Technologies and Tools,

and Testing Web Apps

Week 12, 13

Agenda (Lecture)

TechnologiesandTools
TestingWebApps

Agenda (Lab)

Implementyourwebappsbasedondesign
documents
Weeklyprogressreport

Announcement

MidtermII
Midterm II
Monday,5/2
Short
Shortanswer
answerquestionsandmultiplechoices
questions and multiple choices
Scope
Chapters8,9,10and11
Yourproject

WebE Process Activities & Actions

Technology and Tools

Warning:Thistopicareaisevolvingveryrapidly.The
informationinthisareawillcertainlybeoutofdate
within 2 years andisoftenoutofdatewithinmonths.
within2years
and is often out of date within months
AgoodWebEngineershouldspendconsiderabletime
keepingthemselvesuptodatewithcurrenttrends!

Technology and Tools

Therearetwomaincategoriesoftechnologiesthatwelldiscuss:
Implementationtools. IncludestechnologiesasdiverseasWeb
applicationservers,contentmanagementsystems,filesharing
systems, and security management
systems,andsecuritymanagement
Developmenttools. Includesdesignmodeling,issuetracking,and
applicationtesting

WeneedtocompartmentalizeWebApp
We
need to compartmentalize WebApp capabilitiesandthetools
capabilities and the tools
thatallowustoachievethosecapabilities:

Contentstorage
Contentadaptation
Presentation
Presentationadaptation
Contentstructuringandnavigation
Functionality (e g search and workflow management)
Functionality(e.g.,searchandworkflowmanagement)

Tools: Open Source or Proprietary

Thechoicebetweenopensourceandproprietarytoolscanbecomea
significantissue
In general the choice between opensource
Ingeneral,thechoicebetweenopen
sourceandproprietaryWebE
and proprietary WebE
technologyandtoolsshouldbebasedonyouranswerstothefollowing
questions:
Doesthetoolmeetthecapabilitiesthatarerequiredandthefunctionality
thatistobedeployed?
Arethereportedqualityandextensibilityadequateforyourneeds?
Doestheevolutionarydirectionpredictedforthetoolmeetyourneedstoday
and in the future?
andinthefuture?
Doesthetoolhaveadequatesupportfacilities,onlinedocumentation,and
help?
Doesthecostofthetoolfallwithinyourprojectororganizationalbudget?

Application Frameworks

Asetoflibrariesand/orcomponentsthatareusedtoimplementthebasic
structureofanapplication

Providebothanunderlyingarchitectureandsubstantialamountsofcode
Provide
both an underlying architecture and substantial amounts of code
tosupportthisarchitecture.

mechanismsformanagingcontent
interfacing with access control systems and databases
interfacingwithaccesscontrolsystemsanddatabases
managingusersessions,and
thehandlingofpresentationandstyles.

Simpleframeworkshaveasingleprimarypurpose,suchaspage
generationfromdatabasecontent.

Complex frameworks address a variety of features and needs

Complexframeworksaddressavarietyoffeaturesandneeds.

Content Management

Thefunctionalitysupportedbycontentmanagementsystemsisvery
diverse(seeCMSmatrixatwww.cmsmatrix.org/),anddifferentcontent
managementsystemssupportdifferentcapabilities:
Presentationtemplates,themes,andskins
P
t ti t
l t th
d ki
Monitoring,statistics,andcontenttracking
Contentstaginganddeployment
Securitymanagementtoauthenticateusersandcontrolaccessforboth
y
g
editingandviewingspecifiedcontent
Supportfordiverseapplications:wikis,discussionforums,guestbooks,event
calendaring,FAQs,etc.

MoresophisticatedCMSsprovideversioncontrolcapabilities(Chapter16),
enablingtheWebE teamtotrackchangestocontentandallowingthe
stateofanapplicationtobewoundbacktoapreviousversionofthe
content.
content.

