristics
• Incorrect or Wrong data

• Performance

AmiBug.Com, Inc.
Document access
www.ccra-adrc.gc.ca Revenue Canada Documents
• Access to on-line
information libraries and
Characteristics documentation
• Incorrect or Wrong links

• GUI bugs

AmiBug.Com, Inc.
Workflow oriented
www.vignette.com Web site content manager
• Site ensures that the

process or workflow is
Characteristics followed
• Supply chain
management
• Business logic errors

Bug Potential • Incorrect or Wrong links
• GUI bugs

AmiBug.Com, Inc.
Automatic content
generator
www.google.com Search Engine
• Robots
• Software Agents
Characteristics
• Search web for content
to be presented
• Functional errors
Bug Potential • Incorrect or Wrong content

AmiBug.Com, Inc.
Interoperability
Maintainability
Dependability
Expandability
Serviceability
Accessibility
Functionality
Adaptability
Re-usability
Auditability
Operability
Availability
Scalability
Testability
Continuity
Portability
Reliability
Usability
Security
Integrity
Application service provider
Automatic content generator
Customized access
Database access
Delivery
Document access
File sharing
Informational
Interactive
Transaction oriented
User-provided content
Workflow oriented
High Focus
Medium Focus Quality Factors Importance For
Low Focus Different Web Application Types
AmiBug.Com, Inc.
Basic Web Architecture
W o r k s ta tio n W o r k s ta tio n
D a ta
S e rv e r
P ro x y S e rv e r
In te rn e t
M odem
Hom e PC
In te r n e t S e r v ic e P r o v id e r W e b S e rv e r A p p lic a tio n S e r v e r

AmiBug.Com, Inc.
User Application
W o r k s ta tio n W o r k s ta tio n Components Components
D a ta
S e rv e r
P ro x y S e rv e r
In te rn e t
M odem
Hom e PC

AmiBug.Com, Inc.
Direct LAN via Proxy Server to
Internet Service Provider
User
W o r k s ta tio n W o r k s ta tio n Components
D a ta
S e rv e r
P ro x y S e rv e r
PC via modem to
Internet Service Provider
In te rn e t
M odem
Hom e PC

AmiBug.Com, Inc.
Data
Application Services
W o r k s ta tio n W o r k s ta tio n Components
D a ta
S e rv e r
P ro x y S e rv e r
Process Application
HTTP Dependent
Requests Code
In te rn e t
M odem
Hom e PC

AmiBug.Com, Inc.
D a ta
S e rv e r
P ro x y S e rv e r
Various
Routers,
Servers &
Switches
In te rn e t
M odem
Hom e PC

AmiBug.Com, Inc.
Workstation Component
WORKSTATIONS
Browser D a ta
Operating System S e rv e r
Java Virtual Machine

W o r k s ta tio n W o r k s ta tio n User’s Locale
P ro x y S e rv e r
Plug-Ins
Media Players
Viewers
M odem Display depth In te rn e t
Hom e PC
Display resolution
Resident applications

AmiBug.Com, Inc.
Workstation Processing
W o r k s ta tio n W o r k s ta tio n WORKSTATIONS

Render all pages based on input from Web Server.
D a ta
S e rv e r
Locally run objects such as FLASH animations
Execute active X components
P ro x y S e rv e r
W o r k s ta tio n W o r k s ta tio n Execute JAVASCRIPT
Execute JAVA
Execute VB SCRIPT
Execute Viewers I n t e r n e t
M odem
Initiate Email
Hom e PC Store local user files
Cookies, Cached objects

AmiBug.Com, Inc.
Internet Connections
Connections to Internet Service Provider

D a ta
(ISP)
S e rv e r
Typical Office
P ro x y S e rv e r
- Local Area Network
- Several computers share a High, to Very High
Speed Access
- Via a proxy server, which redirects requests to
In te rn e t
M odem
and from ISP servers to appropriate local
Hom e PC workstation

