Web Functionality Testing Tips and Tricks

Post an Article

Date: 7th Jul 2007
Author: Ghulam Kubra
Contact Author
Ranking: 9.18 (17 Votes)

Web Functionality Testing verifies that a web application does what it is supposed to do; conformance to user's stated and implied needs. With the increased popularity of automated testing tools, one finds Web Functionality Testing just a piece of cake. However, to enjoy the real essence of testing, a thorough understanding of the areas to be tested is required, prior to executing functional test suite. This article serves the purpose of highlighting at an abstract level those significant areas accompanied by some basic testing guidelines.

Session Management

A user session (sometimes referred to as a visit) is the presence of a user with a specific IP address on a website for a specified period of time. Session handling plays a vital role in website testing. Following tips may serve fruitful in this context:

1. The most common bug which I have encountered during the course of website testing is improper session management. That is to say if multiple users (lets say User A, B, C) are logged into the same web application, A will have access to B's session, C's session is exposed to B and C can play havoc with A's session.
2. While testing improper session management, one scenario which normally leads a tester to report a bug is when you logoff, click browser's Back button and voila! the same user is still logged on and you can still perform operations remaining in that person's session. The criticality of this bug depends upon the nature of the web application. It can prove detrimental in case of e-commerce applications where financial transactions are involved.
3. If the programmer has set a limit on session expiry (e.g. 30 min.), test to see whether your application behaves in a decent manner after the session has expired. For instance, open a web page and let the session expire for this page. Now clicking Refresh or reloading the page will generate an exception (mostly) if due consideration is not given to session expiry.

Cookies

A Whatis.com definition of a cookie is "information a website puts on your hard disk so that it can remember something about you at a later time". 'Cookie Testing' is another domain which normally remains unexplored. Following may be considered worthwhile as regards cookie testing is concerned:

1. Disable all cookies and test the behavior of your website after doing so. Can the user still perform operations; possibly the answer is No. This isn't a bug, however what needs to be communicated to the user is the fact that cookies need to be enabled for proper functioning of the website.
2. Another scenario would be to set the cookie option to "Prompt" from your IE settings. Once this is done, strategize in such a way so as to allow some cookies and reject some others based on the test plan you devised earlier. Now test the behavior of your website. Does the web server behave in a decent manner; i.e. does it prompt the user to enable cookies to perform the required operation(s) or does it generate an exception or corrupt the data.
3. Edit the cookie file so as to change an important parameter stored in the cookie. Then test the consequences. For instance in an e-commerce website, you are shopping for your favorite items. A cookie is set which stores your shopping cart for a session with a session id (let's say KWA-46447281). Now your job as a tester is to edit the contents of this cookie with an intent to check site's behavior. Let's say you edit the session-id to KWA-46447282. Does this lead you to someone else's shopping session. If so, applause to you as a tester, if not, better luck next time !

Exception Handling

An exception is an event that occurs during the execution of a program that disrupts the normal flow of instructions. Broadly speaking there are two types of exceptions:

Exceptions due to programming errors e.g. type mismatch, violation of key constraint, out of bounds exception etc

Exceptions due to resource failures e.g. mail server down/network down etc

The ultimate goal is to see whether the application returns meaningful error messages on a custom error page, incase any of such exception has occurred. Moreover, all persistent data operations must be rolled back. Now the question arises, what sort of response has to be provided to the user ? To a greater extent, this depends on the developer's coding tactic; a smart code ensures the following:

1. The information is not so precise that it would ultimately aid hackers to hack the application e.g. DB structure highlighting table names, and field names etc.
2. The information is not so vague that the user may have difficulty in interpreting the message and consequently arranging for its repair.

