Chapter 4

Testing Web Applications

• Testing Web Applications Syllaabus

• Dimension of Quality,
• Error within a WebApp Environment
• Testing Strategy for WebApp
• Test Planning
• The Testing Process –an overview
• What is Web Testing?
• Web Testing, or website testing is checking your web application or website
for potential bugs before its made live and is accessible to general public.
Web Testing checks for functionality, usability, security, compatibility,
performance of the web application or website.
• Web Application Testing – Strategies :
1. Functionality Testing - The below are some of the checks that
are performed but not limited to the below list:
ØVerify there is no dead page or invalid redirects.
ØFirst check all the validations on each field.
ØWrong inputs to perform negative testing.
ØVerify the workflow of the system.
ØVerify the data integrity.
• Web Application Testing – Techniques continued......
2. Usability testing - To verify how the application is easy to use with.
Test the navigation and controls.
Content checking.
Check for user intuition.

3. Interface testing - Performed to verify the interface and the dataflow from one system to
other.

4. Performance testing - Performed to verify the server response time and throughput under
various load conditions.
Load testing - It is the simplest form of testing conducted to understand the behaviour of
the system under a specific load. Load testing will result in measuring important business
critical transactions and load on the database, application server, etc. are also monitored.
Stress testing - It is performed to find the upper limit capacity of the system and also to
determine how the system performs if the current load goes well above the
expected maximum.
• Performance testing Continued....
 Soak testing - Soak Testing also known as endurance testing, is performed to determine
the system parameters under continuous expected load. During soak tests the parameters such as memory
utilization is monitored to detect memory leaks or other performance issues. The main aim is to discover the
system's performance under sustained use.
 Spike testing - Spike testing is performed by increasing the number of users suddenly by a very large amount
and measuring the performance of the system. The main aim is to determine whether the system will be able
to sustain the work load.
6. Security testing - Performed to verify if the application is secured on web as data theft and unauthorized
access are more common issues and below are some of the techniques to verify the security level of the system.
 Injection
 Broken Authentication and Session Management
 Cross-Site Scripting (XSS)
 Insecure Direct Object References
 Security Misconfiguration
 Sensitive Data Exposure
 Missing Function Level Access Control
 Cross-Site Request Forgery (CSRF)
 Using Components with Known Vulnerabilities
 Unvalidated Redirects and Forwards
• The Testing Process
• What are the Different Phases in the Structured Software Testing Life
Cycle?
Requirement Analysis
The first step in the Software Testing Life Cycle is to identify which are the
features of the Software that can be tested and how.
Any requirement of the Software that is revealed to be un-testable is
identified at this stage, and subsequent mitigation strategies are planned. The
Requirements that are arrived at here can either be Functional (related to the
basic functions the software is supposed to do) in nature or Non-Functional
(related to system performance or security availability).
Deliverables
• RTM – Requirement Traceability Matrix.
• Automation Feasibility Report
• Test Planning
Now that the testing team has a list of requirements that are to be
tested, the next step for them is to devise activities and resources, which
are crucial to the practicality of the testing process. This is where the
metrics are also identified, which will facilitate the supervision of the testing
process. A senior Quality Assurance Manager will be involved at this stage
to determine the cost estimates for the project. It is only after running the
plan by the QA manager that the Test Plan will be finalized.
Deliverables
• Test Plan or Strategy Document
• Effort Estimation Document
• Test Analysis
This stage answers to the ‘What are we testing question?’. The
test conditions are understood and accessed not just through the
requirements that have been identified at the first stage, but also
another related test basis like the product’s risks. Other factors that
are taken into account while arriving at suitable test conditions are –

