What is cache memory?

Cache memory is a certain memory aid for computers that speeds them up very well. 

- In cache memory, the storage of the data is transparent so as to make the processing of the future requests faster. 

- A cache might store in it the values that have already computed or duplicate of some values stored somewhere else in the memory. 

- Whenever some data is requested, it is first looked up in the cache memory. - If the data is found here, it is returned to the processor and this is called a ‘cache hit’. 

- In this case the time taken for accessing the data is reduced. 

- This access is thus faster than that of the main memory. 

- Another case is of cache miss when the required data is not found in the cache.

- Then again the data has to be fetched or computed from its original source or the storage location which is slow as obvious. 

- The overall performance of the system increases in proportion with the number of requests that can be served from the cache memory.

- In order to maintain the cost efficiency as well as efficiency in data usage, the size of the cache is kept relatively small as compared to the main memory. 

- However, the caches have proven themselves from time to time because of their ability to recognize the patterns of access in the applications having some locality of reference. 

- Temporal locality is exhibited by the references if the data that was previously requested is requested once again.

- These references apart from temporal locality also exhibit spatial locality if the storage location of the requested data is close to the data that was previously requested.

How is cache implemented?

- The cache is implemented as a memory block by the hardware and as a place of temporary storage. 

- Here, only that data is stored which is likely to be accessed again and again. 

- Caches are not only used by hard drives and CPUs but also by the web servers and browsers. 

- Pools of entries together make up the cache. 

- Each entry has a datum associated with and a copy of it is stored in the backing store. 

- Each entry is also tagged for the specification of the datum’s identity in the backing store.

- When a datum is required to be accessed by a cache client (it might be an operating system, CPU or web browser.) that it thinks might be available in the backing store, the cache is first checked. 

- If the desired entry is found, it is returned for the use. This is cache hit.

- Similarly, a web browser might look in its local cache available at the disk to see if it has the contents of a web page. 

- In this case the URL serves as the searching tag and the contents are the datum. 

- The rate of successful cache accesses is known as the hit rate of the cache.

- In case of a cache miss, the datum not cached is copied in to the cache so as to prevent future cache misses. 

- For making space for this datum, some already existing datum in the cache is removed. 

- Which datum is to be removed is determined by using the replacement algorithms. 

What are the challenges of testing Web Applications? How to use Silk Test with Web Applications?

Web applications are a rage these days and thus a fast delivery of web applications is in urgent need. But at the same time it is important to keep the security of these web applications in check. 

However, web testers continue to face some challenges while testing the web applications and this is what that we are going to discuss in this article. 

What are Web Applications?

- As we are familiar with the growing popularity of the web applications, with the time, new and advance features are being introduced in the web applications.

- It makes them one of the most popular means for the development of the commercial systems. 

- Nowadays, almost all the companies opt for developing web based software wherever and for whatever possible. 

- This is so because with the help of web applications the company can easily cater to the needs of a large number of people. 

- Also, once the infrastructure of the application is put in place the deployment of the apps becomes quite easy. 

- The web applications are powerful assets and using them, a feature rich content can be provided to a large audience across the globe at quite an economical cost.

- Hence, it becomes more and more daunting to test these complex applications. 

- For the web applications the two factors continue to be the most important:

1. Accessibility and
2. Security

Challenges in testing Web Application

While on one side, the company wants to cater to the users all over the world, on the other side their web application can fall prey to some grave security issues. Thus, only web application testing stands a chance to secure the data as well the organization. 

- The design and nature of every web application is somewhat unique to it and so it is possible for the users to follow different paths of usage.

- In such cases, it is necessary to ensure that all paths are working well by testing all the permutations and combinations. 

- Also, all the software applications are not self explanatory. 

- Users of a web application are from various back grounds and those who are from a non technical background may find it hard to use the application. 

- This does affects the design of the application and therefore should be tested during the usability testing of the application. 

- For intranet based web applications, it is possible for the developers to make assumptions regarding the audience but this is impossible for the internet based web applications. 

- Today, there are many web browsers available and so different browsers are used by different users. 

- Thus, there is a need to test this aspect since it can be ensured that the web application is compatible with all the platforms.

How is web testing done in SilkTest?

- Web testing is possible using the Borland’s silk test. 

- Till now, it has been proven to be the leading functional testing tool in the software industry when it comes to testing e- business applications either based up on windows, web, java or client or server based and so on. 

- Silk test is used for the following purposes:

1. Test planning
2. Test management
3. Direct data base access and validation

- It also comes with a built – in recovery system for the purpose of unattended testing of the web applications across multiple browsers, platforms and technologies.