Testing WebApps
TestingistheprocessofexercisingaWebApp withthe
intentoffinding(andultimatelycorrecting)errors.
TestsmustbedesigntouncovererrorsinWebApps that
areimplementedin:
differentoperatingsystems
browsers[orotherinterfacedevicessuchassettopboxes,personal
digitalassistants(PDAs),andmobilephones]
g
(
),
p
]
hardwareplatforms
communicationsprotocols
backroom
backroom applications
applications

The Dimensions
Dimensions of Quality - I
Reviewsandtestingexamineoneormoreof
thefollowingqualitydimensions:
Content isevaluatedatbothasyntacticandsemanticlevel.
Atthesyntacticlevel,spelling,punctuation,and
h
l l
ll
d
grammarareassessedfortextbaseddocuments.Ata
semanticlevel,correctness(ofinformationpresented),
consistency(acrosstheentirecontentobjectand
relatedobjects),andlackofambiguityareallassessed.

The Dimensions
Dimensions of Quality - II
Function istestedtouncovererrorsthatindicatelackof
conformancetostakeholderrequirements.EachWebApp
q
pp
functionisassessedforcorrectness,instability, andgeneral
conformancetoappropriateimplementationstandards(e.g.,
JavaorXMLlanguagestandards).
Structure isassessedtoensurethatitproperlydeliversWebApp
contentandfunction,isextensible,andcanbesupportedasnew
contentorfunctionalityisadded.
Usability
Usabilit istestedtoensurethateachcategoryofuseris
is tested to ens re that each categor of ser is
supportedbytheinterfaceandcanlearnandapplyallrequired
navigationsyntaxandsemantics.

The Dimensions
Dimensions of Quality - III

Navigability istestedtoensurethatallnavigationsyntaxand
semanticsareexercisedtouncoveranynavigationerrors(e.g.,
i
i d
i i
(
deadlinks,improperlinks,erroneouslinks).
Performance istestedunderavarietyofoperatingconditions,
configurations and loading to ensure that the system is responsive
configurations,andloadingtoensurethatthesystemisresponsive
touserinteractionandhandlesextremeloadingwithout
unacceptableoperationaldegradation.
Usability istestedtoensurethateachcategoryofuseris
supportedbytheinterfaceandcanlearnandapplyallrequired
navigationsyntaxandsemantics.

The Dimensions
Dimensions of Quality - IV

Navigability istestedtoensurethatallnavigationsyntaxand
semanticsareexercisedtouncoveranynavigationerrors(e.g.,
deadlinks,improperlinks,erroneouslinks).
Performance istestedunderavarietyofoperatingconditions,
configurations,andloadingtoensurethatthesystemisresponsive
touserinteractionandhandlesextremeloadingwithout
unacceptable operational degradation
unacceptableoperationaldegradation.

Testing Strategy
1.
2.
3.
4.

ThecontentmodelfortheWebApp isreviewedtouncovererrors.
Theinterfacemodelisreviewedtoensurethatallusecaseshavebeenaccommodated.
ThedesignmodelfortheWebApp isreviewedtouncovernavigationerrors.
p
/
g
Theuserinterfaceistestedtouncovererrorsinpresentationand/ornavigation
mechanics.
5. Selectedfunctionalcomponentsareunittested.
6. Navigationthroughoutthearchitectureistested.
7 TheWebApp
7.
The WebApp isimplementedinavarietyofdifferentenvironmentalconfigurationsand
is implemented in a variety of different environmental configurations and
istestedforcompatibilitywitheachconfiguration.
8. SecuritytestsareconductedinanattempttoexploitvulnerabilitiesintheWebApp or
withinitsenvironment.
9 Performancetestsareconducted.
9.
Performance tests are conducted
10.TheWebApp istestedbyacontrolledandmonitoredpopulationofendusers.The
resultsoftheirinteractionwiththesystemareevaluatedforcontentandnavigation
errors,usabilityconcerns,compatibilityconcerns,andWebApp reliabilityand
p
performance.

