Q. How can World Wide Web sites be tested?
Web sites are essentially client/server applications - with web servers and 'browser' clients. Consideration should be given to the interactions between html pages, TCP/IP communications, Internet connections, firewalls, applications that run in web pages (such as applets, java script, plug-in applications), and applications that run on the server side (such as cgi scripts, database interfaces, logging applications, dynamic page generators, asp, etc.). Additionally, there are a wide variety of servers and browsers, various versions of each, small but sometimes significant differences between them, variations in connection speeds, rapidly changing technologies, and multiple standards and protocols. The end result is that testing for web sites can become a major ongoing effort. Other considerations might include:
• What are the expected loads on the server (e.g., number of hits per unit time?), and what kind of performance is required under such loads (such as web server response time, database query response times). What kinds of tools will be needed for performance testing (such as web load testing tools, other tools already in house that can be adapted, web robot downloading tools, etc.)?
• Who is the target audience? What kind of browsers will they be using? What kinds of connection speeds will them by using? Are they intra- organization (thus with likely high connection speeds and similar browsers) or Internet-wide (thus with a wide variety of connection speeds and browser types)?
• What kind of performance is expected on the client side (e.g., how fast should page appear, how fast should animations, applets, etc. load and run)?
• Will down time for server and content maintenance/upgrades be allowed? How much?
• What kinds of security (firewalls, encryptions, passwords, etc.) will be required and what is it expected to do? How can it be tested?
• How reliable are the site's Internet connections required to be? And how does that affect backup system or redundant connection requirements and testing?
• What processes will be required to manage updates to the web site's content, and what are the requirements for maintaining, tracking, and controlling page content, graphics, links, etc.?
• Which HTML specification will be adhered to? How strictly? What variations will be allowed for targeted browsers?
• Will there be any standards or requirements for page appearance and/or graphics throughout a site or parts of a site??
• How will internal and external links be validated and updated? how often?
• Can testing be done on the production system, or will a separate test system be required? How are browser caching, variations in browser option settings, dial-up connection variations, and real-world internet 'traffic congestion' problems to be accounted for in testing?
• How extensive or customized are the server logging and reporting requirements; are they considered an integral part of the system and do they require testing?
• How are cgi programs, applets, java scripts, ActiveX components, etc. to be maintained, tracked, controlled, and tested?
Some sources of site security information include the Usenet newsgroup 'comp.security.announce' and links concerning web site security in the 'Other Resources' section.
Some usability guidelines to consider - these are subjective and may or may not apply to a given situation (Note: more information on usability testing issues can be found in articles about web site usability in the 'Other Resources' section):
• Pages should be 3-5 screens max unless content is tightly focused on a single topic. If larger, provide internal links within the page.
• The page layouts and design elements should be consistent throughout a site, so that it's clear to the user that they're still within a site.
• Pages should be as browser-independent as possible, or pages should be provided or generated based on the browser-type.
• All pages should have links external to the page; there should be no dead-end pages.
• The page owner, revision date, and a link to a contact person or organization should be included on each page.
Many new web site test tools have appeared in the recent years and more than 280 of them are listed in the 'Web Test Tools' section.
Q. From the testability point of view what is the difference between client/server testing and web testing
Client Server testing is a three tier architecture and when testing has to be done on this we need to consider all types of testing like the stress testing , data - volume testing, load testing and performance testing.
When u are doing a normal web testing then you will be testing navigation testing, frame testing, broken links or missing URL's and static text testing.
Q. What type of testing is carried out to find memory-leakages? Give a sample example.
Through Volume testing it is possible. i.e., An application tries to retrieve large amount of data that require large temporary buffer area. If the data exceed the buffer area the situation of memory leakage will occur and query will fail without returning any result as sorting did not finish as buffer exceeds the limit.
We need to know the memory size before the test execution and after test execution by using memory related API functions or MFC functions.
Q. How to Test the Cookies and Memory leakages?
For cookie testing follow the below url
http://www.stickyminds.com/sitewide.asp?Function=edetail&ObjectType=ART&ObjectId=2935
For memory leakage testing follow the below url:
http://www.liutilities.com/products/wintaskspro/whitepapers/paper1/
Q. In n tier Architecture what are the factors should be considered for testing?
In 3 tier architecture there are 3 layers in the architecture. They are 1) Application (Presentation) layer 2)Business Logic Layer and 3)Data layer
In n tier architecture, Data layer is divided into 2 layers i.e. Data access and Database.
