Monthly Archives: February 2011

Web application penetration testing VS vulnerability assessment

What is vulnerability assessment?

According to Wikipedia, "A vulnerability Assessment is the process of identifying, quantifying, and prioritizing (or ranking) the vulnerabilities in a system." In short, it involves anything to determine if there is a weakness or vulnerability in the system subjected to the assessment, then report on it. For application testing, you would throw some test input at the application or try a number of test cases and see if it is vulnerable to any of the vulnerabilities you are testing for.

In general real world terms, the tester for a VA (vulnerability assessment) is expected to perform the reconnaissance phase which allows the tester to understand the application well enough and determine if there are any short cuts to compromising the system. Also, gathering enough data about the application (such as platform it is running on or what other virtual hosts are running) to allow later testing phases.

Then, the tester is expected to map out the application and understand the application flow and relationship between objects in the application. Some of the vulnerabilities such as business logic flaws may also be revealed at this phase. Following mapping is the discovery of vulnerabilities, for input related flaws it might involve automated tools and manual validation test. There are also various other test cases that need to be manually test, especially on the session related and access controls related flaws that are not easily automated.

In general, testers follow a common testing framework such as the OWASP Testing Guide, to ensure sufficient coverage of vulnerabilities during the process. After the discovery, the vulnerabilities are evaluated and usually manually verified again. Then a risk rating is given to each vulnerability to be included in a report.

Running a vulnerability scanner against a web application is a form of vulnerability assessment. It is also a form of assessment that is not very complete or thorough, in general, an automated scanner covers about 50-70% of the vulnerabilities in a given application.

What is penetration testing?

Penetration testing or "pentesting" includes all of the process in vulnerability assessment plus an important extra step, which is to exploit the vulnerabilities found in the discovery phase. You may ask, "Just a one step difference?" Pretty much, but this one step could separate the boys from the men. I often tell the students in my pentest class that it is common for a pentester to spend 20% of his/her time locating a single vulnerability and then 80% of the time is spent exploiting that vulnerability. The process of exploitation usually involves a lot of trial and error and may not work the first time. Depending on the type of vulnerability being exploited, some other system general knowledge maybe required to aid the exploitation process.

The better pentesters don’t usually stop at exploiting one single vulnerability. For example, a single CSRF vulnerability can be somewhat limited, bundle that with a XSS vulnerability and you have a much bigger problem at hand. In a lot of cases, an expert pentester can leverage two or three low to medium risk vulnerabilities and turn the result into a critical exposure.

The added benefit of a pentest is able to see the vulnerabilities being put into active exploitation and show the actual maximum effect.Due to the nature of pentesting, the exploitation does not really have any established framework. The exploitation is highly dependent on the skillset of the invidual/team performing the test.

An example to show the difference

Let’s use an example to illustrate the difference. Let’s say the tester is testing for SQL injection and a single quote (‘) is put into all input field. In a particular field, when a quote is put to the field, a SQL error is generated in the resulting page like this, "You have an error in your SQL syntax near ‘\\’0′ at line 1" This is tell-tale sign of error SQL injection. A vulnerability assessment might just do a bit further validation such as trying to dump current user name to validate the vulnerability and then goes into reporting.

A pentest on the other hand would likely be taking a lot more time on this error alone. The pentester would figure out how to tag on extra logic or command structure into the current SQL statement so that the tester can control the SQL database. If possible, the tester will enumerate the database structure and possibly dump the whole database content. If the permission is not set properly, the pentester may also be able to jump into OS command context and start executing commands in the OS. Obviously, all these attacks requires patience and takes a lot of time to succeed.

What’s more popular?

If there is such as difference and pentesting is so much more in demonstration, why don’t we just do pentesting then? Well, there is always a costing difference making pentesting significantly more expensive than a vulnerability assessment. In fact the market is currently leaning towards pentesting; those who are concerned about web app sec are willing to spend the money to get what they think is the best. (cost more, it must be better) In the next few years, as the general public are more educated about security testing for web applications, I am sure the market will adopt both services – vulnerability assessment and penetration testing. Until then, I have to be very careful about listing requirements and looking at quotation for security testing consulting work.

