A Complete Web Application Testing Guide: How To Test A Website
We all have to agree that in today’s ever-changing and competitive world, the internet has become an integral part of our lives.
Most of us make our decisions by searching the information on the internet these days, hence hosting a website is no longer optional but mandatory for all kind of businesses. It is the first step in becoming and staying relevant in the market.
Just having a website is not enough. An organization is needed to develop a website that is informative, accessible and user-friendly. To maintain all these qualities, the website should be well tested, and this process of testing a website is known as web testing.
What You Will Learn:
- What Is Web Testing?
- Web Testing Checklists
- Types Of Web Testing
- Points to be considered while testing a Website
- Sample test scenarios for testing a web application
- Web Testing FAQs
- Is the website functioning as expected?
- Will the end-user find the website easy to browse?
- Is the website accessible on different devices possessed by end-users?
- Is the website secured enough?
- Is the website performance up to the mark?
- Is the data entered on a website stored accurately and persist across sessions?
- Recommended Reading
What Is Web Testing?
Web testing is a software testing practice to test websites or web applications for potential bugs. It’s a complete testing of web-based applications before making live.
A web-based system needs to be checked completely from end-to-end before it goes live for end users.
By performing website testing, an organization can make sure that the web-based system is functioning properly and can be accepted by real-time users.
The UI design and functionality are the captains of website testing.
Web Testing Checklists
1) Functionality Testing
2) Usability testing
3) Interface testing
4) Compatibility testing
5) Performance testing
6) Security testing
Recommended tools for practicing web testing concepts mentioned in this page:
LoadNinja lets you load test your web application with real browsers at scale, using test scripts that can be replayed immediately after recording, producing actionable browser-based performance data to isolate issues and debug errors in real-time.
LambdaTest is a scalable cloud-based cross-browser testing platform designed to offer all website or web app testing need to cloud infrastructure.
#1) Functionality Testing
Test for – all the links in web pages, database connection, forms used for submitting or getting information from the user in the web pages, Cookie testing, etc.
Check all the links:
- Test the outgoing links from all the pages to the specific domain under test.
- Test all internal links.
- Test links jumping on the same pages.
- Test links used to send email to admin or other users from web pages.
- Test to check if there are any orphan pages.
- Finally, link checking includes, check for broken links in all the above-mentioned links.
Test forms on all pages:
Forms are an integral part of any website. Forms are used for receiving information from users and to interact with them. So what should be checked in these forms?
- First, check all the validations on each field.
- Check for default values of the fields.
- Wrong inputs in the forms to the fields in the forms.
- Options to create forms if any, form delete, view or modify the forms.
Let’s take an example of the search engine project currently I am working on, in this project we have advertiser and affiliate signup steps. Each sign-up step is different but it’s dependent on the other steps.
So sign up flow should get executed correctly. There are different field validations like email Ids, User financial info validations, etc. All these validations should get checked in manual or automated web testing.
Cookies are small files stored on the user machine. These are basically used to maintain the session- mainly the login sessions. Test the application by enabling or disabling the cookies in your browser options.
Test if the cookies are encrypted before writing to the user machine. If you are testing the session cookies (i.e. cookies that expire after the session ends) check for login sessions and user stats after the session ends. Check the effect on application security by deleting the cookies. (I will soon write a separate article on cookie testing as well)
Validate your HTML/CSS:
If you are optimizing your site for Search engines then HTML/CSS validation is the most important one. Mainly validate the site for HTML syntax errors. Check if the site is crawlable to different search engines.
Data consistency is also very important in a web application. Check for data integrity and errors while you edit, delete, modify the forms or do any DB related functionality.
Check if all the database queries are executing correctly, data is retrieved and also updated correctly. More on database testing could be a load on DB, we will address this in web load or performance testing below.
In testing the functionality of the websites the following should be tested:
i. Internal Links
ii. External Links
iii. Mail Links
iv. Broken Links
i. Field validation
ii. Error message for wrong input
iii. Optional and Mandatory fields
Testing will be done on database integrity.
#2) Usability Testing
Usability testing is the process by which the human-computer interaction characteristics of a system are measured, and weaknesses are identified for correction.
