Online presence for organizations is a major factor for success especially having a website that is functionally business-critical. (Hello amazon.com) So how do these organizations make sure their websites are stable and secure?
Aside from the processes in place and the usual tests, these are some tests that should be considered when testing web applications.
Browser Compatibility (including Mobile Browsers)
This is very important especially when the application is customer-facing and is performing business-critical functions. What is tested in Internet Browser should be tested in other browsers (i.e. Chrome, Firefox, Opera, mobile browsers, etc…) because surely you cannot dictate what the customer should use in accessing your website. Plus a web application working in most browsers would cater to a wider set of customer profiles translating to a much higher visitor count (this could be an important metric internally).
Performance, Load, Stress Testing
Performance testing is evaluating the degree to which the application is able to accomplish a function in terms of processing time and throughput. This could also be used to establish benchmarks for future testing references.
Load testing is evaluating the system’s behavior with increasing load over time to determine how much load can be handled. This could also be used to establish a load benchmark.
Stress testing is evaluating the system’s behavior beyond the limits of anticipated workloads.
These three tests essentially test the web application’s performance with regards to the number of users accessing it, the number of transactions processed in a specified period, the system’s ability to normalize coming from an abnormally high workload.
SQL Injection, XSS Scripting, and URL Manipulation (on top of Authorization & Authentication)
These tests basically evaluate how the application handles scripts/code/special characters when entered via the user interface and/or the URL, what security features are set-up to handle these inputs.
Test for Cookies!
Cookies are usually offline files that store data that are browser and application specific. This kind of test would evaluate how the application stores and retrieves cookies, how it behaves when the cookies are manipulated externally, how the cookies contribute to the application functionality and performance.
Organizations have processes (proven at that) in place that incorporate these subset of tests. But in any case, these are tests that I think are basic but very much important in the drive for website stability and security thus making their online presence to be a hard & positive impression.
This post does not in anyway represent the views of my employer and was written with the objective of knowledge-sharing and does not intend any infringement of existing intellectual properties.
Foundations of Software Testing – Rex Black
ISTQB.org CTFL Syllabus and Glossary
“Software Testing Help” http://www.softwaretestinghelp.com/category/web-testing/