Q1. Define performance and stress testing.

Performance Testing: Performance Testing is performed to evaluate application

performance under some load and stress condition. It is generally measured in
terms of response time for the user activity. It is designed to test the whole
performance of the system at high load and stress condition.
Stress testing: It involves imposing the database with heavy loads. Such as, large
numbers of users access the data from the same table and that table contains large
number of records.

Q2. What are the typical problems in web testing?

The following problem may arise in web testing:

 Functionality problems
 User Interface related problems
 Performance related problems
 Database related problems
 OS compatibility problems
 Browser compatibility problems
 Security related problems
 Load related problem
 Navigation problem

Q3. Write the test scenarios for testing a web site?

First we have to assume that Graphical User Interface (GUI) objects and elements
of a website together is One Test Scenario. Then, we have to check all the links and
buttons. Then we have to check all forms are working properly or not. Prepare Test
Scenarios of the forms of a webpage. We can identify 4 different types of Test
Scenarios of a form:

 Check the form with valid data in all the fields.

 Check the form with invalid data which violate the validations of fields in
the form.
 Check the form by leaving some mandatory fields in the form.
  Check the form with existing record details.

Q4. While testing a website, which are the different configurations which will have
to be considered?

These configurations may demand for change in strategy of the webpage. The most
important factors that need consideration are following:

 Hardware platform: some user may use the Mac platform, some may use
Linux, while others may use Microsoft platform.
 Browsers: browser and their versions also change the layout of the web
page. Along with the browser versions, the different Plug-Ins also has to be
taken into consideration. The resolution of the monitor also with color depth
and text size is some of the other configurations.

Q5. What is the difference between authentication and authorization in web

testing?

The differences between authentication and authorization are:

 Authentication is the process with which the system identifies the user
whereas authorization is the process after the authentication process
 The authentication is used to ensure that the user is indeed a user, who he
claims to be whereas in authorization system will decide whether a particular
task can be performed by the user
 There are different types of authentications, which can be used like
password based authentication, device based authentication whereas in
authorization there are two types read only, and read write both.

Q6. Explain the different between HTTP and HTTPS?

The differences between HTTP and HTTPS are following:

 Hypertext Transfer Protocol is a protocol for information to be passed back

and forth between web servers and clients. Https is refers to the combination
of a normal HTTP interaction over an encrypted Secure Sockets Layer (SSL)
or Transport Layer Security (TLS) transport mechanism
 HTTP use port number 80 whereas HTTPS use port number 443
 HTTP can support the client asking for a particular file to be sent only if it
has been updated after a certain date and time whereas Hypertext Transfer
 Protocol over Secure Socket Layer is built into its browser that encrypts and
decrypts user page requests as well as the pages that are returned by the Web
server

Q7. What is the difference between the static and dynamic website?

The differences between Static and Dynamic website are following:

 A static website contains Web pages with fixed content where as in Dynamic
web site content of the web page change with respect to time.
 Static website are easy to create and donot require any database design but in
case of dynamic website it require good knowledge to develop the website
with programming and database knowledge.
 In static website user cannot communicate with other and same information
will be displayed to each user where as in dynamic website user may
communicate with each other.

Q8. How do you perform testing on web based application using QTP?

We can do the performance testing using QTP by adding the web add-in in the QTP
at the startup of the QTP. Now to make URL of the website available to the QTP
we have to type the URL of the site. So that while running QTP will open the
application and do the testing

Q9. What is Cross Site Scripting?

Cross Site Scripting is a thread in the dynamic website. It is also known as XSS.
Cross site scripting occurs when a web application gathers malicious data from a
user. The data is collected in the hyperlink form which contains malicious content
within it. It allows malicious code to be inserted into the web page. The web page
can be a simple HTML code or a client side script. When the malicious code is
inserted in page and clicked by some user, the malicious code becomes a part of
the web request of the user. This request can also execute on the user’s computer
and steal information.

