web based testing ivs-training ivs-training. ground rules please mute your mobile phones stick to...
TRANSCRIPT
![Page 1: Web Based Testing IVS-TRAINING IVS-TRAINING. Ground Rules Please mute your mobile phones Stick to timeliness Help each other in learning – as learning](https://reader033.vdocuments.us/reader033/viewer/2022052603/56649e575503460f94b505b3/html5/thumbnails/1.jpg)
Web Based TestingWeb Based Testing IVS-TRAININGIVS-TRAINING
![Page 2: Web Based Testing IVS-TRAINING IVS-TRAINING. Ground Rules Please mute your mobile phones Stick to timeliness Help each other in learning – as learning](https://reader033.vdocuments.us/reader033/viewer/2022052603/56649e575503460f94b505b3/html5/thumbnails/2.jpg)
Ground Rules
Please mute your mobile phones
Stick to timeliness
Help each other in learning – as learning is a continuous process
Please participate actively to make the session interactive
![Page 3: Web Based Testing IVS-TRAINING IVS-TRAINING. Ground Rules Please mute your mobile phones Stick to timeliness Help each other in learning – as learning](https://reader033.vdocuments.us/reader033/viewer/2022052603/56649e575503460f94b505b3/html5/thumbnails/3.jpg)
Session Objectives
Introduction to Web applications
Web Application Architecture
Types of Web Applications
Web Pages
Web Portals
Importance of testing Web Applications
![Page 4: Web Based Testing IVS-TRAINING IVS-TRAINING. Ground Rules Please mute your mobile phones Stick to timeliness Help each other in learning – as learning](https://reader033.vdocuments.us/reader033/viewer/2022052603/56649e575503460f94b505b3/html5/thumbnails/4.jpg)
Session Objectives
Kinds of testing for Web applications
Usability Testing
Functionality Testing
Performance Testing
Security Testing
Compatibility Testing
Summary
![Page 5: Web Based Testing IVS-TRAINING IVS-TRAINING. Ground Rules Please mute your mobile phones Stick to timeliness Help each other in learning – as learning](https://reader033.vdocuments.us/reader033/viewer/2022052603/56649e575503460f94b505b3/html5/thumbnails/5.jpg)
Introduction to Web Applications
With the growth of Information Technology
and 24/7 concept, web applications
started gaining importance!
One way to look at web applications, is to
take an example of the traditional
business transaction application and
replace the user front end with the web
site!
A customer comes to purchase goods
and/or services from a company in
exchange for money. There are many
ways to facilitate this transaction between
client and the company. Instead of Sales
rep., cashier, clerk, etc, you have a
browser pointing at a web site.
The company is never
closed and the clients
can serve themselves!
![Page 6: Web Based Testing IVS-TRAINING IVS-TRAINING. Ground Rules Please mute your mobile phones Stick to timeliness Help each other in learning – as learning](https://reader033.vdocuments.us/reader033/viewer/2022052603/56649e575503460f94b505b3/html5/thumbnails/6.jpg)
Web Application Architecture
![Page 7: Web Based Testing IVS-TRAINING IVS-TRAINING. Ground Rules Please mute your mobile phones Stick to timeliness Help each other in learning – as learning](https://reader033.vdocuments.us/reader033/viewer/2022052603/56649e575503460f94b505b3/html5/thumbnails/7.jpg)
Web Application Architecture …Continued
The Browser is the Client-end of the system which is connected to the Web site server via the Internet.
The centre piece of all web applications is a relational database which stores dynamic contents.
A transaction server controls the interactions between the database and the other servers (also called as application servers).
Fulfillment may include interfacing with Financial Institutions, ware housing systems, etc.
Administration function handles data updates and database administration.
![Page 8: Web Based Testing IVS-TRAINING IVS-TRAINING. Ground Rules Please mute your mobile phones Stick to timeliness Help each other in learning – as learning](https://reader033.vdocuments.us/reader033/viewer/2022052603/56649e575503460f94b505b3/html5/thumbnails/8.jpg)
Types of Web Applications
Web Pages
Web based applications
display information on
different pages within the
application.
We can navigate through
the pages to get the desired
information.
Testing web applications
would involve testing them
page by page.
