Web applications are the way of life today. Every business, every person uses web for one thing or the other every day. I remember the famous SAIL advertisement “There’s a little bit of steel in everybody’s life”.. “There’s a little bit of Web in everybody’s life today.
Recently, I spoke with a group of Web Application experts from RedBus on how can we reduce cost while testing web applications. How much ever the technology has advanced, few basic aspects remain the same and when you do them correctly, you can reduce huge over-head’s.
You may use any engineering model for your development (Spiral, Waterfall, Agile etc), but your test strategy should include the basics and get it right. The fundamental aspects of Inspections, Reviews and Checklists become very important.
This is one of the oldest and proven forms of Testing. Reviews demand understanding of the domain and the technology by each and every stakeholder of making the system work as required. Reviews happen within the team and also by a knowledgeable source – Peer-Reviews and Expert Reviews. Peer reviews are within the team by an Architect or the Designer and also a review by an expert in the domain and the system will add a lot of value. One other review is by the end-user. Requirements are gathered by the Business Analyst or the given by the End-user. Having a review of the functionality of the system by the End-user will ensure that you building the system right and adds value to the end user. In case of the web application and it is our solution, a review of the functionality by your friends or family will give you a third perspective.
Imagine a rocket launch or an airplane with out the review… Reviews exist in all industries and this is one of the most accepted and cost-effective way of testing.
Inspecting the system is again a task of the expert. Inspections provide opportunity for ad-hoc testing and ensure all requirements are covered while building and not at the end.
Checklists help in ensuring you check for the key functionality, but not at an intense level. For example, if you are building a user log in functionality for your web-site, the checklist will read something like this:
1. Page load with all required fields?
2. Correct User Name and wrong password?
3. Incorrect User Name and random password?
4. Blank User Name and Password fields?
5. Blank User Name and random Password?
6. Blank Password and random User Name?
In a checklist, you do not get into the details. You will check for the appropriate error messages which need to be shown. Checklists are most effective when you make them as comprehensive as possible. Try speaking to a Pilot and he will tell you how their checklists are designed.
The above are the common Cost effective testing method’s. Threat modeling and Penetration Testing are two techniques which are important for web applications. In Threat modeling, you will design various models of how the application can be intruded once deployed. Considering these models, you test the application. However, it is not practical that few people can think of all the various ways an application can be intruded. Hence, a good threat model does not mean that the application is safe in all aspects.
Recently, I was reading The Checklist Manifesto by Dr. Atul Gawande and it shows the power of checklists. Dr. Atul showcases his experiences of usage of checklists in Construction, Airplane’s and Hospitals and this is an amazing read to see for yourself, how these small checklists make life so easy to work.