In n tier architecture, Data access layer and Database layer may or may not reside on the same location. Keeping that into consideration we have to prepare Test strategy and Test Approach
Q. During the password field testing. What should be the focus?
During password field testing, the below options should be given focus:
1. Password should be in encrypted form
2. The field cannot be copied either by right clicking of the mouse or by Ctrl+c option
Q. How to do browser testing (creates a standard script and run it for the different browser combinations.)
The GUI architecture and events messaging differs from browser to browser. Like IE uses Win32::OLE messaging and Firefox uses some GTK based messaging. So it is generally difficult to create one standard script that runs on all browsers. But tools like Win Runner, QTP use complex procedures inside them to handle different browsers. Manual testing can always be performed if the application supports different browsers like IE, Firefox, Opera, Netscape etc.
Q. What bugs are mainly come in web testing what severity and priority we are giving?
In web testing, mainly the bugs come from navigation area. These could be missing links, broken links, invalid links etc. Also there are bugs in downloading data/image/audio/video files from the website to the local machine and in uploading data/image/audio/video from local machine to the web server. Other than these a lot of bugs also come from the contents/look and feel/cosmetic issues.
Q. Write test cases for a web URL.
1. Type URL in the address bar (for e.g. click www.yahoo.com) and click 'go' button.
2. Check to see whether the page is navigated to the yahoo home page.
3. If navigated to yahoo home page test case is passed else failed
4.also check to see when we enter the URL in the address bar and press the enter button in the keyboard it navigates to the yahoo home page.
5. When we click the refresh button in the yahoo home page the same page should be displayed.
Q. what happens in a web application when you enter all the data and click on submit button
suddenly the connection goes off? Will the data be present if you return to the page?
If the data reaches the web server by the time of disconnection, the system will persist the data in the database .If the connection fails before reaching the server, the data won't be persisted and data will be lost.
Q. What are the important scenarios for testing emails? how do you test emails? which tool is best for testing email?
We can categorize the different part on which tester may perform the testing:
1. For incoming mail with attachment
2. For outgoing mail with attachment
3. Mail failure
4. Other operations like Delete, Edit etc.
1. For incoming mail with attachment:
Check the proper incoming address or id.
Check not only the One address (To) but also for the cc and Bcc Addresses.
Check the maximum and minimum limit for number of addresses.
Check if address has some error like @ or dot(.) is missing.
Check if address has more than 1 @ sign.
Check if dot(.) placing and the number of times it is present in the email address
Check the address should only have @, ., _ and - special symbols that are standard signs.
Check that mail does not have unnecessary contents with it self.
Check if there is/are any attachments then they should open properly.
Check the attachment size not exceeds the standard size.
Check if there is more than 1 attachment then the calculated size must be under the Standard size.
Check if the email content has some images or some different Flash picture must show properly.
Check the different extensions files attached with the mails shows properly.
Check if the user read the mail, then it should be marked as 'read'.
2. For outgoing mail with attachment:
All the scenarios that we mentioned above for incoming mails are valid for outgoing mails also. Hence all of them have to be verified.
3) Mail failure: Check mail failure if mail is send to incorrect address and also the failure notice should indicate the reason for failure.
4) Other properties like Delete, Edit etc should be verified.
Q. What is Web Services Testing? Have you done this?
Web Services testing is nothing, but testing the application. In this testing we just see whether the concept (functionality) of web services is working or not.
Q. What things should be considered in usability testing of web application?
Usability testing is done for "user friendliness". In this we check how comfortable the customer is in using the application. Suppose for an example while logging in he forgot his password, in usability testing u have to check whether there is an "forgot password option" and if we click this it is asking for secret question or not and many things u can test like there should be minimize and maximize button for a window....and so on.
Q. How will you calculate the response time at server end?
This can be done by using Microsoft Visual Studio 2005 and 2008. In which you can find new ways to test a particular webpage such as load testing, website testing and so on. There is one software called Fidller which is used to calculate the traffic rate for a website which is currently used by a number of users.
Q. What test cases you will execute for compatibility testing with different browsers?
There are lot of issues which may arise while testing in different browsers.