• Different levels and depth of testing

• Complexity levels of the product
• Risks associated with the product and the project
• The involvement of the Software Development Life Cycle
• Skillset, knowledge, expertise, and experience of the team
• Availability of the different stakeholders.
• Test Design
If the Software Testing Process were answers to a series of questions (which it
is), this stage would answer the question – ‘How to go about testing the
Software?’
The answer, however, depends on a lot of tasks that need to be completed at
this point in the process.
These are –
• Working on with the predefined test conditions. This requires breaking down
of the test conditions into multiple sub-conditions so that all areas can get
their due coverage.
• Identifying and collecting all data related to the test, and using it to set up a
test environment conducive to the software.
• Developing metrics to track the requirements and test coverage.
• Test Implementation

Now that all the basic structuring work has been done, the next step is to
plan how the test structure that has been devised will be implemented.
This means that all test cases are to be arranged according to their priority
and a preliminary review is in order to ensure that all test cases are
accurate in themselves and in relation to other test cases.
If needed the test cases and test scripts will undergo an additional
reworking to work with the larger picture.
Deliverables
• Environment ready with test data set up
• Smoke Test results
• Test Execution

When all is said and done, this is where the real action begins. All the
planning and management culminates into this – the Execution of the
Software Test. This involves a thorough testing of the Software, yes, but also
a recording of the test results at every point of the execution process.
So, not only will you be keeping a record of the defects or errors as and when
they arise, but you will also be simultaneously tracking your progress with
the traceability metrics that have been identified in the earlier stages.
• Test Conclusion
This is where the Exit criteria begin by ensuring that all results of the
Software Testing Process are duly reported to the concerned stakeholders.
There are different ways of making regular reports, weekly or daily. A
consensus is to be arrived at between the stakeholders and the testers, to
ensure that parties are up-to-date with which stage is the Software Testing
Process at.
Depending on the Project Managers and their awareness of the Software
Testing Process, the reports can be intensely technical or written in
easily understandable non-technical language for a layman.
Deliverables
• Competed RTM with the execution status
• Test cases updated with results
• Defect Reports
• Test Cycle Closure
This last stage is more of seeing off of the Software Testing Process. It is
where you tick off the checklist and make sure all actions that were
started during the process have reached their completion.
This involves making concluding remarks on all actions of the testing
process with respect to their execution and/or mitigation.
Also, a revisiting of the entire Software Testing Process as it concludes,
will help the team in understanding and reviewing their activities so that
lessons can be learned from the testing process and similar mistakes (if
any) be avoided in the next Software Testing Cycle the team undertakes.
Deliverables
• Test Closure Report
• Test Metrics
• Test Plan
• A Test Plan is a detailed document that describes the test strategy,
objectives, schedule, estimation, deliverables, and resources required
to perform testing for a software product. Test Plan helps us
determine the effort needed to validate the quality of the application
under test. The test plan serves as a blueprint to conduct software
testing activities as a defined process, which is minutely monitored
and controlled by the test manager.
• As per ISTQB definition: “Test Plan is A document describing the
scope, approach, resources, and schedule of intended test activities.”
• How to write a Test Plan
• You already know that making a Test Plan is the most important task of Test
Management Process. Follow the seven steps below to create a test plan as
per IEEE 829
• Analyze the product
• Design the Test Strategy
• Define the Test Objectives
• Define Test Criteria
• Resource Planning
• Plan Test Environment
• Schedule & Estimation
• Determine Test Deliverables
• Step 1) Analyze the product
• How can you test a product without any information about it? The answer
is Impossible. You must learn a product thoroughly before testing it.
• The product under test is Guru99 banking website. You should research
clients and the end users to know their needs and expectations from the
application
• Who will use the website?
• What is it used for?
• How will it work?
• What are software/ hardware the product uses?
• Step 2) Develop Test Strategy
• Test Strategy is a critical step in making a Test Plan in Software Testing. A Test
Strategy document, is a high-level document, which is usually developed by
Test Manager. This document defines:
• The project’s testing objectives and the means to achieve them
• Determines testing effort and costs
• Step 2.1) Define Scope of Testing
• Before the start of any test activity, scope of the testing should be known.
You must think hard about it.
• The components of the system to be tested (hardware, software,
middleware, etc.) are defined as “in scope“
• The components of the system that will not be tested also need to be clearly
defined as being “out of scope.”
• Defining the scope of your testing project is very important for all
stakeholders. A precise scope helps you
• Give everyone a confidence & accurate information of the testing you are
doing
• All project members will have a clear understanding about what is tested and
what is not
• Step 2.2) Identify Testing Type
• A Testing Type is a standard test procedure that gives an expected test
outcome.
• Each testing type is formulated to identify a specific type of product bugs.
But, all Testing Types are aimed at achieving one common goal “Early
detection of all the defects before releasing the product to the customer”
• There are tons of Testing Types for testing software product. Your
team cannot have enough efforts to handle all kind of testing. As Test
Manager, you must set priority of the Testing Types
• Which Testing Types should be focused for web application testing?
• Which Testing Types should be ignored for saving cost?
• Step 2.3) Document Risk & Issues
• Risk is future’s uncertain event with a probability of occurrence and
a potential for loss. When the risk actually happens, it becomes the ‘issue’.
• In the article Risk Analysis and Solution, you have already learned about the
‘Risk’ analysis in detail and identified potential risks in the project.
• In the QA Test Plan, you will document those risks

