WEB TESTING-TUTORIAL

Let’s have first web testing checklist.

1) Functionality Testing

2) Usability testing

3) Interface testing

4) Compatibility testing

5) Performance testing

6) Security testing

1) Functionality Testing:

Test for – all the links in web pages, database connection, forms used in the web pages for submitting or getting information from user, Cookie testing.

Check all the links:

· Test the outgoing links from all the pages from specific domain under test.

· Test all internal links.

· Test links jumping on the same pages.

· Test links used to send the email to admin or other users from web pages.

· Test to check if there are any orphan pages.

· Lastly in link checking, check for broken links in all above-mentioned links.

Test forms in all pages:

Forms are the integral part of any web site. Forms are used to get information from users and to keep interaction with them. So what should be checked on these forms?

· First check all the validations on each field.

· Check for the default values of fields.

· Wrong inputs to the fields in the forms.

· Options to create forms if any, form delete, view or modify the forms.

Let’s take example of the search engine project currently I am working on, In this project we have advertiser and affiliate signup steps. Each sign up step is different but dependent on other steps. So sign up flow should get executed correctly. There are different field validations like email Ids, User financial info validations. All these validations should get checked in manual or automated web testing.

Cookies testing:

Cookies are small files stored on user machine. These are basically used to maintain the session mainly login sessions. Test the application by enabling or disabling the cookies in your browser options. Test if the cookies are encrypted before writing to user machine. If you are testing the session cookies (i.e. cookies expire after the sessions ends) check for login sessions and user stats after session end. Check effect on application security by deleting the cookies. (I will soon write separate article on cookie testing)

Validate your HTML/CSS:

If you are optimizing your site for Search engines then HTML/CSS validation is very important. Mainly validate the site for HTML syntax errors. Check if site is crawlable to different search engines.

Database testing:

Data consistency is very important in web application. Check for data integrity and errors while you edit, delete, modify the forms or do any DB related functionality.

Check if all the database queries are executing correctly, data is retrieved correctly and also updated correctly. More on database testing could be load on DB, we will address this in web load or performance testing below.

2) Usability Testing:

Test for navigation:

Navigation means how the user surfs the web pages, different controls like buttons, boxes or how user using the links on the pages to surf different pages.

Usability testing includes:

Web site should be easy to use. Instructions should be provided clearly. Check if the provided instructions are correct means whether they satisfy purpose.

Main menu should be provided on each page. It should be consistent.

Content checking:

Content should be logical and easy to understand. Check for spelling errors. Use of dark colors annoys users and should not be used in site theme. You can follow some standards that are used for web page and content building. These are common accepted standards like as I mentioned above about annoying colors, fonts, frames etc.

Content should be meaningful. All the anchor text links should be working properly. Images should be placed properly with proper sizes.

These are some basic standards that should be followed in web development. Your task is to validate all for UI testing

Other user information for user help:

Like search option, sitemap, help files etc. Sitemap should be present with all the links in web sites with proper tree view of navigation. Check for all links on the sitemap.

“Search in the site” option will help users to find content pages they are looking for easily and quickly. These are all optional items and if present should be validated.

3) Interface Testing:

The main interfaces are:

1. Web server and application server interface

2. Application server and Database server interface.

Check if all the interactions between these servers are executed properly. Errors are handled properly. If database or web server returns any error message for any query by application server then application server should catch and display these error messages appropriately to users. Check what happens if user interrupts any transaction in-between? Check what happens if connection to web server is reset in between?

4) Compatibility Testing:

Compatibility of your web site is very important testing aspect. See which compatibility test to be executed:

· Browser compatibility

· Operating system compatibility

· Mobile browsing

· Printing options

Browser compatibility:

In my web-testing career I have experienced this as most influencing part on web site testing.

Some applications are very dependent on browsers. Different browsers have different configurations and settings that your web page should be compatible with. Your web site coding should be cross browser platform compatible. If you are using java scripts or AJAX calls for UI functionality, performing security checks or validations then give more stress on browser compatibility testing of your web application.

Test web application on different browsers like Internet explorer, Firefox, Netscape navigator, AOL, Safari, Opera browsers with different versions.