AmiBug.Com, Inc.
Connections to Internet Service Provider (ISP)
Typical Home
- Modem D a ta
S e rv e r
- Low or High Speed

W o r k s ta tio n
- Via direct
W o r k s ta tio n
P r o x y line
S e r v e r or dial-up link to ISP
In te rn e t
M odem
Hom e PC

AmiBug.Com, Inc.
Internet Service Provider (ISP)
- Gateway to the Internet

W o r k s ta tio n W o r k s ta tio n - All transactions and data pass through the ISP
servers before being sent to the request
D a ta
S e rv e r
originator or target.
- Often bank of powerful computers connected
P ro x y S e rv e r
W o r k s ta tio n W o r k s ta tio n directly to a high speed Internet backbone
- May connect to another ISP indirectly
In te rn e t
M odem
Hom e PC

AmiBug.Com, Inc.
Internet
- Network
- Servers D a ta
- Switches S e rv e r
- Networks
P ro x y S e rv e r
- Routers
In te rn e t
M odem
Hom e PC

AmiBug.Com, Inc.
Web Server
- All HTTP Requests are handled by a Web Server

- To service
W o r k s ta tio n
the request:
W o r k s ta tio n
- Find page requested and send it to requestor D a ta

S e rv e r
- or Generate another request to another server

- or Execute a local script P ro x y S e rv e r
or program
requestor
- or Execute a local active server page script,

which generates a page to send, to the requestor
- or Execute M odem
a local CGI script and send I n t e r n e results
t to
requestor
- or Return an error message, indicating that the
Hom e PC
request could notI n t e rbe filled presently

n e t S e r v ic e P r o v id e r W e b S e rv e r A p p lic a tio n S e r v e r

AmiBug.Com, Inc.
Application Server
- Web Application Business Logic is executed on D a ta

S e rv e r
the application server
- Services and objects processed are totally
P ro x y S e rv e r
W o r k s ta tio n W odependent
r k s ta tio n on the Web Application Purpose
- Sometimes developed using third party application,
infrastructures such as IBM WebSphere
In te rn e t
M odem
Hom e PC

AmiBug.Com, Inc.
D a ta
S e rv e r
Data Server
P ro x y S e rv e r
- Data layer
- May contain application specific data

- May contain security data
- Implemented
M odem
with one or more physical In te rn e t servers
- May include several Databases
-
Hom e PC
Communication to Application Server and Web
Server via standard interfaces (SQL)
- May include stored procedures and other data
handling related application code
AmiBug.Com, Inc.
Firewalls
- Software or hardware combined Firewalls
- Restricts traffic
- Source
- Destination
W o r k s t a t i o-n Type
W o r k s of
t a t i o n data
- Authentication D a ta
- Authorization S e rv e r
P ro x y S e rv e r
In te rn e t
M odem
Hom e PC

AmiBug.Com, Inc.
Web Architecture
• Model is simplified, some other important
elements in the system
– Multiple Web, Application and Data Servers
– Intelligent Switches and Routers
– Load Balancing Technologies
– File and Data Caching
– File and Data Mirroring
– Encryption, Secure Sockets Layer
AmiBug.Com, Inc.
Walk Through
Transaction
• Simple transaction example.
– Scenario
• User requests a description of an on-line catalogue
item and subsequently gets a page of data from the
web application.
– Following are steps the transaction follows, in
sequence:

AmiBug.Com, Inc.
Walk Through
Transaction
1 17
19 18
2 3
D a ta
S e rv e r
10
W o r k s ta tio n W o r k s ta tio n 4 P ro x y S e rv e r
16
7 12 11
6
5
M odem
In te rn e t
9
15 14 8
Hom e PC
13

AmiBug.Com, Inc.
Step Action
1 User completes form with details about item.
2 Request transmitted over LAN to Proxy Server
3 Proxy Server dispatches request to Internet
4 Firewall checks to make sure request can pass through
5 ISP routes requested over Internet.
6 Request routed to target Web server.
7 Web Application Firewall ensures request can pass
8 Web Server processes request calling application server
9 Application server handles request and requests data
10 Data server fulfills application server request