Source:http://software-security.sans.org/blog/2009/05/27/web-application-pentration-testing-vs-vulnerability-assessment/

Did you like this? Share it:

Software Testing Services And Their Goals

Software testing services hold profound significance in the software development life cycle (SDLC). However, a lot depends on who the tester is and the method he/she has resorted to while performing QA services. A dedicated tester must keep the below mentioned goals of Quality Assurance services in mind for effective testing. Lets dig the goals of QA services one by one!

One prime goal of software testing services is verification. Simply finding the errors in the software is not what exactly testing means; in fact, its a QA measure that is used for verifying that the software is functioning as desired, and offers a comprehensive status report reflecting the comparison of actual attributes and functions of software to written requirements. Verification is required for determining if the developed software is befitting all the conditions and fit for its release.

Next comes the important aspect of priority coverage. Since each and every aspect of SDLC cannot be subjected to testing, hence its vital to prioritize the QA needs accordingly. To ensure that the software has a base line utility, youd wish to have every subset of the feature tested with a valid input case. Further to it, youd be testing invalid input and non-functional needs. However under each condition, software must be considered realistically and more common use scenarios must be covered more than rare and special scenarios. With the available time slot in your hand, you must go for wise priority coverage ofr more frequent scenarios.

Let us now talk about traceability. Proof of activities that took place earlier is required as an integral component of the ongoing software development process. This is needed to avoid testing effort getting replicated unnecessarily. This would help you formulate clear test plans, which can be understood easily.

Next is the significant goal, unbiased tests. The documented requirements and user expectations must be in balance with the tests being written. Its the testers job to take into account all written and gunwritten requirements while performing QA services. The tester must take an unbiased approach for wider coverage of the test cases.

Another important goal is to take a deterministic approach, which implies that issues must not be located randomly, and the coverage criteria must entail defects of all priority and nature. Defects occurring late must be noted to be placed under the apt coverage area.

Source:http://technology.ezinemark.com/software-testing-services-and-their-goals-32040d72d34.html

Did you like this? Share it:

Benefits of Software Testing Tools on Java Performance

Just as the use of software eases hectic work schedules, the use of software testing tools too drastically simplify testing, enhance the defect-find rate and hence, achieve a greater-release quality. This is why your java performance can also be effectively tested and controlled with the help of these tools! Additionally, these software testing tools also increase reliability of solutions, ultimately making them more productive as well as efficient from the customer’s standpoint. Today, one can avail of a wide variety of testing tools and each one of them address several testing processing aspects; they can be applied to distinctive types of software, programming languages and testing.  The java performance testing tool is one such helping aid!

On the whole, the different types of testing tools can be categorized on the basis of the testing activity or rather on the process they are utilized in (either in test execution, defect capture, test planning, data comparison, etc). If they are categorized one the basis of the process they are utilized in, the following types emerge:

•    Java- Abbot, Agitator, JUnit, Cactus, Agile Test, TCAT/Java, JCover, etc
•    Functional- CitraTest, GUITAR, WinRunner, Aberro Test, etc
•    Source Code- AQTime, CodeWizard, GlowCode, etc)
•    Bug Tracking Tools- Dragonfly, Perfect Tracker, Footprints, Squinsh, etc)
•    Performance- BugTimer, LoadRunner, XtremeLoad, etc)
•    Database- TurboData, Jumpstart, Datatect, etc)
•    Embedded Software- TestQuest pro, Tessy, Reactis Tester, etc)

What Are The Benefits?

Like the other software testing tools, the java performance testing tool also renders extensive benefits. Firstly, they dramatically enhance the speed of testing process. One can imagine how much time would be consumed while trying a few hundred test cases! On the other hand, automates testing tools as such are designed to run over 100 or even 1000 times faster. Secondly, testing java performance with the help of software testing tools also increases the test coverage by creating larger data sets and combinations. This actually permits testers to reduce their dependence on developer’s support to develop test data!

The utilization of java performance testing tool also eliminates human errors like boredom and carelessness. Trying a couple of cases manually at a stretch to complete them within the timeline can be very boring and inaccurate as well.

Above all, these testing tools predominantly support the testing code in a real environment. They often replace hardware or software which one might have planned to use on products. With this application, a great help is rendered to respond to software issues which might be hard to achieve in a controlled test environment.