![Page 9: Web Based Testing IVS-TRAINING IVS-TRAINING. Ground Rules Please mute your mobile phones Stick to timeliness Help each other in learning – as learning](https://reader033.vdocuments.us/reader033/viewer/2022052603/56649e575503460f94b505b3/html5/thumbnails/9.jpg)
Web portals
Web Portals comprises of web
pages which consists portlets
which in turn consists of small
pieces of information
We have the choice of having
few portlets that we desire on
our personal pages, have only
little information displayed on
them
Testing of Web portals would
involve testing individual
portlets, then pages with various
portlets
![Page 10: Web Based Testing IVS-TRAINING IVS-TRAINING. Ground Rules Please mute your mobile phones Stick to timeliness Help each other in learning – as learning](https://reader033.vdocuments.us/reader033/viewer/2022052603/56649e575503460f94b505b3/html5/thumbnails/10.jpg)
Importance of Testing Web applications
Today business is on the net.
Visitors and potential customers will leave your site and not look back.
In contrast, a professional looking site will make visitors feel more comfortable, stay longer and browse more pages, because of this increased credibility,
Banking and business transaction online have increased the need for security.
![Page 11: Web Based Testing IVS-TRAINING IVS-TRAINING. Ground Rules Please mute your mobile phones Stick to timeliness Help each other in learning – as learning](https://reader033.vdocuments.us/reader033/viewer/2022052603/56649e575503460f94b505b3/html5/thumbnails/11.jpg)
Kinds of Testing for Web Applications
Given below are few important types of testing we need to concentrate on while testing a web application on the whole.
Usability Testing
Functionality Testing
Performance Testing
Security Testing
Compatibility Testing
![Page 12: Web Based Testing IVS-TRAINING IVS-TRAINING. Ground Rules Please mute your mobile phones Stick to timeliness Help each other in learning – as learning](https://reader033.vdocuments.us/reader033/viewer/2022052603/56649e575503460f94b505b3/html5/thumbnails/12.jpg)
Usability Testing
‘Usability Testing' is defined as "The testing which attempts to find any human-factor problems".
A better description is "testing the
software from a users’ point of
view“.
![Page 13: Web Based Testing IVS-TRAINING IVS-TRAINING. Ground Rules Please mute your mobile phones Stick to timeliness Help each other in learning – as learning](https://reader033.vdocuments.us/reader033/viewer/2022052603/56649e575503460f94b505b3/html5/thumbnails/13.jpg)
Factors to be considered for Usability Testing
Ease of Usage
Visual consistency and Consistency of action
Navigation
Clarity (non-ambiguous)
Communication
Understandability (Intuitiveness)
Self learnability
General design / structure check
![Page 14: Web Based Testing IVS-TRAINING IVS-TRAINING. Ground Rules Please mute your mobile phones Stick to timeliness Help each other in learning – as learning](https://reader033.vdocuments.us/reader033/viewer/2022052603/56649e575503460f94b505b3/html5/thumbnails/14.jpg)
Usability Testing - Ease of use
Application should be accessible thru’ URL
as well as IP address
Maximizing, minimizing, resizing of windows to be possible
Every screen should have an appropriate title/header
![Page 15: Web Based Testing IVS-TRAINING IVS-TRAINING. Ground Rules Please mute your mobile phones Stick to timeliness Help each other in learning – as learning](https://reader033.vdocuments.us/reader033/viewer/2022052603/56649e575503460f94b505b3/html5/thumbnails/15.jpg)
Usability Testing - Ease of use…Continued
1. Time to load the application must be appropriate
2. Positioning of cursor on the first editable field in Data entry screens
3. Acknowledgment of error messages should take the control to where the error occurred
4. Prompt to save unsaved data while trying to move to next screen
![Page 16: Web Based Testing IVS-TRAINING IVS-TRAINING. Ground Rules Please mute your mobile phones Stick to timeliness Help each other in learning – as learning](https://reader033.vdocuments.us/reader033/viewer/2022052603/56649e575503460f94b505b3/html5/thumbnails/16.jpg)
