UNIT-IV

Unit IV Software Testing

Software Testing: A Strategic Approach to Software Testing - Strategic Issues Test Strategies for
Conventional Software - Validation Testing - System Testing.Testing Conventional Applications: White-
Box Testing - Basis Path Testing - Control Structure Testing - Black-Box Testing.Testing Web
Applications: Testing Concepts for WebApps - The Testing Process - Content Testing - User Interface
Testing- Component-Level Testing - Configuration Testing -Security Testing - Performance Testing.

Unit V Test Automation and Software Maintenance Software Testing Plan and Test Case Preparation:
Introduction - Test Plan - Test Case. Test Automation: Expectations from Test Automation - Limitations -
Automation Strategy -Automation Frameworks Automation Metrics. Software Maintenance:
Introduction - Maintenance Activities - Maintenance Process -Maintenance Cost - Maintenance
Strategies.
.

By
Dr.C.Mohanapriya
MSc(CT).,Mphil.,SET.,PhD., 1
2
 Testing Web Applications
Urgency in WebApp Projects
WebApp projects are often under significant pressure due to factors like competition,
customer demands, and market timing.
Risks of Inadequate Testing
Neglecting or rushing the testing phase can lead to catastrophic outcomes, such as
poor performance, security vulnerabilities, and user dissatisfaction.
Early and Continuous Testing:
Testing should not be postponed until the project is near completion.
Start testing before writing any code and continue to test throughout the development
process.
Testing Beyond Code:
Requirements and design models, although not testable in the traditional sense, still
require validation
Emphasis on Quality Assurance: 3
 Testing Web Applications

Testing is the process of exercising software with the intent of identifying and correcting
errors.
- This core philosophy remains unchanged for WebApps, but the complexity of Web-
based systems adds significant challenges due to their networked environment, diverse
operating systems, browsers, devices, hardware platforms, communication protocols,
and backend applications.
. Dimensions of Quality in WebApps:
- Quality in WebApps is ensured through good design, technical reviews, and thorough
testing, focusing on several key dimensions:

4
a. Content:
- Syntactic Level: Assessment of spelling, punctuation, and grammar for text-based
content.
- Semantic Level: Evaluation of the correctness, consistency, and clarity of the
information presented.
b. Function:
- Testing to ensure that WebApp functions meet customer requirements and conform to
implementation standards (e.g., Java, AJAX).
- Functions are checked for correctness, stability, and adherence to standards.
c. Structure:
- Ensures that the WebApp structure effectively delivers content and functionality.
- Assesses whether the structure is extensible and can support new content or features in
the future. 5
d. Usability:
- Testing to ensure that the user interface is intuitive and supports all user categories.
- Focus on whether users can easily learn and use the navigation and interaction elements
of the WebApp.
e. Performance:
- Evaluates the WebApp's responsiveness under various operating conditions,
configurations, and loads.
- Ensures that the system maintains acceptable performance levels even under extreme
load conditions.
f. Compatibility:
- Testing the WebApp across different client and server host configurations to identify
any configuration-specific errors.
- Ensures the WebApp functions correctly across various platforms. 6
 g. Interoperability:
- Tests the WebApp's ability to interface correctly with other applications and databases.
- Ensures seamless integration with other systems.
h. Security:
- Assesses the WebApp for potential vulnerabilities and attempts to exploit them.
- Any successful penetration is considered a security failure, and corrective actions are
necessary.
Testing Strategy for WebApps
- A well-defined strategy and specific tactics are required to thoroughly test WebApps
across all these dimensions.
- The goal is to identify errors in each quality dimension and ensure that the WebApp
performs reliably and securely across all environments and usage scenarios.
7
 Errors within a WebApp Environment

1.Symptom vs. Root Cause: Errors often manifest as symptoms on the client side,
making it hard to identify the true underlying issue.
2.Environment-Specific Errors: Different configurations and environments make
it difficult to reproduce and debug errors outside their original context.
3.Configuration Issues: Many errors are related to the WebApp’s configuration, in
addition to design or programming mistakes.
4.Client-Server Architecture: The client-server model complicates tracing errors
across different layers (client, server, network).
5.Static vs. Dynamic Environment: Errors can arise from both the static testing
environment and dynamic real-time factors.
These points highlight the critical role of the environment in diagnosing and
resolving WebApp errors, especially during testing.