OS compatibility:

Some functionality in your web application is may not be compatible with all operating systems. All new technologies used in web development like graphics designs, interface calls like different API’s may not be available in all Operating Systems.

Test your web application on different operating systems like Windows, Unix, MAC, Linux, Solaris with different OS flavors.

Mobile browsing:

This is new technology age. So in future Mobile browsing will rock. Test your web pages on mobile browsers. Compatibility issues may be there on mobile.

Printing options:

If you are giving page-printing options then make sure fonts, page alignment, page graphics getting printed properly. Pages should be fit to paper size or as per the size mentioned in printing option.

5) Performance testing:

Web application should sustain to heavy load. Web performance testing should include:

1. Web Load Testing

2. Web Stress Testing

Test application performance on different internet connection speed.

In web load testing test if many users are accessing the requesting the same page. Can system sustain in peak load times? Site should handle many simultaneous user requests, large input data from users, Simultaneous connection to DB, heavy load on specific pages etc.

Stress testing: Generally stress means stretching the system beyond its specification limits. Web stress testing is performed to break the site by giving stress and checked how system reacts to stress and how system recovers from crashes.

Stress is generally given on input fields, login and sign up areas.

In web performance testing web site functionality on different operating systems, different hardware platforms is checked for software, hardware memory leakage errors,

6) Security Testing:

Following are some test cases for web security testing:

· Test by pasting internal url directly into browser address bar without login. Internal pages should not open.

· If you are logged in using username and password and browsing internal pages then try changing url options directly. I.e. If you are checking some publisher site statistics with publisher site ID= 123. Try directly changing the url site ID parameter to different site ID which is not related to logged in user. Access should denied for this user to view others stats.

· Try some invalid inputs in input fields like login username, password, input text boxes. Check the system reaction on all invalid inputs.

· Web directories or files should not be accessible directly unless given download option.

· Test the CAPTCHA for automates scripts logins.

· Test if SSL is used for security measures. If used proper message should get displayed when user switch from non-secure http:// pages to secure https:// pages and vice versa.

· All transactions, error messages, security breach attempts should get logged in log files somewhere on web server.

Q: What is the difference between client-server testing and web based testing and what are things that we need to test?

A: Projects are broadly divided into two types of:

2 tier applications

3 tier applications

CLIENT / SERVER TESTING

[a] This type of testing usually done for 2 tier applications (usually developed for LAN)

Here we will be having front-end and backend.

The application launched on front-end will be having forms and reports which will be monitoring and manipulating data

Eg : applications developed in VB, VC++, Core Java, C, C++, D2K, PowerBuilder etc.,

The backend for these applications would be MS Access, SQL Server, oracle, sybase, mysql, quadbase

The tests performed on these type of applications would be

· user interface testing

· manual support testing

· Functionality testing

· compatability testing & configuration testing

· intersystems testing

WEB TESTING

This is done for 3 tier applications (developed for Internet / intranet / xtranet)

Here we will be having Browser, web server and DB server.

The applications accessible in browser would be developed in HTML, DHTML, XML, JavaScript etc.,

(we can monitor thru these applications)

Applications for the web server would be developed in Adv Java, ASP, JSP, VBScript, JavaScript, Perl, Cold Fusion, PHP etc.,(all the manipulations are done on the web server with the help of these programs developed)

The DB server would be having oracle, sql server, sybase, mysql etc.,(all data is stored in the database available on the DB server)

The tests performed on these type of applications would be

· user interface testing

· Functionality testing

· security testing

· browser compatibility testing

· load / stress testing

· interoperability testing/intersystems testing

· storage and data volume testing

A web-application is a three tier application.

This has a browser (monitors data) [monitoring is done using html, dhtml, xml, javascript]-> webserver (manipulates data) [ manipulations are done using programming languages or scripts like adv java, asp, jsp, vbscript, javascript, perl, coldfusion, php] -> database server (stores data) [data storage and retrieval is done using databases like oracle, sql server, sybase, mysql] .

The types of tests which can be applied on this type of applications are:

1. User interface testing for validation & user friendliness

2. Functionality testing to validate behaviors, i/p, error handling, o/p, manipulations, services levels, order of functionality, links, content of web page & backend coverage’s

3. Security testing

4. Browser compatability

5. Load / stress testing

6. Interoperability testing

7. Storage & data volume testing

A client-server application is a two tier application.