Usability Testing - Visual consistency across forms 1. Behaviour when screen resolution is changed
2. Margins and column layout
3. Colour and size of form
4. Fonts used for labels
5. Size of buttons
6. Hotkeys or accelerator keys used
7. Use of animations/graphics
8. Labelling of controls (buttons, boxes)
9. Length of textboxes for the same field
10. Formats for date and time fields
![Page 17: Web Based Testing IVS-TRAINING IVS-TRAINING. Ground Rules Please mute your mobile phones Stick to timeliness Help each other in learning – as learning](https://reader033.vdocuments.us/reader033/viewer/2022052603/56649e575503460f94b505b3/html5/thumbnails/17.jpg)
Usability Testing - Visual consistency across forms…Eg
![Page 18: Web Based Testing IVS-TRAINING IVS-TRAINING. Ground Rules Please mute your mobile phones Stick to timeliness Help each other in learning – as learning](https://reader033.vdocuments.us/reader033/viewer/2022052603/56649e575503460f94b505b3/html5/thumbnails/18.jpg)
Usability Testing - Consistency of actions 1. When a button is clicked
2. When an error is encountered
3. When a field is being validated
4. Field vs. form level validations
![Page 19: Web Based Testing IVS-TRAINING IVS-TRAINING. Ground Rules Please mute your mobile phones Stick to timeliness Help each other in learning – as learning](https://reader033.vdocuments.us/reader033/viewer/2022052603/56649e575503460f94b505b3/html5/thumbnails/19.jpg)
Usability Testing - Clarity (non-ambiguous)
Abbreviations and code language to be used minimally
and should be understandable for end users
The Mandatory fields should be distinguishable
from other fields.
Help and Search links should be distinctly visible
and Help messages to be clear and concise
![Page 20: Web Based Testing IVS-TRAINING IVS-TRAINING. Ground Rules Please mute your mobile phones Stick to timeliness Help each other in learning – as learning](https://reader033.vdocuments.us/reader033/viewer/2022052603/56649e575503460f94b505b3/html5/thumbnails/20.jpg)
Usability Testing - Clarity (non-ambiguous)…Continued
Visible font for all text and Avoid all CAPS text
Error messages to be clear, concise, informative
and not blaming the user
![Page 21: Web Based Testing IVS-TRAINING IVS-TRAINING. Ground Rules Please mute your mobile phones Stick to timeliness Help each other in learning – as learning](https://reader033.vdocuments.us/reader033/viewer/2022052603/56649e575503460f94b505b3/html5/thumbnails/21.jpg)
Usability Testing - Navigation
1. Should support users’ sequence of accomplishing a task
2. ‘Home’ link to be provided
3. Correct tab order
4. Ensure that cursor becomes hourglass when doing background processing and returns to pointer after the task
5. Text to be selected when textbox is encountered on tab press.
6. All tab controls should be accessible thru’ keyboard
7. Shortcut keys (hot keys) to be unique
8. Functioning of the ‘Back’ and ‘Forward’ functions of the browser
9. Check if all links are active
![Page 22: Web Based Testing IVS-TRAINING IVS-TRAINING. Ground Rules Please mute your mobile phones Stick to timeliness Help each other in learning – as learning](https://reader033.vdocuments.us/reader033/viewer/2022052603/56649e575503460f94b505b3/html5/thumbnails/22.jpg)
Usability Testing - Communication
User errors must be
communicated.
![Page 23: Web Based Testing IVS-TRAINING IVS-TRAINING. Ground Rules Please mute your mobile phones Stick to timeliness Help each other in learning – as learning](https://reader033.vdocuments.us/reader033/viewer/2022052603/56649e575503460f94b505b3/html5/thumbnails/23.jpg)
Usability Testing – Communication…Continued
1. Anything that needs user action must be communicated in simple language
2. Destructive actions to be confirmed
3. Minimum usage of pop-ups and message boxes
Usability Testing - Learnability
1. Availability of Help feature
2. Availability of Context-sensitive help, wherever needed
![Page 24: Web Based Testing IVS-TRAINING IVS-TRAINING. Ground Rules Please mute your mobile phones Stick to timeliness Help each other in learning – as learning](https://reader033.vdocuments.us/reader033/viewer/2022052603/56649e575503460f94b505b3/html5/thumbnails/24.jpg)