The Testing Process

Content Testing

Contenttestingcombinesbothreviewsandthegenerationofexecutable
testcases.
Reviews areappliedtouncoversemanticerrorsincontent.
Executabletesting isusedtouncovercontenterrorsthatcanbetracedto
dynamicallyderivedcontentthatisdrivenbydataacquiredfromoneormore
databases.

Contenttestinghasthreeimportantobjectives:
touncoversyntacticerrors (e.g.,typos,grammarmistakes)intextbased
documents,graphicalrepresentations,andothermedia,
touncoversemanticerrors (i.e.,errorsintheaccuracyorcompletenessof
information)inanycontentobjectpresentedasnavigationoccurs,and
tofinderrorsintheorganizationorstructureofcontent thatispresentedto
the end user.
theenduser.

Content Testing - Checklist

Istheinformationuptodateandfactuallyaccurate?
Istheinformationconciseandtothepoint?
Isthelayoutofthecontentobjecteasyfortheusertounderstand?
Caninformationembeddedwithinacontentobjectbefoundeasily?
Haveproperreferencesbeenprovidedforallinformationderivedfrom
othersources?
Istheinformationpresentedconsistentinternallyandconsistentwith
informationpresentedinothercontentobjects?
Canthecontentbeinterpretedasbeingoffensiveormisleading,ordoesit
openthedoortolitigation?
Doesthecontentinfringeonexistingcopyrightsortrademarks?
g
g py g
Doesthecontentcontaininternallinksthatsupplementexistingcontent?
Arethelinkscorrect?
Doestheaestheticstyleofthecontentconflictwiththeaestheticstyleof
theinterface?

Content Testing Dynamic Content

Whencontentiscreateddynamicallyusinginformationmaintainedwithin
adatabase,thefollowingissuesareconsidered:
Th
Theoriginalclientsiderequestforinformationisrarelypresentedintheform
i i l li
id
f i f
i i
l
di h f
[e.g.,structuredquerylanguage(SQL)]thatcanbeinputtoadatabase
managementsystem(DBMS).
ThedatabasemayberemotetotheserverthathousestheWebApp.
The database may be remote to the server that houses the WebApp
WhathappensiftheWebApp isaccessiblebutthedatabaseisnot?

RawdataacquiredfromthedatabasemustbetransmittedtotheWebApp
serverandproperlyformattedforsubsequenttransmittaltotheclient.
Thedynamiccontentobject(s)mustbetransmittedtotheclientinaformthat
canbedisplayedtotheenduser.

Content Testing - Database

User Interface Testing

VerificationandvalidationofaWebApp userinterfaceoccursatthree
distinctpointsintheWebE process.
Duringcommunication (Chapter4)andmodeling(Chapter7),theinterface
modelisreviewedtoensurethatitconformstocustomerrequirementsandto
otherelementsoftheanalysismodel.
Duringdesign
During design (Chapter9),theinterfacedesignmodelisreviewedtoensure
(Chapter 9) the interface design model is reviewed to ensure
thatgenericqualitycriteriaestablishedforalluserinterfaceshavebeen
achievedandthatapplicationspecificinterfacedesignissueshavebeen
properlyaddressed.
Duringtesting(Chapter15),thefocusshiftstotheexecutionofapplication
specificaspectsofuserinteractionastheyaremanifestedbyinterfacesyntax
andsemantics.Inaddition,testingprovidesafinalassessmentofusability.

UI Testing Strategy

Interfacefeaturesaretestedtoensurethatdesignrules,aesthetics,and
relatedvisualcontentareavailabletotheuserwithouterror.

IIndividualinterfacemechanismsaretestedinamannerthatisanalogous
di id l i
f
h i
di
h i
l
tounittesting.

Eachinterfacemechanismistestedwithinthecontextofausecaseor
Each
interface mechanism is tested within the context of a use case or
navigationpathwayforaspecificusercategory.

Thecompleteinterfaceistestedagainstselectedusecasesandnavigation
pathwaystouncovererrorsinthesemanticsoftheinterface.

Theinterfaceistestedwithinavarietyofenvironments(e.g.,operating
systems browsers) to ensure that it will be compatible
systems,browsers)toensurethatitwillbecompatible.