Explain how the data is secured in HTTPS?

HTTP secure or HTTPS can be thought of as an extended version of the regular HTTP. This communication protocol is the widely used one next to the regular HTTP when it comes to having a secure communication path between the user and the server over a computer network. 

The HTTPS finds quite a wide deployment over the internet when compared to deployment over intranet. If we understand it deeply we will come to know that in actual it is not a protocol in itself as it seems so from outside. 

It is actually a regular hyper text transfer protocol (HTTP) simply layered over SSL/ TSL protocol. The SSL/ TSL protocol thus lends its security capabilities to the standard HTTP communications when HTTP is layered up on SSL/ TSL. 

In this article we discuss how the data is secured in HTTPS. As we mentioned above that it is quite deployed in the internet services and it is so because it provides a quite convenient means to authenticate the web site as well as the web server associated with it (with which the connection is being established).

How data is secured in HTTPS

Such an authentication is of much importance as it provides the protection against the man in middle attacks which usually occurs because of eavesdropping between our communications with the server. 

- Moreover, HTTPS provides bidirectional encryption of the communications or the data that is exchanged between the clients and the servers. 

- The ability of the bidirectional encryption by virtue of which it protects against tampering and eavesdropping which otherwise would forge the contents of the communications between the clients and the servers, makes it much necessary. 

- HTTPS comes with a reasonable guarantee that you get to communicate only with the web site which you intended to communicate with and with none else.  - Furthermore, a way to prevent the forgery of the contents of the communication that takes place between the users and the clients cannot be hampered or forged by any of the third parties is ensured by the http secure. 

- In HTTPS, the entire HTTP is levied up on the top of the TSL or SSL thus enabling the total encryption of the HTTP communications content.

- This communications content includes:

1. Request URL which states the particular web page that was requested.
2. Query parameters
3. Headers
4. Cookies containing the identity information about the user and so on. 

Negative Points of HTTPS

Though the HTTPS has got many advantages, its minus point cannot be unseen.

-HTTPS cannot protect the disclosure of the communication content.

-This happens so because the addresses of the host web sites and port numbers form a necessary part of the TCP/ IP protocols that underlie the https. -To be seen practically, it means that the identity of the server can still be inferred by the eavesdroppers even on a correctly configured web server as well as the amount and duration of the communication.

-In the early years, the HTTPS was common to be used in the money transactions over the World Wide Web and other sensitive transitions like e- mails.

-In the recent years it has been known for the following:

1. Authenticating the web pages,
2. Providing security to the accounts,
3. Maintaining the privacy of the user communications, web browsing and identity.

The HTTPS has also come to the rescue of the wi- fi since it is highly prone to attacks being un- encrypted. The importance of https is often more realized when the connections are made over tor or anonymity network.       

What are the types of web testing security problems?

Web testing is much in demand these days since the use of web sites and web applications are increasing by huge margins day by day. As the cyber crimes are increasing, web sites and web applications call for more security settings which in turn plunge in to the web testing schedule as the web testing security problems.

"Web testing is a kind of software testing that focuses on web sites and web applications. The security issues of the web sites and web applications are addressed by another type of web testing called web security testing". 

The testing of the web sites and web applications for security vulnerabilities is quite and exciting concept. Though the matter is quite exciting, it needs to be taken seriously. The best method to combat with the known web testing security problems can be to be prepared in advance and having knowledge of what is to be checked for.

In this article we are going to take up some of the most common security aspects that can pose problems in web testing. They are mentioned below:

1. Server problems: These are the most common security problem. It happens many a times that the server is down for maintenance or some other reason.
2. Hardware problems
3. Data base problems: Any problems in the data base of the web site or web application gives rise to many of the security problems. Any problem and uncertainty in the data base can prove to be a danger to the overall security of the web site or web application.
4. Navigation from one page to another: Too much of navigation from one page to another endangers the security of the web site or web application which in turn acts as a hindrance in the web testing of that particular web site or web application.
5. Server security: A server houses a web site or web application data base; therefore it is obvious that the security of the web site or the application relates a lot to the security of the server. Maintaining the security of the web server is quite an important point which otherwise could introduce many of the security problems during the web testing.
6. Authentication issue
7. Data encryption
8. User privileges leaks
9. SQL injection
10. Cross side scripting
11. Cookie testing
12. The content on a web site that proves to be inaccessible or incorrect can also pose security problems during web testing.
13. Improper validation of the input can disturb the working mechanism of the web site or web application.
14. Link testing is an important aspect of web testing. Broken links can hamper the security of the web site or application and thus poses problems in web testing security.
15. Incorrect copyright information.
16. Incorrect EULA or end user license agreement.
17. Un-optimized images that do not meet the specifications.
18. Improper storage of the data obtained through the web pages.
19. Time taken by the pages to render.
20. Lag in performance with many simultaneous users.
21. Concurrency issues like when a user is working on multiple windows of the same page or there are multiple users on the same page.
22. Improper and inefficient tracking of the transactions by the server log.
23. Improper usage of SSL by the web site or web application.
24. Inefficient working of the feeds.
25. Inefficient working of the cookies.

