Sunday, February 04, 2007

How do you get Web Testing the right way?

With the eminence of Internet in business and culture which has expanded the applications to evolve in complexity and scale, it has become very crucial for organizations to build webs for scalability and rigor. The webs with capability to withstand expected (and unexpected) spikes and peaks in load are in the insight.
As web applications are becoming increasingly mission-critical, errors can mean disastrous strikes to a company’s business and reputation, as well as exposure to potential legal and financial liability.

With global access to systems, nonfunctional requirements such as security, performance, scalability, and availability suddenly become strategic. Many Internet systems are tested for performance and scalability only after the bulk of the functionality is built.

Since companies now realize that errors in web application performance and
functionality can be insidious, occurring as a result of multiple causes, and risky and
costly to fix, they are becoming more proactive in their web testing. The question
then becomes not whether a website is tested, but how well was it done?

To assure confidence in application deployment, in shorter project timeframes, testers must take a realistic and an integrated approach to testing.

Start by simulating concurrent users as realistically as possible. For
example, a online shopping site should mix many prospective shoppers with some purchasers and a few administrators. Each role will stress the application differently, giving you a
realistic view of how your users will experience your application.

Automation tools can help you simulate real-world variables at run time, such as different levels of SSL encryption, multiple client types, variable “think” times or the effect of slow line speeds.

The advantages of testing with an integrated, flexible solution cannot be denied. It is possibly the best way to identify problems sooner, reproduce them faster, and resolve issues earlier.

While designing this series of realistic tests, we need to determine what are the crucial factors to be evaluated for the tests. For eg. What is the number of users to simulate, what is the expected Page Load time, what type of hardware is required for these scenario, what is the CPU utilization on the servers, the Memory consumption at peak load and much more. . Bear in mind that your performance testing, while it may be focused on the end user’s experience, needs to uncover problems further back in the system. It does no good if the system performs well, but uses so much server memory that it crashes your servers after a few days in production.

Performance is the speed at which a system responds to user actions. Scalability is the relative ability of a system to maintain its performance when under load. Load is measured by the number of simultaneous requests that are dispatched to a system.

Scalability testing is to verify your application’s data integrity while verifying its performance. Both should be validated under load for every individual user. After all, what good is a speedy response from your web server if it is only delivering a “busy” message back to the user – or, worse yet, delivering subtle data errors?


  1. Hey Dharmesh,

    When you talk about performance, it reminds me of those days.....:-)
    We should consider all these factors and should be proactive.
    Good one!!!!

  2. Hi Ashish,

    Exactly, I have learnt a very good lesson from that assignment. We should always think of such crucial factors..

    Thanks for ur comments..

  3. i agree with you " question then becomes not whether a website is tested, but how well was it done? " The idea of " HOW TO " test a shopping application is was nice

    But how should a web application be tested for security ... ?? lets talk of shopping cart application again ... what all things ... will you check it for ... sql injection ?? buffer overflows ... and other such possibilities ... credit cards usage ... etc

  4. Hi Lavnish,

    Yes in terms of app security I will surely check first the popular attacks like SQL Injection, XSS, BOs, Configuration Issues, etc.