User Interface Testing specific elements (1)

WhenauserinteractswithaWebApp,theinteractionoccursthroughone
ormoreinterfacemechanisms.Eachmechanismmustbetested:
Li
Links.
k Navigationmechanismsthatlinktheusertosomeothercontentobjector
N i ti
h i
th t li k th
t
th
t t bj t
function.
Forms. Astructureddocumentcontainingblankfieldsthatarefilledinbytheuser.
Clientsidescripting. Alistofprogrammedcommandsinascriptinglanguage(e.g.,
JavaScript) that handle information input via forms or other user interactions
JavaScript)thathandleinformationinputviaformsorotheruserinteractions.
DynamicHTML. Providesaccesstocontentobjectsthataremanipulatedontheclient
sideusingscriptingorcascadingstylesheets(CSSs).
Clientsidepopupwindows. Smallwindowsthatpopupwithoutuserinteraction.
Serversidescripts.
S
id
i t Blackboxtestsareconductedwithanemphasisondataintegrity
Bl k b t t
d t d ith
h i
d t i t it
andscriptprocessingoncevalidateddatahasbeenreceived.Inaddition,performance
testingcanbeconducted.

User Interface Testing specific elements (2)

WhenauserinteractswithaWebApp,theinteractionoccursthroughone
ormoreinterfacemechanisms.Eachmechanismmustbetested:
Streamingandpushcontent. Streamingcontent isencounteredwhenmaterial(usually
audioorvideo)isdownloadedinamannerthatallowsittobedisplayedwhileitisstill
beingdownloaded(ratherthanhavingtowaitfortheentirecontenttobedownloaded).
Pushcontent isencounteredwhencontentobjectsaredownloadedautomaticallyfrom
the server side rather than waiting for a request from the client side Both streaming
theserversideratherthanwaitingforarequestfromtheclientside.Bothstreaming
andpushcontentpresenttestingchallenges.
Cookies. Ablockofdatasentbytheserverandstoredbyabrowserasaconsequenceof
aspecificuserinteraction.ThecontentofthedataisWebAppspecific(e.g.,user
identification data or a list of items that have been selected for purchase by the user)
identificationdataoralistofitemsthathavebeenselectedforpurchasebytheuser).
Applicationspecificinterfacemechanisms. Includeoneormoremacrointerface
mechanismssuchasashoppingcart,creditcardprocessing,orashippingcost
calculator.

Usability Testing

Similartointerfacesemanticstestinginthesensethatit
g
evaluates:
thedegreetowhichuserscaninteracteffectivelywiththeWebApp
thedegreetowhichtheWebApp
the degree to which the WebApp guidesusers
guides usersactions,provides
actions provides
meaningfulfeedbackandenforcesaconsistentinteractionapproach.

Determines
DeterminesthedegreetowhichtheWebApp
the degree to which the WebApp interfacemakes
interface makes
theuserslifeeasy

Usability Testing

Defineasetofusabilitytestingcategoriesandidentifygoalsforeach.
Designteststhatwillenableeachgoaltobeevaluated.

Select participants who will conduct the tests

Selectparticipantswhowillconductthetests.

LogthedetailsoftheparticipantsinteractionwiththeWebApp while
testingisconducted.

DevelopamechanismforassessingtheusabilityoftheWebApp.
Usabilitytestingcanoccuratavarietyofdifferentlevelsofabstraction:
(1)
(1)theusabilityofaspecificinterfacemechanism(e.g.,aform)canbe
the usability of a specific interface mechanism (e g a form) can be
assessed
(2)theusabilityofacompleteWebpage(encompassinginterface
mechanisms,dataobjects,andrelatedfunctions)canbeevaluated,or
(3)theusabilityofthecompleteWebApp
(3) th
bilit f th
l t W bA canbeconsidered.
b
id d

