Here you can find the checklist for
web testing. By using the checklist for web application testing, user can
create test cases for any web based application
Level 1 - User Interface Testing (GUI Testing)
a. Content wording used in the web pages should be
correct.
b. Wrap-around should occur properly.
c. Instructions used in web pages should be correct
(i.e. if you follow each instruction does the expected result occur?)
d. Check image size specifications: Check that at
least the text of the page appears quickly.
e. View in text browser: Test each web page in
text-only browser, or text-browser emulator. It will help you pick up on
badly-chosen or missing ALT texts.
f. Switch images off: Check that sensible ALT texts
have been provided for images.
g. Check sensible page titles.
h. Resolution change effect on web pages.
i. Image spacing – To verify that images are
displaying properly with text.
j. Print – Printing should be proper.
Level 2 - Functional Testing
a. Check for broken links (Broken link refers to a
hyperlink which does not work): Manually its very difficult to find broken
links. There are various tools available to find these, such as:
b. Validate the HTML: Make sure that you have valid
HTML (or XHTML).This can be done with a W3C validator
c. Disable the cookies from your browser settings. If you are using cookies on your site, your sites major functionality will not work by disabling the cookies. See if appropriate messages are displayed.
(A cookie is a small piece of information stored as a
text file on your computer that a web server uses when you browse certain web
sites that you've visited before).
d. Switch JavaScript off: It is important to check that your site still functions with JavaScript disabled or provide proper JavaScript error message:
e.g. “enable JavaScript to see animation of Intelligaia Technologies”.
e. Warning messages: Error/warning messages should be flash to user for incorrect inputs.
Level 3 - Interface Testing
a. Data display on browser should match with data
available on server: To test browser and server interface, run queries on the
database to make sure the transaction data is being retrieve and store properly.
b. Error Handling: Make sure system can handle application errors.
Level 4 - Compatibility Testing
a. Test on different Operating systems: Test your
web application on different operating systems like Windows (XP, Vista, Win7
etc), Unix, MAC, Linux, Solaris with different OS flavors.
b. Test on different Browsers: Test web application on different browsers like:
1. Firefox, as that has the best standards
compliance and is the second most-used browser.
2. Internet Explorer for Windows –
currently the most widely used browser (IE6, IE7, IE8).
3. Opera – growing in popularity due to its speed and
pretty good standards compliance.
c. Mobile browsing: This is new technology age. So in
future Mobile browsing will rock. Test your web pages on mobile browsers.
Compatibility issues may be there on mobile.
Level 5 - Security Testing
a. Limit should be defined for the number of tries: Is
there a maximum number of failed logins allowed before the server locks out the
current user?
b. Verify rules for password selection.
c. Is there a timeout limit?
d. Test by pasting internal url directly into browser address bar without login. Internal pages should not open.
e. Test the CAPTCHA for automates scripts logins.
f. Test if SSL is used for security measures. If used proper message should get displayed when user switch from non-secure http:// pages to secure https:// pages and vice versa.
g. All transactions, error messages, security breach attempts should get logged in log files somewhere on web server.
h. Clear your Cache: Be sure to clear the browser cache, including cookies, before each test.
i. SQL injection: To test for SQL injection bugs, find places where users can enter text, such as where the text is used to perform a lookup function, according to Breach. Then type a single quote character and some text. If the application shows an error message from your database, then you're likely housing an SQL injection bug.
(SQL injection is an attack in which malicious code is
inserted into strings that are later passed to an instance of SQL Server for
parsing and execution.)
j. Cross-site scripting (XSS): Find areas in your application that accept user input, such as a page where users can send in their feedback or reviews of a product, for example. Try submitting following:
1. >"'><script>alert(‘XSS')</script>
2. >%22%27><img%20src%3d%22javascript:alert(%27XSS%27)%22>
3. >"'><img%20src%3D%26%23x6a;%26%23x61;%26%23x76;%26%23x61;%26%23x73;%26%23x63;%26%23x72;%26%23x69;%26%23x70;%26%23x74;%26%23x3a;alert(%26quot;XSS%26quot;)>
4. AK%22%20style%3D%22background:url(javascript:alert(%27XSS%27))%22%20OS%22
5. %22%2Balert(%27XSS%27)%2B%22
6. <table background="javascript:alert(([code])"></table>
7. <object type=text/html data="javascript:alert(([code]);"></object>
8. <body onload="javascript:alert(([code])"></body>
If that text displays where you reload the page, then
your site has an XSS vulnerability.
(Cross-site scripting attacks occur when a malicious
person, the attacker, can force an unknowing user, the victim, to run
client-side script of the attacker’s choice. The term cross-site scripting is
sort of a misnomer, because it’s not just about scripting and it doesn’t even
have to be cross-site. It’s a name that was branded upon its discovery and it
has just stuck.)
k. Session hijacking: If your application has a session identifier number in the URL decrease that number by one and reload the page. The app has a session hijacking vulnerability if the app then "sees" you as a different user.
(Session hijacking, also known as TCP session
hijacking, is a method of taking over a Web user session by surreptitiously
obtaining the session ID and masquerading as the authorized user. Once the
user's session ID has been accessed (through session prediction), the attacker
can masquerade as that user and do anything the user is authorized to do on the
network.)
Level 6 - Performance Testing
a. Can your site handle a large
amount of users requesting a certain page.
b. Long period of continuous use:
Is site able to run for long period, without downtime.
c. Web page performance (speed) -
Page Speed generates its results based on the state of the page at the time you
run the tool. To ensure the most accurate results, you should wait until the
page finishes loading before running Page Speed. Otherwise, Page Speed may not
be able to fully analyze resources that haven't finished downloading.
Free Tools which plays very important role in Web Site
Testing
1. Bug Tracking Tool: Bugzilla
1. Bug Tracking Tool: Bugzilla
2. Recording the bug in video
format: Screencast-o-matic
3. Tool for taking Screen-shots for reporting the bug: Fireshot
4. Compatibility testing tools: Browser Sandbox and Adobe BrowserLab
5. Tool to Monitor CSS and HTML: Firebug
6. Tool to ensure valid HTML: HTML Validator
7. Performance testing tool: Page Speed by Google
8. To find Broken Links: Pinger Ad-on and brokenlinkcheck
9. For checking the spelling of content: Spell Check
3. Tool for taking Screen-shots for reporting the bug: Fireshot
4. Compatibility testing tools: Browser Sandbox and Adobe BrowserLab
5. Tool to Monitor CSS and HTML: Firebug
6. Tool to ensure valid HTML: HTML Validator
7. Performance testing tool: Page Speed by Google
8. To find Broken Links: Pinger Ad-on and brokenlinkcheck
9. For checking the spelling of content: Spell Check
No comments:
Post a Comment