• Ease of learning
• Subjective user satisfaction
• General appearance
Test for Navigation:
Navigation means how a user surfs the web pages, different controls like buttons, boxes or how the user uses the links on the pages to surf different pages.
Usability Testing includes the following:
- The website should be easy to use.
- The instructions provided should be very clear.
- Check if the instructions provided are perfect to satisfy its purpose.
- The main menu should be provided on each page.
- It should be consistent enough.
Content should be logical and easy to understand. Check for spelling errors. The usage of dark colors annoys the users and should not be used in the site theme.
You can follow some standard colors that are used for web pages and content building. These are the commonly accepted standards like what I mentioned above about annoying colors, fonts, frames, etc.
Content should be meaningful. All the anchor text links should be working properly. Images should be placed properly with proper sizes.
These are some of the basic important standards that should be followed in web development. Your task is to validate all for UI testing.
Other user information for user help:
Like the search option, the sitemap also helps files, etc. The sitemap should be present with all the links on websites with a proper tree view of navigation. Check for all links on the sitemap.
“Search in the site” option will help users to find content pages that they are looking for easily and quickly. These are all optional items and if present they should be validated.
#3) Interface Testing
In web testing, the server-side interface should be tested. This is done by verifying that communication is done properly. Compatibility of the server with software, hardware, network, and the database should be tested.
The main interfaces are:
- Web server and application server interface
- Application server and Database server interface.
Check if all the interactions between these servers are executed and errors are handled properly. If the database or web server returns an error message for any query by application server then the application server should catch and display these error messages appropriately to the users.
Check what happens if the user interrupts any transaction in-between? Check what happens if the connection to the webserver is reset in between?
#4) Compatibility Testing
The compatibility of your website is a very important testing aspect. See which compatibility test to be executed:
- Browser compatibility
- Operating system compatibility
- Mobile browsing
- Printing options
In my web-testing career, I have experienced this as the most influencing part of website testing.
Some applications are very dependent on browsers. Different browsers have different configurations and settings that your web page should be compatible with.
Your website coding should be a cross-browser platform compatible. If you are using java scripts or AJAX calls for UI functionality, performing security checks or validations then give more stress on browser compatibility testing of your web application.
Test web application on different browsers like Internet Explorer, Firefox, Netscape Navigator, AOL, Safari, Opera browsers with different versions.
Some functionality in your web application is that it may not be compatible with all operating systems. All new technologies used in web development like graphic designs, interface calls like different API’s may not be available in all Operating Systems.
Hence test your web application on different operating systems like Windows, Unix, MAC, Linux, Solaris with different OS flavors.
We are in the new technology era. So in future Mobile browsing will rock. Test your web pages on mobile browsers. Compatibility issues may be there on mobile devices as well.
If you are giving page-printing options then make sure fonts, page alignment, page graphics, etc., are getting printed properly. Pages should fit the paper size or as per the size mentioned in the printing option.
#5) Performance Testing
The web application should sustain to heavy load. Web performance testing should include:
- Web Load Testing
- Web Stress Testing
Test application performance on different internet connection speeds.
Web Load Testing: You need to test if many users are accessing or requesting the same page. Can the system sustain in peak load times? The site should handle many simultaneous user requests, large input data from users, simultaneous connection to DB, heavy load on specific pages, etc.
Web Stress Testing: Generally stress means stretching the system beyond its specified limits. Web stress testing is performed to break the site by giving stress and it’s checked as to how the system reacts to stress and how it recovers from crashes. Stress is generally given on input fields, login and sign up areas.
In web performance, testing website functionality on different operating systems and different hardware platforms is checked for software and hardware memory leakage errors.
Performance testing can be applied to understand the web site’s scalability or to benchmark the performance in the environment of third-party products such as servers and middleware for potential purchase.
Tested on various networks like Dial-Up, ISDN, etc.
i. What is the no. of users per time?
ii. Check for peak loads and how the system behaves
iii. A large amount of data accessed by the user
i. Continuous Load
ii. Performance of memory, CPU, file handling, etc..
#6) Security Testing
Following are some of the test cases for web security testing:
- Test by pasting the internal URL directly into the browser address bar without login. Internal pages should not open.
