ISBN:0471430218Book Description
* Written by one of Microsoft's key testing trainers, this hands-on tutorial and reference explains why, when, what, and how to test
* Teaches new and experienced testers how to analyze and properly test Web applications
* Filled with practical advice that can be immediately applied to any Web-testing task, on any browser running on any platform
* Concentrates on proven solutions and presents the material in a way that will help develop a professional skill set in novice testers and will improve the productivity of all testers
* Companion Web site includes dozens of valuable templates and test patterns that will allow readers to rapidly conduct tests in multiple languages against all browser and operating-system combinations/p>
Reviews From AMAZON.COM
Straightforward, practical approach to web testing.
Lydia's book is probably the best written web testing book in the market. The prose is easy to follow, progressive, non-verbose, and sometimes even inspiring. She painfully explicates various testing principles with exacting examples. Published in 2003, some of the examples already show their age but the testing principles and problems are still current. Web technologies have evolved immensely in the last three years and this book would benefit from such updates in a second edition.
Good Reference
The Web Testing Companion is a manual written for both beginners and experienced web designers, and the author herself is a testing director at Microsoft. If you've had a few years' experience as a designer, developer or webmaster, then the material is not new to you; i.e., optimizing bandwidth, etc.
Obviously, this is not the kind of book you read straight through from beginning to end, but rather a handbook that you can refer to as problems arise. For the most part, the book succeeds as that, and Ms. Ash has divided the book into four general sections: non-technical issues, technical issues, general advice for testers, and finally an excellent set of appendices on various aspects of Web testing.
I'm sure we all can recall incidents of working with defective software that nobody apparently had tested for bugs, sloppy coding, or slow operating time. This was because there was probably a deadline for the software release time, and the developer concluded that hiring testers would be an extra expense.
Non-Technical Issues:
The first four chapters deal with non-technical issues, mostly related to the planning of the application.
Web site planning can involve a number for goals; for example, which is most important: minimal defects or time-to-market? Developing a medical web application to assist in diagnosing illnesses is different from developing an application that will be used to solicit funds. The medical app could be providing life-or-death information, whereas the solicitation site could need high visual appeal. In other words, the app must meet the customer's requirements and expectations, not yours. Most of us already know that, but in one of the book's appendices, the author has given us a checklist of several pages worth of questions to determine exactly what the customer's needs are. That's what I like about this book: It presents some very objective methods for answering subjective questions.
Server-Side and Client-Side Testing:
For server-side (as opposed to client-side) web apps, performance testing and security testing are the most important. Stability problems need to be identified prior to deployment. The tester, therefore, should create many user scenarios derived from the most common and most intensive user actions, and then analyze the performance statistics after the performance tests are completed.
The author recommends that all of your pages load in 15 seconds or less, but this rule really depends on your particular application and the expectations of the people using it. If your app requires large graphics and the users are architects, they will probably feel that waiting a few minutes is worth the effort.
Testing Scenarios:
The author recommends that you set up a test environment that is separate from your development and production environment. This can include a separate web server, database server, and application server if applicable. This is especially important in testing security features. (It should be noted, of course, that some application developers will not be able to afford the elaborate testing facilities of a large corporation.)
Ms. Ash advises, "One of the most common reasons that performance testing of an application is not successful is that the wrong scenarios were tested." Therefore, she recommends that: "Not every line of code or possible interaction needs to be benchmarked on every build. Identify the critical places, the most frequent code paths, and the most expensive ones, the ones that are most important to the user, and spend the precious test time here. If there is more test time left over, spend it on any code paths that have been added since the last release."
At this stage, the author explains numerous helpful methods for setting up baselines, benchmarks and other metrics to determine Web application performance and efficiency. These metrics also include the application's efficiency when interacting with various servers' processors, memory and disk drives.
The author provides a method for charting data flow, which is helpful in both performance and security testing.
Load and Stress Testing:
"Load testing is done to help identify what the load profile for the service is under a load. Knowing the server profile helps you identify when the server in a line production environment is about to break or crash."
Load testing should answer questions like: How many requests per second can the server take, how long does it take to service a request, and What is the uptime under real-world loads?
Finally, an entire chapter is devoted to automation methods. Automation is "an excellent way to ensure that the software of today is just as good as it was yesterday, but management incorrectly assumes that automation will solve all their problems."
The earlier you perform load testing the better. Most people hate to wait for a web page to load, so simple design changes can often make a significant impact on the performance and scalability of your web application. A good overview of how to perform load testing can be found on Microsoft's Developer Network (MSDN) website.
Security Testing:
As with performance testing, the first steps of security testing need to be taken by the product designers to ensure that their code is safe by employing best practices when writing code.
A general rule to remember is that as your company gains more and more data that is desirable, it is also gathering attackers and gathering more that needs defending. On the other hand, the thought that a less important company or service will not be as interesting to an attacker can lull you into a false sense of security. You can still be attacked, for the same reason that small businesses and houses have been robbed; i.e., because they can be easy targets.
The author outlines various methods of testing your apps for a number of "popular" attack methods:
Denial of Service, in which a server can receive thousands of ICMP "ping" requests from hundreds of workstations;
Buffer Overflow, which is becoming a very common method for installing Trojan horses and back door software;
Cross-site scripting, in which an attacker gets his malicious code to run on someone else's Web site; and
SQL Injection, by which the attacker sends malicious code to an SQL database.
General Testing Advice:
The remainder of the book is concerned with various organizations, web sites and other resources open to testers.
Ms. Ash makes the point that many people enter the field of testing involuntarily, and that the testers should not develop an adversarial relationship with management and developers. (Obviously, hard-working developers don't want to be told how inefficient or unsafe their code is, and vice presidents don't want to be told that they have to postpone a release date because of "holes" in their latest product.) Because testers can wield considerable power, the author stresses diplomacy when notifying the developer team about their mistakes in coding. Additionally, the professional tester should communicate regularly with users by giving presentations and attending meetings with management. They should also become certified in relevant technologies.
Although the author could have provided a more readable index or table of contents, she has provided 200 pages of appendices, covering RFCs, error codes, ASCII character sets, and many helpful tables. The appendix material is also available at the author's companion site at www.wiley.com/compbooks/ash.