Q10. What type of security testing you performed?

To perform the security testing tester try to attack the system. This is the best way
to determine the lope hole in the security area of the application. Most of the
systems use encryption technique to store passwords. In this we have to try to get
access to the system by using different combinations of passwords. Another
common example of security testing is to find if the system is vulnerable to SQL
injection attacks. While performing the security testing, tester cannot do any
changes in any of the following:

 Configuration of the application or the server

 Services running on the server
 Existing user or customer data hosted by the application

Q11. What are steps you will perform for securing a new web server?

Some of the important steps to be carried out for securing the web server are
following:

 Minimize rights.
 Update permissions.
 Delete default data and scripts.
 Make use of software firewall.
 Enable and make use of IIS logging.
 Regular backup.

Q12. What is usability testing in web testing?

Usability testing perform with reference to the end user. In usability testing we find
how easily end user can access the application. In terms of websites and software
applications, usability is defined as the ease at which a person with no
programming knowledge can use the software to complete the desired task.
Usability is comprised of following:

 Learnability is how easy it is for a new user to accomplish tasks the first
time they visit your website.
 Memorability is how easy it is for someone to come back to using your
website after they haven’t used it for a period of time.
 Efficiency is how quickly users can complete tasks on your site after they
are familiar with its use.

Q13. What is difference between web based testing and windows based testing?
Web based testing is concern with the following:

 Broken Links in the web pages.

 Performance of web like response time.
 Graphical User Interface
 Text on the page

Where as in Windows based testing we look for :

 Functionality
 Intergration

Q14. What are the common bugs in web testing?

In Web based testing following bugs are very common:

 Issues in navigation of application

 Usability.
 Cosmetic Issues and GUI Issues
 Functional Issues
 Performance issues - How time it takes to display the page to the user.
 Load - How much load an application can handle at any point in time.
 Stress - At how much load application will crash.
 Flow of data - Information which is entered by user is stored in correct
format.
 If proper static information is not displayed along with text fields to enter
data.
 Links are broken, default focus is not set in forms, tab key not working, all
key board short cuts are not fully functional

Q15. What is the difference b/w desktop application testing and web testing?

Desktop Testing: Desktop application testing is standalone testing, it is

independent of the other application which are executing on the different machines.
In this application testing, tester need not worry about number of user.
Web testing Web testing is related to client server. Web testing needs to have many
testing’s like Usability, GUI, Load Testing, Performance Testing.

Q16. What is field validation in web testing?

Field validation is used to ensure that only correct data is entered into the field. We
can select validation options to make sure that only correct format data can be
entered into a field correctly. When validation options are selected, we can use the
FileMaker Pro to displays a message when user enter data in incorrectly format.
For example, you can set an option to require that users enter a value in a field. The
field validations check the format of the data. To ensure this we perform the
validation testing in the website. Like the email field must contain the data in
[email protected] format.

Q17. What is focus testing in website?

Focus testing is used to test that when we open a webpage the cursor automatically
blink on the particular field. Like in the case of Gmail login page. When we open
the Gmail login page the cursor automatically blinks on the username filed. This is
the Focus testing in website.

Q18.Explain some web testing tools.

Some of the webs testing tools are discussed below:

 JMeter (load and performance tester): JMeter is a Java desktop

application which is used to create the load test environment and measure
performance of the application during load test. It can be used for examine
the performance of static and dynamic website.
 Selenium (Web app testing tool ):Selenium is a contains several
application like Selenium IDE, Selenium Remote Control and Selenium
Grid to examine and evaluate the web application.

Q19. What is website testing?

Website testing is a type of software testing which deal with the testing of the
website. Website testing is performing on website to check the functionality,
performance, usability, database related issues and browser related issues. To
perform this testing we have so many tools like JMeter, Selenium, QTP etc.
What is Web application?
It is Software application that is accessed over a network such as the Internet or an
intranet through a web browser. Web application provides services (Free and Paid)
apart from information. Ex: Online Banking System it provides Bank information,
Branches & ATM Information, Loans information etc…And It provides balance
enquiry, Fund transfer, Bill payments like services.