Utility Of Testing Tools

Hence, the use of these effective testing tools to test, for instance java performance, lies in their features and usability which have also in turn improved over the years. Moreover, since these tools are easier to comprehend and use, even the inexperienced testers can utilize them.     This ultimately enhances productivity. Thus, one can effectively reduce the cost of software development & testing, reduce the time invested, improve upon the software performance and conformance to specifications!

Source:http://www.tech-seeker.com/blog/benefits-of-software-testing-tools-on-java-performance/

Did you like this? Share it:

Software Testing – Black Box Testing Strategy

Black Box Testing is not a type of testing; it instead is a testing strategy, which does not need any knowledge of internal design or code etc. As the name “black box” suggests, no knowledge of internal logic or code structure is required. The types of testing under this strategy are totally based/focused on the testing for requirements and functionality of the work product/software application. Black box testing is sometimes also called as “Opaque Testing”, “Functional/Behavioral Testing” and “Closed Box Testing”.
The base of the Black box testing strategy lies in the selection of appropriate data as per functionality and testing it against the functional specifications in order to check for normal and abnormal behavior of the system. Now a days, it is becoming common to route the Testing work to a third party as the developer of the system knows too much of the internal logic and coding of the system, which makes it unfit to test the application by the developer.
In order to implement Black Box Testing Strategy, the tester is needed to be thorough with the requirement specifications of the system and as a user, should know, how the system should behave in response to the particular action.
Various testing types that fall under the Black Box Testing strategy are: functional testing, stress testing, recovery testing, volume testing, User Acceptance Testing (also known as UAT), system testing, Sanity or Smoke testing, load testing, Usability testing, Exploratory testing, ad-hoc testing, alpha testing, beta testing etc.
These testing types are again divided in two groups: a) Testing in which user plays a role of tester and b) User is not required.

Testing method where user is not required:

Functional Testing:
In this type of testing, the software is tested for the functional requirements. The tests are written in order to check if the application behaves as expected.
Stress Testing:
The application is tested against heavy load such as complex numerical values, large number of inputs, large number of queries etc. which checks for the stress/load the applications can withstand.
Load Testing:
The application is tested against heavy loads or inputs such as testing of web sites in order to find out at what point the web-site/application fails or at what point its performance degrades.
Ad-hoc Testing:
This type of testing is done without any formal Test Plan or Test Case creation. Ad-hoc testing helps in deciding the scope and duration of the various other testing and it also helps testers in learning the application prior starting with any other testing.
Exploratory Testing:
This testing is similar to the ad-hoc testing and is done in order to learn/explore the application.
Usability Testing:
This testing is also called as ‘Testing for User-Friendliness’. This testing is done if User Interface of the application stands an important consideration and needs to be specific for the specific type of user.
Smoke Testing:
This type of testing is also called sanity testing and is done in order to check if the application is ready for further major testing and is working properly without failing up to least expected level.
Recovery Testing:
Recovery testing is basically done in order to check how fast and better the application can recover against any type of crash or hardware failure etc. Type or extent of recovery is specified in the requirement specifications.
Volume Testing:
Volume testing is done against the efficiency of the application. Huge amount of data is processed through the application (which is being tested) in order to check the extreme limitations of the system.

Testing where user plays a role/user is required:


User Acceptance Testing:
In this type of testing, the software is handed over to the user in order to find out if the software meets the user expectations and works as it is expected to.
Alpha Testing:
In this type of testing, the users are invited at the development center where they use the application and the developers note every particular input or action carried out by the user. Any type of abnormal behavior of the system is noted and rectified by the developers.
Beta Testing:
In this type of testing, the software is distributed as a beta version to the users and users test the application at their sites. As the users explore the software, in case if any exception/defect occurs that is reported to the developers.

source: http://www.buzzle.com/editorials/4-10-2005-68349.asp

Did you like this? Share it:

Gray Box Testing

Testing Types – System Knowledge

Grey box testing is the combination of black box and white box testing. Intention of this testing is to find out defects related to bad design or bad implementation of the system.

In gray box testing, test engineer is equipped with the knowledge of system and designs test cases or test data based on system knowledge.

For example, consider a hypothetical case wherein you have to test a web application. Functionality of this web application is very simple, you just need to enter your personal details like email and field of interest on the web form and submit this form. Server will get this details, and based on the field of interest pick some articles and mail it to the given email. Email validation is happening at the client side using Java Scripts.