Following are some points while comparing IE with Firefox, in IE following issues may occur which need compatibility testing but do not occur in Firefox
1. Java Script errors.
2. DIV Tag issue.
3. GetElementBy Issue.
4. Parent and Client Window size, pixel related issues may come.
5. After JS in IE sometimes it may not take us to further navigations.
Q. What are the main components of Performance Test Report?
The main components of performance test report are, Processor Time, User load per second, Memory use, Threshold States, Server Response and so on. When you carry out performance testing you will get the result in the form of graph, then you can see the response when user load increased and decreased per second. You can also check the processor performance and can also check threshold value when load get increased suddenly. These are some of the main components of performance test report.
Q. What errors can occur when the page loads?
The page may take too long to load...or the page may fail to load
by performing performance testing we can verify how the system behaves when subjected to or beyond specification and requirements load limits.
Perform configuration testing to determine how the system deals with hardware, software, operating systems, network conditions etc.
Q. How is Perl used for testing?
PERL is basically used for scripting. So it will be helpful when you need to automate your test cases. Also for result collection. It actually depends upon use.
Q. Give some test cases for testing a search engine website say Google.
The test cases for a search engine would be very vast. It totally depends upon the scope of testing. Some of the test cases are as mentioned below:
1) Check for simple strings like "European Premier League" or "Grammy Awards 2005".
2) Test the functionality of multiple page display by clicking on page number.
3) Verify whether a combination string works like "European Premier League_Christiano Ronaldo"
4) Perform test for opening the links in new windows.
Q. What can be the the security checks on the web site, other than login/password screens?
Other than login/password....you can do other security testing checks like SQL injection methods, Cookie encryption testing, testing of authorization & authentication etc
Q. Suppose their is a website and after clicking OK in login window there is a window opening with the message "the page can not be displayed". Is it a bug?
This can be bug but we can not be sure before checking the below factors:
- Is the internet connection working fine?
- Is the browser on which the error comes supported for the software?
- Is the URL correct?
- Is the popup blocker off?
If the answer to all the above questions is yes then this is a bug
Q. How will you determine if the architecture of any web site is of two tier, three tier or multi tier?
The architecture of different tier can be determined by checking the client, server and database. If there is a client and a database then this is two tier architecture. If the web application has an application server and database then it is a three tier architecture.
Q. What are the main bugs found in browser compatibility testing?
Following are the main bugs found in browser compatibility testing
- Particular pages are not opening in every browser like (opera, Firefox, Netscape)
- Cookies are not available in particular browser
- Exact link is not opening
- Link is broken or not exist
Q. What do you understand by the terms 'Response Time', 'Pages Per Second', 'Transactions Per Second'?
Response time is the time taken by the server to give response to a particular action or request.
Pages per second gives the number of pages downloaded per second.
Transaction Response time is the time taken to perform a transaction in the scenario.
Q. What are the models used for Testing Web Application?
All the SDLC models can be used for testing web applications. A web application is a combination of one or more modules. Depending upon the web application we use different models. Ex:- V-model, Spiral model and waterfall model.
Q. How to Calculate Session Time Out in Web Testing?
We can calculate the session time as below:
Scenario1:
Login into the application and put the application in the idle state for the time equal to or a little more than the prescribed session time out time. As the application is open, click on any of the links. It should give error that session has expired.
Scenario2:
Login into the application and put the application in the idle state for the time a little less than the prescribed session time out time. As the application is open, click on any of the links. The link should open the appropriate page.
Q. What are the different ways in which cookie testing can be done for a website?
Following are the different ways to perform cookie testing:
1. Disabling Cookies- This is probably the easiest area of cookie testing. What happens to the Web site if all cookies are disabled? Start by closing all instances of your browser and deleting all cookies from your PC set by the site under test. The cookie file is kept open by the browser while it's running, so you must close the browser to delete the cookies. Closing the browser also removes any per-session cookies in memory. Disable all cookies and attempt to use the site's major features and functions. Most of the time, you will find that these sites won't work when cookies are disabled. This isn't a bug, but rather a fact of life: disabling cookies on a site that requires cookies (of course!) disables the site's functionality.