Third Party Integration

Normally web applications require information to be redirected to a third party server for validation e.g. financial transactions need to be validated with respect to credit card information. As such, the information stream from your server to the third party server has to be tested keeping in view the following:

1. While redirecting to third party server, information should pass in a secure manner.
2. Time can be tested to see if it doesn't take long to redirect from your site to the payment gateway.
3. Response (success/failure) received from third party should be tested. This comprises of functionality as well as usability aspects. As such, the following is worthwhile to test:
   • Corresponding Tables in Local DB are updated with the transaction details along with Response Code (Success/Failure).
   • A proper information message is displayed to user.
   • Control panel provided by payment provider gateway shows correct details of the transaction committed. These may include Unique Identification, Transaction Amount, Order No., UserIP, Email, Date, Time etc. However, these fields are dependant on the information you provide to the third party server.
4. At any instance of time, number of transactions committed at payment gateway should be equal to the number of transactions updated in your Local DB. In case of any variation, the root cause may be identified. For instance, it may happen that while a transaction is committed, your Local Application/DB Server was down and as such this particular transaction failed to save in DB, ultimately ending up in cash reconciliation problems.
5. On submitting financial transactions, multiple clicks shouldn't be allowed or should be handled in such a way that would not lead to multiple payments.

Auto generated e-mails

Incase the Mail Server is down, and an important e-mail has to be auto generated to customer, a tester needs to test whether the mail server incorporates any spooling mechanism. By virtue of this, when mail server gets functional again, all spooled e-mails are sent.

Uploading/Downloading

Mostly websites require some documents/image files to be uploaded or downloaded. In this context, the following may be tested:

• Maximum/Minimum size allowed for the file.
• Maximum number of files allowed.
• Allowable formats e.g. in case its an image file, allowable formats could be jpg, gif, bmp etc. Similarly if it's a document file, the allowable formats could be .doc, .pdf, .txt etc. So this needs to be tested keeping in view the Functional Specifications.
• Time taken to upload or download.

Interdependent Modules

After unit testing, integration testing needs to be performed. That is to test different modules collectively so as to ensure proper functionality across integration points. For instance, a Registration module and Login module are separately functioning properly but when integrated may lead to several loopholes.

Validation Checks

Validation checks also play important role in overall functionality of websites. These include (but not limited to):

• Field length (Maximum and Minimum allowed).
• Characters allowed
• Mandatory Fields

Broken Links

A very common bug in website testing is broken links. If your site under test comprises of hundreds of pages, it would practically be very cumbersome to click every page and see whether it works or not. Instead a recommended approach is to use a broken link checker. There are many free-wares available for this purpose e.g. http://www.dead-links.com/

Database Management

1. Correct data loading should be tested. e.g. if data is to be imported through any libraries, make sure it is current and valid.
2. All transactions committed (add, update, delete etc) need to be tested at the DB level.

---

Comments

The article covers the real time website testing issues in a precise manner
Posted by : Zainab on 2007-07-11 09:12:22

I really liked the article. It is pointing out some potentially buggy areas of web functionality which is usefull for experiented testers. And also can work as a primer for new ones. I think some more info can be added on cosmetics standards and look & feel testing of web.
Posted by : Faisal Bilal on 2007-07-16 09:36:38

Quite informative article
Posted by : Javeria on 2007-07-16 12:40:46

The article is really informative & is interesting enough to force the reader to finish it... One thing that I feel is missing is that as the article mentions every thing that a user should do manually, their should be information on how the user can do the same using a certain testing tool.. like which tool is best for which sort of testings on a website.. Rest was great.. Job well done.
Posted by : Iftikhar Hussain on 2007-07-16 13:22:32

I find this article very useful for website functional testing. It’s a well organized article. Areas have been divided nicely and ways to identify commonly occurring defects in those areas have been discussed. I think author should have discussed functionality issues which arise due to manipulation in data that is passed in URL through query string by Get method. Also at times behavior of websites is different while using different browsers.
Posted by : Waqas Raza on 2007-07-18 09:01:57

The article is precise and informative. I think the load testing is also an integral part of web testing so should have also covered that.
Posted by : Sajjad on 2007-07-18 13:43:31

Very nicely written and well composed . Its truely an excellent guideline for web developers.
Posted by : Ahmad Husssain Naseem on 2007-07-20 19:54:38