- If you are logged in using username and password and browsing internal pages then try changing URL options directly. I.e. If you are checking some publisher site statistics with publisher site ID= 123. Try directly changing the URL site ID parameter to different site ID which is not related to the logged-in user. Access should be denied for this user to view other’s stats.
- Try some invalid inputs in input fields like login username, password, input text boxes, etc. Check the system’s reaction to all invalid inputs.
- Web directories or files should not be accessible directly unless they are given download option.
- Test the CAPTCHA for automating script logins.
- Test if SSL is used for security measures. If it is used, the proper message should get displayed when users switch from non-secure HTTP:// pages to secure HTTPS:// pages and vice versa.
- All transactions, error messages, security breach attempts should get logged in log files somewhere on the webserver.
The primary reason for testing the security of a web is to identify potential vulnerabilities and subsequently repair them.
- Network Scanning
- Vulnerability Scanning
- Password Cracking
- Log Review
- Integrity Checkers
- Virus Detection
Types Of Web Testing
A website is classified into many types, it is about 20 types. All these are shrinking under static and dynamic type. Among them let’s discuss 4 types and its testing methods in a detailed manner. Before that, I just want to bullet those types.
- Simple static website testing
- Dynamic web application testing
- E-commerce website testing
- Mobile website testing
#1) Simple Static Website
A simple static website will display the same content for all visitors who are visiting the website at different times. It is also known as an informational website. In a static website, the only developer can do changes that too in code only. This type of website will not have any major functionalities and it purely depends on UI design.
Testing a simple static website is very easy, you have to consider only a few things while testing. Some of them are mentioned below:
Points to Remember:
#1) Testing the GUI design is a must because a static website purely depends on it. You need to compare the approved PSD files with web page developed. Check all the elements in the design should present on the developed page.
#2) The other part of GUI design is to check the font size, font style, spacing, and color everything has been reproduced.
[This image explains the spacing alignment issue in the desktop view of a website.]
#3) Secondly, you need to check the links (page links) whether it is properly working or not? And also find, is there any broken link?
#4) Verify the spelling and content in all web pages by comparing the content given by the client.
#5) In some cases image will not display properly, it may break or sometimes images gets duplicated, wrong images may display. It has to be checked keenly. Because for a static website, only content and images will give lives.
#6) Check the scroll bar carefully, in my experience, I have faced issues with the scrollbar. The issue you will face is unwanted scrolling appears or scroll gets hidden (it may hide the contents). The above issues are applicable to both horizontal and vertical scrolls.
#7) If there is a contact form check it is working properly by sending some dummy messages.
Things to check in the contact form are:
- Whether the message is sending properly and a success message appears?
- Check the email received to the concerned person in the proper format as designed?
- Check email should not land in spam as junk mail?
- If there is a reply email trigger is activated then check whether the sender received mail?
#8) Check whether it is an error-free web page, validate it with W3 validator or other related software.
#9) Some constant things to be checked in a static website,
- Check favicon is present on the tab bar
- URL should contain the correct page title
- If copyright information is there, it should be displayed
- If there is a contact form, Captcha is a must. [It prevents junk email]
- Check the loading speed of the website. [A static website should not take much time for loading]. If a gif image is used while loading then track its functionality
Apart from these, there are huge things that have to be tested at the backend of every website that is system testing, security testing, interface testing, compatibility testing, and performance testing, etc. For this, you need to have technical knowledge. In a simple static website, you will not find more functionalities if there you need to do functionality testing too.
#2) Dynamic Web Application [CMS Website]
It is the type where the user can update and change their website content regularly. From here I am going to use the word “web application testing” instead of dynamic website testing. The web application is a combination of front-end and back-end programming.
Testing a web application is not easy than testing a static website but not much difficult than testing an e-commerce website. Functionality testing is the most important thing to be performed while testing a web application. The web application may contain much-complicated functionality so tester needs to be very careful while testing.
There are two different types of web applications are there, one is no action will be carried out by the user in front-end (i.e. only back-end changes will reflect in front-end) the other is end-user will work in front-end itself (for example login, signup, newsletter subscription, and other similar actions). So testing should be done according to it.
Points to Remember:
The points which I mentioned in static website testing are to be included while testing a web application also. In addition to that, the following things are to be noted.
