SDET Guide
Web Testing Illustration

Tue Jan 07 - Written by: Samridha

Web Testing QA SDET

Web Application Testing

Discover the essentials of web application testing, including frontend, backend, cross-browser compatibility, performance, and security testing techniques.

Web Application Testing

Frontend Testing

Verifying UI/UX Elements

  • UI/UX refers to the User Interface and User Experience.
  • Test the visual and functional aspects of UI elements like buttons, text, dropdown lists, and toggle buttons.
  • Verify behavior, such as:
    • Button clicks
    • Hover effects
    • Tooltips
    • Animations
  • Tools: Applitools (AI-based visual testing tool)

Responsiveness and Cross-Browser Testing

  • Ensure the application adapts and performs on devices with different screen sizes and resolutions.
  • Validate:
    • Hamburger icon display on small screens
    • Proper text wrapping
    • No overlapping elements
    • Correct element alignment
    • Touch interactions on mobile devices
  • Tools: Browser developer tools, LambdaTest, Sauce Labs

Validating CSS, HTML, and JavaScript Functionality

  • Verify that the frontend technologies are implemented correctly and functioning as expected.

Backend Testing

API Testing

  • Use tools like Postman, Swagger, or REST Assured to validate API endpoints.

Database Testing

  • Test database queries, constraints, and relationships to ensure data integrity.

Server-Side Validation

  • Verify that the backend performs proper validation for all user inputs.

Web-Specific Tests

Cross-Browser Compatibility

  • Ensure consistent application behavior across various browsers and versions.
  • Tools: LambdaTest, BrowserStack
  • What to test:
    • UI elements
    • Styling
    • JavaScript behavior
    • Third-party integrations (e.g., payment gateways)

Cross-Device Compatibility

  • Test on different devices like mobile, tablet, and desktop to ensure proper functionality.

Web Performance Testing

  • Load Times: Verify the website loads in under 2 seconds.
    • Tool: Google Lighthouse
  • Latency: Test network latency and server response time.
    • Tools: CDN tools, LoadRunner
  • Resource Utilization:
    • Measure how efficiently CPU, memory, and bandwidth are utilized during peak usage.
    • Keep peak resource utilization under 80%.
    • Tools: Chrome DevTools, AWS CloudWatch, Dynatrace

Security Testing

SQL Injection

  • SQL Injection: Malicious SQL commands are injected into input fields to delete or modify the database.
    • Tools: Burp Suite, SQLMap

Cross-Site Scripting (XSS)

  • XSS (Cross-Site Scripting) occurs when malicious input is injected into a website and executed on the client side.
    • Types:
      • Stored: Malicious code is stored on the server (e.g., in comments).
      • Reflected: Malicious code is reflected from the server (e.g., in query parameters).
      • DOM-Based: Attack occurs directly in the DOM.
    • Tool: Burp Suite
    • Example: Inject <script>alert('XSS')</script>. If an alert pops up, the application is vulnerable.

Cross-Site Request Forgery (CSRF)

  • CSRF: Unauthorized actions are performed on behalf of an authenticated user.
    • Tool: Burp Suite

Performance Testing

Load Testing

  • Simulate a specified number of users to verify application functionality under expected traffic.

Stress Testing

  • Simulate traffic beyond the expected load to find the application’s breakpoint.

Scalability Testing

  • Test the application’s ability to scale up or down depending on the load.

Endurance Testing

  • Test the application under load for an extended period to check for memory leaks or performance degradation.