Tag Archives: owasp

Jun 22 2012

Testing a website

websiteWebsites exist for a long time now and they play a more and more important role in current society. When searching on how to test a website, I got very little hits. Most hits only dealt with performance or compliance, a good reason to write some more on website testing.

Every websites consists of one or more pages. When more pages exist, there usually are one or more design templates that give related pages the same look and feel. The templates should be reviewed to see if they meet the business requirements. Some suggestions for reviewing:

  • Does the template provide a spot for all the elements that are needed on the pages?
  • Are common elements identified (like navigation and footer)?
  •  Are all elements mandatory (if not what should be displayed when it’s not filled)?
  •  Does the template comply with style guidelines?

Of course it doesn’t stop with reviewing; the templates can be tested too. When you create a page based on the template, it should show the various elements in the intended order and format. When testing these templates you can make a decision table containing the possibilities of mandatory and optional fields. To see if the template really works, we need to put some content on the page. Play around with large and small texts to see how the template deals with wrapping and don’t forget to try some special characters too. If a content management system (CMS) is used to put content on the page, the CMS can be tested too. This may not be needed if it is proven technology, but we need to at least check the configuration of the CMS.

As I said, a page consists of various elements. Each element can be tested separately. Common elements like a search box, navigation bar, login box or footer links should be tested, since they appear on multiple (often all) pages. Do we need to test these elements on every single page?  Well, if we want to be absolutely sure that it works on all pages, then yes. Luckily, testing the elements for one page in all the templates should give quite an accurate view already.

Most websites also deal with user specific content which requires you to login. This introduces the aspect of security testing. The OWASP site gives a lot of information on security. A lot of the testing involved with security is technical and requires practice. The simpler parts are close to functional testing. Authorization and authentication should be tested! For authorization use tables containing roles and rights and make sure to cover the combinations.

This leaves us with other non-functional aspects as performance, continuity and usability. I’m still thinking on doing separate posts on these subjects, so keep checking  here.

Advertisement