How to Choose the Right Flow when testing Web App
Web apps are enormous. Some of them bring a huge amount of money for their creators. Or they fail on the market. There are several reasons why an application may not give the expected profit of a commercial success. One of those - the absence of quality.
Everyone needs a good plan in order for everything to work perfectly. Web App Testing is no exception. There are steps that correspond to the right flow of testing:
Plan ahead. Do you have testing requirements. What should I do with them? You analyze. Try to understand web application that you are testing. Make sure you have shared the work with the team and everybody knows his part from memory. Develop a test plan and strategies. How will do you report a bug? Where will be saved all the bug-reports? How the assigning tasks process will go? Make sure you have some ready test cases. Collect as much data as possible about all aspects of the application. And what about cross-browsing testing or on different platforms? Are all here to be prepared? You should answer on these questions before you make your first steps with the actual test of application. And never forget the requirements during the testing process. Your test engineers are individuals. Make sure they get corresponding tasks.
Make yourself a good and comfortable test environment, which is different from that used developers. Try to make this environment more similar to the production environment as possible.
Now about a functional testing. These are the tests based on requirements of business applications. It is called Black Box testing. On this stage the verification of the application function is performed. Main tools in the test of functionality are test cases. Processes like database, configuration, compatibility and right flow are important things of the testing. So, you will ensure proper testing of the conditions of boundaries and equivalence classes.
Testing the interface is the next step. It is also of paramount importance. The actual software consisting of images, commands, sets of messages, and any other features which allow a data exchange between the user and the device these all things called interface. It means the correct connection between the individual components. If it is a cross-platform application there is a high probability that it would have problems with the user interface when performing test on a variety of platforms. In test user interface mostly uses GUI.
Usability testing - a testing a convenience of interface product. Usability testing shows how the product meets the expectations of users, identifies problem areas in an interface gives you the opportunity to look at the product through the eyes of users. Usability testing can be carried out at various stages of product development. However, recommend that you start to test it at the early stages of the development of interfaces, even before their implementation in software code. This allows to insert the necessary adjustments and make the interface user-friendly. The earlier you make changes to the interface, the easier, faster, and therefore cheaper it will be.
Testing web app security is an important part of testing that allows to determine vulnerabilities of application. There are two types of security testing, dynamic and static. The dynamic type - checking the application in order to see if everything works as planned. In the static part of your work with the code in order to find it's weaknesses. Here is a basic list of what to check:
Search server component vulnerabilities;
Search for vulnerabilities in Web server environment;
Check for the remote execution of arbitrary code;
Check for code injection;
Attempts to bypass authentication Web resource;
Check the web resource for the presence of «XSS» / «CSRF» vulnerabilities;
Attempts to intercept privileged accounts (or sessions of such accounts);
Attempts Remote File Inclusion / Local File Inclusion;
Search components with known vulnerabilities;
Check for redirecting to other sites and redirects;
Scan directories and files, using brute force and «google hack»;
Analysis of search forms, registration forms, login forms, etc.;
Checks resource for the possibility to obtaining confidential and sensitive information;
Attack class «race condition»;
Implementation of XML-entities;
Selection of passwords.
User Acceptance Testing. Generally it is ascertain that users will be happy with your web application. Make certain that: the browser capabilities are certified; all required data fields are provided with the corresponding data in the forms; everything works fine with the appropriate control over the feeding of data; the width of the fields and timeouts correspond to requirements. It's nice that not all work is to be done with the help of test engineers. Alpha testing is performed by developers in their environment, so after alpha testing is performed the beta testing.