AmiBug.Com, Inc.
Step Action
11 Application server sends results back to web server
12 Web server prepares a web page and sends to originator
13 Application firewall confirms request can pass through
14 Internet routes request to users ISP
15 ISP sends request to originators proxy server
16 Originator firewall makes sure request can pass
17 Originator proxy server dispatches request to originator
18 Request is sent via local network to originator
19 Browser renders resulting data on originators workstation

AmiBug.Com, Inc.
Walk Through
Transaction
• Imagine the above example with an added
step to authorize payment by credit card!
– Application server would have to send a request
to, the BANK APPLICATION SERVER, so as to
ensure that credit was OK and transaction could
be processed!
• What about other B2B links in the chain?
• How about buying a book from Amazon?
AmiBug.Com, Inc.
What Can Break?
TIME TIME TIME TIME TIME TIME TIME TIME TIME
AmiBug.Com, Inc.
What can break?
Time
Attention span on Web is limited!
If the time to get a response from

any Web or E-Commerce
application is longer than 8-12
seconds most users will surf to
some another site!

AmiBug.Com, Inc.
What can break?
Time
With 19 steps required for the

simplest three tiered web
application, it is extremely critical
that the “performance” in terms of
time to process a transaction is
optimal!
Changing the Web application

can accidentally slow down
processing!
AmiBug.Com, Inc.
What can break?
Time
Quick fixes and bandage

solutions often lead to
performance degradation!
Operation with full databases,

nearly 100% consumed system D a ta
resources. S e rv e r
Stuff outside and within your

control, impacts response time!
AmiBug.Com, Inc.
Areas of control
Outside of Within
W o r k s ta tio n W o r k s ta tio n Web Applications
Application Developers D a ta
Developers Direct S e rv e r
Direct Control
P ro x y S e rv e r
Control
In te rn e t
M odem
Hom e PC

AmiBug.Com, Inc.
Workstation Bugs
Displays and interactivity,dependent
on Browser Type, Version & O/S
User
Missing or wrong version of Third
Application
Party Plug-In or Object
D a ta
S e rv e r
Incompatible or Missing JAVA
Runtime environment and engine
P ro x y S e rv e r
Incompatible or Missing
JAVASCRIPT interpreter
Incompatible or Missing Viewer

In te rn e t
M odem
(PDF, 3rd party formats)
Hom e PC Locale not supported including
Language, Fonts and other
resources
Screen resolution ©
and color
Robert support
Sabourin, 2003 Slide 45
not match application AmiBug.Com, Inc.
Proxy Server Bugs
Does not allow access to URL for
any workstation. Configuration.
User Application
Does not allow response to request
to be routed to requester.
D a ta
S e rv e r
Adds considerable processing time
to the transaction - drop connection
P ro x y S e rv e r
Misidentifies embedded object as
unacceptable file type if unknown
Performs
In te rn e t
virus scans on some
M odem
binary objects
Hom e PC
Content block and restriction based
In te r n e t S e r v ic e P r o v id e r
on user access rights W e b S e r v e r A p p lic a tio n S e r v e r
Defective
© Robert Sabourin, file
2003or object caching Slide 46
mechanisms miss most recent fileAmiBug.Com, Inc.
Modem Bugs
User Application
Slow connection often due to D a ta

S e rv e r
limitation of modem. (Page Load)
W o r k s ta tio n W o r k s ta tio n Noisy communication link causes