8
 Testing strategy:

1.Content Model Review: Check for errors in the content model.

2.Interface Model Review: Ensure all use cases are covered.
3.Design Model Review: Identify navigation errors.
4.User Interface Testing: Detect presentation and navigation issues.
5.Unit Testing: Test functional components individually.
6.Navigation Testing: Verify navigation across the architecture.
7.Compatibility Testing: Test the WebApp in various environmental
configurations.
8.Security Testing: Attempt to exploit vulnerabilities.
9.Performance Testing: Assess the WebApp’s performance.
10.User Testing: Evaluate the WebApp with a controlled group of end users for
various concerns including content, navigation, usability, compatibility, security,
reliability, and performance.
Since WebApps often evolve, the testing process is ongoing, with regression tests
used by support staff to ensure continued functionality. 9
 Test Planning

:
•Importance of Planning: Despite some developers’ aversion to planning, it
establishes a roadmap for all subsequent work, making it essential for effective
WebApp development.
•Need for Test Planning: As noted by Splaine and Jaskiel, even simple websites
benefit from test planning to manage the large number of bugs found during ad hoc
testing and ensure reliable re-testing.
•Test Plan Components:
1.Task Set: Defines the tasks to be performed during testing.
2.Work Products: Specifies the outputs produced from each testing task.
3.Evaluation and Recording: Details how test results are evaluated, recorded,
and reused for regression testing.
A well-structured test plan helps in creating imaginative new tests and focuses on
ensuring that known bugs are fixed and no new bugs are introduced.
10
 Test Process

• Here's an overview of the WebApp testing process:

1. Initial Testing: Start with tests that focus on content and interface functionality
visible to end users.
2.Progressive Testing: Move on to testing design architecture and navigation
aspects.
3. Final Testing: Shift focus to technological capabilities, including WebApp
infrastructure and installation/implementation issues.

The testing process aligns with the design pyramid for WebApps, beginning with
user-visible elements and progressing to infrastructure design elements.
This structured approach ensures comprehensive testing from the most visible to
the most technical aspects of the WebApp.
11
12
 Content testing - Objectives of Content Testing

• Content testing is crucial for identifying and resolving errors in web application
content before users encounter them. It involves both reviews and executable test
cases to uncover various issues, including typographical errors, incorrect
information, and improper organization.
• Objectives of Content Testing
1. Uncover Syntactic Errors: Identifying typos, grammar mistakes, and other
textual errors using automated tools and human reviewers.
2. Uncover Semantic Errors: Ensuring the accuracy and completeness of
information presented.
3. Identify Organizational Errors: Checking the structure and layout of content for
ease of understanding and navigation.
13
 Content testing

• Content testing is crucial for identifying and resolving errors in web application
content before users encounter them. It involves both reviews and executable test
cases to uncover various issues, including typographical errors, incorrect
information, and improper organization.
• Objectives of Content Testing
1. Uncover Syntactic Errors: Identifying typos, grammar mistakes, and other
textual errors using automated tools and human reviewers.
2. Uncover Semantic Errors: Ensuring the accuracy and completeness of
information presented.
3. Identify Organizational Errors: Checking the structure and layout of content for
ease of understanding and navigation.
14
Methods
• Automated Tools: Spelling and grammar checkers for initial error
detection.
• Human Reviewers: Professional copy editors to catch errors missed by
automated tools.
Semantic Testing
Reviewers focus on:
• Factual accuracy
• Conciseness
• User-friendly layout
• Ease of finding embedded information
• Proper referencing of sourced information

15
 Content Testing -Database Testing

Modern WebApps often interact with sophisticated database management systems to

create dynamic content in real time. This process involves several steps:
1. Querying the Database: A large database is queried to retrieve relevant data.
2. Data Extraction: The necessary data is extracted from the database.
3. Content Organization: The extracted data is organized into a content object.
4. Transmission: The content object is transmitted to the client environment for
display.
Errors can occur at each of these steps, and database testing aims to uncover these
errors to ensure the accuracy and efficiency of the dynamic content generated by the
WebApp.

16
 Factors Complicating Database Testing

Database testing aims to uncover errors in the process of generating dynamic

content from databases. However, several factors complicate this process:
• Translation Errors: The original client-side request is rarely in a form (e.g.,
SQL) that can be directly processed by the DBMS. Tests should identify
errors in translating the user’s request into a processable form.
• Communication Errors: The database may be remote from the WebApp
server. Tests should uncover errors in communication between the WebApp
and the remote database.