What is Web browser?

Web browser is a software application used to locate, retrieve and also display
content on the World Wide Web, including Web pages, images, videos and other
files. Examples: Google Chrome, Mozilla Firefox, Internet Explorer, Opera, Safari.

What is website?

Basically website is an information provider; it provides information globally

using internet protocols.

What is WWW?

The term WWW refers to the World Wide Web or simply the Web. The World
Wide Web consists of all the public Web sites connected to the Internet worldwide,
including the client devices (such as computers and cell phones) that access Web
content. The WWW is just one of many applications of the Internet and computer
networks.

What is Web portal?

Web portal is a business gateway, It organizes business operations. Ex: Online

shopping portals, Job portals etc…

What is Web server?

Web server handles Clint side and server side validations and helps to deliver Web
content that can be accessed through the Internet protocols. Examples: Microsoft
IIS (Internet Information Service) Apache Web server from Apache Java Web
server Pramathi web server etc…

How to perform Web Services Testing?

A Web Service is a service accessed via Web. Web Service is a way to publish your
application over web and enable other applications to access functions defined by
your web service. Web services exposes an interface defined in Web Services
Description Language (WSDL).

How to test Web Forms manually and using QTP Tool?

Web forms have 2 types of validations;

a) Field level validations
b) Field level validations
Using Black Box test design techniques we can test web forms manually
Using Conditional statements and built-in functions we can test web forms (Using
QTP)

What are possible configurations that could affect the testing strategy of any
web site?

Possible configurations that affect the testing strategy of any web site are hardware
platform (PC, Mac), Browser software and version, Browser Plug-Ins, Browser
settings options, Video resolution and Colour Depth, and text size.

What are the advantages of web applications than GUI based applications?

Only server side installation, client side installation is not mandatory, so

deployment and maintenance is easy.It can be accessible anywhere, anytime via a
PC with an Internet connection.The user interface of web-based applications is
easier to customize than it is in GUI applications. Content can also be customized
for presentation on any device connected to the internet, including PDAs, mobile
phones etc…Supports thousands of clients effectively Adding and removing clients
is very easy.

What are the different types of environments available in the Web?

Intranet (Local Network)Internet (Wide area Network)Extranet (Private network

over Internet)

What are the different types of web applications available in the Industry?

We have different types of web applications available in the Industry?

a) Websites
Ex: http://www.aurobindo.com/, http://www.pennacement.com/ etc…
b) Web portals
Ex: http://www.ebay.in/, http://www.naukri.com/ etc…
c) Web Applications
Ex: www.icicibank.com/, http://www.sunlife.com/ etc…
d) Email Service providers
Ex: www.gmail.com, www.yahoo.com, www.rediffmail.com etc…
e) Social Networks
Ex: www.facebook.com, www.twitter.com, www.linkedin.com etc…
f) Discussion Forums Etc…
Ex: www.top100interviewquestions.com

What are the important aspects in Web testing?

Functional Testing (includes links testing, navigation testing etc…),

Security Testing,
Database Testing (includes Data integrity, data manipulations, data retrievals etc..),
Performance Testing (includes all types of performance like Load Testing, Stress
Testing, Spike Testing, Endurance Testing and Data volume Testing),
Usability Testing,
Navigation testing,
Configuration Testing,
Compatibility Testing,
Reliability Testing,
Availability Testing,
Scalability Testing Etc…

What are the important web testing activities?

Forms validation
Links validation
Database testing
Navigation testing
Performance (Load, Stress and Endurance)
Search operations validation Etc…

What is application server?

Application Server also called an appserver, It is a program that handles all

application operations between users and an organization’s back-end business
applications or databases.

What is Client side validation?