P ro x y S e rv e r
many retries.
Bottlenecks communication thus

delaying normal interactivity
In te rn e t
M odem
Hom e PC

AmiBug.Com, Inc.
ISP Bugs
Busy - Busy - Busy.
Too many concurrent active users.
User Application
Bandwidth is limited, as regards
connection to internet vs total load.
D a ta
S e rv e r
CPU and Resource capacity
insufficient to handle traffic.
P ro x y S e rv e r
ISP experiencing hardware related
communications problems (switch)
Restrictions
In te rn e t
to amount of content
M odem
users can download
Hom e PC
Restrictions to amount of time a
user can be connectedW e b S e r v e r A p p lic a tio n S e r v e r
Defective
© Robert Sabourin, Software
2003 on any of the ISP Slide 48
servers AmiBug.Com, Inc.
Internet Bugs
Defective intermediate routers,
switches or servers.
User Application
Too much traffic causes bottlenecks
Too much traffic causes bottlenecks
on some routes.
D a ta
S e rv e r
Hardware failure on network
infrastructure.
P ro x y S e rv e r
Local government imposed
regulations and content limits
In te rn e t
Various firewalls in path can block
M odem
transaction due to authorization
Hom e PC
Denial of service attacks to different
critical intermediate
W e b S e rv e r
servers
A p p lic a tio n S e r v e r
© Robert Sabourin, 2003 Pirates, Vandals, Hackers,

Slide 49
Snoopers, Bad Guys redirections
AmiBug.Com, Inc.
Web Server Bugs
User interface design errors -
Defective HTLM constructs!
unusable!
Runtime errors in Active Server

Missing, incorrect or broken links
Page (ASP) scripts.
Application
Missing, incorrect images,
User Resources restricted - not enough
incorrectly identified objects memory, files system, capacity
D a ta
S e rv e r
Runtime errors in JAVASCRIPT or Logic, design or programming logic
VBSCRIPT code in code implementing user interface
P ro x y S e rv e r
Missing or wrong version of web Too many users for capacity of
pages! HTTP server.
Denial of service attacks

M odem
In te rn e t
Hom e PC
Pirates, Vandals, Hackers,
Snoopers,I n t eBad Guys redirections
r n e t S e r v ic e P r o v id e r W e b S e rv e r A p p lic a tio n S e r v e r
Too much traffic for capacity ofSabourin,

© Robert Web 2003Incorrect exception handling in code
Slide 50
server. implementing user interface.
AmiBug.Com, Inc.
Web Server Bugs too
Error handling errors in
HTTP Server Failure
communicating with other servers
Connection time out due to

Java Server Failure
communication delays
Application
O/S Failure - O/S Related problem
User Logic error in detecting and
moving between Unix and Windows processing time out condition
D a ta
S e rv e r
Third Party Component Failure Scripting error in CGI script

P ro x y S e rv e r
Incorrect processing of cookie data
Server Hardware failure
in determining session status.
Memory Leaks - resource In te rn e t

M o management
dem
Hom e PC
Access failure communicating with
Application Server
Access failure communicating

© Robert with
Sabourin, 2003Logic error in implementation
Slide 51of CGI
Date Server. scripts.
AmiBug.Com, Inc.
Application
Server Bugs
Missing, required functionality
Application
User
Incorrectly implemented business
logic
D a ta
S e rv e r
Runtime errors in scripted code

P ro x y S e rv e r
Incorrect version of code or objects
Server, O/S or third party software

In te rn e t
M odem failure - middle-ware failure
Hom e PC
Server hardware failure

© Robert
Cannot Sabourin,
handle 2003
transaction volume Slide 52
AmiBug.Com, Inc.
Application Server Bugs too
Communication failure with Data
server
Application
User
Communication failure with Web
Server
D a ta
S e rv e r
Logic error in implementation of
error handling code
P ro x y S e rv e r
Memory leaks - resource usage
M odem
Failure of third
I n t e r n epart
t components
Hom e PC
B2B link to other site failed

Design errors
© Robert in implementation
Sabourin, 2003 of Slide 53
business logic
AmiBug.Com, Inc.
Data Server Bugs
Performance delays due to amount
of data or system load
Communication failure with

