Mastering Web Testing

Course:  WATEST
Duration:  3 Days
Level:  I
Course Summary

While many of the traditional concepts of software testing still hold true, Web sites and Web applications have a different risk profile to other, more mature environments. A typical Web tester now has to deal with shorter release cycles, changing technology, complex hardware and software platforms and an anticipated user base which is uncontrolled and may run into millions. Many testers and test managers are being asked to make the transition from testing traditional client/server, PC, and/or mainframe environments to testing Web sites and applications

The scope of this course covers Web technology, Web architecture and communications, the testing of functional and non-functional requirements such as usability and includes the complex testing activities of performance and security.

« Hide The Details
Topics Covered In This Course

Web Basics

  • Internet and Web History
  • Basic Internet Architecture
  • Network Protocols
  • IP Addresses
  • IP, TCP and HTTP
  • URLs and DNS
  • Intranets and Extranets
  • Virtual Private Networks

Code Quality Assurance

  • Quality Control and Quality Assurance
  • Unit Testing
  • Hypertext Markup Language (HTML)
  • HTML Validation
  • Images
  • Cascading Style Sheets (CSS)
  • Web Open Font Format (WOOF)
  • Client-side Scripting
  • Extensible Markup Language (XML)
  • Document Type Definitions (DTD)
  • XML Namespaces
  • XML Schema
  • Displaying XML with CSS
  • Extensible Stylesheet Language (XSL)


  • Client Hardware and Software
  • Different Browsers (Internet Explorer, Firefox, Chrome, Opera, Safari, etc.)
  • Browser Modes
  • Internet Explorer 8 and 9 Compatibility View
  • Server Software
  • Choosing the Test Environment
  • Software Combinations
  • Software Configuration Tools
  • Installability and Serviceability


  • Links
  • Static and Dynamic Links
  • Framesets
  • Inline Frames
  • Navigational Aids
  • Internal Search Engines
  • Site Maps
  • Site Navigation Tools
  • Navigational Efficiency

Risk Based Testing

  • Test Identification
  • Non-Functional Attributes
  • Business Impact
  • Failure Likelihood
  • Test Prioritization

Client-side Functionality

  • Forms
  • Client-side and Server-side Validation
  • Dynamic HTML
  • Document Object Model
  • AJAX
  • Client-side Pop-ups
  • Variable Screen Resolutions
  • Client-side Objects
  • Java and the Java Virtual Machine

Server-side Functionality

  • Server-Side Includes
  • Dynamic Page Generation (ASP, PHP, Python, Ruby, etc.)
  • Common Gateway Interface (CGI)
  • Database Interaction
  • Database Middleware
  • Interfacing to Back-Office Systems
  • Personalization
  • RSS
  • Internet Explorer Web Slices


  • Maintaining a Session
  • Cookies
  • Private Browsing
  • Shopping Carts
  • Multi-Page Transactions
  • State Transition Diagrams


  • Importance of User Interface
  • Workflows
  • Actors and Use Cases
  • Usability Testing
  • Screen Size and Resolution
  • Readability
  • Printer Friendly Pages
  • Help Systems
  • Usability Guidelines
  • Performing Usability Tests
  • Guidelines for Usability Testing
  • Globalization and International Environments


  • Color Confusion
  • Components of Web Accessibility
  • Web Accessibility Initiative
  • WAI Guidelines and Techniques
  • Web Content Accessibility Guidelines
  • Conformance Requirements
  • Evaluation Web Sites for Accessibility
  • PAS 78

Web Architecture and Communications

  • Client Internet Access (fixed)
  • Wired Local Area Networks
  • Ethernet
  • Wireless Local Area Networks
  • Client Internet Access (mobile).

Performance Test Specification

  • Prerequisites to Performance Testing
  • The General Process
  • Categories of Performance Tests
  • Single-Shot/Smoke Testing
  • Load and Scalability Testing
  • Stress and Hot Spot Testing
  • Spike and Bounce Testing
  • Integrity Testing
  • Defining and Selecting Test Objectives
  • Response Time Requirements
  • Defining the Workload
  • Think Times
  • Client Internet Access Speeds ? Fixed and Mobile
  • User Geographic Locations
  • Background Load.


  • Identifying Data Requirements
  • Specifying the Test Environment
  • Selecting the Loads to Run
  • Sampling Errors
  • Concurrency
  • Load Generation Options
  • Network Considerations
  • Load Generator Calibration.