Usability Test Categories

Interactivity. Areinteractionmechanisms(e.g.,pulldownmenus,buttons,
pointers)easytounderstandanduse?
Layout Arenavigationmechanisms,content,andfunctionsplacedinamanner
Layout.
Are navigation mechanisms content and functions placed in a manner
thatallowstheusertofindthemquickly?
Readability. Istextwellwrittenandunderstandable?Aregraphicrepresentations
intuitiveandeasytounderstand?
Aesthetics Dothelayout,color,typeface,andrelatedcharacteristicsleadtoease
Aesthetics.
Do the layout color typeface and related characteristics lead to ease
ofuse?DousersfeelcomfortablewiththelookandfeeloftheWebApp?
Displaycharacteristics. DoestheWebApp makeoptimaluseofscreensizeand
resolution?
Time sensitivity. Canimportantfeatures,functions,andcontentbeusedor
Timesensitivity.
Can important features, functions, and content be used or
acquiredinatimelymanner?
Personalization. DoestheWebApp appropriatelytailoritselftothespecificneeds
ofdifferentusercategoriesorindividualusers?

Usability Evaluation: Checklist

Isthesystemusablewithoutcontinualhelporinstruction?
Dotherulesofinteractionhelpaknowledgeableusertoworkefficiently?
Dointeractionmechanismsbecomemoreflexibleasusersbecomemore
knowledgeable?
Hasthesystembeentunedtothephysicalandsocialenvironmentinwhichitwill
beused?
Are users aware of the state of the system? Do users know where they are at all
Areusersawareofthestateofthesystem?Dousersknowwheretheyareatall
times?
Istheinterfacestructuredinalogicalandconsistentmanner?
Areinteractionmechanisms,icons,andproceduresconsistentacrossthe
interface?
Doestheinteractionanticipateerrorsandhelptheusercorrectthem?
Istheinterfacetolerantoferrorsthataremade?
p
Istheinteractionsimple?

Qualitative Assessment of Usability

Compatability Testing

WebApps operateincomplex(andoftenunpredictable)environments
Differentbrowsers,screenresolutions,operatingsystems,plugins,accessbandwidths,
etc.

SSeriouserrorscanbecausedbyobscurecombinations
i
b
db b
bi i
Mostcommonproblemisdeteriorationinusability:

Downloadspeedsmaybecomeunacceptable
Missingpluginsmaymakecontentunavailable
gp g
y
Browserdifferencescanchangepagelayoutorlegibility
Formsmaybeimproperlyorganized.

Compatibilitytestingstrivestouncovertheseproblemsbeforethe
WebApp goesonline.
goes online
Firststepistodefineasetofcommonlyencounteredclientsideconfigurationsand
theirvariants.
Next,deriveaseriesofcompatibilityvalidationtests(fromexistinginterfacetests,
navigationtests,performancetests,andsecuritytests).

Component-Level
Component
Level Testing

Componentleveltesting,alsocalled functiontesting,focuses
onasetofteststhatattempttouncovererrorsinWebApp
functions
Appliesthefollowingtestcasedesignmethods:
Equivalencepartitioning
Boundaryvalueanalysis
Bo ndar al e anal sis
Pathtesting

Selecting Components to Test

WhichfunctionalityintheWebsiteismostcriticaltoits
purpose?
Whichareasofthesiterequiretheheaviestdatabase
interaction?
WhichaspectsofthesitesCGI,applets,ActiveX
p
, pp ,
components,andsoonaremostcomplex?
Whattypesofproblemswouldcausethemostcomplaintsor
theworstpublicity?
p
y
Whatareasofthesitewillbethemostpopular?
Whataspectsofthesitehavethehighestsecurityrisks?

Navigation Testing - I

Eachofthefollowingnavigationmechanismsshouldbetested
[Spl01]:
Navigationlinks. Thesemechanismsincludeinternallinkswithin
theWebApp,externallinkstootherWebApps,andanchorswithina
specificWebpage.
Redirects.
Redirects Theselinkscomeintoplaywhenauserrequestsa
These links come into play when a user requests a
nonexistentURLorselectsalinkwhosedestinationhasbeen
removedorwhosenamehaschanged.
Bookmarks. Althoughbookmarksareabrowserfunction,the
g
,
WebApp shouldbetestedtoensurethatameaningfulpagetitle
canbeextractedasthebookmarkiscreatedandthatdynamic
pagesarebookmarkedappropriately.

