There are some important areas to be considered while testing a web application. Here is a web testing cheat sheet, which is a kind of checklist of items to remember while testing a website. Even though this includes only main areas, the chance of success or failure depends on the context of testing. However, here is the cheat-sheet for website testing:
- Functionality Testing :
- Links/URL Testing: There are mainly 4 types of links in most websites – Internal links (Test the links that point to the pages of the same website). External links (Test the links that point to external websites.) Mail links (Test if the email links open the default email client with the recipient email ID already filled in the “To” field.) Broken links (Test if any of those links are broken or dead).
- Forms Testing: The web forms should be consistent and should contain all the required input and output controls. Test the integrity of the web forms and the consistency of the variables.
- Validation Testing: To make sure that valid HTML and CSS. Test the different fields for field level validation. Test and validate user inputs like: TextBox inputs, DropDownBox selections, KeyDown, KeyPress, KeyUp etc.
- Test the Error messages: Test all the error messages whether it misguides the end user.
- Testing optional and mandatory fields: Test if the web forms handle the optional and mandatory fields efficiently. Ideally, the application should not allow to proceed unless ALL the mandatory fields are filled and should not restrict from proceeding if any of those optional fields unfilled.
- Database Testing: Testing the database for its integrity becomes essential to make sure the website is able to handle the data processing effectively.
- Cookies Testing: Cookies are small files stored on user machine, mainly login sessions. Tests should cover enabling and disabling the cookies. Similarly test should be done on application security by deleting the cookies. Poor handling of cookies can result in security holes and vulnerabilities that can be taken advantage by malicious users and hackers.
- Client-side Testing: Test the temporary Internet files on the client side system to make sure if any sensitive data (like password, credit card number etc) is being stored in the client system without being encrypted or in an unsecured way.
- Usability Testing : This will include test for navigations, Ease of learning (How intuitive and self-explanatory the site is, Whether instructions are provided clearly and it satisfy the correct meaning), User satisfaction, Web accessibility testing (If all the content and parts of the site are accessible), General appearance (Look and feel), content checking(Whether it follows any standards for content building, spelling mistakes shouldn’t be there, color,fonts and frames etc should follow some standards, Images should be properly sized and placed) and ensure that user help and sitemap is available for the site.
- Interface Testing: The main interfaces are Web server and application server interface, application server and database server interface. So make sure that interaction between these servers is executed properly. If database or web server returns any error message for any query by application server, then application server should catch it and show appropriate error message to the user. Check should be done to find what happens if the connection to web server is reset in between or user interrupts the transaction in between.
- Compatibility Testing: Compatibility testing should be done to ensure that the developed website is compatible with different browsers, different operating systems, mobile browsing, printing options etc.
- Performance Testing: Performance testing should be done to ensure that heavy load will not break the web application. This includes – Load Testing and Stress testing. In web load testing, testing should be done to ensure that, system can sustain in peak load times, site can handle simultaneous user requests, large input data from users, simultaneous connection to db, heavy load on specific pages etc.Web stress testing should be done to break the system by giving stress and to ensure that it is capable of recovering from crashes.
- Security Testing : The primary objective for testing the security of a website is to identify potential vulnerabilities/security holes and to patch/repair them. For example, if the website allows some files to be uploaded, the web server should have proper automated antivirus checking in place to detect and disable any attempt of virus uploading by the client side. Some of the major aspects of web security testing are – Network Scanning.,Vulnerability Scanning,Password Cracking,Log Review,Integrity Checkers,Virus Detection, Testability Testing.
Similarly test by passing internal urls directly into address bar of the browser without login and check whether the pages are opening or not. All transactions, error messages, security breach attempts should be logged in log files somewhere in web server.