#1) In GUI section, tooltip is compulsory for all fields and buttons, field alignment (spacing) should be done properly, disabled field/ buttons should be greyed out, fields/ buttons should be in standard format as in SRS, error message should be displayed if something goes wrong, pop-up message should only display at the center of the web page, drop-down menu should not be truncated.
Tab shortcut key should work in all fields and more.
#2) In functionality section, if your web application is having login or sign up functionality then check the mandatory field validation, form validation (i.e. number fields should accept only numbers, not alphabets ), character restriction on fields (i.e. only these many characters can be entered).
#3) When coming to back-end functionality section, test image uploading for broken images, text entering in the fields is working or not. Back-end update should reflect on front-end, database testing (i.e. whether you can add new fields or deleting unwanted fields) all these things are to be performed.
Performance is not much necessary for a web application (dynamic website) since it has very less content. If you need you can do with the tools with which you are familiar. Pick-up some standard online performance tool, if you want to do simple performance testing.
#3) E-commerce Website
An e-commerce website is somewhat complicated when compared to the above two. The tester needs to be very cautious while testing an e-commerce site. There are huge things to be checked in e-commerce sites out of them I just cover some of my experienced issues on e-commerce website testing.
In the GUI section, you need to check all the features as in SRS and the same with the functionality. The functionality will be almost the same for all commercial websites.
Functionality-wise you need to check all pages such as the main page (includes featured products, special offers display, log in details, search functionality) product detail page, category page, placing an order, payment gateway everything has to be tested.
Points to Remember:
#1) Check if the shopping cart is getting updated when you buy or increase the quantity. Check this functionality in all the pages and circumstances.
#2) Check if special coupons and offers are applied to correct orders and you see the discounted price is displaying or not.
[This image explains about free shipping and how it is applied in the payment section]
#3) Sometimes while updating a single product it will get multiplied by considering the number of variations in the product. So check whether the single product is displayed and its variations are displayed correctly. (I faced this problem)
#4) Check if the filter option whether is working exactly. If filtering is been done, based on the category & pricing chosen?
#5) While sign up, super validation should be done. Only the new user can sign up.
#6) If an existing user, added a product to the shopping basket, the wishlist section during their previous login should be saved and displayed during the next login too.
#7) Compare products should work by comparing the products based on some specifications assigned in the back-end.
#8) Check whether the Currency converter is working fine. Based on the country chosen the currency converter should display the relevant price and tax rates.
[On choosing the language Currency will be converted, here USD is meant to be default]
#9) Generally many Plug-ins are used in an e-commerce (WordPress & similar) website, you need to be very careful. The plug-in installation may conflict or affect any other major functionality. So follow up with the plug-ins installation and its usage.
#10) Check whether the social sharing option is working on the individual product or not.
#11) Shipping cost should be generated based on the region selected. And also check the tax rate generation. (It may cause some legal problems, during the end-users purchase).
[In this image Shipping and the tax rate is calculated for France region]
#12) Payment gateway should work only if valid card details are given. Validation should apply to the Card number and CCV code number. [It is better to keep validation on the card number field itself].
#13) Email generation on each and every process during purchase should happen (sign up, product ordering, payment successful, order canceled, order received and other email triggers if any).
#14) Check the live chat with some dumpy emails.
Note: Generally E-commerce website will not be developed for mobile compatibility and when coming to the mobile version an app will be generated. In some cases, they will not create an app instead a mobile compatible website will be created. In such cases, you need to check carefully to know if there any missing functionality and UI deviation.
These are some of the issues which I faced and noted while testing an E-commerce website. Apart from this, you need to check all the general things related to an e-commerce website.
#4) Mobile Website
First of all, let’s be clear about a mobile website. Generally people think both a mobile website and mobile application to be the same, but in reality, a mobile website is developed with HTML pages and can be viewed only with an internet connection.
But the mobile app is nothing but an application that can be downloaded and used later without an internet connection. Here many of us get confused and raise a question What is the difference between mobile website & responsive website?
A responsive website means making the content fit into the mobile device size instead of creating a version whereas a mobile website is creating a new version that is not a reflection desktop version. In the mobile website, you will have only limited pages, and unwanted functionalities are removed here.
Testing a mobile website is somewhat tedious rather than other types of websites. It will have separate designs and you need to be careful while testing the functionalities.