Web testing is absolutely essential if you want make sure that your web site or web application has enough browser support and the HTML is valid. 

Explain the concepts of XSS cross site scripting?

XSS or cross site scripting is a much familiar word in today’s cyber world. Cross site scripting is categorized under the category of computer security vulnerabilities which are common among the web applications.

Purpose of XSS Cross Site Scripting

- This vulnerability makes the web application so vulnerable that the malicious outside attackers are able to inject the malicious client side scripts in to the web pages or applications that are later viewed by the people who visit the page.

- Another purpose may be to incur the access controls like the same origin policy.

- The cross site scripting vulnerability itself accounts for almost 80.5 percent of all the security vulnerabilities identified and documented in the year of 2007 by the Symantec.

- The cross site scripting technique is employed for curbing risk depending on the measure of the sensitivity of the data that is being processed by that particular web site or web page.

- Apart from this factor, another factor that influences this is the security mitigation as implemented by the owner of that web site.

Limitations of XSS Cross Site Scripting

- Cross site scripting can also be employed by some people to create petty nuisance.

- This vulnerability of the security system is often misused by the attackers for bypassing the security mechanisms on the client side which are usually implemented by the web browsers up on the web content on that particular site.

- There are various ways through which the attacker can find the access to the web pages for injecting their malicious scripts in to them.

- Such ways or methods can provide the attacker an unauthorized access to all the sensitive content of the page, information of the user activity as stored by the browser and session cookies etc.

About Cross Site Scripting

- Cross site scripting is a type of code injection attack and is somewhat similar to the SQL injection attacks.

- Earlier the cross site scripting technique was defined as the loading of the third party application that had been attacked at an unrelated attack site while executing java scripts in the context of security of the domain on target as created by the attacker.

- Eventually this cross site scripting refer to the different modes of the code injection, non java script vectors (like VBscript, flash, Java, ActiveX, HTML, SQL and so on).

- The cross site scripting vulnerabilities have been under exploitation since the advent of 20th century.

- So many famous social networking sites like my space, orkut, twitter, Facebook etc have been a victim of the cross site scripting in the past.

- With the sophistication of the cross site scripting techniques, they have now surpassed the vulnerabilities like buffer overflows reporting to be the most common security vulnerability.

- Even now 68 percent of the total web sites have been sorted as vulnerable to the cross site scripting attacks.

Classifications of XSS flaws

As such there are no proper criteria for the classification of the XSS flaws, but according to the experts they are classified in to two categories:

1. Persistent XSS Flaws
It is also known as stored XSS flaws and is the most destructive type. It occurs when the data which has been provided by the attacker is stored by the server.

2. Non persistent XSS flaws
It is also known as reflected XSS flaws and it is the most common type. It occurs when data from a web client is used by server scripts for generating required pages without the sanitization of the queries.

Some other experts classify them as:
1. DOM based XSS flaws: infect client side scripts.
2. Traditional XSS flaws: occur as a result of the flaws in the server side scripts.

Explain the concepts of Cross site scripting attacks?

XSS or cross site scripting attack is a much familiar security threat in today’s cyber world and is taking a toll on the web sites and applications by breaking in to their security system.

What is Cross Site Scripting Attack?

- Cross site scripting attack is another attack categorized under the category of computer security vulnerabilities which are the most common and frequent among the web applications.

- These attacks are known for making the web application so vulnerable that the malicious outside attackers are able to inject the malicious client side scripts in to the web pages or applications that are later set for the view by the users who visit the page.

- Another nefarious purpose of these attacks is to incur the access controls like the same origin policy.

- The cross site scripting attacks account for almost 80 percent of all the security threats identified and documented in the year of 2007 till now by the Symantec.

- The cross site scripting technique for the good purpose is usually employed for curbing risk depending on the measure of the sensitivity of the data that is being processed by that particular web site or web page.

- Apart from this factor, another factor that makes it easy for the attacks to happen is the security mitigation as implemented by the owner of that web site.