17
 Factors Complicating Database Testing

• Data Formatting Errors: Raw data from the database must be properly
formatted for transmission to the client. Tests should ensure the validity of
the raw data received by the WebApp server and the transformations
applied to create valid content objects.
• Transmission Errors: The dynamic content objects must be transmitted to
the client in a displayable form. Tests should uncover errors in the content
object format and ensure compatibility with different client environment
configurations.
By addressing these factors, database testing ensures the reliability and
accuracy of dynamic content generated by WebApps.

18
19
1. Interface Layer: Ensure valid information is passed between the client and
server.
2. WebApp Layer: Verify scripts are processed correctly and user data is properly
extracted/formatted.
3. Data Transformation Layer: Confirm user data is correctly passed to server-
side functions that format queries (e.g., SQL).
4. Data Management Layer: Ensure queries are passed to the data management
layer that communicates with database access routines.
• Testing focuses on interactions between the client layer and the first two server
layers (WebApp and data transformation). The user interface layer is tested for
proper script construction and transmission, while the WebApp layer is tested for
correct data extraction and transmission to the data transformation layer. Data
transformation functions are tested to ensure correct SQL creation and
communication with data management components.
20
 USER INTERFACE TESTING
1. Requirements Analysis: Review the interface model to ensure it meets
stakeholder requirements and aligns with the overall requirements model.
2. Design Phase: Evaluate the interface design model to ensure it meets generic
quality criteria for user interfaces and addresses application-specific design
issues.
3. Testing Phase: Focus on executing application-specific aspects of user
interaction, including interface syntax and semantics, and provide a final
usability assessment.
• This process ensures that the user interface is both functional and user-friendly,
meeting all necessary criteria from initial requirements to final usability.

21
 1.Interface Testing Strategy
1. Objective:
Uncover errors in specific interface mechanisms (e.g., menu links, form data entry).
Identify errors in the implementation of navigation, functionality, or content display.
Tactical Steps:
Design and Aesthetics: Test interface features (e.g., fonts, colors, frames, images) to ensure they adhere to design
rules and are visually correct.
Unit Testing: Test individual interface mechanisms (e.g., forms, client-side scripts, dynamic HTML, streaming
content) separately to ensure they function correctly.
Integration Testing: Test each interface mechanism within the context of a use case or NSU (Navigational State
Unit) to ensure they work together as intended.
Validation Testing: Test the complete interface against selected use cases and NSUs to ensure it meets the intended
semantics and usability requirements.
Compatibility Testing: Ensure the interface works across different environments (e.g., browsers), akin to
configuration testing
This strategy ensures that both the functional and aesthetic aspects of the user interface are thoroughly
tested, providing a seamless and user-friendly experience. 22
 2. Testing Interface Mechanisms
1. Links :
- Test each link for proper navigation and content accuracy.
- Ensure external links are valid and reliable.

2. Forms :
- Verify correct labeling, mandatory field identification, and proper data transmission.
- Ensure form fields have correct width, data types, and safeguards.
- Test pull-down menus for meaningful options and browser auto-fill for accuracy.
- Ensure tab key navigation works as expected.

3. Client-Side Scripting :
- Conduct black-box tests to detect processing errors.
- Verify scripting language compatibility with the WebApp environment.

23
4. Dynamic HTML :
- Ensure dynamic display functions correctly across different environments.

5. Pop-Up Windows :
- Test for correct sizing, positioning, aesthetic consistency, and functionality of scroll bars
and controls.

6. CGI Scripts :
- Focus on data integrity, script processing, and server performance under load.
7. Streaming Content :
- Verify content is up-to-date, displays correctly, and can be paused/resumed without
errors.

24
8. Cookies :
- Test proper construction, transmission, and persistence on both server and client sides.

9. Application-Specific Interface Mechanisms (e.g., Shopping Cart) :

- Perform boundary tests, empty cart checks, deletion, and purchase persistence tests.
- Ensure cart contents can be recalled if no purchase is made.

25
 2. Testing Interface Mechanisms
1. Links :
- Test each link for proper navigation and content accuracy.
- Ensure external links are valid and reliable.