Application server
Application
Communication failure with Web
User
Server
D a ta
S e rv e r
Logic error in implementation of
error handling code
P ro x y S e rv e r
Memory leaks - resource usage
Runtime errors executing stored

In te rn e t
M odem procedures
Hom e PC
Incorrect schema referenced by
different servers - configurations
Design errors in implementation of

database logic
AmiBug.Com, Inc.
Module References
• “Testing Applications on the Web”, Wiley
2000, Hung Nguyen.
• “Software Testing Methods and Tools
Course Notes”, AmiBug.com, 2001, Robert
Sabourin.
• “Stess Testing Web Applications Workship
Notes”, AmiBug.com, 2001, Robert
Sabourin.
AmiBug.Com, Inc.
Thank You
• Questions?

AmiBug.Com, Inc.

Testing Web and E-Commerce Applications: Robert Sabourin President Montreal, Canada

Hochgeladen von

Dokumentinformationen

Originaltitel

Copyright

Verfügbare Formate

Dieses Dokument teilen

Dokument teilen oder einbetten

Freigabeoptionen

Stufen Sie dieses Dokument als nützlich ein?

Sind diese Inhalte unangemessen?

Copyright:

Verfügbare Formate

Testing Web and E-Commerce Applications: Robert Sabourin President Montreal, Canada

Hochgeladen von

Copyright:

Verfügbare Formate

Testing Web and E-Commerce

© Robert Sabourin, 2003 Slide 2

– Types of Web Systems

© Robert Sabourin, 2003 Slide 3

With the successful completion of this module the student will be

© Robert Sabourin, 2003 Slide 4

© Robert Sabourin, 2003 Slide 5

© Robert Sabourin, 2003 Slide 6

• Wrong or incorrect download objects

© Robert Sabourin, 2003 Slide 7

© Robert Sabourin, 2003 Slide 8

© Robert Sabourin, 2003 Slide 9

• Two way interaction

• Incorrect business logic

© Robert Sabourin, 2003 Slide 10

• Common site where files

• Wrong or incorrect files

© Robert Sabourin, 2003 Slide 11

• The end user buys

• Business logic errors

© Robert Sabourin, 2003 Slide 12

© Robert Sabourin, 2003 Slide 13

• Incorrect or Wrong data

© Robert Sabourin, 2003 Slide 14

• Incorrect or Wrong links

© Robert Sabourin, 2003 Slide 15

• Site ensures that the

• Business logic errors

© Robert Sabourin, 2003 Slide 16

© Robert Sabourin, 2003 Slide 17

© Robert Sabourin, 2003 Slide 19

© Robert Sabourin, 2003 Slide 20

© Robert Sabourin, 2003 Slide 21

© Robert Sabourin, 2003 Slide 22

© Robert Sabourin, 2003 Slide 23

Java Virtual Machine

© Robert Sabourin, 2003 Slide 24

W o r k s ta tio n W o r k s ta tio n WORKSTATIONS

© Robert Sabourin, 2003 Slide 25

Connections to Internet Service Provider

© Robert Sabourin, 2003 Slide 26

- Low or High Speed

© Robert Sabourin, 2003 Slide 27

- Gateway to the Internet

© Robert Sabourin, 2003 Slide 28

© Robert Sabourin, 2003 Slide 29

- All HTTP Requests are handled by a Web Server

- Find page requested and send it to requestor D a ta

- or Generate another request to another server

- or Execute a local active server page script,

request could notI n t e rbe filled presently

© Robert Sabourin, 2003 Slide 30

- Web Application Business Logic is executed on D a ta

© Robert Sabourin, 2003 Slide 31

- May contain application specific data

© Robert Sabourin, 2003 Slide 33

© Robert Sabourin, 2003 Slide 35

© Robert Sabourin, 2003 Slide 36

1 User completes form with details about item.

2 Request transmitted over LAN to Proxy Server

3 Proxy Server dispatches request to Internet

4 Firewall checks to make sure request can pass through

5 ISP routes requested over Internet.