Functional Testing (Regression, Integration, Smoke Testing)
Test Web pages for correct function, formatting, cookies, and data validation. Functional testing is ideal to accomplish smoke testing, regression testing, and integration testing.
- Test links to a page from external pages
- Test all links on a page for correct operation
- Test links to anchors on the same page
- Test email mail-to links Identify orphan pages – pages that are not linked from other pages
Test Web forms on the page
- Check the field validation logic for each field Check default values for each field
- Check that password fields do not show the password contents
- Negative test invalid input values for each field
- Validate the response to a form submit
Session and Cookie Management Testing
- Check application log-in sessions by enabling and disabling cookies
- Negative test cookies by using a mismatching domain
- Check that session cookies reset between browser sessions
- Check application security by selectively deleting cookies while a test operates
Validate Cascading Style Sheet (CSS) tags
- Identify CSS tags that return 404 or other CSS load errors
- Identify HTML id, class, and name attributes that do not match any CSS tags
- Identify Script tags that return 404 or other load errors
- Identify id, name, on… attributes that do not match any Script tag
Dynamic content testing (aka Database testing)
- Check data consistency in database-driven Web forms
- Check create, edit, delete, update (CRUD) tasks
- Verify data retrieval delivers the correct data
- Identify database connectivity and query errors
Performed to verify the server response time and throughput under various load conditions.
Linear scalability – where an application’s performance does not vary as the number of users increases – is the Holy Grail of Web application testing. Load testing identifies a Scalability Index for your Web application performance.
- Check server response to browser form submit requests
- Identify performance changes over a period of time
- Test for functions that stop working at higher levels of user load
- Identify the network latency problems on Web application function
- Determine how the application responds under high levels of load
- Identify portions of the Web application that fail under high levels of load
- Identify application function after a system crash or component failure
- Identify forms and links that operate differently under high levels of load
Soak Testing also known as endurance testing, is performed to determine the system parameters under continuous expected load. During soak tests the parameters such as memory utilization is monitored to detect memory leaks or other performance issues. The main aim is to discover the system’s performance under sustained use.
Spike testing is performed by increasing the number of users suddenly by a very large amount and measuring the performance of the system. The main aim is to determine whether the system will be able to sustain the work load.
Application Security Testing
Protect Web application data and maintain functionality as designed. Performed to verify if the application is secured on web as data theft and unauthorized access are more common issues and below are some of the techniques to verify the security level of the system.
- Broken Authentication and Session Management
- Cross-Site Scripting (XSS)
- Insecure Direct Object References
- Security misconfiguration
- Sensitive Data Exposure
- Missing Function Level Access Control
- Cross-Site Request Forgery (CSRF)
- Using Components with Known Vulnerabilities
- Invalidated Redirects and Forwards
The design and presentation of an application has a large impact on the success your users will have in using the Web application.
Test For Navigation
- Check for the user to have apparent and easy controls to move from page to page.
- Test the flow of a Web application by observing how the user accomplishes their goals
- Check that the user can find instructions should they not intuitively know how to operate a function
- Test that common navigation objects appear on every page consistently
- Test search functions for proper application functions
- Test that content is logically arranged and easy for users to understand
- Check for spelling errors
- Check that pages adheres to color and pattern style guidelines, including fonts, frames, and borders
- Check that images load correctly and with proper sizes
Vulnerability Analysis and Penetration Testing
Vulnerability Assessment and Penetration Testing provides enterprises with a more comprehensive application evaluation than any single test alone. Using the Vulnerability Assessment and Penetration Testing approach gives an organization a more detailed view of the threats facing its applications, enabling the business to better protect its systems and data from malicious attacks. Vulnerabilities can be found in applications from third-party vendors and internally made software, but most of these flaws are easily fixed once found. This testing enables IT security teams to focus on mitigating critical vulnerabilities while the VAPT provider continues to discover and classify vulnerabilities.
Portability testing is a type of testing in which Software application is installed from one environment to other, may be from one platform to another platform with different hardware and software configuration. The whole purpose is to check whether application is able to run and can be deployed in different applicable environment, in order to satisfy business needs of the customer. If we see in terms of software application, running the whole application is also important to check whether whole of the application functionality is running in different environment. Apart from running the functionality of the application manually, it is also required sometimes to run automation testing suite to check if the application functionality is working fine in different environments.
Interoperability is a technique how an application interacts with another application. So when we do the Interoperability testing, we check how the data from 1 application is transferred into another application without prior intimation, in a meaningful manner, and further processed to give the accepted output.
Accessibility Testing is a subset of usability testing, and it is performed to ensure that the application being tested is usable by people with disabilities like hearing, color blindness, old age and other disadvantaged groups.
People with disabilities use assistive technology which helps them in operating a software product.
Speech Recognition Software – It will convert the spoken word to text , which serves as input to the computer.
Screen reader software – Used to read out the text that is displayed on the screen
Screen Magnification Software – Used to enlarge the monitor and make reading easy for vision-impaired users.
Configuration and Compatibility Testing
Differences in Web browsers, operating environments, and hardware devices impact the correct operation of your Web application.
Test your Web application for correct function on several browsers, including Firefox, IE, Chrome, Opera, and Safari. Ideally your Web application handles browser differences elegantly.
Check application function with a variety of browser security profile settings
Check browser rendering of your application’s user interface
Check the browser’s security settings for cross domain access and hacks
Verify consistent application function across multiple versions of a browser
Operating Environment Compatibility
Check application user interface rendering on OS windowing systems
Check desktop integration functions, including drag-and-drop and file selection
Test your web application on different operating systems, including Windows, Unix, MAC, Linux, and Solaris
Mobile Device Compatibility
Check application compatibility with device services, including location and dialing services
Check user interface rendering on mobile device screen sizes, including screen rotation
Verify correct application operation when device is in and out of range of network services
Code review is an examination of computer source code. It is intended to find and fix mistakes introduced into an application in the development phase, improving both the overall quality of software and the developers’ skills.
A Code Review of web application is a line-by-line source code audit looking for implementation errors and evaluating secure coding practices. It not only examines every line of source code for implementation-level issues but also allows to detect all possible existing vulnerabilities in web applications. Code review process allows to identify vulnerabilities that are hard to detect with any other methodology such as, black-box Web Application Penetration Testing. IT Matrix experts have sound knowledge of programming languages and an advanced knowledge on computer information security, which would enable them to make this service effective and comprehensive.
Website testing is combination of all above mentioned points, also GIGW guidelines, IT Policy of client Organization are followed while doing website testing.
Types of Testing
Scope of Testing
|Type of Testing||Scope||Test Tools|
|Functional Testing||100% requirements coverage||Manual / Tools|
|Performance Testing||Load, Scalability and Endurance tests||Manual / Tools|
|Application Security Testing||Securing Application||Manual / Tools|
|Usability Testing||100% User friendly website/app||Manual / Tools|
|Code Review||Secure and Updated||Manual / Tools|
|Vulnerability Analysis and Penetration Testing||Making app Secure||Manual / Tools|
|Portability Testing||Manual / Tools|
|Interoperability Testing||Manual / Tools|
|Accessibility Testing||100% Accessible and readable||Manual / Tools|
|Configuration and Compatibility Testing||100% requirements coverage||Manual / Tools|
|Website Testing||100% requirements coverage||Manual / Tools|