- Cross site scripting attacks are employed by some people to create petty nuisance.

- This is nothing but the misuse of the vulnerability of the security system by the attackers for bypassing the security mechanisms on the client side which are usually implemented by the web browsers up on the web content on the web site.

- There are various ways through which the site can be attacked and accessed for injecting the malicious scripts in to them.

- Such ways or methods can provide the attacker an unauthorized and easy way to access all the sensitive content of the page, information of the user activity as stored by the web browser and session cookies etc.

- Cross site scripting attacks are a type of code injection attack and somewhat similar to the SQL injection attacks.

- Earlier the cross site scripting technique was seen as the loading of the third party application that had been attacked at an unrelated attack site while the execution of the java scripts took place in the context of security of the domain on target as created by the attacker.

- Eventually this cross site scripting attacks were carried out through different modes of the code injection using non java script vectors (like VBscript, flash, Java, ActiveX, HTML, SQL and so on).

- Cross site scripting attacks are a consequence of the cross site scripting vulnerabilities that have been under exploitation since the advent of 20th century.

So many famous social networking sites of today like my space, orkut, twitter, Facebook etc have witnessed these attacks in the past. With the advancement of the cross site scripting techniques, they have now successfully surpassed the vulnerabilities like buffer overflows reporting to be the most common security vulnerability. Even now around 60 percent of the total web sites have been sorted as vulnerable to the cross site scripting attacks.

As such there are no defined criteria for the classification of the XSS flaws, but according to the experts they are classified in to two categories:

1. Persistent XSS flaws
- Also known as stored XSS flaws and is the most destructive type.
- Occurs when the data which has been provided by the attacker is stored by the server.

2. Non persistent XSS flaws
- Also known as reflected XSS flaws and most common type.
- Occurs when data from a web client is used by server scripts for generating required pages without the sanitization of the queries.

What is meant by content spoofing in detail?

Content spoofing is a rarely discussed topic and is much unheard by the many of us!
So let's evaluate the concepts of content spoofing in detail:

- Content spoofing has been categorized as an attack technique using which the attacker is able to inject a malicious code or payload in to the good content of a web site or a web application.

- This malicious payload or code is later thought of as being the legitimate content of that particular web site or web application which is a wrong interpretation.

- Content spoofing affects usually the web pages which have been built dynamically.

- Text only content spoofing is the technique in which the payload usually as text is passed in to the body of the web page or application in the form of a query string value.

- This approach usually takes effect on the pages of the web sites displaying some news entries and error pages.

- Such content is then later posted on the web site as its legitimate content.

- So when the users visit that particular link they perceive that the spoofed content is nothing but the legitimate content.

- In some cases it is possible that the pay load may exist on the web page for a longer time than estimated.

- Most of the web pages have been built dynamically with the sources from the HTML (hyper text mark up language).

- The attacker can easily change the content and when the particular web page is accessed by a browser, the location comes of the same domain as the user expected but the user does not come to know that the content is not legitimate instead it is shrouded one.

- As this is not enough to harm a web site, some attackers even manage to send malicious links to the users through emails and messages.

- In some cases the malicious links can be enforced up on the users following a cross site scripting attack.

- When the user clicks that link, he/ she visits the web page designed by the attacker with the malicious URL (uniform resource locator).

- The user will not come to know about this that he/ she is actually viewing am unauthentic web page.

- They will unknowingly believe that the spoofed content that they are viewing is purely authentic but this is not the case.

- Content spoofing does nothing but spoils the trust that the user has on the web site.

- The technique of content spoofing is being used like anything for the creation of fake web sites including fake login pages, press releases and defacement.

- Another point to be noted is that if you can fall victim to a cross site scripting attack, then the chances are that you may fall prey to content spoofing attacks as well.

- Content spoofing is a type of exploitation activity used by the hackers who have wrong intentions like presenting certain web pages to the user as if they are legitimate and not from an external source.

- This is somewhat similar to the SQL injection attacks. In both the cases the victims are defrauded like in phishing.

- Some attackers can even access the data base of a web application stored in a server and alter the contents.

- Content spoofing cannot be readily detected since there is large apparent difference between the actual and the spoofed content.

- The content spoofing carried out with the help of dynamic hyper text mark up language or DHTML is considered to be the most dangerous type since it can be used to form fake login pages.

- When any user inputs his sensitive data (can be a password, credit card number etc) in that page, the data goes directly to the attacker without the knowledge of the user that he has fallen victim to an identity theft.

What are different HTML errors?