Navigation Testing - II

Frames
Framesandframesets.
and framesets. Eachframecontainsthecontentofa
Each frame contains the content of a
specificWebpage;aframesetcontainsmultipleframesand
enablesthedisplayofmultipleWebpagesatthesametime.
Sitemaps.
Site maps. Asitemapprovidesacompletetableofcontents
A site map provides a complete table of contents
forallWebpages.
Internalsearchengines. Aninternal(local)searchengine
allows the user to perform a key word search within the
allowstheusertoperformakeywordsearchwithinthe
WebApp tofindneededcontent.

Navigation Semantics

Asnavigationdesignisconducted,youcreateasetofinformationandrelated
navigationstructuresthatcollaborateinthefulfillmentofasubsetofrelateduser
requirements[Cac02].

Thesearesometimesreferredtoasnavigationsemanticunits (NSUs)andare
definedbyasetofnavigationpaths(calledwaysofnavigating)thatconnect
navigationnodes(e.g.,Webpages,contentobjects,orfunctionality).

Takenasawhole,eachNSUallowsausertoachievespecificrequirementsdefined
byoneormoreusecasesforausercategory.

NavigationtestingexerciseseachNSUtoensurethattheserequirementscanbe
achieved.

Navigation Semantic Testing - I

IstheNSUachievedinitsentiretywithouterror?
Iseverynavigationnode (adestinationdefinedforanNSU)reachable
withinthecontextofthenavigationpathsdefinedfortheNSU?
If h NSU
IftheNSUcanbeachievedusingmorethanonenavigationpath,has
b
hi d i
h
i i
h h
everyrelevantpathbeentested?
Ifguidanceisprovidedbytheuserinterfacetoassistinnavigation,are
directions correct and understandable as navigation proceeds?
directionscorrectandunderstandableasnavigationproceeds?
Isthereamechanism(otherthanthebrowserbackarrow)forreturningto
theprecedingnavigationnodeandtothebeginningofthenavigation
path?
Domechanismsfornavigationwithinalargenavigationnode(e.g.,anchor
pointlinksforalongWebpage)workproperly?
Ifafunctionistobeexecutedatanodeandtheuserchoosesnotto
provide input can the remainder of the NSU be completed?
provideinput,cantheremainderoftheNSUbecompleted?

Navigation Semantic Testing - II

Ifafunctionisexecutedatanodeandanerrorinfunction
processingoccurs,cantheNSUbecompleted?
Isthereawaytodiscontinuethenavigationbeforeallnodes
havebeenreached,butthenreturntowherethenavigation
wasdiscontinuedandproceedfromthere?
Iseverynodereachablefromthesitemap?Arenodenames
meaningfultoendusers?
i f lt
d
?
IfanodewithinanNSUisreachedfromsomeexternalsource,
isitpossibletoprocesstothenextnodeonthenavigation
path? Is it possible to return to the previous node on the
path?Isitpossibletoreturntothepreviousnodeonthe
navigationpath?
Dousersunderstandtheirlocationwithinthecontent
architecture as the NSU is executed?
architectureastheNSUisexecuted?

Configuration Testing

Configurationvariabilityandinstabilityareimportantfactors
thatmakeWebengineeringachallenge.
Hardware,operatingsystem(s),browsers,storagecapacity,network
communicationspeeds,andavarietyofotherclientsidefactorsare
difficulttopredictforeachuser.

Thejobofconfigurationtestingistotestasetofprobableclient
sideandserversideconfigurationstoensurethattheuser
experiencewillbethesameonallofthemandtoisolateerrorsthat
maybespecifictoaparticularconfiguration.