2. Selectively Rejecting Cookies- What happens to the site if some cookies are accepted and others are rejected? Start by deleting all cookies from your PC set by the site under test and set your browser's cookie option to prompt you whenever a Web site attempts to set a cookie. Exercise the site's major functions. You will be prompted for each and every cookie the site attempts to set. Accept some and reject others. (Analyze site cookie usage in advance and draw up a test plan detailing what cookies to reject/accept for each function.) How does the site hold up under this selective cookie rejection? As above, does the Web server detect that certain cookies are being rejected and respond with an appropriate message? Or does the site malfunction, crash, corrupt data, or misbehave in other ways?
3. Corrupting Cookies- Along the way, as cookies are created and modified, try things like
a. Altering the data in the persistent cookies. Since the per-session cookies are stored only in memory, they aren't readily accessible for editing.
b. Selectively deleting cookies. Allow the cookie to be written (or modified), perform several more actions on the site, then delete that cookie. Continue using the site. What happens? Is it easy to recover? Any data loss or corrupted?
4. Cookie Encryption - While investigating cookie usage on the site you're testing, pay particular attention to the meaning of the cookie data. Sensitive information like usernames and passwords should NOT be stored in plain text for all the world to read; this data should be encrypted before it is sent to your computer.
Q. What is the difference in testing a 'https' site and a 'http'?
HTTP is Hyper Text Transport Protocol and is transmitted over the wire via PORT 80(TCP). You normally use HTTP when you are browsing the web, it is not secure, so someone can eavesdrop on the conversation between your computer and the web server.HTTPS (Hypertext Transfer Protocol over Secure Socket Layer or HTTP over SSL) is a Web protocol developed by Netscape and built into its browser that encrypts and decrypts user page requests as well as the pages that are returned by the Web server. HTTPS is really just the use of Netscape's Secure Socket Layer (SSL) as a sub layer under its regular HTTP application layering. (HTTPS uses port 443 instead of HTTP port 80 in its interactions with the lower layer, TCP/IP.) SSL uses a 40-bit key size for the RC4 stream encryption algorithm, new-age browsers use 128-bit key size which is more secure than the former, it is considered an adequate degree of encryption for commercial exchange. HTTPS is normally used in login pages, shopping/commercial sites.
Q. What is scalability testing with respect to a website?
The purpose of scalability testing is to determine whether your application scales for the workload growth. Suppose your company expects a six-fold load increase on your server in the next two months. You may need to increase the server performance and to shorten the request processing time to better serve visitors. If your application is scalable, you can shorten this time by upgrading the server hardware, for example, you can increase the CPU frequency and add more RAM (also, you can increase the request performance by changing the server software, for example, by replacing the text-file data storages with SQL Server databases. To find a better solution, first you can test hardware changes, then software changes and after that compare the results of the tests).
If the scalability tests report that the application is not scalable, this means there is a bottleneck somewhere within the application.
Scalability testing can be performed as a series of load tests with different hardware or software configurations keeping other settings of testing environment unchanged. When performing scalability testing, you can vary such variables as the CPU frequency, number and type of servers, amount of available RAM, and so on
Q. Which server statistics are essentially monitored during a Performance test of a Web Application?
Web server statistics, database server statistics, networks statistics are monitored during the performance of the web application.
Q. How do you test the server response time? Do you use any tool? How to do it manually?
You can check the server response time using Load Testing (Non functionality testing). For this Load runner tool can be used. You can check server response time manually for limited users. For doing this for large number of users heavy resources are required which can be easily done using Load runner tool. But this is difficult to do manually.
Q. How to write test scenarios for a web based address book?
Following are a few scenarios:
1. Clicking the Addresses icon should open the address book. Existing contact information should be displayed
2. By clicking the Add Contact, should be able to add a contact.
3. Contact information should be editable by clicking the contact button and selecting edit
4. Contact information should be able to delete by clicking the contact and selecting delete
5. Should receive the message to add a contact after sending mail to a new contact
Q. How can u test the security of a web site both manually and by using a tool .If by a tool then which one and how?
Following are some test cases for testing security of websites manually:
1. User should not be able to login after entering incorrect username/password.
2. User information like id etc.. Should not be displayed along with the site address i.e. the browser.
3. After clicking logout user should not be able to access the application using back button.
For tools, Firewall can be used for this purpose.
No comments:
Post a Comment