Validating client side forms, which is typically done by Java Script. Generally it
checks weather the user is entering correct form of data or not? and entering all
mandatory fields or not? Client site validation is 2 types One is Field level
validation another is Form level validation.

What is Cookies Testing?

A “cookie” is a small piece of information that sent by a web server to store on a

web browser so it can later be read back from that browser. This is useful for
having the browser remember some specific information.

What is database server?

Database server is used to refer to the back-end system of a database application

using client/server architecture. The back-end, sometimes called a database server,
performs tasks such as data design, storage, data manipulations, archiving, and
other non-user specific tasks. Examples: Oracle, MS SQL Server, MySQL (Open
source), IBM DB2 etc…

What is difference between client server and Web Testing?

The difference between client server and Web Testing: In client server application
you have two different components to test. Application is loaded on server machine
while the application exe on every client machine. You will test broadly in
categories like, GUI on both sides, functionality, Load, client-server interaction,
back-end. This environment is mostly used in Intranet networks. You are aware of
number of clients and servers and their locations in the test scenario. Web
application is a bit different and complex to test as tester don’t have that much
control over the application. Application is loaded on the server whose location
may or may not be known and no exe is installed on the client machine, you have
to test it on different web browsers. Web applications are supposed to be tested on
different browsers and OS platforms so broadly Web application is tested mainly
for browser compatibility and operating system compatibility, error handling, static
pages, back-end testing and load testing.

What is extranet application?

It is also a private application over internet, can be accessed by fixed machines

only. It uses Wide area network and Internet Protocol technology to share
information.

What is HTML?
HTML stands for Hyper Text Markup Language, it is for displaying web pages and
other information. Basically it is data presenter in the web.

What is HTTP?

Hyper Text Transfer Protocol, the data transfer protocol used on the World Wide
Web.

What is HTTPS?

HTTPS stands for Hypertext Transfer Protocol Secure is a widely-used

communications protocol for secure communication over a computer network.

What is internet application?

Generally it is a public web application, uses Wide area network. It can be

accessed from anywhere.

What is intranet application?

It is a private application, can be accessed within the Organization only. It uses

Local /Private Network and Internet Protocol technology to share information.

What is purpose of Java Script in the Web?

It is for performing client side validations.

What is Server side validation?

Validating, processing client requests and providing response from the Server.

What is the difference among Intranet, Internet and Extranet web

applications?

Intranet: It is a private network(Within the Organization) uses LAN/MAN

Technologies
Internet: It is a Public network uses WAN Technology
Extranet: It also private network over Internet

What is the difference between desktop application testing and web testing?

Desktop testing is standalone testing. Desktop need not worry about number of
user etc. Web testing is related to client server. Web testing needs to have many
testing’s like usability, GUI, and Load Testing.
Which different test scenarios will you consider when you are testing a
website?
The first scenario to be tested is the GUI. The page layout and the design elements
used on the website have to be uniform throughout the website. The next part to be
tested is the different links provided inside the website. Along with the links, it will
also have to be tested, whether internal navigation is smooth and also check if it is
complex. The next important aspect to be checked is the response time of the
website. This will also have to checked, when there is heavy load on the system.

Explain the difference between authentication and authorization during web

testing?
Authentication is the process with which the system identifies the user. The goal is
to ensure that the user is indeed a user, who he claims to be. There are different
types of authentications, which can be used like password based authentication,
device based authentication, etc. On the other hand, authorization is the process
after the authentication process. In this process the system will decide whether a
particular task can be performed by the user, does he have the necessary
permissions, etc?

Which are the different test case formats that are a part of web testing?
The test case formats will vary depending on whether the website is a static
website or a dynamic website. The static website will have the front end test cases,
navigation test cases. On the other hand, if the website is a dynamic website, then
the test cases will be broadly divided under front end test cases, back end test
cases, field validations test cases, database test cases, security test cases, etc.

Which are the HTTP Response Objects?