Testing Strategy

Serverside. configurationtestcasesaredesignedtoverifythattheprojected
serverconfiguration[i.e.,WebApp server,databaseserver,operatingsystem(s),
firewallsoftware,concurrentapplications]cansupporttheWebApp withouterror.

Clientside. Ontheclientside,configurationtestsfocusmoreheavilyonWebApp
compatibilitywithconfigurationsthatcontainoneormorepermutationsofthe
p
y
g
p
followingcomponents:

Hardware. CPU,memory,storage,andprintingdevices
Operatingsystems. Linux,MacintoshOS,MicrosoftWindows,amobilebasedOS
Browsersoftware. FireFox,InternetExplorer,Safari,Mozilla/Netscape,Opera,andothers
Userinterfacecomponents. ActiveX,Javaapplets,andothers
Plugins. QuickTime,RealPlayer,andmanyothers
Connectivity. Cable,DSL,regularmodem,industrygradeconnectivity(e.g.,T1lines)

Security and Performance Testing

Securityandperformancetestingaddressthethreedistinctelementsof
theWebApp infrastructure
theserversideenvironmentthatprovidesthegatewaytoInternetusers
thenetworkcommunicationpathwaybetweentheserverandtheclient
machine
theclientsideenvironmentthatprovidestheenduserwithadirectinterface
to the WebApp
totheWebApp.

Securitytesting focusesonunauthorizedaccesstoWebApp contentand

functionalityalongwithothersystemsthatcooperatewiththeWebApp
on the server side.
ontheserverside.

Performancetesting focusesontheoperatingcharacteristicsofthe
WebApp andonwhetherthoseoperatingcharacteristicsmeettheneeds
of end users.
ofendusers.

Security Testing

Oneormoreofthefollowingsecurityelementsisimplemented[Ngu01]:
Firewalls. Afilteringmechanismthatisacombinationofhardwareandsoftwarethat
examineseachincomingpacketofinformationtoensurethatitiscomingfroma
legitimate source blocking any data that are suspect
legitimatesource,blockinganydatathataresuspect.
Authentication. Averificationmechanismthatvalidatestheidentityofallclientsand
servers,allowingcommunicationtooccuronlywhenbothsidesareverified.
Encryption. Anencodingmechanismthatprotectssensitivedatabymodifyingitina
way that makes it impossible to read by those with malicious intent. Encryption is
waythatmakesitimpossibletoreadbythosewithmaliciousintent.Encryptionis
strengthenedbyusingdigitalcertificatesthatallowtheclienttoverifythedestinationto
whichthedataaretransmitted.
Authorization. Afilteringmechanismthatallowsaccesstotheclientorserver
y y
pp p
g
environmentonlybythoseindividualswithappropriateauthorizationcodes(e.g.,user
IDandpassword).

Securitytestsshouldbedesignedtoprobeeachofthesesecuritytechnologiesin
anefforttouncoversecurityholesthatcanbeexploitedbythosewithmalicious
intent.
intent.

Performance Testing

Objectives:
Doestheserverresponsetimedegradetoapointwhereitisnoticeableand
unacceptable?
Atwhatpoint(intermsofusers,transactions,ordataloading)doesperformance
At what point (in terms of users transactions or data loading) does performance
becomeunacceptable?
Whatsystemcomponentsareresponsibleforperformancedegradation?
Whatistheaverageresponsetimeforusersunderavarietyofloadingconditions?
Doesperformancedegradationhaveanimpactonsystemsecurity?
Does performance degradation have an impact on system security?
IsWebApp reliabilityoraccuracyaffectedastheloadonthesystemgrows?
Whathappenswhenloadsthataregreaterthanmaximumservercapacityareapplied?
Whatistheimpactofpoorperformanceoncompanyrevenues?

LLoadtesting
d t ti determineshowtheWebApp
d t
i
h th W bA anditsserversideenvironmentwill
d it
id
i
t ill
respondtovariousloadingconditions.

Stresstesting isacontinuationofloadtesting,butinthisinstancethevariables,N,
p
T,and D areforcedtomeetandthenexceedoperationallimits.