• Step 2.4) Create Test Logistics

• In Test Logistics, the Test Manager should answer the following questions:
• Who will test?
• When will the test occur?
• Step 3) Define Test Objective

• Test Objective is the overall goal and achievement of the test execution.
The objective of the testing is finding as many software defects as possible;
ensure that the software under test is bug free before release.
• To define the test objectives, you should do 2 following steps
• List all the software features (functionality, performance, GUI…) which may
need to test.
• Define the target or the goal of the test based on above features
• Step 4) Define Test Criteria

• Test Criteria is a standard or rule on which a test procedure or test judgment

can be based. There’re 2 types of test criteria as following
• Suspension Criteria
• Specify the critical suspension criteria for a test. If the suspension criteria are
met during testing, the active test cycle will be suspended until the criteria
are resolved.
• Exit Criteria
• It specifies the criteria that denote a successful completion of a test phase.
The exit criteria are the targeted results of the test and are necessary before
proceeding to the next phase of development. Example: 95% of all critical test
cases must pass.
• Step 5) Resource Planning
• Resource plan is a detailed summary of all types of resources required to
complete project task. Resource could be human, equipment and
materials needed to complete a project
• The resource planning is important factor of the test planning because
helps in determining the number of resources (employee, equipment…)
to be used for the project. Therefore, the Test Manager can make the
correct schedule & estimation for the project.
• Step 6) Plan Test Environment
• What is the Test Environment
• A testing environment is a setup of software and hardware on which the
testing team is going to execute test cases. The test environment consists
of real business and user environment, as well as physical environments,
such as server, front end running environment.
• Step 7) Schedule & Estimation
• In the article Test estimation, you already used some techniques to
estimate the effort to complete the project. Now you should include
that estimation as well as the schedule to the Test Planning
• In the Test Estimation phase, suppose you break out the whole
project into small tasks and add the estimation for each task as below

Task Members Estimate effort

Create the test specification Test Designer 170 man-hour

Perform Test Execution Tester, Test Administrator 80 man-hour

Test Report Tester 10 man-hour

Test Delivery 20 man-hour

Total 280 man-hour

• Step 8) Test Deliverables
• Test Deliverables is a list of all the documents, tools and other components
that has to be developed and maintained in support of the testing effort.
• There are different test deliverables at every phase of the software
development lifecycle.
• Test deliverables are provided before testing phase.
Test plans document.
Test cases documents
Test Design specifications.
• Test deliverables are provided during the testing
Test Scripts
Simulators.
Test Data
Test Traceability Matrix
Error logs and execution logs.
• Test deliverables are provided after the testing cycles is over.
Test Results/reports
Defect Report
Installation/ Test procedures guidelines
Release notes