Some of the HTTP Response Objects are write, flush, tell, etc. The subclasses of
HTTP Response are HttpResponseRedirect, HttpResponsePermanentRedirect,
HttpResponseBadRequest, HttpResponseNotFound, etc.

What is a proxy server?

A proxy server is a server, which behaves like an intermediary between the client
and the main server. Therefore, the requests onto the main server are first sent to
the proxy server from the client system, which are then forwarded to the main
server. The response from the main server is sent to the client through the proxy
server itself. The request and/or the response may be modified by the proxy server
depending on the filtering rules of the server.

Is usability testing possible while testing a website?

Usability testing is indeed an important part of web testing. In usability testing, it is
checked, whether the website is user-friendly. Is it possible for the user to move
around easily within the webpage? Is there any sort of ambiguity on the webpage,
which can hinder the user experience?

While testing a website, which are the different configurations which will have
to be considered these configurations may demand for change in strategy of
the webpage.
The most important factor that needs consideration is the hardware platform, while
some may use the Mac platform, some may use Linux, while others may use
Microsoft platform. The next comes the browsers and their versions into the
picture. Along with the browser versions, the different Plug-Ins also have to be
taken into consideration. The resolution of the monitor also with color depth and
text size are some of the other configurations.

Which are the common browsers, where a web application should be tested?
The browsers that are commonly used are Mozilla Firefox, Google Chrome,
Internet Explorer and Opera. Therefore, a web application must be tested on these
browsers as well.

How are the static websites different than the dynamic websites?
Static websites only give out information to the user and the user does not have any
sort of interaction with the website. On the other hand, dynamic websites are the
ones, where the user communicates with the system and is asked for information.
On providing the required information, he may be able to retrieve the information
he is looking for.

What are the common problems faced in web testing?

The most common problem faced during web testing is the server problem. The
server can either be down or it can be under maintenance. The next problem, which
is often faced in web testing is database problem, where the connection to the
database can be broken. In some cases, there can be hardware compatibility
problems, when one is testing a web application.

What is the purpose of VbScript in the Web?

It can be used for client side validations as well as Server side validations.

What is Web Services?

Web services are application components, communicate using open protocols and
these can be used by other applications. XML is the basis for Web services SOAP
(Simple Object Access Protocol), UDDI (Universal Description, Discovery and
Integration) and WSDL (Web Services Description Language) are the Web services
platform elements.

What the latest web technologies do you know?

Latest web technologies are: The main three web tracks:

1. Microsoft ASP.Net Track + SQL Server database engine (IDE: Expression Web,
Visual Studio).
2. Oracle Java Track + Oracle database engine (IDE: NetBeans, Eclipse).
3. PHP Track + MySQL database engine (IDE: Zend Studio, DreamWeaver). There
are many new concepts and enhanced methodologies like Ajax, JQuery, JSON, and
so on.

What types HTTP Response Codes do you know?

Types of HTTP Response Codes are:

2xx – success,
3xx – Redirection,
4xx – Client Error,
5xx – Server Error

What types of web testing security problems do you know?

Types of web testing security problems are: Denial of Service (DoS) attack, buffer
overflow etc…

1. Functionality Testing:
In Functional testing we need check the each components are functioning as
expected or not, so it is also called as “Component Testing”. Functional testing is
to testing the functionality of the software application under test. Basically, it is to
check the basic functionality mentioned in the functional specification document.
Also check whether software application is meeting the user expectations. We can
also say that checking the behavior of the software application against test
specification.

In this testing activities should include:

Link Testing:

Check for all broken links on your web pages & all links are working correctly.
Along with you can check the different links on you web pages:

 Internal links
 Outgoing links
 MailTo Links
 Anchor Links

Web form testing:

In the web application testing the “Forms Testing” is the essential part of testing
any web site. The main purpose of Form is to get the information from user & store
into the database. And keep on interact with them. Below are the test cases which
should be considered while doing form testing:

 First thing to test in the form is the Validations on each form fields. Here two
types of Validation need to be consider – “Client side” & “Server side”
validations.
 Check default values are being populated
 Check for all Mandatory fields. Check if a user not entered a required field
showing a mandatory error message.
 Add information using form & update information using form.
 Tab orders.
 Check for the default values of fields.
 Forms are optimally formatted for better readability
  In Negative testing enter invalid inputs to the forms fields.