Usability Testing - Understandability
1. Grammatical correctness of error messages and help text
2. Check for any spelling mistakes
3. Text box lengths should correspond the length of data they take, wherever possible
4. Default values to be populated wherever possible
5. Ease of usage without help.
![Page 25: Web Based Testing IVS-TRAINING IVS-TRAINING. Ground Rules Please mute your mobile phones Stick to timeliness Help each other in learning – as learning](https://reader033.vdocuments.us/reader033/viewer/2022052603/56649e575503460f94b505b3/html5/thumbnails/25.jpg)
Usability Testing - General Design/Structure Check1. Should avoid horizontal scrolling
2. Logical ordering of controls
3. Position of controls should be meaningful
4. Grouping of related information and data
5. Appropriate label for grouped data
6. Drop down/combo box menu to be ordered
7. All the editable items and the user input should be taken in textboxes or dropdowns
8. Toggling of checkboxes
9. Checking/un-checking of checkboxes through space-bar
10. Single choice for radio-buttons
![Page 26: Web Based Testing IVS-TRAINING IVS-TRAINING. Ground Rules Please mute your mobile phones Stick to timeliness Help each other in learning – as learning](https://reader033.vdocuments.us/reader033/viewer/2022052603/56649e575503460f94b505b3/html5/thumbnails/26.jpg)
Functionality Testing
When we think of functionality testing of web applications, we need to concentrate on testing the following features:
Testing of Web elements
Testing for localization and internationalization of applications/pages
Personalization of web pages
![Page 27: Web Based Testing IVS-TRAINING IVS-TRAINING. Ground Rules Please mute your mobile phones Stick to timeliness Help each other in learning – as learning](https://reader033.vdocuments.us/reader033/viewer/2022052603/56649e575503460f94b505b3/html5/thumbnails/27.jpg)
Testing Web elements
There are different variety of web elements present in the application, some of them include
Text Boxes/Drop down Boxes
Image/Graphics
Mouseover Text/Pop up Messages
Buttons
Frames
Links
We need to test each of these elements where ever applicable.
![Page 28: Web Based Testing IVS-TRAINING IVS-TRAINING. Ground Rules Please mute your mobile phones Stick to timeliness Help each other in learning – as learning](https://reader033.vdocuments.us/reader033/viewer/2022052603/56649e575503460f94b505b3/html5/thumbnails/28.jpg)
Testing Web elements…Continued
![Page 29: Web Based Testing IVS-TRAINING IVS-TRAINING. Ground Rules Please mute your mobile phones Stick to timeliness Help each other in learning – as learning](https://reader033.vdocuments.us/reader033/viewer/2022052603/56649e575503460f94b505b3/html5/thumbnails/29.jpg)
Testing Localization / Internationalization
Web applications can be used by many people across the world and hence testing for localization or internationalisation is important.
We need to check if the required language change is made for local web pages. (say Japanese, Chinese, etc.)
Ensure that the functionality is not affected or altered because of localization.
![Page 30: Web Based Testing IVS-TRAINING IVS-TRAINING. Ground Rules Please mute your mobile phones Stick to timeliness Help each other in learning – as learning](https://reader033.vdocuments.us/reader033/viewer/2022052603/56649e575503460f94b505b3/html5/thumbnails/30.jpg)
Testing Localization / Internationalization…Continued
![Page 31: Web Based Testing IVS-TRAINING IVS-TRAINING. Ground Rules Please mute your mobile phones Stick to timeliness Help each other in learning – as learning](https://reader033.vdocuments.us/reader033/viewer/2022052603/56649e575503460f94b505b3/html5/thumbnails/31.jpg)
Testing Personalization of web pages
Personalisation in web application can be made either user-wise or a group-wise.
Access to components for Personalisation. For instance, few portlets may not be meant to be used on personal pages and hence the user should not be able to select them on his personal page.
![Page 32: Web Based Testing IVS-TRAINING IVS-TRAINING. Ground Rules Please mute your mobile phones Stick to timeliness Help each other in learning – as learning](https://reader033.vdocuments.us/reader033/viewer/2022052603/56649e575503460f94b505b3/html5/thumbnails/32.jpg)
Testing Personalization of web pages …Continued
Group preferences set by a group manger should ride over personal preferences set by user. We need to test this with different roles.