HTML or hyper text mark up language is perhaps one of the most used mark up languages for the web pages, sites and applications with which most of us are familiar. This language is written using the HTML elements which mainly constitute of the tags enclosed in the angle brackets like:

These elements are housed in the web page or site. Most of the HTML tags are implemented in pairs of two.

HTML ELEMENTS AND CONTENT
- Some tags are even empty and are commonly known as empty elements.
- These are usually unpaired unlike the filled elements which are paired.
- In the paired tags, the first tag is called the start tag and the second one is then called the end tag.
- Between these two tags, any text, comments, tags etc can be added by the designer of the web sites.
- The content that is to be added should only be of textual type.
- Due to some wrong designing principles often some errors are introduced in to the html of the web site or the page.
- One of the most common errors is the insertion of the graphical content in to the html.
- Such content is neither displayed nor is it interpreted.
- It simply causes the malfunctioning of the web site.
- Other elements of the html allow the addition of the graphical content and only these should be used whenever some graphics are to be inserted in to the page.
- Html elements provide a means for the creation of the structured documents that denote the structural semantics for textual content like:

1. Lists
2. Links
3. Paragraphs
4. Headings
5. Quotes and so on.

DIFFERENT HTML ERRORS AND THEIR IMPACT

- Html can also be embedded in to the scripts like javascript which also some times leads to errors when inserted incorrectly.
- Such errors affect the behaviour of the web sites and cause them to behave abnormally.
- Whenever the site is affected by an error or a bug is encountered, a set of error messages is generated by the business logic component which is then stored as a string in any of the available scopes.
- For using such functions, you need to define an application scope with the name of default attribute, because if such a scope is not found, then nothing is to be rendered by the business logic.
- Some designers forget to define such scopes and therefore end up with unnecessary errors in their web sites.
- Many more errors occur whenever a requested is generated by the client to the web server.
- In such cases the server responds with some status messages, few of which have been mentioned below along with the possible errors:

1. 400:
Bad syntax of the request is preventing the server to process it.

2. 401:
The request though being cannot be processed because of unavailability of the authentication processes.

3. 404 not found:
The page requested by the client is found to be unavailable at that moment.

4. 405 method not allowed:
The client made request in such a way that is not supported by that site.

5. 407 proxy authentication required:
The client has not authenticated its proxy.

6. 408 request time out:
The server’s request time expired while waiting for the client to generate one.

7. 409 conflict:
The server is not able to process the request because of the presence of some conflict in it.

8. 410 gone:
The page that was requested is no longer available on the web.

What is the approach for Security Testing of Web Applications?

Like our real world, our cyber world also needs security as rate of cyber crime is also increasing day by day. Attackers are misusing the technology to benefit themselves and this has caused the end users to suffer.

The security of the web sites and web applications needs to be very tight so that attackers are not able to break in to the data bases of the sites and applications and use the critical data and information to their heart’s content.

ABOUT SECURITY OF WEB SITES
- Several security measures are being designed these days and many of them have been adopted.
- The security level of the web sites and web applications needs to be tested just like any other aspect of softwares to ensure that it is error proof and meets the standards.
- Security testing of web applications is very necessary as the security of a web site or application is responsible for the safety of our personal information that we use to access the cyber services and other sensitive information.

WHAT APPROACH SHOULD BE USED TO TEST WEBSITES?
Here the question arises that what approach should be followed for security testing of the web sites and applications?
- For security testing of web applications a planned approach should be followed. - The vulnerabilities of the web application should be listed first so that you can draw out your test plan.
- As the number of users is increasing, the need for a proper security system is also increasing.
- The security testing of the web applications needs to very efficient.
- In security testing, the privacy level of the data is tested i.e., whether or not it stays confidential and that it is not leaked to those for whom it is not meant.
- It also makes sure that the end users are able to perform only those tasks which have been authorized for them and that the users are not able to alter the features and functionalities of a web site or application.
- The tester carrying out the security testing should have good knowledge of Hyper Text Transfer Protocols (HTTP).
- It is important to know how exactly the communication takes place between the browser and the server.
- He/ she should also know about the issues mentioned above in the list.

STEPS INCLUDED IN A TEST PLAN

1.Password cracking
- This is done to access the intimate areas of a web application.
- Password cracking can take a very long time if the password is complex.
- Sometimes the user names and passwords are stored in un-encrypted cookies.
- The attacker can very well steal such cookies to get the user name and password.

2. URL manipulation
- In this step, the URL should be tested for any important information in its query.
- Some times information is passed when the HTTP GET method is employed for passing information between the browser and the server by the application.