Cookies testing:

Cookies are the small text file that gets saved the user’s system. These files are
saved in the desired location and used by the browsers to use the cookies. Basically
used to maintain the session mainly login sessions the Cookies are used. Instructive
information is recorded in the cookie (like Sessions) and that can be retrieved for
the web pages. User can able to enable or disable the Cookies in browser options.
The basic test to check if cookie is stored in the user’s machine in the encrypted
format. (I am writing separate article on Cookie Testing, post it soon)

So let’s see what should be tested in Cookies testing:

 Test the application by disabling the Cookies

 Test the application after corrupting the cookies.
 Check the behavior of application after removing the all the cookies for the
website you are testing.
 Check website writing cookies are working or not on different browser.
 Check if cookies for authenticated login are working or not.
 Check if behavior of application after deleting the cookies (sessions) by
clearing cache or after cookies expired
 Check if login to application after deleting the cookies (sessions)

Test HTML and CSS:

To optimize web site in the search engine then testing of HTML and CSS make
important role. In this testing check that different search engines can crawl your
site without any error. You should check for all Syntax Errors, Color Schemas in
the readable, check for Standard Compliance and the standards are followed like
W3C, ISO, ECMA, IETF, WS-I, OASIS

Test business workflow:

This would include:

 End to end testing of business scenarios/workflow which ensure that the

completeness of website testing.
 Testing of Positive as well as negative scenarios.
2. Usability testing:

Now a day’s the Usability testing is playing an important role of any web
application. This testing is to be carried out by testers like you to ensure that cover
all possible test cases which targeted audience of the web application are doing
regularly.

This would include -

Navigation testing of the web site:

 All possible options like Menus, Links or buttons on web pages should be
visible & accessible from all the web pages.
 Web pages navigation should be Easy to use
 Help instruction content should be clear & should satisfy the purpose.
 All options on header, footer & left/right navigation should be consistent
throughout the pages.

Content testing of the web site:

 No spelling or grammatical errors mistake in content throughout the page.

 Alt text should be present on Images
 No broken images
 Your task is to validate all for UI testing
 Follow some standard on content building on web page
 All content should be legible & easy to understand.
 Dark color infuriates the users, so avoid using dark colors in the theme.
 Proper size images should be placed on web page
 All the anchor text links should be working properly.

3. Compatibility testing.

In software application testing the Compatibility testing is the non-functional part

of testing. It is ensuring that how application’s working in the supported
environments. Customers are uses web application on different Operating systems,
Browser compatibility, computing capacity of Hardware Platform, Databases and
Bandwidth handling capacity of networking hardware. The Compatibility testing is
to make sure that “Is web application show correctly across different devices?”

This would include-

Browser Compatibility Test:

Web applications are rendering differently on different browsers. The objective of

browser compatibility testing is to ensure that no any errors on the different web
browsers while rendering the sites. In Browser Compatibility Testing you need to
ensure that your web application is being displayed properly on different browsers.
Also check AJAX, JavaScript and authentication are functioning correctly.

OS compatibility:

In new technology newer graphics designs are used & different APIs are used
which may not work on different Operating systems. Also on rendering of different
objects like text fields, buttons may display different on different Operating
System. So testing of web application should be carried out on different OS like
Windows, MAC, Solaris, Unix, Linux with different OS flavors.

Mobile browsing:

In latest Mobi technology you also test out Mobile Browser Compatibility too. It
may be possible of Compatibility issues on Mobile browsers. So in the new Mobi
technology age you testing of web pages on mobile browsers should be carried out.

