TESTING WEB APPLICATIONS

greenpepperwhinnySecurity

Nov 3, 2013 (4 years and 8 days ago)

112 views

TESTING WEB
APPLICATIONS

Copyright © 2012 by The Cathris Group and Martin J. Schedlbauer.

All Rights Reserved. Do Not Duplicate or Distribute Without Written Consent of the Author.

www.cathris.com ∙ info@cathris.com

Objectives


Upon completion of this chapter you will
be able to:


Apply basic black
-
box testing to web
applications


Assess the usability of web applications


Understand which parts of a web application
require testing


Perform compatibility testing of web
applications

v1.01

2

Solution Validation & Testing

Motivation


This chapter takes a look at special
techniques and practices for testing web
sites and web applications.


While
all of the previous techniques apply
as well, there are some special
considerations when testing web
applications.


While
this chapter is principally geared to
web application testing, the same practices
apply to testing web sites.


v1.01

3

Solution Validation & Testing

Issues in Web Testing


Web applications contain text (the layout of which is
expressed in HTML and CSS), graphics (images,
animation, and videos), hyperlinks, forms, and fields.


Pages
also contain embedded JavaScript performing
hidden formatting, encoding, and processing.


In
addition, meta
-
tags contain hidden tagging and other
information that can affect the display of the page.


The most difficult aspect of testing web applications is
that the layout of a page is controlled by the browser
and not by the programmer.


Screen
size, screen orientation, font sizes, and user
customizations significantly affect the display of the
page
.

v1.01

4

Solution Validation & Testing

Testing Functionality


Testing web applications is a principally a
black
-
box testing effort. Each page is
treated as a block
box
:


Links


Usability aspects


Forms


Graphics


Performance


Color


Fonts

v1.01

5

Solution Validation & Testing

Testing Browser Compatibility


Check web pages on all target browsers,
screen resolutions, and screen orientations.


Note
that tablets and smartphones can
rotate their displays.


Be particularly aware of different browsers
and different versions of those browsers.

v1.01

6

Solution Validation & Testing

Evaluating Web Usability


Usability means that the web pages are
easy to navigate, that users know where
they are, and that tasks are easy to
perform.


The
web site should respond quickly and
should be aesthetically pleasing.


Be
particularly mindful of older users and
those with hearing, vision, or kinesthetic
impairments.


v1.01

7

Solution Validation & Testing

Web Security


Web applications that collect information
must be careful about protecting sensitive
user information.


Note
that any form data that is submitted
is sent to the web server over the Internet
in plain text.


Sensitive
data must be encrypted
.

v1.01

8

Solution Validation & Testing

SQL Injection Attacks


SQL Injection is a common form of
unsanitized user input where a web server
is fooled into running an unintended SQL
command that could retrieve unauthorized
information from the database.


These types of attacks exploits faults in the
implementation of embedded SQL
commands in server
-
side scripts.

v1.01

9

Solution Validation & Testing

SQL Injection Example

v1.01

10

Solution Validation & Testing

String
sql

= "SELECT email FROM Accounts



WHERE
uid

= '"
;


String
uid

= "" // read from a form
field


Results =
cmd.execute
(
sql

+
uid

+ "'")
;


// display results in the result set

Workshop Activity

v1.01

11

Solution Validation & Testing

Goal
:

Perform a usability evaluation of a website.

Time
: 20
-
25 minutes

Format
: Individually or in groups

Materials
:


坨W瑥扯ard, 晬i灣桡r琬 or 灡灥r


We戠畳a扩li瑹 g畩deli湥s 晲om work扯ok

Instructions
:

Perform a web usability

evaluation
of
BoatVenture’s

Corporate CRM or a web site
or web application of your choice.



䑯 all 瑨t li湫s works㼠


䅲e 瑨tre 扲eadcr畭扳㼠


坨Wc栠o映瑨t 畳a扩li瑹 g畩deli湥s does 瑨t si瑥 viola瑥, i映a湹㼠


䑯es i琠work wi瑨tall re煵qred 扲owsers on

all 灬a瑦trms?


䅲e 瑨tre or灨p湥d 灡ges (扵bld a si瑥 ma瀩?


啳e mark異u瑯ols, s畣栠as
www.湯瑡扬ea灰.com

瑯 record a湤 comme湴n

a湤
www.we扰bge瑥s琮org

a湤
www.扲owsers桯瑳.org

瑯 瑥s琠com灡瑩扩li瑹.

Summary


In this module we learned that:


Links, images, color, fonts, and forms must be
tested


Usability and performance are important
quality of service requirements for web
applications and must be thoroughly evaluated


Web applications must be tested on all target
browsers and platforms

12

Solution Validation & Testing

v1.01