3. SQL injection
- This is the third issue to be checked.
- Any unauthorized character entered in the text box by the user should be rejected by the application.
- While testing this aspect, if the tester encounters an error or a bug in the data base of the application, then the web application’s security is said to be vulnerable.
- If the application is not checked against the SQL injections, the critical information can be stolen from the application’s data base.

4.XSS cross site scripting
- This is the fourth aspect to be checked.
- The tester should check whether or not the web application accepts any HTML script.
- If the site or application is found to be supporting HTML scripts, then it is prone to the cross site scripting attacks.

During security testing the configurations of the server and the application should not be touched and modified and security test should not be performed on a production system.

What are different principles of communication?

Effective communication forms the most important part of the human interaction. Its importance can be hardly over looked. Each and every individual who forms a part of a team ought to know the principles of effetive communication in order to work and talk with the rest of the members of the organization and be listened to.

Here communication principles have been explained from different view poiints including litening and speaking.

Communication as we all know is a 2- way process of giving and receiving information through any channel.

The following basic principles apply everywhere irrespective of who the speaker or the listener are:

- Know your topic
- Know your purpose
- Know your audience
- Anticipate objections
- Present a clear picture
- Follow through on what you say in regard to your topic.
- Achieve credibility with your audience.
- Present what you want to say in different catchy ways
- Communicate a little at a time
- Develop a practical way to get feedback from your audience
- Use multiple and effective communication techniques

Communication is a complex process and sometimes even our own thoughts and opinions prove to be a major barrier in the way of effective communication.

Communication between different team members can be influenced by various environmental factors that actually don’t have anything to do with the content of the message.

Some of those factors have been listed below:

- Nature of the place or the room i.e., how cold or warm it is etc.
- Distractions like what is going on at that place.
- Reputation of the speaker.
- Appearance or the personality of the speaker.
- Knowledge of the listener about the topic.
- Language used.

According to a research, people remember most of what they hear and see rather reading or only seeing. To deal effectively with the decision makers, it is important to know and understand their opinions and interests.

Asking following questions will prove to be a great help:
- Whom to persuade?
- Who will make decisions about the change?
- What are the past experiences of the decision makers?
- What is current attitude of the decision maker?
- What is the most effective way to approach decision maker?
- What are the work styles of other team members?
- What programs will the new decision improve?
- How will the decision benefit the decision maker?

While making a formal presentation to the rest of the organization, the following principles hold good:

- Do not over state your case.
- Make appropriate use of understatement.
- Persuasion should be clear and simple.
- Be ready to back up facts or claims.
- Incorporate most anticipated objections.
- Use visuals aids appropriately.
- Try to find out what the other members think about your opinion.

Importance of Idea
- A good idea must always be recognized.
- The idea should be sold to those who can use it effectively.
- Organization must be convinced that the idea has enough merit to be acted upon. - Getting and giving feedback is also another important part of the communication process.
- Be patient and listen to the complete message.
- Don’t ever prejudge the incoming message.
- It’s well said that if you listen then you will be the most listened to!
- Good listeners demonstrate alertness.
- Always keep your attention directed towards the message and judge the content of the message.
- Distractions seriously impair listening.
- Always think critically and efficiently.
- Message should be conveyed in such a way that it discourages rejection and encourages retention.

What is the difference between web site and web application testing?

Before discussing the main topic i.e., the differences between website test and web application testing, we should know the difference between the two basic terms i.e., web site and web application.

What is a Website?
- A website can be defined as the collection of web pages that contain videos, text, images and other related digital assets.

- A website is generally hosted on a web server and is accessible via an internet connection or network address called “uniform resource locator” or URL.

What is a Web Page and Web Application?
- A web page can be defined as a document usually written in a plane text formatted with the formatting instructions of the HTML (hyper text mark up language) or XHTML (eXtensible hyper text mark up language) language.

- Suitable mark up anchors can be used to incorporate elements from other websites in to a web page.

- HTTP (hyper text transfer protocol) is used to access and transport the web pages.

- The web pages may employ HTTP secure (HTTPS) to provide extra privacy and security for the person who is going to use that web page content.

- The content of the web page content is rendered on to the display by the web browser according to the HTML instructions of the web page.

- A web page can be easily accessed through its URL usually called its home page.

- The URLs organize the web pages in an appropriate hierarchy order and the hyper links on the pages provide the site structure to the user and guide the user towards the right navigation link.

Now let’s describe web application in contrast to the web site.
- A web application can be defined as an application that is accessed through a network like intranet or internet only.