![Page 33: Web Based Testing IVS-TRAINING IVS-TRAINING. Ground Rules Please mute your mobile phones Stick to timeliness Help each other in learning – as learning](https://reader033.vdocuments.us/reader033/viewer/2022052603/56649e575503460f94b505b3/html5/thumbnails/33.jpg)
Testing Personalization of web pages …Continued
![Page 34: Web Based Testing IVS-TRAINING IVS-TRAINING. Ground Rules Please mute your mobile phones Stick to timeliness Help each other in learning – as learning](https://reader033.vdocuments.us/reader033/viewer/2022052603/56649e575503460f94b505b3/html5/thumbnails/34.jpg)
Coffee Break !!
![Page 35: Web Based Testing IVS-TRAINING IVS-TRAINING. Ground Rules Please mute your mobile phones Stick to timeliness Help each other in learning – as learning](https://reader033.vdocuments.us/reader033/viewer/2022052603/56649e575503460f94b505b3/html5/thumbnails/35.jpg)
Performance Testing
Performance testing is the discipline concerned with determining and reporting the current performance of a software application when subjected to virtual user load
Performance testing involves testing an application for timely responses.
The time needed to complete an action is usually bench-marked or compared against similar actions in similar applications.
![Page 36: Web Based Testing IVS-TRAINING IVS-TRAINING. Ground Rules Please mute your mobile phones Stick to timeliness Help each other in learning – as learning](https://reader033.vdocuments.us/reader033/viewer/2022052603/56649e575503460f94b505b3/html5/thumbnails/36.jpg)
What does performance testing measure?
Performance test measures how well application meets the customer expectations in terms of,
Speed – determines if the application responds quickly
Scalability – determines how much user load the application can handle
Stability – determines if the application is stable under expected and unexpected user loads
![Page 37: Web Based Testing IVS-TRAINING IVS-TRAINING. Ground Rules Please mute your mobile phones Stick to timeliness Help each other in learning – as learning](https://reader033.vdocuments.us/reader033/viewer/2022052603/56649e575503460f94b505b3/html5/thumbnails/37.jpg)
Stress and Load testing
Stress Testing – ensures the application which is tested for expected load can take on spikes in the load condition like increase in rate of transactions and study its impact on the system resources and helps tune and configure the system optimally
Load Testing - Will simulate a real time user load on the application and testing this prior to production ensures application will be stable and any performance issues can be addressed in pre-production phase
![Page 38: Web Based Testing IVS-TRAINING IVS-TRAINING. Ground Rules Please mute your mobile phones Stick to timeliness Help each other in learning – as learning](https://reader033.vdocuments.us/reader033/viewer/2022052603/56649e575503460f94b505b3/html5/thumbnails/38.jpg)
Security Testing
Security in broader sense can be defined as the combination of confidentiality, integrity, and availability. It can also be mentioned as “The quality or state of being protected from uncontrolled losses or effects”.
![Page 39: Web Based Testing IVS-TRAINING IVS-TRAINING. Ground Rules Please mute your mobile phones Stick to timeliness Help each other in learning – as learning](https://reader033.vdocuments.us/reader033/viewer/2022052603/56649e575503460f94b505b3/html5/thumbnails/39.jpg)
Security Issues : Identity management, privacy, data integrity
Identity management is implemented by user authentication. User authentication is implemented using authentication methods. Ex: RADIUS, LDAP or SecureID
SSL (Secure Socket Layer)/SSH (Secure Shell Protocol) /IP Security is used to transmit the data safely over internet. SSL works through combination of programs and encryption/decryption routines that exist on web hosting computer and browser. Ex: PGP (Pretty Good Privacy) and S/MIME (Secure/Multipurpose Internet Mail Extensions)
SSL and IPSec encryption mechanisms encrypt at lower levels of session and network layers. SSL is the most widely used security protocol for basic web mail/web based applications.
Data integrity has to do with protection from unauthorized modification of emails. Ex: Hashing and Digital Signatures.
![Page 40: Web Based Testing IVS-TRAINING IVS-TRAINING. Ground Rules Please mute your mobile phones Stick to timeliness Help each other in learning – as learning](https://reader033.vdocuments.us/reader033/viewer/2022052603/56649e575503460f94b505b3/html5/thumbnails/40.jpg)
Security CertificateHttps represents Web Site Security
![Page 41: Web Based Testing IVS-TRAINING IVS-TRAINING. Ground Rules Please mute your mobile phones Stick to timeliness Help each other in learning – as learning](https://reader033.vdocuments.us/reader033/viewer/2022052603/56649e575503460f94b505b3/html5/thumbnails/41.jpg)
Session Cookies
Session cookies are files containing session information and sometimes contain authentication information. This information is stored in web browser. This makes user navigate easily without having to re-authenticate.
