WA1072 Testing Web Applications Training and Courseware Course Outline

WA1072 Testing Web Applications Training and Courseware Course Outline

1. Testing Fundamentals Part I
	Objectives Let s walk through a scenario to understand what is involved Basic Tests The common tests you should perform on this build Basic differences between Web and Thick Client Applications The next cycle of functional testing if the previous tests worked Wait for responses from the development group Some best practices A program cannot be completely tested The goal The development team Development Process The Rational Unified Process Inception Phase Testing during this phase Elaboration Phase Example of a Use Case Diagram Construction Phase Software Development Life Cycle with the RUP Testing during coding Testing after integration Performance Testing Regression Test A typical sequence Typical FVT and SVT tests Summary

2. Testing Fundamentals Part II
	Objectives What is a bug? Common types of bugs Sample bug report - Simple Sample bug report - complex Best practices in bug reporting Characteristics of a good problem report Typical states that a bug goes through The goals Best Practices Best practices Best Practices Sample bug state chart Summary

3. Web Testing
	Objectives Web-based software Java Web Application Architecture (Thin Client) Java Web Application Architecture (Rich Client) Java EE 5 Architecture Web Application Programming Model MVC An Example - The IBM WebSphere Platform Web Applications Browser as a client Bugs may originate from the SW stack Introduction Key Characteristics Instructor Demo RIA Platforms What is AJAX? Ajax Example Yahoo Maps Ajax Example Yahoo Maps Ajax Example Yahoo Maps RIA Architecture RIA Architecture Details RIA Benefits RIA Drawbacks There are many layers involved Many unique issues are encountered in this environment Browsers are platform independent clients Browser variations need to be accounted for Cookies are commonly needed Back button of the browser Refresh button of the browser Bookmarks Client Side validation should be performed Only JavaScript validation though is not enough! More client side validations If your application functionality depends on JavaScript Clicking the submit button multiple times Sudden client exit instead of explicit logoff won't be detected You may have to test a fat client Summary

4. Test Plan and Test Case Design
	Objectives The requirements of a system Document one - Use Case Document UC01 Add a new appointment UC01 Add a new appointment UC01 Add a new appointment UC01 Add a new appointment Document 2 - Supplementary specifications Knowing the testing priority The Severity Scale The priority scale The likelihood scale Priority of Coverage An example The test plan The sections of the IEEE test plan template The sections of the IEEE test plan template - continued The sections of the IEEE test plan template - continued The sections of the IEEE test plan template - continued The sections of the IEEE test plan template - continued Typical test team activities The four types of tests Beware of test escapes Test Coverage Models Test Coverage Models contd. Test Coverage Models contd. Summary

5. Testing Web Applications Part I
	Objectives UI testing UI testing - continued Common problems with error messages Common UI Errors Functional Testing Types of testing Types of testing - continued Most web applications are database centric Java Database Connectivity JDBC Architecture Prepared Statements Stored Procedures Transactions Connection Pooling Database Testing the steps Database Testing the steps Database Testing the steps What we are testing? Summary

6. Testing Web Applications Part II
	Objectives Things to test Configurations to test What to test? Configuration variations Miscellaneous Topics Types of test run on high priority configurations Types of test run on lower priority configurations Load Throughput Throughput Curve Saturation The Significance of Throughput Response Time Response Time Curve Response time at system saturation Response time past the buckle point Think Time Performance Acceptance Criteria Test environment is a scaled down version of production Common problems - Symptoms of underutilization What causes underutilization? Common problem - over utilization Summary

7. Common Security Threats
	Overview Input Data Validation Data Ownership Validation SQL Injection Problem SQL Injection Solution Malicious File Execution Problem Malicious File Execution Solution Web Authentication Mechanism Insecure Authentication Mechanism Failure to Restrict URL Access Problem Failure to Restrict URL Access Solution Cross Site Scripting (XSS) Problem Cross Site Scripting (XSS) Solution Cross Site Scripting (XSS) Solution Cross Site Request Forgery (CSRF) Problem Cross Site Request Forgery (CSRF) Solution Information Leakage and Improper Error Handling Problem Information Leakage and Improper Error Handling Solution Buffer Overflow Buffer Overflow Example More Buffer Overflows Buffer Overflow Solution Insecure Communications Insecure Cryptographic Storage Problem Insecure Cryptographic Storage Solution Insecure Direct Object Reference Message Replay Attack Problem Message Replay Attack Solution Summary References

8. Test Reporting
	Objectives Weekly Reports Weekly Reports - continued Testing cycle complete report Test Tracking Spreadsheet Tracking test coverage spreadsheet Opened/closed chart Summary

9. Web Application Testing Tools
	Objectives Purpose What They Do How They Work Example: Mercury QuickTest Pro Record User Scripts Tech and "Non-Tech" Views Functionality Checks Parameterized Input Data Test Results Purpose What They Do Example: Parasoft Jtest Analyze Code Generate and Execute Tests Expose Potential Errors Expose Memory Leaks Suggest Fixes Retest Modified Code Design by Contract (DbC) Suggest DbC Fixes Enforce Coding Standards Suggest Fixes Purpose What They Do Basic Steps Create User Scripts Define Txns and Measurements Define the Workload Run the Test Analyze the Results Answer the Questions Example: Mercury LoadRunner Record User Scripts What Recording Looks Like Modify the Script Advanced Scripting Simulate Real Users Create the Test Scenario Define the Workload Run the Test Analyze the Results What's the Deal? [with all these Mercury tools] Purpose What They Do Example: Mercury SiteScope SiteScope's Three Engines Live Demo Live Demo SiteScope Console Purpose Benefits of Test Management Example: Mercury TestDirector Components of TestDirector Requirements Manager Requirements Tree - Illustrated Test Plan Test Plan Tree - Illustrated Test Lab Test Lab - Illustrated Defects Manager Defects Manager - Illustrated Summary

A. Appendix A Architecture
	Architecture Tiered Architectures Presentation Layer Middle Tier Model View Controller Extensible Markup Language XML

B. Appendix B - Project Requirements


C. Appendix C Miscellaneous Topics
	Objectives Waterfall model implications Iterative model implications Doing a ROI model Scheduling Tips Great tester qualities Great tester qualities (cont.) ISO 9000-3 Summary

WA1072 Testing Web Applications Training and Courseware Course Outline

1. Testing Fundamentals Part I

2. Testing Fundamentals Part II

3. Web Testing

4. Test Plan and Test Case Design

5. Testing Web Applications Part I

6. Testing Web Applications Part II

7. Common Security Threats

8. Test Reporting

9. Web Application Testing Tools

A. Appendix A Architecture

B. Appendix B - Project Requirements

C. Appendix C Miscellaneous Topics