- It can also refer to a software application that has been coded in a language like java script that supports browsers and it is combined with HTML.

- The application is executable through a web browser.

- The ubiquity of the web browsers is what makes the web applications so popular among the users.

- It also provides the convenience of using a web browser as a thin client. They exhibit cross platform compatibility.

- Some common web applications are online retail sales, wikis and web mail.

- A large world wide audience of a web application or web site, its quality and reliability prove to be a crucial factor for the success of a web application or web site.

- Similarly, the characteristics and behavior of the web applications and web sites pose many challenges during their testing.

- Web site testing and web application testing invariably vary in their methodologies of testing.

- These needs are met by tools that meet these specific needs.

- A web application is a bit difficult to test as compared to web site since in a web application test the tester does not has much control over the web application.

- The application is first loaded on to a server (the location of the server might be known or unknown) and then it is installed on the client’s server and tested.

- The application is tested on various web browsers as well as on different operating systems for browser compatibility, OS compatibility, static pages, error testing, load testing and back end testing.

- Like any other the web site testing forms an essential part of building a successful web site.

- Web site testing involves validation of CSS and HTML code.

- There are two ways of validating the HTML code. First is by URL of the web page and secondly by uploading from the computer itself.

- It also involves testing of all the links on the web site to ensure that they are working properly.

- The web site should well exhibit the cross browser compatibility. Other factors that contribute to the success of a web site are speed of the web page and download time.

What are different web engineering project metrics?

The objective of a good web application is that it delivers a combination of good content and appropriate functionality for the end user. Web engineering project metrics are defined that assess its internal productivity and quality are:

- Number of static web pages measure provides an indication of the overall size of the application and the effort required to develop it. This measure has less complexity and requires less effort to get construct.
- Number of dynamic web pages measure high complexity and more effort to get construct. It provides an indication of the overall size of the application and effort required to develop it.
- Number of internal page links measure gives an indication of degree of architectural coupling within the web application. Effort on navigation and construction increases as the number of page links increase.
- As Number of persistent data objects increases, the complexity and effort to implement it also grows.
- As Number of external systems interfaced increases, the complexity of the system and effort required for the development also increases.
- Number of static content objects includes static text, graphics, video, animation and audio within the application. Multiple content objects appear on single web page.
- Number of dynamic content objects includes objects based on end user action and includes text, graphic, video, animation and audio within the application. Multiple content objects appear on single web page.
- As the Number of executable functions increases, the modeling and construction effort also increases. A metric can be defined reflecting the degree of end user customization required for web application. An executable function provides a computational service to end user.

Web application metrics can be computed and correlated with measures like effort, errors and defects uncovered, models or documentation pages produced.

User Interface Analysis and Design - Testing Interface Mechanisms

There are interface mechanisms through which the interaction between the user and the web application occurs. There are some testing interface mechanisms described below:
- Links are tested to ensure that proper content object or function is reached. External link testing should occur throughout the life of the web application. Links within content object are also tested. Part of a support strategy should be regularly scheduled link tests.

- Client side scripting should be repeated whenever a new version of a popular browser is released. Compatibility testing should be done to ensure that the scripting language that is chosen is working properly in environmental configuration that support the web application.

- Forms testing is done at two levels:
At macroscopic level, tests ensure that labels correctly identify fields within the form; server is receiving the information that is contained within the form; defaults are used when user is not selecting from pull down menu or set of buttons; browser functions do not corrupt data and error checking script is working properly.
At targeted level, tests ensure that form fields are of proper width and data types; appropriate pull-down menus option are specified; tab key is performing in the right manner and browser auto fill features do not lead to data input errors.

- Dynamic HTML in web applications are tested to ensure that the dynamic display is working fine.

- Pop up windows are tested to ensure that a pop up window is properly positioned and sized; the design of pop up window is consistent with the aesthetic design of interface; scroll bars are working properly.

- Streaming Content is tested to ensure that they are up to date, properly displayed and restarted without difficulty.

- Cookies are tested at both server and client side. On server side, tests are conducted to ensure cookie is properly constructed and transmitted to client side. Proper persistence of cookie is tested to ensure that the expiration date is correct. On client side, tests are conducted to ensure whether web applications properly attaches existing cookies to specific request.

What constitutes the testing process of web applications?

Web engineering testing process starts with tests that check content and interface functionality. As testing moves further, navigation testing comes into picture and finally tests are done which check the technological capabilities not visible to end users.

Content testing uncovers errors in content.It examines the static as well as the dynamic content of the web application.

Interface testing validates the aesthetic aspects of user interface. It uncovers errors that have occurred due to interaction, omissions, ambiguities.