If this session cookies are not managed properly then unauthorized user can easily logon after authorized user logs off by clicking on Browser Back button. This is the most commonly found vulnerability in most of the applications.
![Page 42: Web Based Testing IVS-TRAINING IVS-TRAINING. Ground Rules Please mute your mobile phones Stick to timeliness Help each other in learning – as learning](https://reader033.vdocuments.us/reader033/viewer/2022052603/56649e575503460f94b505b3/html5/thumbnails/42.jpg)
Session Cookies Examples – Managed session cookie- Valid Behavior
On click of browser ‘Back’ button after logging out of application, User is navigated to Login Screen.
1
2
3
Session Cookies (Contd..)
User clicks log off
User Clicks Browser Back button
![Page 43: Web Based Testing IVS-TRAINING IVS-TRAINING. Ground Rules Please mute your mobile phones Stick to timeliness Help each other in learning – as learning](https://reader033.vdocuments.us/reader033/viewer/2022052603/56649e575503460f94b505b3/html5/thumbnails/43.jpg)
Session cookie not managed (not erased)-Invalid behavior
3
1
2
On click of browser ‘Back’ button after logging out of application, User is navigated to previous Screen.
Session Cookies (Contd..)
User clicks Sign out
User Clicks Browser Back button
![Page 44: Web Based Testing IVS-TRAINING IVS-TRAINING. Ground Rules Please mute your mobile phones Stick to timeliness Help each other in learning – as learning](https://reader033.vdocuments.us/reader033/viewer/2022052603/56649e575503460f94b505b3/html5/thumbnails/44.jpg)
Why Security Testing?
Any user is primarily concerned about the security of a transaction made online. Hence that security is of utmost importance in web based applications.
1. Banking websites
2. E-Com systems
3. Confidential Sites like Military, Research, etc.
4. E-mail service providers like yahoo, msn, sify, etc.
5. Retail sites
![Page 45: Web Based Testing IVS-TRAINING IVS-TRAINING. Ground Rules Please mute your mobile phones Stick to timeliness Help each other in learning – as learning](https://reader033.vdocuments.us/reader033/viewer/2022052603/56649e575503460f94b505b3/html5/thumbnails/45.jpg)
Why Security Testing? …Continued
![Page 46: Web Based Testing IVS-TRAINING IVS-TRAINING. Ground Rules Please mute your mobile phones Stick to timeliness Help each other in learning – as learning](https://reader033.vdocuments.us/reader033/viewer/2022052603/56649e575503460f94b505b3/html5/thumbnails/46.jpg)
Why Security Testing? …Continued
![Page 47: Web Based Testing IVS-TRAINING IVS-TRAINING. Ground Rules Please mute your mobile phones Stick to timeliness Help each other in learning – as learning](https://reader033.vdocuments.us/reader033/viewer/2022052603/56649e575503460f94b505b3/html5/thumbnails/47.jpg)
Why Security Testing? …Continued
![Page 48: Web Based Testing IVS-TRAINING IVS-TRAINING. Ground Rules Please mute your mobile phones Stick to timeliness Help each other in learning – as learning](https://reader033.vdocuments.us/reader033/viewer/2022052603/56649e575503460f94b505b3/html5/thumbnails/48.jpg)
Types of Security Testing
Vulnerability Scanning
Security Scanning
Penetration Testing
Risk Assessment
Security Auditing
Ethical Hacking
Posture Assessment & Security Testing
![Page 49: Web Based Testing IVS-TRAINING IVS-TRAINING. Ground Rules Please mute your mobile phones Stick to timeliness Help each other in learning – as learning](https://reader033.vdocuments.us/reader033/viewer/2022052603/56649e575503460f94b505b3/html5/thumbnails/49.jpg)
Types of Security Testing …Continued
Vulnerability Scanning - Vulnerability Scanning is using automated software to scan one or more systems against known vulnerability signatures. Examples of this software are Nessus, Sara, and ISS.
Security Scanning - Security Scanning is a Vulnerability Scan plus Manual verification. The Security Analyst will then identify network weaknesses and perform a customized professional analysis.