In this case, in the absence of implementation detail, you might test web form with valid/invalid mail IDs and different field of interests to make sure that functionality is intact.
But, if you know the implementation detail, you know that system is making following assumptions

  • Server will never get invalid mail ID
  • Server will never send mail to invalid ID
  • Server will never receive failure notification for this mail.

So as part of gray box testing, in the above example you will have a test case on clients where Java Scripts are disabled. It could happen due to any reason and if it happens, validation can not happen at the client site. In this case, assumptions made by the system are violated and

  • Server will get invalid mail ID
  • Server will send mail to invalid mail ID
  • Server will receive failure notification

Hope you understood the concept of gray box testing and how it can be used to create different test cases or data points based on the implementation details of the system.

source: http://www.testinggeek.com/index.php/testing-types/system-knowledge/51-grey-box-testing

Did you like this? Share it:

Ensure Software Quality with Functional Testing!

Software quality is paramount; however, in the haste of software release into the market this parameter used to be often compromised on by most of the enterprises until sometime back. Times have changed and so has the perception of the global enterprise community. It is clearly understood now that software quality cannot be overlooked under any circumstances. It’s when the role of functional testing services comes to the forefront.

To ensure that all the specified functional needs are addressed adequately without taking into consideration the ultimate program structure, functional testing is resorted to. Hence, it ascertains that the developed software can suffice for all the end user requirements. All user actions are noted adequately in functional testing to ensure that all implementation channels are functioning appropriately in the desired manner and that the desired results are obtained from the input dose to the system.

Let’s have a look at the different types of functional testing for ensuring a superior-quality product release. To make sure that all codes are properly implemented, unit testing is conducted. As codes are developed by programmers in isolation, if there occurs absence of any of the following–efficient developers, full code analysis–there crops up a probability of errors making their way into the code, which must be detected in the early stages of software development life cycle and addressed effectively to avoid any intricacies. This would ensure reliability in the product. This type of unit testing would ensure function coverage, statement coverage and path coverage.

To ensure favorable outcomes from every function, functional testing must be carried out to check function points of all the codes if these are in tandem with the functional requirements specified.

Now to obtain desired outcomes from all the functions put together, it’s imperative to carry out system testing end to end as it would cover all the required software units. This would ensure that you get the desired results when different software units are clubbed together.

Next comes regression testing, which helps you make sure that there has not been made any adverse impact on any part of the system due to the changes that you’ve done. Once that it’s done, System Integration Testing must be carried out to check if all the systems have integrated with each other appropriately.

For ensuring absolute customer satisfaction with the system, acceptance testing must be conducted; however, the acceptance tests must be written during the initial stages of SDLC. This kind of testing would check if the end users are able to interact with the system with ease.

Resort to functional testing and promise your end users great quality software!

Source:http://goarticles.com/article/Ensure-Software-Quality-with-Functional-Testing/4222154/

Did you like this? Share it:

Types of software Testing

Software Testing Types:

Black box testing – Internal system design is not considered in this type of testing. Tests are based on requirements and functionality.

White box testing – This testing is based on knowledge of the internal logic of an application’s code. Also known as Glass box Testing. Internal software and code working should be known for this type of testing. Tests are based on coverage of code statements, branches, paths, conditions.

Unit testing – Testing of individual software components or modules. Typically done by the programmer and not by testers, as it requires detailed knowledge of the internal program design and code. may require developing test driver modules or test harnesses.

Incremental integration testing – Bottom up approach for testing i.e continuous testing of an application as new functionality is added; Application functionality and modules should be independent enough to test separately. done by programmers or by testers.

Integration testing – Testing of integrated modules to verify combined functionality after integration. Modules are typically code modules, individual applications, client and server applications on a network, etc. This type of testing is especially relevant to client/server and distributed systems.

Functional testing – This type of testing ignores the internal parts and focus on the output is as per requirement or not. Black-box type testing geared to functional requirements of an application.

System testing – Entire system is tested as per the requirements. Black-box type testing that is based on overall requirements specifications, covers all combined parts of a system.

