- Paperback: 600 pages
- Publisher: Wiley; 1 edition (May 2, 2003)
- Language: English
- ISBN-10: 0471430218
- ISBN-13: 978-0471430216
- Product Dimensions: 7.4 x 1.2 x 9.2 inches
- Shipping Weight: 1.9 pounds (View shipping rates and policies)
- Average Customer Review: 7 customer reviews
- Amazon Best Sellers Rank: #2,880,064 in Books (See Top 100 in Books)
Enter your mobile number or email address below and we'll send you a link to download the free Kindle App. Then you can start reading Kindle books on your smartphone, tablet, or computer - no Kindle device required.
To get the free app, enter your mobile phone number.
The Web Testing Companion: The Insider's Guide to Efficient and Effective Tests 1st Edition
Use the Amazon App to scan ISBNs and compare prices.
"Rebound" by Kwame Alexander
Don't miss best-selling author Kwame Alexander's "Rebound," a new companion novel to his Newbery Award-winner, "The Crossover,"" illustrated with striking graphic novel panels. Pre-order today
From the Back Cover
Practical, hands-on techniques for testing the design, globalization, performance, and security of Web applications
Whether you're a novice or experienced Web tester, this hands-on guide provides you with the practical steps you’ll need to follow to rigorously test across multiple platforms and browsers. Written by one of Microsoft's leading software testers, The Web Testing Companion offers a collection of testing techniques, experiences, anecdotes, and information that can be immediately applied to any Web-testing effort.
Lydia Ash starts at the ground level, helping you to become an effective tester. She then clearly shows you how to analyze different scenarios and determine which testing techniques you should use. These techniques will help identify crucial program bugs that lower the quality of a Web application so that you can realize its full potential.
The Web Testing Companion concentrates on proven solutions and helps you understand why, when, and how to perform Web testing. You'll learn how to:
- Analyze and properly test Web applications
- Perform tests from the perspective of the client accessing the Web application
- Plan and automate testing efforts effectively
- Check for HTML errors, determine overall accessibility, and critique the design
- Develop a professional skill set and improve your productivity
- Optimize an application in order to improve overall performance
- Test for security problems or privacy issues
The companion Web site contains dozens of templates and test patterns that you can use to conduct tests in multiple languages and against various browser and operating system combinations.
About the Author
LYDIA ASH is currently a test lead on the testing effort for Microsoft Corporation's Outlook Web Access team with a particular focus on performance and security. She has successfully directed test efforts at Microsoft for several years and worked with many teams and individuals to pass on the critical knowledge of Web testing. Ash has previously worked as a QA Engineer and in project management.
Top customer reviews
There was a problem filtering reviews right now. Please try again later.
Okay, enough with the background. Things this book does effectively; begins to get you thinking about security testcases (via malformed CGI/http requests, extended-char inputs, etc), but also covers a great deal broadly on automation, performance, static/dynamic HTML, and a few scattered topics such as form controls. She does seem to go overboard on character sets (both in security sections and in testing sections), though perhaps my experience in the 'real-world' at my company hasn't touched on this enough, I don't know. She does great on helping you formulate the browser matrixes, with all their resolution types, and she even differentiates between screen resolution and what she calls 'canvas size' (I refer to this as the viewport, but they're identical). This book is a fabulous introduction to the metholodies, and what a beginner or intermediate tester would expect to find in the real world. Bug cycles, templates, project cycles, roles, best practices, scheduling, bug severities and the like are all described in sufficient detail.
Now for the single disappointment: her Test Planning and Design chapter is shy of 20 pages. This may or may not sound comprehensive enough, but to me it was terribly under-developed. She does break this chapter down and describe the different kinds of testcases/plans, but doesn't really show any templates, which I was expecting. To be fair, this is probably the hardest to encapsulate in a book, as each company (sometimes even each team) formats their test documentation differently (some to ISO standards, some in Word format, some in HTML, some in Excel spreadsheets, even).
Buy it for an excellent introduction to the subject, a good reference for HTTP error codes, characters sets, best practices, but for advanced security/performance/automation, I'd probably buy a book that specifices in those topics.
Obviously, this is not the kind of book you read straight through from beginning to end, but rather a handbook that you can refer to as problems arise. For the most part, the book succeeds as that, and Ms. Ash has divided the book into four general sections: non-technical issues, technical issues, general advice for testers, and finally an excellent set of appendices on various aspects of Web testing.