4. Database Testing:

Data reliability is key part in the Database testing. So for web application should
be thoroughly tested.

Testing activities would include-

 Check if queries are executed without any errors.

 Creating, updating or deleting data in database should maintain the data
integrity.
 More time should not take to execute the queries, if required tune the queries
for better performance.
 Check load on database while executing heavier queries & check the result.
 Collect data from database & represent on the web pages correctly.
5. Crowd Testing:

Crowd testing is when a large group of perfect strangers try your product then give
you phenomenally helpful feedback on usability, bugs and features.

To test the software application Crowd testing can be used. It not limited to web
applications, but for all kinds of applications including mobile application testing.
Crowdtesting is dependent on the quality of the crowd. Also it depends on a crowd
that is composed out of a large group of diver’s people. It used do system tests for
performance and usability testing. Simply this is complementary to ‘normal’
testing. The mainly complicated job of crowd testing is determining a good enough
crowd.

6. Interface Testing:

In the Interface testing mainly three areas should be covered: Web Server,
Application Server and Database Server. Ensure that all the communications
between these all servers should be carried out correctly. Verify that if connection
between any servers is reset or lost then what is happing. Check if any request
interrupts in-between then how application is responding. On returns of any error
from web server or database server to application server then error should be
Errors are handled properly & display such errors to the user.

 Web Server: Check if all web requests are accepting and not any requests are
denied or leakages.
 Application Server: Check if request is sending correctly to the any server &
displayed correctly. Check if errors are catch properly & displayed to admin
user.
 Database Server: Check if database server is returns correct result on query
request.

Check if all three servers are connected to each & test request is processing
correctly. And any error in between then error should be displayed to user.

7. Performance Testing:

Performance testing is to check the web application is working under the heavy
load. Performance testing is categorized into two parts:
Web Stress Testing, Web Load Testing

This would include-

  Check if response times of Website application under different speeds of
connections
 Check if site handles many simultaneous user requests at same time.
 Check if how your web application sustain under the peak loads
 Check if large input data from users.
 Check the behavior of web application if simultaneous connection to
Database.
 Check if how the web site pulls through if crash occurs due to peak load.
 Check if optimization methods such as reduce load times by enabling cache
on browser client and server side, gzip compression etc
 Check if any hardware memory leakage errors

8. Security testing:

The security testing is carried out to ensure that is any information leakage in terms
of encrypting the data. In e-commerce website the Security testing is play an
important role. In this testing check if secure information is to check whether how
to store sensitive information such as credit cards etc.

Testing Activities will include-

 Check if unauthorized access to secure pages, if user changes from “https” to

“http” (secure to non-secure) in secure pages then proper message should be
display and vice versa.
 Check if accessing internal pages directly entering URLs in browser. If login
is required then user should redirected to login page or appropriate message
should be displayed.
 Most of the information related to transactions, error messages, login
attempts should be logged in log file.
 Check if restricted files are able to access for download.
 Check if internal Web directories or files are not accessible unless & until
not configured for download.
 Check if CAPTCHA is added & working properly for logins to prevents
automates logins attempts.
  Check if try to access others information by changing parameter in query
string. For example if you are editing the information & in URL you are
seeing UserID = 123, try to change this parameter values & check if
application is not providing the other users information. It should display
Access denied for this user to view others users information.
 Check if sessions are got expired after pre-defined amount of time if user not
using session.
 Check if user not able to pass login page for invalid username/password
combination.
 Check if user is navigated to encrypted SSL pages for secure website.

Software industry has achieved a solid recognition in this age. In this article you
should have clear idea on web application testing with web testing test cases.
Obviously these checklists have its own advantages and disadvantages. And the
selection criteria are totally based on your requirements of software web testing.
Apart from that we also discussed current trends followed by IT industries on Web
application testing.

Over to You!

If you enjoy reading this article please make sure to share it with your friends.
Please ask your queries in below comment section. Your feedback is always
appreciated!