Points to Remember:
Important points to consider while testing a mobile website:
- Usually, we will use an emulator for testing a mobile website and we can get ideal results but I always prefer you to test on real devices. I have faced many issues when I tested in real devices [Especially apple devices]. Real device specifications may conflict with the web pages developed.
[This image explains about simulator testing and the backline issue appearing in it.]
- GUI & usability testing are more important as it is not the reflection of the desktop version.
- Performance is another important factor to be considered for mobile website testing. Performance-related issues can be tracked when you test in the real devices.
- Check whether browsing normal web links from mobile is getting triggered by a mobile link.
- Check page scrolling, page navigation, text truncation, etc on the mobile website.
Best Web Testing Tools
There is a wide range of testing tools that are available for web app testing.
=> Check this comprehensive list of Most Popular Web Application Testing Tools.
Points to be considered while testing a Website
The websites are essentially client/server applications – with web servers and ‘browser’ clients.
Additionally, there are a wide variety of servers and browsers with various versions of each. They include small but sometimes significant differences between them in terms of variations in connection speeds, rapidly changing technologies, and multiple standards & protocols. The end result of which testing for websites can become a major ongoing effort.
Sample test scenarios for testing a web application
Few other considerations to be included while testing a website are given below.
- What is the expected load on the server (e.g., number of hits per unit time)?
- What kind of performance is required under each load condition (such as web server response time, database query response times)?
- What kind of tools will be required for performance testing (such as web load testing tools, other tools already in-house that can be adapted, web robot downloading tools, etc.)?
- Who is the target audience? What kind of browsers will they be using? What kind of connection speeds will they be using? Are they intra-organizations (thus likely with high connection speeds and similar browsers) or Internet-wide (thus with a wide variety of connection speeds and browser types)?
- What kind of performance is expected from the client-side (e.g., how fast should pages appear, how fast should animations, applets, etc. load and run)?
- Will the downtime for server and content maintenance/upgrades be allowed? If so, then how much?
- What kind of security (firewalls, encryption, passwords, etc.) will be required and what is it expected to do? How can it be tested?
- How reliable are the site’s Internet connections required to be? And how does that affect the backup system or redundant connection requirements and testing?
- What process will be required to manage updates to the web site’s content?
- What are the requirements for maintaining, tracking, and controlling page content, graphics, links, etc.?
- Which HTML specification will be adhered to? How strictly? What variations will be allowed for targeted browsers?
- Will there be any standard requirements for page appearance and/or graphics throughout a site or parts of a site??
- How will internal and external links be validated and updated? And how often? will it happen?
- Can testing be done on the production system, or will a separate test system be required?
- How are browser caching, variations in browser option settings, dial-up connection variability, and real-world internet ‘traffic congestion’ problems to be accounted for testing?
- How extensive or customized are the server logging and reporting requirements; are they considered as an integral part of the system and do they require testing?
- Pages should be 3-5 screens max unless the content is highly focused on a single topic. If larger, provide internal links within the page.
- The page layouts and design elements should be consistent throughout a site so that it’s clear to the user that they are still on a site.
- Pages should be as browser-independent as possible, or pages should be provided or generated based on the browser type.
- All pages should have links external to the page; there should be no dead-end pages.
- The page owner, revision date, and a link to a contact person or organization should be included on each page.
Web Testing FAQs
Below mentioned should be the various questions coming to a tester’s mind while thinking of a website that is already developed and can be exposed to the public:
- Is the website functioning as expected?
- Will the end-user find the website easy to browse?
- Is the website accessible on different devices possessed by end-users?
- Is the website secured enough?
- Is the website performance up to the mark?
- Is the data entered on a website stored accurately and persist across sessions?
- Is the website integrated well with other interfaces in the workflow?
- Will the website perform as expected even after going live?
To answer these questions, different testing techniques have been identified that can be used to test a web application.
Let’s take an example of an e-commerce website that has been recently released to the QA team for testing.
We’ll go through each one of the above-specified questions in detail to understand the scope of the test and see how website testing can be performed.
Is the website functioning as expected?
confirm that the website is functioning well, QA needs to perform functional testing. During functional testing, different features of an application need to be validated against the requirements mentioned in the functional specification document.
