While many of the traditional concepts of software testing still hold true, Web sites and Web applications have a different risk profile to other, more mature environments. A typical Web tester now has to deal with shorter release cycles, changing technology, complex hardware and software platforms and an anticipated user base which is uncontrolled and may run into millions. Many testers and test managers are being asked to make the transition from testing traditional client/server, PC, and/or mainframe environments to testing Web sites and applications. The scope of this course covers Web technology, Web architecture and communications, the testing of functional and non-functional requirements such as usability and includes the complex testing activities of performance and security.

The course is instructor-led with lecture presentations being supported by hands-on practical work using a number of fictitious Web sites, which allow reinforcement of learning and enhances the understanding process. In addition, various testing tools will be demonstrated.

The course is designed for software testers, members of QA teams and test managers.

A basic knowledge of the Internet and software testing. Attendance on the Structured Approach to Software Testing course would be an ideal prerequisite.

Upon successful completion of this course, students will be able to:

Understand the different technologies used in Web environments.

Communicate adequately with appropriate technical personnel to ensure that the correct test environments are set up.

Perform a simple risk analysis to identify and prioritise tests.

Create appropriate tests, test cases and test scripts.

Execute tests in a controlled manner using the correct setup conditions and inputs.

Understand the nature, availability and limitations of Web testing tools.

Examine performance requirements and ensure that the requirements are realistic and achievable.

Understand how to test a site™s reliability and scalability prior to release.

Examine a security policy and specify the types of tests necessary to ensure that the requirements contained in the policy are being met.

Internet and Web History, Basic Internet Architecture, Network Protocols, IP Addresses, URLs and DNS, Intranets, Extranets.

Quality Control and Quality Assurance, Unit Testing, Mark-Up Languages, Hypertext Markup Language (HTML), HTML Validation, Images, Cascading Style Sheets (CSS), Web Open Font Format (WOOF), Client-side Scripting, Extensible Markup Language (XML), Document Type Definitions (DTD), XML Namespaces, XML Schema, Displaying XML with CSS, Extensible Stylesheet Language (XSL).

Client Hardware, Client Software, Different Browsers (Internet Explorer, Firefox, Chrome, Opera, Safari, etc), Browser Modes, Internet Explorer 8 and 9 Compatibility View, Server Software, Choosing the Test Environment, Software Combinations, Software Configuration Tools, Installability and Serviceability.

Links, Static and Dynamic Links, Framesets, Inline Frames, Navigational Aids, Internal Search Engines, Site Maps, Navigational Efficiency.

Test Identification, Non-Functional Attributes, Business Impact, Failure Likelihood, Test Prioritisation.

Forms, Client-side and Server-side Validation, Dynamic HTML, Document Object Model, AJAX, Client-side Pop-ups, Variable Screen Resolutions, Client-side Objects, Java and the Java Virtual Machine.

Server-Side Includes, Dynamic Page Generation (ASP, PHP, Python, Ruby, etc.), Common Gateway Interface (CGI), Database Interaction, Database Middleware, Interfacing to Back-Office Systems, Personalisation, RSS, Internet Explorer Web Slices.

Maintaining a Session, Cookies, Private browsing, Shopping Carts, Multi-Page Transactions, State Transition Diagrams.

Importance of User Interface, Workflows, Usability Testing, Screen Size and Resolution, Readability, Printer Friendly Pages, Help Systems, Usability Guidelines, Performing Usability Tests, Globalisation, International Environment.

Color Confusion, Components of Web Accessibility, Web Accessibility Initiative, WAI Guidelines and Techniques, Web Content Accessibility Guidelines, Conformance Requirements, Evaluation Web Sites for Accessibility, PAS 78

Client Internet Access (fixed), Wired Local Area Networks, Ethernet, Wireless Local Area Networks, Client Internet Access (mobile).

Performance Degradation, Prerequisites to Performance Testing, the General Process, When to Start Performance Testing, Categories of Performance Tests, Single-Shot/Smoke Testing, Load and Scalability Testing, Stress and Hot Spot Testing, Spike and Bounce Testing, Integrity Testing, Defining and Selecting Test Objectives, Response Time Requirements, Defining the Workload, Think Times, Site Arrival and Abandonment, Usage Patterns, Client Platforms, Client Internet Access Speeds Fixed and Mobile, ISP Tiers, User Geographic Locations, Background Load.

Acquiring the Test Scripts and Data, Identifying Data Requirements, Identifying the Sources of Data, Specifying the Test Environment, Selecting the Loads to Run, Sampling Errors, Concurrency, Load Generation Options, Manual Load Testing, Home-grown Load Testing Software, Open Source Tools, Integrated Development Environments, Web-only Load Testing Tools, Hosted Load Testing Services, Enterprise-class Load Testing Solutions, Network Considerations, Load Generator Calibration.

Running the Tests, Specifying the Number of Runs, Measuring the Load, White-Box and Black-Box Measurements, Full-Blown and Focused Testing, Phased Load Testing, Component Level Stress Tests, Infrastructure Load Tests, Architectural Load Tests, End to End Load Tests.

Response Time Graphs, Margins of Error, Diagnosing Performance Problems, Troubleshooting Strategies, Improving Performance.

Scalability Factors, Scalability Testing Objectives, Server Scalability, Web Server Scalability, Application Server Scalability, Database Server Scalability, Server Farms and Load Balancing, Web Site Mirroring, Web Site Caching.

Testing Objectives, Categories Of Tests, Low Resource Testing, Endurance Testing, Volume Testing, Peak Loading, Network Quality Of Service, Web Site Failover Testing, Server Failover Testing, Parallel and Serial Dependencies.

How Big is the Problem, Where is the Problem, Security Policies, Building a Policy, BS7799, ITSEC, Common Criteria, Hackers and Crackers, Security Testing Techniques, Manual Inspections & Reviews - Gap Analysis, Threat Modelling - Attack Trees, A Framework for Testing.

IP v4 and v6, Transmission Control Protocol, Three-Way Handshake, IP Spoofing, Secure Sockets Layer, Encryption, Public Key Infrastructure, SSL Sessions, Wireless Encryption.

What Firewalls Can and Can™t Do, Packet Filtering, Screening Routers, Proxy Servers, Network Address Translation, Virtual Private Networks, Sacrificial Lamb Configuration, Dual-homed Host, Screened Host Firewall System, Screened Subnet Firewall System.

Mapping Out the Network Topology, Scope of the Testing Effort, IP Address Inventory, Ping Sweeps, Service/Socket Inventory, Port Scanning, Hardening the System Software, Web Application Fingerprinting, Testing for Error Code, Testing for Weak Cipher Levels, Testing SSL Certificate Validity, Application Code, Server Logs, Evaluating Intruder Detection, Intruder Detection Systems.

Default or Guessable User Accounts, Brute Force, Direct Page Requests, Parameter Modification, Session ID Prediction, File and Directory Privileges, Password Remember and Reset, Social Engineering and Insiders, Logout Testing, Cached Pages.

Analysis of Session Management, Cookie Reverse Engineering, Cookie Manipulation by Guessing, Cookie Manipulation using Brute Force, Overflow, Exposed Session Tokens.

Cross Site Scripting, HTTP Methods and Cross Site Tracing, SQL Injection, Relational Databases, Structured Query Language, Testing for SQL Injection, Testing for Authorisation Bypass Attacks, Testing for SELECT Statement Attacks, Testing for INSERT Statement Attacks, SSI Injection, XPath Injection, Dynamic Code, Buffer Overflows.