2. Forms :
- Verify correct labeling, mandatory field identification, and proper data transmission.
- Ensure form fields have correct width, data types, and safeguards.
- Test pull-down menus for meaningful options and browser auto-fill for accuracy.
- Ensure tab key navigation works as expected.

3. Client-Side Scripting :
- Conduct black-box tests to detect processing errors.
- Verify scripting language compatibility with the WebApp environment.

26
 3. Testing interface semantics
1. Objective: Evaluate how well the interface design supports users, provides clear
direction, delivers feedback, and maintains consistency.
2. Review: Conduct a thorough review of the interface design model to partially address
these objectives.
3. Use-Case Testing:
o Test each use-case scenario for different user categories once the WebApp is
implemented.
o Design testing sequences based on use cases to uncover errors that might prevent
users from achieving their goals.
4. Checklist:
o Ensure every menu item and embedded link within content objects are exercised at
least once.
o Include tests for improper menu selections and link usage to check for effective error
handling and recovery.
• This approach ensures that the interface semantics are thoroughly tested, providing a
user-friendly and consistent experience.
•
27
28
 4.usability testing for a WebApp
•
1. Objective: Evaluate how effectively users can interact with the WebApp, how well it
guides their actions, provides feedback, and maintains consistency.
2. Steps:
o Define Categories and Goals: Identify usability testing categories and set goals for
each.
o Design Tests: Create tests to evaluate each goal.
o Select Participants: Choose end users to conduct the tests.
o Instrument Interaction: Monitor participants’ interactions with the WebApp during
testing.
o Assess Usability: Develop a mechanism to evaluate the WebApp’s usability.

29
1. Levels of Abstraction:
o Specific Interface Mechanism: Assess usability of individual elements like forms.
o Complete Web Page: Evaluate the usability of a full web page, including all
interface mechanisms and functions.
o Complete WebApp: Consider the usability of the entire WebApp.
2. Test Categories and Objectives:
o Interactivity: Are interaction mechanisms (e.g., pull-down menus, buttons) easy
to understand and use?
o Layout: Are navigation mechanisms, content, and functions placed for quick
access?
o Readability: Is the text well-written and understandable? Are graphic
representations easy to understand?
•
30
• Figure below illustrates three main aspects: Ease of Use, Predictability, and Ease
of Understanding. Each of these aspects is graded on a scale, helping users to
evaluate different interface features like animation, buttons, color, and more.
 Ease of Use: Ranges from “Awkward” to “Efficient,” passing through stages like
“Difficult to learn,” “Misleading,” “Easy to learn,” “Effective,” and “Simple.”
 Predictability: Starts from “Inconsistent, Lacking uniformity” and moves
towards “Generally uniform” and “Predictable.”
 Ease of Understanding: Goes from “Confusing” to “Clear,” with intermediate
stages like “Somewhat ambiguous.”
• These scales help in providing a structured way to assess and improve the
usability of various interface features.

31
 Component-level testing
• Component-level testing, also known as function testing, is essential for identifying
errors in individual WebApp functions. Here are the key methods used in this type of
testing:
1. Equivalence Partitioning:
o The input domain is divided into categories or classes.
o Test cases are derived from each class to uncover errors.
o Example: For an e-commerce application calculating shipping charges, test cases
might include various postal code formats to identify errors in postal code
processing.

32
1. Boundary Value Analysis:
o Tests are conducted at the boundaries of input data.
o Example: If a shipping function allows delivery times between 2 and 14 days,
boundary tests might include values like 0, 1, 2, 13, 14, and 15 to see how the
function handles data at and beyond these limits.
2. Path Testing:
o Used for functions with high logical complexity.
o Ensures that every independent path in the program is tested.
o This method is a white-box test-case design technique.
• These methods help ensure that each component of the WebApp functions correctly
before integration into the larger system

33
Forced Error Testing:
Intentionally drive components into error conditions to test error handling.
Identify issues such as incorrect error messages, WebApp failures, or erroneous
outputs.
Test Case Specification:
Define input values and expected outputs for each test case.
Record actual outputs for comparison and future support.
Database Testing:Ensure WebApp functions correctly interact with external
databases.
Validate that database interactions are handled properly as part of component
testing.

34
35
 Configuration Testing

 Purpose: Ensure consistent user experience across different setups.

 Challenges:
o Variability: Different hardware, operating systems, browsers, and network
speeds.
o Instability: Frequent changes like OS updates and new internet connections.
 Goal: Test the most likely configurations to identify and fix specific issues.