Below are a few generic scenarios, a QA is expected to cover while performing functional testing of any website even if they are not mentioned in functional specifications:
- User navigation to different pages of the website and completing the end-to-end workflow
- If the user can select/deselect checkboxes
- If the user can select values from Dropdown fields
- If the user can select/deselect Radio buttons
- Different navigation buttons like Submit, Next, Upload etc. buttons are working well
- Calendars are loading properly and allowing the user to select a date
- Calculations are happening as implemented
- Search functionality is working if any
- Correct Information display
- Various internal & external links to other pages
- Correct Tab Order of the fields on web pages
- Mandatory and Optional fields should be verified for the positive and negative inputs
- Default values for each web field should be verified
- Email functionality is implemented for some action on the website
It’s important for websites to be compatible with search engines. Hence we should review websites for HTML syntax correctness, format & compliance standards like WS-I, ISO & ECMA.
Considering cookies, which are used to maintain login sessions, the website should be tested by enabling/disabling cookies or by using the mismatched domain. Testing can also be performed across sessions by resetting cookies to bring browsers back to the vanilla state.
QA should also validate that website cookies are always stored locally in an encrypted format.
Considering our e-commerce website, various links like Men’s Fashion, Women’s Fashion, Kid’s Fashion, Home Accessories, Electronic Appliances, Books, Movies & Music, etc. available on a web page should be clicked on and verified if the user navigates to the expected page.
Similarly, different functionalities like Login, Signup, Search Option, Filters, Sort Order, Add to Cart, etc. should be verified on different web pages like Login Page, Sign up Page, Product Details Page, Shopping Cart, Order Review, Payment, etc. The website should be checked for session/cookie management like session expiration and session storage etc.
Will the end-user find the website easy to browse?
Usability testing has to be performed to measure the website’s ease of use for an end-user in the context of accessibility, searchability, and usefulness, etc.
Below mentioned are few of the test scenarios that should be verified while performing usability testing for a website:
- Website content should be informative, structured and linked logically so that user can understand easily
- Web page controls should be easy for users to navigate
- The website should have Help & Instruction documents uploaded
- The website should have the Search feature for end-user convenience
- Access to/from the Main menu to all pages should be there
- Website content should be verified for any spelling mistakes
- The website should follow defined guidelines in the context of background color, pattern, style, fonts, image placements, frames, borders, etc.
- The website should be accustomed to the translation feature considering the fact that it can be accessed by users from different nations with different languages, currencies, etc.
An e-commerce website should be customer-friendly, easy-to-navigate and attention-grabbing. All web pages should be verified for accessibility, fonts, styling, images, spelling mistakes and product relevant information. A website should be equipped with relevant help documents and customer support facilities.
Considering the increase in touchscreen-based interfaces we need to validate the accessibility of both key inputs and touch screen inputs. Similarly, images and website content should be validated for usability on different screen sizes (mobiles, laptops, and tabs, etc.).
Is the website accessible on different devices possessed by end-users?
Assuming that our website can be accessed by a range of users with a different set of devices, we need to ensure that the website runs well on all of them without any glitches.
To ensure the same, website compatibility checks should be done which comes with Compatibility Testing. During compatibility testing of a website, it is ensured that the website runs well on different browsers, Operating Systems & Devices like laptops, mobile phones, tablets, printers, etc.
Browsers Compatibility (Cross Browser Testing):
The website should work well with different browsers like Microsoft Internet Explorer, Microsoft Edge, Firefox, Google Chrome, Safari, and Opera. All active versions of these browsers should be verified with different browser features turned ON/OFF.
Also, while performing cross-browser testing, QA should also check for the optimal website performance across browsers.
Operating System Compatibility (Cross Platform Testing):
In order to identify potential user experience issues, a website should be tested on various platforms like Windows, Linux, Unix.MAC, Solaris, etc. so as to be sure of the OS compatibility.
Device Compatibility (Cross-Device Testing):
A website can be browsed through different devices like laptops, mobiles, tablets, etc. with different OS available like iOS, Android, Windows, etc. Hence, testing should be performed on the devices too covering the below scenarios.