Penetration Testing - Penetration Testing takes a snapshot of the security on one machine, the “trophy”. The Tester will attempt to gain access to the trophy and prove his access, usually, by saving a file on the machine. It is a controlled and coordinated test with the client to ensure that no laws are broken during the test.
![Page 50: Web Based Testing IVS-TRAINING IVS-TRAINING. Ground Rules Please mute your mobile phones Stick to timeliness Help each other in learning – as learning](https://reader033.vdocuments.us/reader033/viewer/2022052603/56649e575503460f94b505b3/html5/thumbnails/50.jpg)
Types of Security Testing …Continued
Risk Assessment - Risk Assessment involves a security analysis of interviews compiled with research of business, legal, and industry justifications.
Security Auditing - Security Auditing involves hands on internal inspection of Operating Systems and Applications, often via line-by-line inspection of the code.
Ethical Hacking - Ethical Hacking is basically a number of Penetration Tests on a number of systems on a network segment
Posture Assessment & Security Testing - Posture Assessment and Security Testing combine Security Scanning, Ethical Hacking and Risk Assessments to show an overall Security Posture of the organization.
![Page 51: Web Based Testing IVS-TRAINING IVS-TRAINING. Ground Rules Please mute your mobile phones Stick to timeliness Help each other in learning – as learning](https://reader033.vdocuments.us/reader033/viewer/2022052603/56649e575503460f94b505b3/html5/thumbnails/51.jpg)
Firewall Testing
A firewall is a piece of hardware and/or software that "sits" between your computer and the Internet in order to filter the traffic going back and forth.
It acts, as a security checkpoint so that unauthorized data transfer doesn't occur.
The purpose of the test activity is to verify that the firewall system works as intended.
![Page 52: Web Based Testing IVS-TRAINING IVS-TRAINING. Ground Rules Please mute your mobile phones Stick to timeliness Help each other in learning – as learning](https://reader033.vdocuments.us/reader033/viewer/2022052603/56649e575503460f94b505b3/html5/thumbnails/52.jpg)
How to do it?
Test the firewall functions
Test environment
Production environment
Select and test features related to log files
Scan for vulnerabilities
Design initial regression testing suite
Prepare to perform ongoing monitoring
![Page 53: Web Based Testing IVS-TRAINING IVS-TRAINING. Ground Rules Please mute your mobile phones Stick to timeliness Help each other in learning – as learning](https://reader033.vdocuments.us/reader033/viewer/2022052603/56649e575503460f94b505b3/html5/thumbnails/53.jpg)
Compatibility Testing
It is done to verify that the web site or web application functions properly across any combination of platform, database, application server, browser and other software
Simulating the user environment during the testing phase - ensures that a product works in any specified operating environment
Provides technical integration, functionality and stability testing of complementary, third party products
![Page 54: Web Based Testing IVS-TRAINING IVS-TRAINING. Ground Rules Please mute your mobile phones Stick to timeliness Help each other in learning – as learning](https://reader033.vdocuments.us/reader033/viewer/2022052603/56649e575503460f94b505b3/html5/thumbnails/54.jpg)
Across different Browsers and Versions
What Causes Browser Display Differences?
Different Browsers
Different Browser Versions
Different Computer Types
Different Screen Sizes
Different Font Sizes
HTML Errors
Browser Bugs
Close to 17 million people use
something other than IE to
While cruising the Internet!!
![Page 55: Web Based Testing IVS-TRAINING IVS-TRAINING. Ground Rules Please mute your mobile phones Stick to timeliness Help each other in learning – as learning](https://reader033.vdocuments.us/reader033/viewer/2022052603/56649e575503460f94b505b3/html5/thumbnails/55.jpg)
Browser Bugs
Example…
![Page 56: Web Based Testing IVS-TRAINING IVS-TRAINING. Ground Rules Please mute your mobile phones Stick to timeliness Help each other in learning – as learning](https://reader033.vdocuments.us/reader033/viewer/2022052603/56649e575503460f94b505b3/html5/thumbnails/56.jpg)
What you can do?
1. Set a Goal
The first step to test browser compatibility problems is to determine which browsers really matter to you.
It's hard to test a Web page that displays perfectly on every version of every browser running on every computer. Hence plan your testing based on your requirements.