This has forms & reporting at front-end (monitoring & manipulations are done) [ using vb, vc++, core java, c, c++, d2k, power builder etc.,] -> database server at the backend [data storage & retrieval) [ using ms access, sql server, oracle, sybase, mysql, quadbase etc.,]

The tests performed on these applications would be

1. User interface testing

2. Manual support testing

3. Functionality testing

4. Compatability testing

5. Intersystems testing

Desktop:

01. Application runs in single memory (Front end and Back end in one place)

02. Single user only

Client/Server:

01. Application runs in two or more machines

02. Application is a menu-driven

03. Connected mode (connection exists always until logout)

04. Limited number of users

05. Less number of network issues when compared to web app.

Web:

01. Application runs in two or more machines

02. URL-driven

03. Disconnected mode (state less)

04. Unlimited number of users

05. Many issues like hardware compatibility, browser compatibility, version compatibility, security issues, performance issues, etc

when we consider the security testing, both application should well secured to internal and external threat.

As per difference in both the applications come where, how to access the resources. In client server once connection is made it will be in state on connected, whereas in case of web testing http protocol is stateless, then there comes logic of cookies, which is not in client server.

More for client server users are well known, whereas for web any user can login and access the content, he/she will use it as per his intentions.

There is no generic way in testing a web application. It may differs from one application to another.

Ex: If you are going to test a simple web page with some basic applications like blog, forum, etc. There won’t be much typical functionality, so just check basic functionalities, usability and compatibility.

If you are checking some social networking application, you must perform compatibility test. Because now a days lot of toolbars are available on site based (orkut). If the end user is passionate about the site, surely he/she will search for best toolbar for that site (regardless of browser). On such case we cant judge the user’s browser.

On usability, your system should be friendly for both mouse and keyboard. because based on the people’s profession and practice they are majorly addict with specific input device.

Eg: Designers will majorly use the mouse, hardware based peoples majorly play with Keyboards, beginners or Non-IT people will use both.

Maintaining consistency among the site is more important. This only please the user to stay in your site for longtime and to suggest others.

Consistency:

General:

· Title font: Style- Size – Color – Location – Alignment

· Text font: Style- Size – Color – Location – Alignment

· Images: Border – Size – Position – Resolution

For tables:

· Pagination: Number of items per page – Pagination style – Alignment – Color – Font(text/image)

Links:

· Link color: Before and after click

· Link opening style: In same window/new window/new resized window

Cursor:

· Cursor style for links

· Cursor style for pop-up image/links

· Cursor style on text and other elements

For typical e-com site:

· Check the display options (images-contents-price-etc.)

· Zone based Pricing (Eg: some product should display for US, some are only for south Asia)

· Encryption of link and date while sending them to payment gateway (third party)

· In URL, expect main page’s names all other items should be encrypted

· Handling of sending/receiving data to/from third party page (Eg: Payment gateway)

· No cookies should save the sensitive records

· All cookies must be encrypted

· Privileges of registered (login) user and unregistered (guest) users must be handled properly

Suggestions about User Messages in web application:

All success messages should be displayed with Green color – Bold face (Don’t use all caps/Italics/underline)

All failure messages should be displayed with Red color – Bold face (Don’t use all caps/Italics/underline)

All alert message should be thrown in a pop-up window with “OK” button. (Which is the best way to alert the user attentively)

Error / Confirmation message should be displayed in the respective page only. Confirmation or error message in pop-up is not advisable.

Maintain consistency in the message displaying area.

Eg: If you are showing the error/confirm message at the top of the page, then maintain the same all over the system.

Message focus should be maintained consistently.

Eg: At the bottom of the page you are clicking the “Submit” button for a form and confirmation/error message is displaying at the top of the form. Then move the page focus to top of the page to show the confirmation/error message to the user.

· Check the URL’s encryption. Except main page all other branches and sensitive pages should be encrypted in URL

· Check the Cookies, all sensitive cookies should be removed automatically when the application get closed

· Sensitive information stored in the cookies must be encrypted

· For authentication kind of site, the cache must be cleared on exit

· If we edit the cookies while the application is on run, then it should not affect the system; instead it should restore its original (proper) state when the next action happens in the application

· All password and user’s sensitive information transaction should be encrypted

· Encryption should be in the simple way to identify. Typically it should be the mix of special characters, numerals and alphabets(both cases A/a)

· Folder level access should not be allowed. Eg: if the url opens a page inside a specific folder, then if any one deleted the file name and tried with that folder name should not be able to open that folder

· Internal and external IP address mapped with the URL should be secured.