36
 Server-Side Issues in Configuration Testing

 Purpose: Ensure the server setup supports the WebApp without errors.
 Key Components to Test:
o Compatibility: Is the WebApp compatible with the server OS?
o System Files: Are files and directories created correctly?
o Security: Do firewalls and encryption allow smooth operation?
o Distributed Servers: Has the WebApp been tested with chosen server
configurations?
o Database Integration: Is the WebApp integrated with the database software?
Does it handle different versions?
o Scripts: Do server-side scripts execute properly?
o Admin Errors: Have potential admin errors been tested for their impact?
37
• Proxy Servers: Have configuration differences been tested on-site?
 Client-Side Issues in Configuration Testing
 Purpose: Ensure WebApp compatibility with various client-side setups.
 Key Components to Test:
o Hardware: CPU, memory, storage, printers
o Operating Systems: Linux, macOS, Windows, mobile OS
o Browsers: Firefox, Safari, Internet Explorer, Opera, Chrome
o User Interface Components: ActiveX, Java applets
o Plug-ins: QuickTime, RealPlayer, etc.
o Connectivity: Cable, DSL, modem, T1, WiFi

38
 Client-Side Issues in Configuration Testing
 Purpose: Ensure WebApp compatibility with various client-side setups.
 Key Components to Test:
o Hardware: CPU, memory, storage, printers
o Operating Systems: Linux, macOS, Windows, mobile OS
o Browsers: Firefox, Safari, Internet Explorer, Opera, Chrome
o User Interface Components: ActiveX, Java applets
o Plug-ins: QuickTime, RealPlayer, etc.
o Connectivity: Cable, DSL, modem, T1, WiFi

39
 Other Variables:
o Networking software
o ISP variations
o Concurrent applications
 Testing Approach:
o Reduce configuration variables to a manageable number.
o Assess likely configurations for each user category.
o Use market share data to predict common setups.
o Test the WebApp in these environments.

40
 SECURITY TESTING
• Web application security testing is indeed a complex and crucial aspect of ensuring the safety and
integrity of web applications. It involves identifying, preventing, and mitigating vulnerabilities that
could be exploited by malicious actors. Here are some key points to consider:
1. Client-Side Vulnerabilities: These can often be traced to bugs in browsers, email programs, or
communication software.
For example, a common issue is buffer overflow, where a hacker can exploit a bug by entering a U
RL longer than the buffer size allocated for it, causing a memory overwrite error
1
.
2. Network Communications: Security testing also involves examining the data transmission
between the client and server. This includes ensuring that data is encrypted and that there are no
vulnerabilities in the communication protocols that could be exploited.
3. Server-Side Vulnerabilities: These include issues in the server’s code, architecture, and
deployment environment.
Common vulnerabilities include SQL injection, cross-site scripting (XSS), and broken access contr
ol
2
. 41
4. Security Testing Tools and Frameworks: Utilizing tools and frameworks
like the OWASP Web Security Testing Guide can provide a comprehensive approach
to identifying and mitigating security risks3.
5. Unauthorized Access to Cookies: Cookies store session data, and if a
malicious website gains access to these cookies, it can lead to privacy breaches or
identity theft. Implementing secure cookie attributes like HttpOnly and Secure can
help mitigate these risks.
6. Spoofing: This involves tricking a user into thinking they are interacting with
a legitimate website. Techniques like HTTPS, SSL/TLS certificates, and user
education about phishing can help prevent spoofing attacks.
7. Server-Side Vulnerabilities: Denial-of-service (DoS) attacks and malicious
scripts can disrupt server operations or compromise data. Regular updates, patch
management, and intrusion detection systems (IDS) are essential to protect against
these threats.

42
8. Security Elements:
1. Firewall: Acts as a barrier between trusted and untrusted networks, filtering incoming
and outgoing traffic based on security rules.
2. Authentication: Ensures that only verified users can access the system. Multi-factor
authentication (MFA) adds an extra layer of security.
3. Encryption: Protects data by converting it into a secure format. Using strong
encryption algorithms and managing keys securely are crucial.
4. Authorization: Controls access to resources based on user roles and permissions,
ensuring that only authorized users can perform certain actions.
9. Security testing should cover all these areas to identify and mitigate potential
vulnerabilities.

43