Web Basics

• Internet and Web History
• Basic Internet Architecture
• Network Protocols
• IP Addresses
• IP, TCP and HTTP
• URLs and DNS
• Intranets and Extranets
• Virtual Private Networks

Code Quality Assurance

• Quality Control and Quality Assurance
• Unit Testing
• Hypertext Markup Language (HTML)
• HTML Validation
• Images
• Cascading Style Sheets (CSS)
• Web Open Font Format (WOOF)
• Client-side Scripting
• Extensible Markup Language (XML)
• Document Type Definitions (DTD)
• XML Namespaces
• XML Schema
• Displaying XML with CSS
• Extensible Stylesheet Language (XSL)

Compatibility

• Client Hardware and Software
• Different Browsers (Internet Explorer, Firefox, Chrome, Opera, Safari, etc.)
• Browser Modes
• Internet Explorer 8 and 9 Compatibility View
• Server Software
• Choosing the Test Environment
• Software Combinations
• Software Configuration Tools
• Installability and Serviceability

Navigation

• Links
• Static and Dynamic Links
• Framesets
• Inline Frames
• Navigational Aids
• Internal Search Engines
• Site Maps
• Site Navigation Tools
• Navigational Efficiency

Risk Based Testing

• Test Identification
• Non-Functional Attributes
• Business Impact
• Failure Likelihood
• Test Prioritization

Client-side Functionality

• Forms
• Client-side and Server-side Validation
• Dynamic HTML
• Document Object Model
• AJAX
• Client-side Pop-ups
• Variable Screen Resolutions
• Client-side Objects
• Java and the Java Virtual Machine

Server-side Functionality

• Server-Side Includes
• Dynamic Page Generation (ASP, PHP, Python, Ruby, etc.)
• Common Gateway Interface (CGI)
• Database Interaction
• Database Middleware
• Interfacing to Back-Office Systems
• Personalization
• RSS
• Internet Explorer Web Slices

Sessions

• Maintaining a Session
• Cookies
• Private Browsing
• Shopping Carts
• Multi-Page Transactions
• State Transition Diagrams

Usability

• Importance of User Interface
• Workflows
• Actors and Use Cases
• Usability Testing
• Screen Size and Resolution
• Readability
• Printer Friendly Pages
• Help Systems
• Usability Guidelines
• Performing Usability Tests
• Guidelines for Usability Testing
• Globalization and International Environments

Accessibility

• Color Confusion
• Components of Web Accessibility
• Web Accessibility Initiative
• WAI Guidelines and Techniques
• Web Content Accessibility Guidelines
• Conformance Requirements
• Evaluation Web Sites for Accessibility
• PAS 78

Web Architecture and Communications

• Client Internet Access (fixed)
• Wired Local Area Networks
• Ethernet
• Wireless Local Area Networks
• Client Internet Access (mobile).

Performance Test Specification

• Prerequisites to Performance Testing
• The General Process
• Categories of Performance Tests
• Single-Shot/Smoke Testing
• Load and Scalability Testing
• Stress and Hot Spot Testing
• Spike and Bounce Testing
• Integrity Testing
• Defining and Selecting Test Objectives
• Response Time Requirements
• Defining the Workload
• Think Times
• Client Internet Access Speeds ? Fixed and Mobile
• User Geographic Locations
• Background Load.

Preparation

• Identifying Data Requirements
• Specifying the Test Environment
• Selecting the Loads to Run
• Sampling Errors
• Concurrency
• Load Generation Options
• Network Considerations
• Load Generator Calibration.

Execution

• Running the Tests
• Measuring the Load
• White-Box and Black-Box Measurements
• Full-Blown and Focused Testing
• Phased Load Testing

Analysis

• Response Time Graphs
• Margins of Error
• Diagnosing Performance Problems
• Troubleshooting Strategies
• Improving Performance.

Scalability

• Scalability Testing Objectives
• Server Scalability
• Server Farms and Load Balancing
• Web Site Mirroring
• Web Site Caching.

Reliability and Availability

• Categories Of Tests
• Low Resource Testing
• Endurance Testing
• Volume Testing
• Network Quality Of Service
• Server Failover Testing

Testing Security

• Where is the Problem
• Security Policies
• Hackers and Crackers
• Security Testing Techniques
• Manual Inspections & Reviews - Gap Analysis
• Threat Modelling - Attack Trees
• A Framework for Testing.

Security Architecture

• IP v4 and v6
• Transmission Control Protocol, Three-Way Handshake
• IP Spoofing
• Secure Sockets Layer, Transport Layer Security
• Encryption, Public Key Infrastructure
• SSL and TLS Sessions
• Wireless Encryption.

Firewalls

• What Firewalls Can and Can?t Do
• Packet Filtering, Screening Routers
• Proxy Servers
• Network Address Translation
• Virtual Private Networks
• Firewall Configurations

Information Gathering

• Mapping Out the Network Topology
• IP Address Inventory, Ping Sweeps
• Service/Socket Inventory, Port Scanning
• Hardening the System Software
• Web Application Fingerprinting
• Testing for Error Code
• Testing for Weak Cipher Levels and SSL Certificate Validity
• Application Code, Server Logs
• Intruder Detection Systems.

Authentication Testing

• Default or Guessable User Accounts
• Brute Force
• Direct Page Requests
• Parameter Modification
• Session ID Prediction
• Password Remember and Reset
• Social Engineering and Insiders
• Logout Testing
• Cached Pages.

Session Management

• Analysis of Session Management
• Cookie Reverse Engineering
• Cookie Manipulation by Guessing
• Cookie Manipulation using Brute Force
• Overflow
• Exposed Session Tokens.

Data Validation Testing

• Cross Site Scripting
• HTTP Methods and Cross Site Tracing
• SQL Injection
• Testing for Authorisation Bypass Attacks
• Testing for SELECT Statement Attacks
• Testing for INSERT Statement Attacks
• SSI Injection
• Dynamic Code
• Buffer Overflows.