End-to-end testing – Similar to system testing, involves testing of a complete application environment in a situation that mimics real-world use, such as interacting with a database, using network communications, or interacting with other hardware, applications, or systems if appropriate.

Sanity testing - Testing to determine if a new software version is performing well enough to accept it for a major testing effort. If application is crashing for initial use then system is not stable enough for further testing and build or application is assigned to fix.

Regression testing – Testing the application as a whole for the modification in any module or functionality. Difficult to cover all the system in regression testing so typically automation tools are used for these testing types.

Acceptance testing -Normally this type of testing is done to verify if system meets the customer specified requirements. User or customer do this testing to determine whether to accept application.

Load testing – Its a performance testing to check system behavior under load. Testing an application under heavy loads, such as testing of a web site under a range of loads to determine at what point the system’s response time degrades or fails.

Stress testing – System is stressed beyond its specifications to check how and when it fails. Performed under heavy load like putting large number beyond storage capacity, complex database queries, continuous input to system or database load.

Performance testing – Term often used interchangeably with ‘stress’ and ‘load’ testing. To check whether system meets performance requirements. Used different performance and load tools to do this.

Usability testing – User-friendliness check. Application flow is tested, Can new user understand the application easily, Proper help documented whenever user stuck at any point. Basically system navigation is checked in this testing.

Install/uninstall testing - Tested for full, partial, or upgrade install/uninstall processes on different operating systems under different hardware, software environment.

Recovery testing – Testing how well a system recovers from crashes, hardware failures, or other catastrophic problems.

Security testing – Can system be penetrated by any hacking way. Testing how well the system protects against unauthorized internal or external access. Checked if system, database is safe from external attacks.

Compatibility testing – Testing how well software performs in a particular hardware/software/operating system/network environment and different combination s of above.

Comparison testing – Comparison of product strengths and weaknesses with previous versions or other similar products.

Alpha testing – In house virtual user environment can be created for this type of testing. Testing is done at the end of development. Still minor design changes may be made as a result of such testing.

Beta testing – Testing typically done by end-users or others. Final testing before releasing application for commercial purpose.

source: http://www.softwaretestinghelp.com/types-of-software-testing/

Did you like this? Share it:

Powerful Web Testing Tools

Web testing; Nowadays meant to be very crucial, so many Internet browsers and their supporters. Numerous tools available for web testing most of them require higher budget. Few free website testing tools are available online or as add-ones for example firebug,Yslow. These are not only used for web development also for web testing. We can fetch object details ,CSS, JavaScript and more using these kinds of add ones. It is easy to analyze all these information. Open source Testing tools like Selenium, Watir needs web object’s physical properties or it’s description to run successfully, we can use these tools as an object spy.Checkout some powerful web testing tools

1.Firebug
Firebug integrates with Firefox, it is a great invention for developers can find JavaScript errors , page loading time etc. Most of the developers used to fix Html/CSS, JavaScript errors simply in your finger tips while you browse. Firebug is one of the best applications around for debugging issues with front-end code and CSS. If there’s any image or style that’s out of line, checking it out with Firebug is the best response. It’s even possible to change styles within the extension to see how a website will actually appear in the browser. How this is useful in web testing. We can monitor java script errors, web site performance i.e. site loading time/object wise also Html or CSS validation. Inspect elements option in firebug is like GUI Spy.

2. YSlow
YSlow analyzes web pages and suggests ways to improve their performance based on a set of rules for high performance web pages. YSlow is a Firefox add-on integrated with the Firebug web development tool. YSlow grades web page based on one of three predefined ruleset or a user-defined ruleset. It offers suggestions for improving the page’s performance, summarizes the page’s components, displays statistics about the page, and provides tools for performance analysis, including Smush.it and JSLint.

3. Load Impact (Online testing)
This is used for Performance Testing (Load/Stress). It simulates users and access your website . It simulates large user load on web servers to determine whether or not they can handle the high traffic load. Free users can only attempt using 50 simulated users But this is very useful . The tool will check (ping) from different locations and results will display as a complete report with graphs

Source: http://rajeevprabhakaran.wordpress.com/2009/06/21/powerful-web-testing-tools/

Did you like this? Share it:

Web Testing: Complete guide on testing web applications

In my previous post I have outlined points to be considered while testing web applications. Here we will see some more details on web application testing with web testing test cases. Let me tell you one thing that I always like to share practical knowledge, which can be useful to users in their career life. This is a quite long article so sit back and get relaxed to get most out of it.