I'm sure we all can recall incidents of working with defective software that nobody apparently had tested for bugs, sloppy coding, or slow operating time. This was because there was probably a deadline for the software release time, and the developer concluded that hiring testers would be an extra expense.
The first four chapters deal with non-technical issues, mostly related to the planning of the application.
Web site planning can involve a number for goals; for example, which is most important: minimal defects or time-to-market? Developing a medical web application to assist in diagnosing illnesses is different from developing an application that will be used to solicit funds. The medical app could be providing life-or-death information, whereas the solicitation site could need high visual appeal. In other words, the app must meet the customer's requirements and expectations, not yours. Most of us already know that, but in one of the book's appendices, the author has given us a checklist of several pages worth of questions to determine exactly what the customer's needs are. That's what I like about this book: It presents some very objective methods for answering subjective questions.
Server-Side and Client-Side Testing:
For server-side (as opposed to client-side) web apps, performance testing and security testing are the most important. Stability problems need to be identified prior to deployment. The tester, therefore, should create many user scenarios derived from the most common and most intensive user actions, and then analyze the performance statistics after the performance tests are completed.
The author recommends that all of your pages load in 15 seconds or less, but this rule really depends on your particular application and the expectations of the people using it. If your app requires large graphics and the users are architects, they will probably feel that waiting a few minutes is worth the effort.
The author recommends that you set up a test environment that is separate from your development and production environment. This can include a separate web server, database server, and application server if applicable. This is especially important in testing security features. (It should be noted, of course, that some application developers will not be able to afford the elaborate testing facilities of a large corporation.)
Ms. Ash advises, "One of the most common reasons that performance testing of an application is not successful is that the wrong scenarios were tested." Therefore, she recommends that: "Not every line of code or possible interaction needs to be benchmarked on every build. Identify the critical places, the most frequent code paths, and the most expensive ones, the ones that are most important to the user, and spend the precious test time here. If there is more test time left over, spend it on any code paths that have been added since the last release."
At this stage, the author explains numerous helpful methods for setting up baselines, benchmarks and other metrics to determine Web application performance and efficiency. These metrics also include the application's efficiency when interacting with various servers' processors, memory and disk drives.
The author provides a method for charting data flow, which is helpful in both performance and security testing.
Load and Stress Testing:
"Load testing is done to help identify what the load profile for the service is under a load. Knowing the server profile helps you identify when the server in a line production environment is about to break or crash."
Load testing should answer questions like: How many requests per second can the server take, how long does it take to service a request, and What is the uptime under real-world loads?
Finally, an entire chapter is devoted to automation methods. Automation is "an excellent way to ensure that the software of today is just as good as it was yesterday, but management incorrectly assumes that automation will solve all their problems."
The earlier you perform load testing the better. Most people hate to wait for a web page to load, so simple design changes can often make a significant impact on the performance and scalability of your web application. A good overview of how to perform load testing can be found on Microsoft's Developer Network (MSDN) website.
As with performance testing, the first steps of security testing need to be taken by the product designers to ensure that their code is safe by employing best practices when writing code.
A general rule to remember is that as your company gains more and more data that is desirable, it is also gathering attackers and gathering more that needs defending. On the other hand, the thought that a less important company or service will not be as interesting to an attacker can lull you into a false sense of security. You can still be attacked, for the same reason that small businesses and houses have been robbed; i.e., because they can be easy targets.
The author outlines various methods of testing your apps for a number of "popular" attack methods:
Denial of Service, in which a server can receive thousands of ICMP "ping" requests from hundreds of workstations;
Buffer Overflow, which is becoming a very common method for installing Trojan horses and back door software;
Cross-site scripting, in which an attacker gets his malicious code to run on someone else's Web site; and
SQL Injection, by which the attacker sends malicious code to an SQL database.
General Testing Advice:
The remainder of the book is concerned with various organizations, web sites and other resources open to testers.
Ms. Ash makes the point that many people enter the field of testing involuntarily, and that the testers should not develop an adversarial relationship with management and developers. (Obviously, hard-working developers don't want to be told how inefficient or unsafe their code is, and vice presidents don't want to be told that they have to postpone a release date because of "holes" in their latest product.) Because testers can wield considerable power, the author stresses diplomacy when notifying the developer team about their mistakes in coding. Additionally, the professional tester should communicate regularly with users by giving presentations and attending meetings with management. They should also become certified in relevant technologies.
Although the author could have provided a more readable index or table of contents, she has provided 200 pages of appendices, covering RFCs, error codes, ASCII character sets, and many helpful tables. The appendix material is also available at the author's companion site at [...]