Difference between client server and Web Testing

We have three testing types Desktop application testing, Client server application testing and Web application testing.

Each one differs in the environment in which they are tested and you will lose control over the environment in which application you are testing, while you move from desktop to web applications.

Desktop application runs on personal computers and work stations, so when you test the desktop application you are focusing on a specific environment. You will test complete application broadly in categories like GUI, functionality, Load, and backend i.e DB.

In client server application you have two different components to test. Application is loaded on server machine while the application exe on every client machine. You will test broadly in categories like, GUI on both sides, functionality, Load, client-server interaction, backend. This environment is mostly used in Intranet networks. You are aware of number of clients and servers and their locations in the test scenario.

Web application is a bit different and complex to test as tester don’t have that much control over the application. Application is loaded on the server whose location may or may not be known and no exe is installed on the client machine, you have to test it on different web browsers. Web applications are supposed to be tested on different browsers and OS platforms so broadly Web application is tested mainly for browser compatibility and operating system compatibility, error handling, static pages, backend testing and load testing.

Basically servers are two types :

1. Web servers ( Apache, IIS etc..)

2. Applications servers ( Tomcat, weblogic..etc)

A webserver is a computer that is running special software allowing people to connect to it from their browser.

An application server is a software engine that delivers applications to client computers .

Difference on programming and testing

First Programming Level explanation:

The different type of application are,

1. Console application

the old days bank software/ supper market software, where there is no mouse (i.e NO GUI – Graphical user interface)

2. Windows application

The independ software such as calender, Library management system on stand alone system, task scheduler, etc

3. Web application

The application comes with HTTP or HTTPS, all internet site and online apps are web application.

4. Mobile application

The software or games used in our mobile phones

5. Web services

The application which support windows and web application.

The above mentioned application can developed based on diff technologies(ASP, ASP.Net, Php, Java, VB, C, C++, VC++, Script lang and more…).

These are the application we have, in which how we classify the application as client side/ server side.

For Windows Application:

what is client side?

The program which stores in our own PC and execute in our own PC.

what is Server side?

The program which stores in our own PC but the script execute on server.

For Web Application:

what is client side?

The program which stores in on server and execute in our own PC and result displayed in our own PC.

what is Server side?

The program which stores in on server and execute on server and result displayed on client.

Based on this only we classified the application.

1. How to identify the application?

Client application:

The application is independent and can run in stand alone machine(Our own PC)

Server application:

The application is any internet site or online system comes with testing URL.

Client Server application:

The application depend on local network or internet.

2. Where to do testing?

All the testing are done in client PC only. we are restricted to do testing in server for risk and security authentication reason.

Windows Apps: Run purely on Client PC

Web Apps: Internet explorer/ Firefox tools are used in client PC to connect to server.

Client server application: client tool run in client PC which depend on Server tool run in server. The local area network apps is best suite example for client server apps.

3. Where to Start testing?

Its based on requirement, upto my experience start the testing where your functionality of the application starts.

4. When to stop testing?

Once all the modules are navigated, all the pages are opened, all the button are clicked atleast once and one flow through the system.

We will first focus on what exactly cookies are and how they work. It would be easy for you to understand the test cases for testing cookies when you have clear understanding of how cookies work? How cookies stored on hard drive? And how can we edit cookie settings?

What is Cookie?

Cookie is small information stored in text file on user’s hard drive by web server. This information is later used by web browser to retrieve information from that machine. Generally cookie contains personalized user data or information that is used to communicate between different web pages.

Why Cookies are used?

Cookies are nothing but the user’s identity and used to track where the user navigated throughout the web site pages. The communication between web browser and web server is stateless.

For example if you are accessing domain http://www.example.com/1.html then web browser will simply query to example.com web server for the page 1.html. Next time if you type page as http://www.example.com/2.html then new request is send to example.com web server for sending 2.html page and web server don’t know anything about to whom the previous page 1.html served.

What if you want the previous history of this user communication with the web server? You need to maintain the user state and interaction between web browser and web server somewhere. This is where cookie comes into picture. Cookies serve the purpose of maintaining the user interactions with web server.

How cookies work?

The HTTP protocol used to exchange information files on the web is used to maintain the cookies. There are two types of HTTP protocol. Stateless HTTP and Stateful HTTP protocol. Stateless HTTP protocol does not keep any record of previously accessed web page history. While Stateful HTTP protocol do keep some history of previous web browser and web server interactions and this protocol is used by cookies to maintain the user interactions.

Whenever user visits the site or page that is using cookie, small code inside that HTML page (Generally a call to some language script to write the cookie like cookies in JAVAScript, PHP, Perl) writes a text file on users machine called cookie.

Here is one example of the code that is used to write cookie and can be placed inside any HTML page:

Set-Cookie: NAME=VALUE; expires=DATE; path=PATH; domain=DOMAIN_NAME;

When user visits the same page or domain later time this cookie is read from disk and used to identify the second visit of the same user on that domain. Expiration time is set while writing the cookie. This time is decided by the application that is going to use the cookie.

Generally two types of cookies are written on user machine.

1) Session cookies: This cookie is active till the browser that invoked the cookie is open. When we close the browser this session cookie gets deleted. Some time session of say 20 minutes can be set to expire the cookie.

2) Persistent cookies: The cookies that are written permanently on user machine and lasts for months or years.

Where cookies are stored?

When any web page application writes cookie it get saved in a text file on user hard disk drive. The path where the cookies get stored depends on the browser. Different browsers store cookie in different paths. E.g. Internet explorer store cookies on path “C:\Documents and Settings\Default User\Cookies”

Here the “Default User” can be replaced by the current user you logged in as. Like “Administrator”, or user name like “Vijay” etc.

The cookie path can be easily found by navigating through the browser options. In Mozilla Firefox browser you can even see the cookies in browser options itself. Open the Mozila browser, click on Tools->Options->Privacy and then “Show cookies” button.

How cookies are stored?

Lets take example of cookie written by rediff.com on Mozilla Firefox browser:

On Mozilla Firefox browser when you open the page rediff.com or login to your rediffmail account, a cookie will get written on your Hard disk. To view this cookie simply click on “Show cookies” button mentioned on above path. Click on Rediff.com site under this cookie list. You can see different cookies written by rediff domain with different names.

Site: Rediff.com Cookie name: RMID

Name: RMID (Name of the cookie)

Content: 1d11c8ec44bf49e0… (Encrypted content)

Domain: .rediff.com

Path: / (Any path after the domain name)

Send For: Any type of connection

Expires: Thursday, December 31, 2020 11:59:59 PM

Applications where cookies can be used:

1) To implement shopping cart:

Cookies are used for maintaining online ordering system. Cookies remember what user wants to buy. What if user adds some products in their shopping cart and if due to some reason user don’t want to buy those products this time and closes the browser window? When next time same user visits the purchase page he can see all the products he added in shopping cart in his last visit.

2) Personalized sites:

When user visits certain pages they are asked which pages they don’t want to visit or display. User options are get stored in cookie and till the user is online, those pages are not shown to him.

3) User tracking:

To track number of unique visitors online at particular time.

4) Marketing:

Some companies use cookies to display advertisements on user machines. Cookies control these advertisements. When and which advertisement should be shown? What is the interest of the user? Which keywords he searches on the site? All these things can be maintained using cookies.

5) User sessions:

Cookies can track user sessions to particular domain using user ID and password.

Drawbacks of cookies:

1) Even writing Cookie is a great way to maintain user interaction, if user has set browser options to warn before writing any cookie or disabled the cookies completely then site containing cookie will be completely disabled and can not perform any operation resulting in loss of site traffic.

2) Too many Cookies:

If you are writing too many cookies on every page navigation and if user has turned on option to warn before writing cookie, this could turn away user from your site.

3) Security issues:

Some times users personal information is stored in cookies and if someone hack the cookie then hacker can get access to your personal information. Even corrupted cookies can be read by different domains and lead to security issues.

4) Sensitive information:

Some sites may write and store your sensitive information in cookies, which should not be allowed due to privacy concerns.

This should be enough to know what cookies are. If you want more cookie info see Cookie Central page.

Some Major Test cases for web application cookie testing:

The first obvious test case is to test if your application is writing cookies properly on disk. You can use the Cookie Tester application also if you don’t have any web application to test but you want to understand the cookie concept for testing.

Test cases:

1) As a Cookie privacy policy make sure from your design documents that no personal or sensitive data is stored in the cookie.

2) If you have no option than saving sensitive data in cookie make sure data stored in cookie is stored in encrypted format.

3) Make sure that there is no overuse of cookies on your site under test. Overuse of cookies will annoy users if browser is prompting for cookies more often and this could result in loss of site traffic and eventually loss of business.

4) Disable the cookies from your browser settings: If you are using cookies on your site, your sites major functionality will not work by disabling the cookies. Then try to access the web site under test. Navigate through the site. See if appropriate messages are displayed to user like “For smooth functioning of this site make sure that cookies are enabled on your browser”. There should not be any page crash due to disabling the cookies. (Please make sure that you close all browsers, delete all previously written cookies before performing this test)

5) Accepts/Reject some cookies: The best way to check web site functionality is, not to accept all cookies. If you are writing 10 cookies in your web application then randomly accept some cookies say accept 5 and reject 5 cookies. For executing this test case you can set browser options to prompt whenever cookie is being written to disk. On this prompt window you can either accept or reject cookie. Try to access major functionality of web site. See if pages are getting crashed or data is getting orrupted.

6) Delete cookie: Allow site to write the cookies and then close all browsers and manually delete all cookies for web site under test. Access the web pages and check the behavior of the pages.

7) Corrupt the cookies: Corrupting cookie is easy. You know where cookies are stored. Manually edit the cookie in notepad and change the parameters to some vague values. Like alter the cookie content, Name of the cookie or expiry date of the cookie and see the site functionality. In some cases corrupted cookies allow to read the data inside it for any other domain. This should not happen in case of your web site cookies. Note that the cookies written by one domain say rediff.com can’t be accessed by other domain say yahoo.com unless and until the cookies are corrupted and someone trying to hack the cookie data.

8 ) Checking the deletion of cookies from your web application page: Some times cookie written by domain say rediff.com may be deleted by same domain but by different page under that domain. This is the general case if you are testing some ‘action tracking’ web portal. Action tracking or purchase tracking pixel is placed on the action web page and when any action or purchase occurs by user the cookie written on disk get deleted to avoid multiple action logging from same cookie. Check if reaching to your action or purchase page deletes the cookie properly and no more invalid actions or purchase get logged from same user.

9) Cookie Testing on Multiple browsers: This is the important case to check if your web application page is writing the cookies properly on different browsers as intended and site works properly using these cookies. You can test your web application on Major used browsers like Internet explorer (Various versions), Mozilla Firefox, Netscape, Opera etc.

10) If your web application is using cookies to maintain the logging state of any user then log in to your web application using some username and password. In many cases you can see the logged in user ID parameter directly in browser address bar. Change this parameter to different value say if previous user ID is 100 then make it 101 and press enter. The proper access message should be displayed to user and user should not be able to see other users account.

These are some Major test cases to be considered while testing website cookies. You can write multiple test cases from these test cases by performing various combinations.

Web site testing

• Consideration should be given to the interactions between html pages, TCP/IP communications,

• Internet connections, firewalls, applications that run in web pages (such as applets, javascript, plug-in applications), and applications that run on the server side (such as cgi scripts, database interfaces, logging applications, dynamic page generators, asp, etc.).

• There are a wide variety of servers and browsers, various versions of each, small but sometimes significant differences between them, variations in connection speeds, rapidly changing technologies, and multiple standards and protocols.

• What are the expected loads on the server (e.g., number of hits per unit time?), and what kind of performance is required under such loads (such as web server response time, database query response times).

• Who is the target audience? What kind of browsers will they be using? What kind of connection speeds will they by using? Are they intra- organization (thus with likely high connection speeds and similar browsers) or Internet-wide (thus with a wide variety of connection speeds and browser types)?

• What kind of performance is expected on the client side (e.g., how fast should pages appear, how fast should animations, applets, etc. load and run)?

• Will down time for server and content maintenance/upgrades be allowed? how much?

• What processes will be required to manage updates to the web site's content, and what are the requirements for maintaining, tracking, and controlling page content, graphics, links, etc.?

• Which HTML specification will be adhered to? How strictly? What variations will be allowed for targeted browsers?

• Can testing be done on the production system, or will a separate test system be required? How are browser caching, variations in browser option settings, dial-up connection variabilities, and real-world internet 'traffic congestion' problems to be accounted for in testing?

What is a good Code

• Minimize or eliminate use of global variables.

• use descriptive function and method names - use both upper and lower case, avoid abbreviations, use as many characters as necessary to be adequately descriptive (use of more than 20 characters is not out of line); be consistent in naming conventions.

• use descriptive variable names - use both upper and lower case, avoid abbreviations, use as many characters as necessary to be adequately descriptive (use of more than 20 characters is not out of line); be consistent in naming conventions.

• Function and method sizes should be minimized; less than 100 lines of code is good, less than 50 lines is preferable.

• function descriptions should be clearly spelled out in comments preceding a function's code.

• organize code for readability.

• use whitespace generously - vertically and horizontally

• each line of code should contain 70 characters max.

• one code statement per line.

• coding style should be consistent throught a program (eg, use of brackets, indentations, naming conventions, etc.)

• in adding comments, err on the side of too many rather than too few comments; a common rule of thumb is that there should be at least as many lines of comments (including header blocks) as lines of code.

• no matter how small, an application should include documentaion of the overall program function and flow (even a few paragraphs is better than nothing); or if possible a separate flow chart and detailed program documentation.

• make extensive use of error handling procedures and status and error logging.

• for C++, to minimize complexity and increase maintainability, avoid too many levels of inheritance in class heirarchies (relative to the size and complexity of the application). Minimize use of multiple inheritance, and minimize use of operator overloading (note that the Java programming language eliminates multiple inheritance and operator overloading.)

• for C++, keep class methods small, less than 50 lines of code per method is preferable.

• for C++, make liberal use of exception handlers

Web Design Mistakes

• Poor load time

• Poor overall appearance

• Spelling/Grammar mistakes

• No contact information

• Poor content

• Poor navigation

• Broken links and graphics

• Poor browser compatibility

• Large slow loading graphics

• Too many graphics

• Pages scrolling to oblivion

• Multiple use of animated graphics

• Animated bullets

• Too many graphic and/or line dividers

• Busy, distracting backgrounds

• Multiple banners and buttons

• Poor use of frames

• Large fonts

• Pop up messages

• Over use of Java

• Poor use of tables

• Poor organization

• Different backgrounds on each page

• Over powering music set to AutoPlay

• Confusing

• Too much advertising

• Large Welcome banners

• Multiple colored text

• Text difficult to read

• No Meta tags

• Multiple use of different fonts

• Under construction signs

• Scrolling text in the status bar

• Large scrolling text across the page

• Poor use of mouse over effects

• Take your time and design your site very carefully. It may take you a little longer, but it will be well worth the extra time in the long run.

What is Good Design

• 'Design' could refer to many things, but often refers to 'functional design' or 'internal design'. Good internal design is indicated by software code whose overall structure is clear, understandable, easily modifiable, and maintainable; is robust with sufficient error-handling and status logging capability; and works correctly when implemented.

• Good functional design is indicated by an application whose functionality can be traced back to customer and end-user requirements. the program should act in a way that least surprises the user

What can be done if requirements are changing continuously?

This is a common problem for organizations where there are expectations that requirements can be pre-determined and remain stable. If these expectations are reasonable, here are some approaches:

• Work with the project's stakeholders early on to understand how requirements might change so that alternate test plans and strategies can be worked out in advance, if possible.

• It's helpful if the application's initial design allows for some adaptability so that later changes do not require redoing the application from scratch.

• If the code is well-commented and well-documented this makes changes easier for the developers.

• Use some type of rapid prototyping whenever possible to help customers feel sure of their requirements and minimize changes.

• The project's initial schedule should allow for some extra time commensurate with the possibility of changes.

• Try to move new requirements to a 'Phase 2' version of an application, while using the original requirements for the 'Phase 1' version.

• Negotiate to allow only easily-implemented new requirements into the project, while moving more difficult new requirements into future versions of the application.

• Be sure that customers and management understand the scheduling impacts, inherent risks, and costs of significant requirements changes. Then let management or the customers (not the developers or testers) decide if the changes are warranted - after all, that's their job.

• Balance the effort put into setting up automated testing with the expected effort required to refactor them to deal with changes.

• Try to design some flexibility into automated test scripts.

• Focus initial automated testing on application aspects that are most likely to remain unchanged.

• Devote appropriate effort to risk analysis of changes to minimize regression testing needs.

• Design some flexibility into test cases (this is not easily done; the best bet might be to minimize the detail in the test cases, or set up only higher-level generic-type test plans)

• Focus less on detailed test plans and test cases and more on ad hoc testing (with an understanding of the added risk that this entails).

Common problems in software development

• poor requirements - if requirements are unclear, incomplete, too general, and not testable, there will be problems.

• unrealistic schedule - if too much work is crammed in too little time, problems are inevitable.

• inadequate testing - no one will know whether or not the program is any good until the customer complains or systems crash.

• featuritis - requests to pile on new features after development is underway; extremely common.

• miscommunication - if developers don't know what's needed or customer's have erroneous expectations, problems are guaranteed.

How to overcome to software development problems?

• solid requirements - clear, complete, detailed, cohesive, attainable, testable requirements that are agreed to by all players. Use prototypes to help nail down requirements. In 'agile'-type environments, continuous close coordination with customers/end-users is necessary.

• realistic schedules - allow adequate time for planning, design, testing, bug fixing, re-testing, changes, and documentation; personnel should be able to complete the project without burning out.

•adequate testing - start testing early on, re-test after fixes or changes, plan for adequate time for testing and bug-fixing. 'Early' testing ideally includes unit testing by developers and built-in testing and diagnostic capabilities.

• stick to initial requirements as much as possible - be prepared to defend against excessive changes and additions once development has begun, and be prepared to explain consequences. If changes are necessary, they should be adequately reflected in related schedule changes. If possible, work closely with customers/end-users to manage expectations. This will provide them a higher comfort level with their requirements decisions and minimize excessive changes later on.

•communication - require walkthroughs and inspections when appropriate; make extensive use of group communication tools - groupware, wiki's bug-tracking tools and change management tools, intranet capabilities, etc.; insure that information/documentation is available and up-to-date - preferably electronic, not paper; promote teamwork and cooperation; use protoypes and/or continuous communication with end-users if possible to clarify expectations.

Why does software have bugs?

•miscommunication or no communication - as to specifics of what an application should or shouldn't do (the application's requirements).

•software complexity - the complexity of current software applications can be difficult to comprehend for anyone without experience in modern-day software development. Multi-tiered applications, client-server and distributed applications, data communications, enormous relational databases, and sheer size of applications have all contributed to the exponential growth in software/system complexity.

• programming errors - programmers, like anyone else, can make mistakes.

•changing requirements (whether documented or undocumented) - the end-user may not understand the effects of changes, or may understand and request them anyway - redesign, rescheduling of engineers, effects on other projects, work already completed that may have to be redone or thrown out, hardware requirements that may be affected, etc.

• If there are many minor changes or any major changes, known and unknown dependencies among parts of the project are likely to interact and cause problems, and the complexity of coordinating changes may result in errors. Enthusiasm of engineering staff may be affected. time pressures - scheduling of software projects is difficult at best, often requiring a lot of guesswork. When deadlines loom and the crunch comes, mistakes will be made.

• egos - people prefer to say things like:

• 'no problem'

• 'piece of cake'

• 'I can whip that out in a few hours'

• 'it should be easy to update that old code'

• poorly documented code - it's tough to maintain and modify code that is badly written or poorly documented; the result is bugs. In many organizations management provides no incentive for programmers to document their code or write clear, understandable, maintainable code. In fact, it's usually the opposite: they get points mostly for quickly turning out code, and there's job security if nobody else can understand it ('if it was hard to write, it should be hard to read').

• software development tools - visual tools, class libraries, compilers, scripting tools, etc. often introduce their own bugs or are poorly documented, resulting in added bugs.