Let’s have first web testing checklist.
1) Functionality Testing
2) Usability testing
3) Interface testing
4) Compatibility testing
5) Performance testing
6) Security testing

1) Functionality Testing:

Test for – all the links in web pages, database connection, forms used in the web pages for submitting or getting information from user, Cookie testing.

Check all the links:

  • Test the outgoing links from all the pages from specific domain under test.
  • Test all internal links.
  • Test links jumping on the same pages.
  • Test links used to send the email to admin or other users from web pages.
  • Test to check if there are any orphan pages.
  • Lastly in link checking, check for broken links in all above-mentioned links.

Test forms in all pages:
Forms are the integral part of any web site. Forms are used to get information from users and to keep interaction with them. So what should be checked on these forms?

  • First check all the validations on each field.
  • Check for the default values of fields.
  • Wrong inputs to the fields in the forms.
  • Options to create forms if any, form delete, view or modify the forms.

Let’s take example of the search engine project currently I am working on, In this project we have advertiser and affiliate signup steps. Each sign up step is different but dependent on other steps. So sign up flow should get executed correctly. There are different field validations like email Ids, User financial info validations. All these validations should get checked in manual or automated web testing.

Cookies testing:
Cookies are small files stored on user machine. These are basically used to maintain the session mainly login sessions. Test the application by enabling or disabling the cookies in your browser options. Test if the cookies are encrypted before writing to user machine. If you are testing the session cookies (i.e. cookies expire after the sessions ends) check for login sessions and user stats after session end. Check effect on application security by deleting the cookies. (I will soon write separate article on cookie testing)

Validate your HTML/CSS:
If you are optimizing your site for Search engines then HTML/CSS validation is very important. Mainly validate the site for HTML syntax errors. Check if site is crawlable to different search engines.

Database testing:
Data consistency is very important in web application. Check for data integrity and errors while you edit, delete, modify the forms or do any DB related functionality.
Check if all the database queries are executing correctly, data is retrieved correctly and also updated correctly. More on database testing could be load on DB, we will address this in web load or performance testing below.

2) Usability Testing:

Test for navigation:
Navigation means how the user surfs the web pages, different controls like buttons, boxes or how user using the links on the pages to surf different pages.
Usability testing includes:
Web site should be easy to use. Instructions should be provided clearly. Check if the provided instructions are correct means whether they satisfy purpose.
Main menu should be provided on each page. It should be consistent.

Content checking:
Content should be logical and easy to understand. Check for spelling errors. Use of dark colors annoys users and should not be used in site theme. You can follow some standards that are used for web page and content building. These are common accepted standards like as I mentioned above about annoying colors, fonts, frames etc.
Content should be meaningful. All the anchor text links should be working properly. Images should be placed properly with proper sizes.
These are some basic standards that should be followed in web development. Your task is to validate all for UI testing

Other user information for user help:
Like search option, sitemap, help files etc. Sitemap should be present with all the links in web sites with proper tree view of navigation. Check for all links on the sitemap.
“Search in the site” option will help users to find content pages they are looking for easily and quickly. These are all optional items and if present should be validated.

3) Interface Testing:
The main interfaces are:
Web server and application server interface
Application server and Database server interface.

Check if all the interactions between these servers are executed properly. Errors are handled properly. If database or web server returns any error message for any query by application server then application server should catch and display these error messages appropriately to users. Check what happens if user interrupts any transaction in-between? Check what happens if connection to web server is reset in between?

4) Compatibility Testing:
Compatibility of your web site is very important testing aspect. See which compatibility test to be executed:

  • Browser compatibility
  • Operating system compatibility
  • Mobile browsing
  • Printing options

Browser compatibility:
In my web-testing career I have experienced this as most influencing part on web site testing.
Some applications are very dependent on browsers. Different browsers have different configurations and settings that your web page should be compatible with. Your web site coding should be cross browser platform compatible. If you are using java scripts or AJAX calls for UI functionality, performing security checks or validations then give more stress on browser compatibility testing of your web application.
Test web application on different browsers like Internet explorer, Firefox, Netscape navigator, AOL, Safari, Opera browsers with different versions.