- Website screen size should be adjustable as per the device
- A device should be screen rotation featured
- The website should not show up any loading issues on different devices with different network speeds
- Verify the website behavior when the device is in/out of network range
- Verify the website behavior on low CPU and Memory to support different form factors
For an e-commerce website, the compatibility check is one of the most important testing types. The customer base will be large and will access our website from different browsers, operating systems & devices.
Considering mobile platforms are becoming popular, we should ensure website load on small form factor under acceptable load time. It is also important to validate the use of different network speed to ensure it is usable for all customers.
Is the website secured enough?
Security testing is performed to uncover vulnerabilities in a system and ensure a website is secured.
Below is the checklist that can be verified while performing security testing:
- The website should be accessible to only authenticated users
- Website users should be able to perform only those tasks for which they are authorized
- The website should be verified for CAPTCHA fields for user identification
- Browser security settings should be verified while moving from secure to insecure pages
- Web Server protection should be there for inaccessible web directories or files
- Ensure restricted files should not download without appropriate access
- Sessions which got inactive should automatically get killed after a certain period of time
- All invalid and unauthorized attempts by end-users or intermittent system errors/failures should get logged for analysis purpose
As a part of security testing, an e-commerce website should be validated for
- Website Access Controls.
- Any leakage of user personal info.
- Secured Payment Methods.
Is the website performance up to the mark?
To check the performance of a website, performance testing can be done. It will evaluate the behavior of an application under a variety of workload conditions which could be a realistic scenario. If the system goes live without conducting performance tests, it may end up with issues like a slow running system or poor usability which likely will affect the brand image as well as market sales.
A website can be tested against load & stress.
Below given is the checklist for web performance testing:
- Website behavior should be observed under normal and peak load conditions
- Website’s performance should be examined by measuring response time, speed, scalability and resource utilization
- Proper RCA (root cause analysis) should be done with a solution if a system breaks down or gets unstable at any point in time
- Network latency issues should be identified if any
An e-commerce website should be tested thoroughly using a set of simulated users during normal as well as peak load conditions which can be during ‘Sale Season’.
During the sale, users accessing the website would multiply. Also, website behavior should be examined while multiple concurrent users accessing the same items or performing the same actions (like transactions or placing orders) on the website.
There are various tools available in the market for performance testing. Few of them are LoadRunner, WinRunner, Silk Performer, JMeter, etc.
Is the data entered on a website stored accurately and persist across sessions?
The database is one of the critical components of a web application that holds the complete information entered through a website. Hence, to make sure that correct user data is getting saved in database tables without any manipulations and to maintain data integrity below verifications should be performed.
- Verify data consistency across user interface i.e. Website UI and Database
- Verify that DB tables are updating properly whenever insert/update/delete actions are performed by a website application
- Verify the response time of technical queries and fine-tune them if required
- Check for DB connectivity and access permissions
As a QA team member testing e-commerce website, you can perform below activities and validate the changes each time in the corresponding database tables. This will make sure that website UI and DB, both are consistent.
1) Placing an Order for a product.
2) Canceling Product.
3) Opt to Exchange Product.
4) Opt to Return Product.
Is the website integrated well with other interfaces in the workflow?
Interface level testing is performed to check on the smooth interaction of the website with different interfaces like Web Server & Database Server.
During interface testing, the tester needs to make sure if the application requests are being sent properly to the database and correct information is displayed to the client as output. A webserver should not throw any denial exceptions at any point in time and the database should always stay in sync with the application.
Will the website perform as expected even after going live?
Once a product moves into a production environment, the regular inspection should be done to keep a check on quality control.
Below scenarios can be considered while verifying product in production:
- Web application tests should be executed periodically and test logs should be saved as proof of Service Level Agreement (SLA) compliant
- Auto-scaling systems and load balancers should be checked if in place and functioning
- Keep a check the end-user experiences and try to uncover defects or malicious attacks which typically goes unnoticed during QA testing
- Monitor the product response time during peak loads
- Execute edge level test cases in real-time to identify network failures, connection failures or interruption by an unexpected call
I have drafted this detailed tutorial with my years of experience testing the different websites.
Hope this article helps you understand the different facets of web application testing. Next time when you sit to write a test plan for your website do remember to validate various aspects beyond the functionality of the website.
Hope this article would have been an informative one to you!