  • Running the Tests
  • Measuring the Load
  • White-Box and Black-Box Measurements
  • Full-Blown and Focused Testing
  • Phased Load Testing


  • Response Time Graphs
  • Margins of Error
  • Diagnosing Performance Problems
  • Troubleshooting Strategies
  • Improving Performance.


  • Scalability Testing Objectives
  • Server Scalability
  • Server Farms and Load Balancing
  • Web Site Mirroring
  • Web Site Caching.

Reliability and Availability

  • Categories Of Tests
  • Low Resource Testing
  • Endurance Testing
  • Volume Testing
  • Network Quality Of Service
  • Server Failover Testing

Testing Security

  • Where is the Problem
  • Security Policies
  • Hackers and Crackers
  • Security Testing Techniques
  • Manual Inspections & Reviews - Gap Analysis
  • Threat Modelling - Attack Trees
  • A Framework for Testing.

Security Architecture

  • IP v4 and v6
  • Transmission Control Protocol, Three-Way Handshake
  • IP Spoofing
  • Secure Sockets Layer, Transport Layer Security
  • Encryption, Public Key Infrastructure
  • SSL and TLS Sessions
  • Wireless Encryption.


  • What Firewalls Can and Can?t Do
  • Packet Filtering, Screening Routers
  • Proxy Servers
  • Network Address Translation
  • Virtual Private Networks
  • Firewall Configurations

Information Gathering

  • Mapping Out the Network Topology
  • IP Address Inventory, Ping Sweeps
  • Service/Socket Inventory, Port Scanning
  • Hardening the System Software
  • Web Application Fingerprinting
  • Testing for Error Code
  • Testing for Weak Cipher Levels and SSL Certificate Validity
  • Application Code, Server Logs
  • Intruder Detection Systems.

Authentication Testing

  • Default or Guessable User Accounts
  • Brute Force
  • Direct Page Requests
  • Parameter Modification
  • Session ID Prediction
  • Password Remember and Reset
  • Social Engineering and Insiders
  • Logout Testing
  • Cached Pages.

Session Management

  • Analysis of Session Management
  • Cookie Reverse Engineering
  • Cookie Manipulation by Guessing
  • Cookie Manipulation using Brute Force
  • Overflow
  • Exposed Session Tokens.

Data Validation Testing

  • Cross Site Scripting
  • HTTP Methods and Cross Site Tracing
  • SQL Injection
  • Testing for Authorisation Bypass Attacks
  • Testing for SELECT Statement Attacks
  • Testing for INSERT Statement Attacks
  • SSI Injection
  • Dynamic Code
  • Buffer Overflows.
What You Can Expect

In this course, you will learn how to:

  • Understand the different technologies used in Web environments.
  • Communicate adequately with appropriate technical personnel to ensure that the correct test environments are set up.
  • Perform a simple risk analysis to identify and prioritise tests.
  • Create appropriate tests, test cases and test scripts.
  • Execute tests in a controlled manner using the correct setup conditions and inputs.
  • Understand the nature, availability and limitations of Web testing tools.
  • Examine performance requirements and ensure that the requirements are realistic and achievable.
  • Understand how to test a site?s reliability and scalability prior to release.
  • Examine a security policy and specify the types of tests necessary to ensure that the requirements contained in the policy are being met.
Who Should Take This Course

Software testers, members of QA teams and test managers.

Recommended Prerequisites

A basic knowledge of the Internet and software testing.

Training Style

Instructor led with 60% lecture and 40% lab.

« Hide The Details
Related Courses
Code Course Title Duration Level
Web Software Testing
3 Days
Software Testing Considerations for Developers
2 Days
Web Services Testing with soapUI
2 Days
Software Testing/User Acceptance Testing Fundamentals
3 Days
Software Testing and Quality Assurance Techniques
3 Days

Every student attending a Verhoef Training class will receive a certificate good for $100 toward their next public class taken within a year.

You can also buy "Verhoef Vouchers" to get a discounted rate for a single student in any of our public or web-based classes. Contact your account manager or our sales office for details.

Schedule For This Course
There are currently no public sessions scheduled for this course. We can schedule a private class for your organization just a couple of weeks from now. Or we can let you know the next time we do schedule a public session.
Notify me the next time this course is confirmed!
Can't find the course you want?
Call us at 800.533.3893, or
email us at [email protected]