OS compatibility:
Some functionality in your web application is may not be compatible with all operating systems. All new technologies used in web development like graphics designs, interface calls like different API’s may not be available in all Operating Systems.
Test your web application on different operating systems like Windows, Unix, MAC, Linux, Solaris with different OS flavors.

Mobile browsing:
This is new technology age. So in future Mobile browsing will rock. Test your web pages on mobile browsers. Compatibility issues may be there on mobile.

Printing options:
If you are giving page-printing options then make sure fonts, page alignment, page graphics getting printed properly. Pages should be fit to paper size or as per the size mentioned in printing option.

5) Performance testing:
Web application should sustain to heavy load. Web performance testing should include:
Web Load Testing
Web Stress Testing

Test application performance on different internet connection speed.
In web load testing test if many users are accessing or requesting the same page. Can system sustain in peak load times? Site should handle many simultaneous user requests, large input data from users, Simultaneous connection to DB, heavy load on specific pages etc.

Stress testing: Generally stress means stretching the system beyond its specification limits. Web stress testing is performed to break the site by giving stress and checked how system reacts to stress and how system recovers from crashes.
Stress is generally given on input fields, login and sign up areas.

In web performance testing web site functionality on different operating systems, different hardware platforms is checked for software, hardware memory leakage errors,

6) Security Testing:

Following are some test cases for web security testing:

  • Test by pasting internal url directly into browser address bar without login. Internal pages should not open.
  • If you are logged in using username and password and browsing internal pages then try changing url options directly. I.e. If you are checking some publisher site statistics with publisher site ID= 123. Try directly changing the url site ID parameter to different site ID which is not related to logged in user. Access should denied for this user to view others stats.
  • Try some invalid inputs in input fields like login username, password, input text boxes. Check the system reaction on all invalid inputs.
  • Web directories or files should not be accessible directly unless given download option.
  • Test the CAPTCHA for automates scripts logins.
  • Test if SSL is used for security measures. If used proper message should get displayed when user switch from non-secure http:// pages to secure https:// pages and vice versa.
  • All transactions, error messages, security breach attempts should get logged in log files somewhere on web server.

source: http://www.softwaretestinghelp.com/web-application-testing/

Did you like this? Share it:

12 Best Cross Browser Testing Tools to Ease Your Browser Compatibility Testing Efforts

Cross Browser Testing can be the biggest pain for Software testers. But thanks to all cross browser testing tools available online which help to minimize testing efforts.

I’ve written this post mainly for software testers but designers can also refer cross browser testing methods and tools mentioned in this post.

Here’s a handy cross browser testing checklist you can refer while testing your web project on different browsers and operating systems:

1) CSS validation
2) HTML or XHTML validation
3) Page validations with and without JavaScript enabled
4) Ajax and JQeury functionality
5) Font size validation
6) Page layout in different resolutions
7) All images and alignment
8 ) Header and footer sections
9) Page content alignment to center, LHS or RHS
10) Page styles
11) Date formats
12) Special characters with HTML character encoding
13) Page zoom-in and zoom-out functionality

And obviously you will have to repeat these tests on:
14) Different Operating Systems like Windows, Linux and Mac
15) Different browsers (with different versions) like Internet explorer, Firefox, Google Chrome, Safari and Opera.

There are many free and paid cross browser testing tools available in the market. You need to select the browser compatibility tool depending on your needs. If cross browser testing is critical part of your web project then you must allocate considerable time, resources and budget testing your website on different web browsers. Paid cross browser testing tools can be also a good option for projects having browser dependent functionality. But for most of the projects, free cross browser testing tools are sufficient to verify cross browser functionality

Free Cross Browser Testing Tools:

1) Spoon Browser Sandbox:

2) Browsershots

3) IE NetRenderer

4) IE Tab

5) IE Tester

6) Microsoft SuperPreview

Paid Cross Browser Testing Tools:

7) Browsera

8 ) Adobe BrowserLab

9) BrowserCam

10) Browserseal

11) Cross Browser Testing

12) Cloud Testing

Source: http://www.softwaretestinghelp.com/best-cross-browser-testing-tools-to-ease-your-browser-compatibility-testing-efforts/

Did you like this? Share it: