1. What is Web Testing
Since web applications are directly related to users and usually need to withstand a large number of long-term operations, the functions and performance of web projects must be reliably verified. This must be fully tested by the web project. Web application testing is not much different from any other type of application testing.
Two, test type
Unit testing, integration testing, UI testing, functional testing, performance testing, usability testing (interface testing), compatibility, security
Three, several commonly used test tools recommended
1. Loadrunner, a load testing tool
LoadRunner is a load testing tool that predicts system behavior and performance.
2. Global test management system testdirector
3. xUnit series of unit testing tools
Currently the most popular unit testing tool is the xUnit series of frameworks. The commonly used ones are divided into JUnit (java), CppUnit (C++), DUnit (Delphi), NUnit (.net), PhpUnit (Php) and so on according to different languages.
4. JMeter, a tool for functional and performance testing
JMeter is an open source project organized by Apache. It is a tool for function and performance testing, 100% implemented in java.
Four, Web test general test point extraction
In fact, the content involved in the comprehensive analysis, sorting and extraction of Web testing is just that; being good at extracting common test points can not only improve work efficiency, but also fully guarantee test coverage, and can guide the team to test newcomers~
Web function test
1. Link test
1) Test whether all links actually link to the linked page as indicated
2) Test whether the linked page exists
3) There are no isolated pages on the test web application system
2. Form test
Forms generally refer to data submission operations on the interface, including adding and modifying data. The tests it involves include the following:
1) Input box test
Length, data type, required, repetition, space, SQL injection and some business-related constraints.
2) Drop-down box test
Default value, data integrity/correctness, first/last/middle selection, manual input value fuzzy matching, linkage selection; common selection operations in business.
3) Upload test of pictures, videos, excel, txt and other files
Rule verification of size, size, format, quantity, and file content.
4) Form submission button test
Whether to support enter/click, rapid multiple clicks, whether to submit the form repeatedly, network interruption (weak network) submission, whether there is a prompt after the submission, whether the content is encrypted after submission, whether the submission is subject to permission verification control, and multiple people target the form at the same time Operational scenario test.
3. Data proofreading
If the system needs to verify user input according to business rules, it needs to ensure that these verification functions work properly.
For example, the province field can be verified with a valid list. In this case, it is necessary to verify that the list is complete and that the program calls the list correctly (for example, add a test value to the list to ensure that the system can accept the test value).
When testing the form, there may be some overlap between this test and the form test.
Cookies are usually used to store user information and user operations in a certain application system. When a user uses Cokies to access a certain application system, the web server will send information about the user and store the information on the client computer in the form of Cookies On top, this can be used to create dynamic and custom pages or store login information.
If the Web application system uses cookies, you must check whether the cookies can work properly. The content of the test can include:
1) Does Cookeis work? Is it saved at a predetermined time? What is the impact of refreshing on Cookies?
2) If you save the registration information in cookies, please confirm that the cookie can work normally and the information has been encrypted.
3) If you use cookies to count the number of times, you need to verify that the cumulative number of times is correct.
4. Database testing
In web application technology, the database is a "warehouse", and any operation we are performing functional testing can be traced back to the addition, deletion, and modification of the database.
Therefore, database testing is actually done through the testing methods mentioned above, but the focus is on the changes in database tables and table field values.
1. Database script execution-whether database table addition and modification are normal
2. Page submit form, modify, query, delete-whether the database table information is normal
5. Process test
Most importantly, testers need to test common usage scenarios for application users.
Try all the operations that the user may perform: add, modify, delete, query, etc.
For example, to test a shopping website, you need to register users (new), browse products (query), add to the shopping cart and place an order (new), delete an order (delete), online payment, etc.
Web interface test
The interface test can directly refer to the prototype drawing and cut drawing design for interface verification. There are several common parts as follows:
1. Navigation test
Navigation test is to judge whether an application is easy to navigate by considering these factors between different page jumps, or buttons, dialog boxes, lists, and windows: Is it intuitive? Can the main modules of the system be accessed or reached through the homepage? Does the site need other help such as in-site maps or search engines? Another focus of web system navigation is whether the page structure, navigation, menu, style, etc. are consistent, to ensure that users can find the content they want by intuition or simple judgment.
2. Graphics test
It can also be understood as a UI test, which includes pictures, animations, borders, colors, fonts, backgrounds, buttons, and so on.
Note: I have made a rough summary of the key points to be considered:
a. The picture must have a clear purpose and representative; the picture size should be as small as possible, generally using JPG or GIF compression (that is, the size limit)
b. Whether the overall style of the page is consistent with the purpose of the system
c. Is the background color, font, and collocation reasonable?
3. Form test
1) It is necessary to verify whether the form is set correctly.
2) Does the user need to scroll to the right to see the price of the product? Is it more effective to put the details on the right?
3) Is the width of each column wide enough, and whether the text in the table is line-breaked? Is there too much content in a certain cell, and the entire line is stretched?
4. Overall interface test
a. This is what we often call user experience. Whether the user feels comfortable when browsing, the overall style, etc.
b. It is recommended to generally do a questionnaire survey to determine user feedback. It is best to involve end users. You can refer to similar notes. What is the general system style? Consider the test system based on actual conditions. style.
Web performance test
1. Connection speed test
The speed at which users connect to the Web application system varies according to the way they surf the Internet. They may be dial-up or broadband Internet access.
When downloading a program, users can wait for a long time, but if they only visit a page, if the response time is too long (for example, more than 5 seconds), the user will leave because of impatient waiting.
In addition, some pages have timeout restrictions. If the response speed is too slow, the user may not have time to browse the content and need to log in again. Moreover, the connection speed is too slow, it may also cause data loss, so that users can not get the real page.
For response time, the industry follows the 2-5-8 principle.
2. Load stress test
The difference between load\stress and function test here is the content of system test.
After the basic function has been passed, it can be carried out in the integration test stage or the system test stage.
Pass this test to detect crashes, crashes, memory leaks, etc. Because some programs with memory leak problems may not cause problems when they are run once or twice, but if they are run thousands of times, more and more memory leaks will cause the system to crash.
Use load testing tools loadrunner, Jmeter, etc., to virtualize a certain number of users to see if the performance of the system meets the defined indicators. The main test sites are as follows:
1) Verify that the system can respond to a large number of users at the same time.
2) Can the system respond normally when the user transmits a large amount of data?
3) Can the system run for a long time under the condition of parallel load?
Accessibility is extremely important to users. If users get the "system busy" message, they may give up: and turn to competitors.
System detection must not only enable users to access the site normally, but in many cases, hackers may try to attack the server by sending a large number of data packets.
For safety reasons, testers should know what measures need to be taken when the system is overloaded, rather than simply improving system performance.
Web compatibility test
Compatibility, because it is based on the browser, it is generally based on the compatibility test of common browsers.
a, platform compatibility
There are many operating systems, such as Windows, Unix, Linux, macintosh, etc.; which system the user uses depends on the user, so system compatibility testing is necessary.
b. Browser compatibility
The browser is the core component of the web client. Different browsers have different support for Java, JavaScript, css or HTML specifications;
In addition, the adopted frame and structure style are displayed differently or even not displayed in different browsers, and different browsers have different security settings.
One way to test browser compatibility is to create a compatibility matrix to test the compatibility of different versions of browsers from different vendors.
For example, to test the IE browser, you can use a tool called IEtester to test compatibility, or you can use the F12 console to switch the browser version to test the compatibility of some previous front-end elements.
In view of the many browsers in the domestic market, such as 360, Sogou, Sohu, QQ browser, etc., these local browsers basically use the dual-core configuration of the IE browser kernel.
Web security test
The main areas of safety testing are as follows:
a. Many web application systems now use the method of first registering and then logging in. Therefore, test the validity of the user name and password, pay attention to case sensitivity, limit the number of times, and whether it is possible to browse certain pages without logging in.
You need to verify that the system prevents illegal user name/password logins and is able to log in effectively.
1) Is there a limit on the number of user logins?
2) Do you restrict login from certain IP addresses?
3) If the number of allowed login failures is 3, enter the correct user name and password when logging in for the third time, will the verification pass?
4) Are there any restrictions on password selection?
5) Is it possible to browse a certain page without logging in?
6) Does the web application system have a timeout restriction, that is, if the user does not click on any page within a certain period of time (for example, 15 minutes) after logging in, does it need to log in again for normal use?
b. Is there a timeout limit, link sharing, cookie hijacking
The first step in web security is to set up the directory correctly. There should be an index.html or main.html page in each directory, so that all the contents in the directory will not be displayed.
Some companies have not implemented this rule. You can try to select a picture, click the right mouse button, and find the path "...com/objects/images" where the picture is located. Then manually enter the path in the browser address bar, will you find other information about the site? For example, save expired page record information.
Many sites use SSL for secure transmission. You know that you entered an SSL site because a warning message appeared in the browser, and the HTTP in the address bar changed to HTTPS.
If the development department uses SSL, the tester needs to determine whether there is a corresponding replacement page (applicable to browsers below 3.0, which do not support SSL).
When users enter or leave the secure site, please confirm that there is a corresponding prompt message. Is there a connection time limit? What happens after the time limit is exceeded?
c. Test whether relevant information is written into the log file during user operation, whether it can be traced, etc.
In the background, pay attention to verify that the server log is working properly.
1) Does the log record all transactions?
2) Does it record failed and wrong page requests?
3) Whether to save every time the transaction is completed? Record the IP address? Do you record the username?
d. If you use a secure socket, you need to test whether the encryption is correct, the integrity and correctness of the information before and after encryption
e. Without authorization, can the script be placed and edited on the server or front end?
Scripting language is a common security risk. The details of each language are different.
Some scripts allow access to the root directory, others only allow access to the mail server.
But experienced hackers can send the server username and password to themselves.
Find out which scripting languages are used on the site, and study the flaws of that language.
Also need to test the problem that scripts cannot be placed and edited on the server without authorization.
f. SQL injection verification of the input box
to sum up:
Web system testing has similarities and differences with traditional software testing, which poses new challenges to software testing. Web-based system testing not only needs to check and verify whether it is running according to the design requirements, but also to evaluate whether the system is properly displayed on the browser side of different users. It is important to conduct security and usability testing from the perspective of the end user, where security also involves SQL injection and prevention, Xss cross-site attacks, DDOS denial of service attacks, and so on.
I recommend a software testing exchange group I created by myself, QQ: 642830685. The group will share software testing resources, test interview questions and industry information from time to time. In addition, you can also follow my WeChat public account program Yuan Yifei, There are many test resources to share with you.