![Page 57: Web Based Testing IVS-TRAINING IVS-TRAINING. Ground Rules Please mute your mobile phones Stick to timeliness Help each other in learning – as learning](https://reader033.vdocuments.us/reader033/viewer/2022052603/56649e575503460f94b505b3/html5/thumbnails/57.jpg)
2. Validate Your Pages
Check for the display of important pages on commonly used browsers.
Example of HTML Errors
![Page 58: Web Based Testing IVS-TRAINING IVS-TRAINING. Ground Rules Please mute your mobile phones Stick to timeliness Help each other in learning – as learning](https://reader033.vdocuments.us/reader033/viewer/2022052603/56649e575503460f94b505b3/html5/thumbnails/58.jpg)
Points to be considered for testing compatibility
Timely, cost-effective compatibility testing
Testing too many configurations can waste valuable time and money
Efficient browser and OS combinations help make the testing time saving and cost effective!
![Page 59: Web Based Testing IVS-TRAINING IVS-TRAINING. Ground Rules Please mute your mobile phones Stick to timeliness Help each other in learning – as learning](https://reader033.vdocuments.us/reader033/viewer/2022052603/56649e575503460f94b505b3/html5/thumbnails/59.jpg)
Sample Test Matrix for Web Application Browser Compatibility
Browser NS 4.0 NS 4.7 NS 6.x or Mozilla .9x Mozilla 1.x
Platform Mac OS Win 98Win 2000 NT 4.0Win XP<
Mac OSWin 98Win 2000 NT 4.0Win XP
Mac OSWin 98Win 2000 NT 4.0Win XP
Mac OSWin 98Win 2000 NT 4.0Win XP
StateClaim
Title/Pay Plan
Carpool
Mobius/EDL
EQS
Gift
DWH
MS Office 97
MS Office 2000
MS Office XP
![Page 60: Web Based Testing IVS-TRAINING IVS-TRAINING. Ground Rules Please mute your mobile phones Stick to timeliness Help each other in learning – as learning](https://reader033.vdocuments.us/reader033/viewer/2022052603/56649e575503460f94b505b3/html5/thumbnails/60.jpg)
Example …
![Page 61: Web Based Testing IVS-TRAINING IVS-TRAINING. Ground Rules Please mute your mobile phones Stick to timeliness Help each other in learning – as learning](https://reader033.vdocuments.us/reader033/viewer/2022052603/56649e575503460f94b505b3/html5/thumbnails/61.jpg)
Exercise
Scenario for Discussion:
An email service provider upgrades the email space from 2 MB to 100 MB. What are the tests to be performed this?
![Page 62: Web Based Testing IVS-TRAINING IVS-TRAINING. Ground Rules Please mute your mobile phones Stick to timeliness Help each other in learning – as learning](https://reader033.vdocuments.us/reader033/viewer/2022052603/56649e575503460f94b505b3/html5/thumbnails/62.jpg)
Summary
Web applications can be better called as living applications and hence require a new perspective of testing practices.
We need to consider all the aspects discussed in the session every time a change is made in the web application and test it end to end
![Page 63: Web Based Testing IVS-TRAINING IVS-TRAINING. Ground Rules Please mute your mobile phones Stick to timeliness Help each other in learning – as learning](https://reader033.vdocuments.us/reader033/viewer/2022052603/56649e575503460f94b505b3/html5/thumbnails/63.jpg)
References
www.securityfocus.com
www.netmechanics.com
www.securitydoc.com
![Page 64: Web Based Testing IVS-TRAINING IVS-TRAINING. Ground Rules Please mute your mobile phones Stick to timeliness Help each other in learning – as learning](https://reader033.vdocuments.us/reader033/viewer/2022052603/56649e575503460f94b505b3/html5/thumbnails/64.jpg)
Questions?
![Page 65: Web Based Testing IVS-TRAINING IVS-TRAINING. Ground Rules Please mute your mobile phones Stick to timeliness Help each other in learning – as learning](https://reader033.vdocuments.us/reader033/viewer/2022052603/56649e575503460f94b505b3/html5/thumbnails/65.jpg)
Thank You!!
IVS-TRAINING
Please note that submission of Course and Instructor feedback is mandatory for availing attendance for the Course.
Any doubts or suggestions for improvement can be forwarded to: [email protected]