Navigation testing designs test cases that tests each user scenario against navigation design. Navigation mechanisms are tested against use cases to ensure that any kind of errors are identified and corrected.

Component testing tests content and functional units within a web application. In web application architecture, a unit is a functional component that is directly providing service to end user.

Navigation and component testing are used as integration tests. Strategy behind integration testing depends upon the web application architecture that has been chosen during design.

Thread based testing tests each thread that is integrated tested individually.
Cluster testing uncovers errors which results due to the collaborating pages.

Configuration testing uncover errors specific to a particular client or server environment. Tests are conducted to uncover errors associated with every possible configuration.

Security testing are tests that are designed to make use of weaknesses in the web application and environment.

Performance testing is a series of tests that assess how increased load affects the web application response time and reliability.

WebApp Interface Design - Interface Control Mechanisms and Interface Design Workflow

INTERFACE CONTROL MECHANISM
The objectives of Web application interface are:
- establishing a consistent window into content and functionality provided by interface.
- guiding the users through interactions with web application.
- organizing the content and navigation options.

A metaphor is drawn that guides the user interaction and enables the user to gain understanding of the interface. Some interaction mechanisms available to web application designers are
- navigation menus that list key content and or functionality.
- graphic icons that enable user to select some property or specify a design.
- graphic images that implements a link to content object or the functionality of web application.

INTERFACE DESIGN WORKFLOW
It includes the following tasks:
- The information contained in analysis model is reviewed and refined.
- A rough sketch of web application interface layout is developed.
- The user objectives are mapped to specific interface actions.
- Set of user tasks associated with each action are defined.
- For each interface action, storyboard screen images are developed.
- Input from aesthetic design can be used to refine interface layout.
- User interface objects required to implement interface are identified.
- A procedural representation of user's interaction is developed.
- A behavioral representation is developed.
- Interface layout is described.
- Interface design model is refined and reviewed.

What are different design issues and attributes for web applications?

Design model contains enough information to reflect how requirements are translated into content and executable code. Design should be specific. It is an engineering activity. It leads to a high quality product. the major attributes for quality of web applications are:

- Security of web applications is the ability of WebApp and its server environment to stop unauthorized access or threat.
- Availability plays an important attribute. Availability is the measure of the percentage of time that a web application is available for use. The expectation of a end user regarding the availability of a web application is each and every moment. Using features available on one browser or platform makes the web application unavailable to those who work on different platform or browser.
- Scalability is whether the web application and interfacing systems are able to handle significant variation in volume or will the responsiveness drop. Web application should be designed in such a way that it is able to accommodate the burden.
- Time to market is a measure of quality from a business point of view.

Assessing content quality includes :
- whether the user needs are met by determining the scope and depth of content?
- whether the background and authority of content's authors be easily identified?
- whether it is possible to determine the currency of content, last update and what was updated?
- whether the content and its location stable?
- credibility of content?
- uniqueness of content?
- whether content is valuable to targeted user?
- whether the content is well organized and easily accessible?

What is Requirement Analysis for Web Applications?

Requirement analysis for web applications consists of formulation, requirement gathering and analysis modeling.
- In formulation, goals and objectives and categories of users for web application are identified.
- In requirement gathering, communication between web engineering team and stakeholders deepens.
- In analysis modeling, content and functional requirements are listed and interaction scenarios are developed.

USER HIERARCHY
It is a good idea to build a user hierarchy. It provides you with a snapshot of user population and a cross check to help ensure that the needs of every user have been addressed. End-user categories interacting with web application are identified. As the number of user categories increases, developing a user hierarchy is advised. User categories provides an indication of functionality provided by WebApp and indicate need of use cases to be developed for each end-user in hierarchy.

DEVELOPING USE CASES
For each user category, use cases are developed which is described in user hierarchy. A use case is relatively informal i.e. a narrative paragraph that describes a specific interaction between user and web application. As the size of web application grows and analysis modeling becomes more rigorous, the preliminary use cases presented would have to be expanded to conform.

REFINING USE CASE MODEL
Use cases are organized into functional packages and each package is assessed to ensure that it is comprehensible, cohesive, loosely coupled and hierarchically shallow. The new use cases will be added to packages that have been defined, existing use cases will be refined and specific use cases might be reallocated to different packages.

What is meant by analysis for web applications?

Web sites are complex and dynamic in nature. Web application analysis concentrates on three important criteria:
- information or content that is presented.
- functions that are to be performed for end user.
- behaviors of web applications.

Analysis of web applications is mainly done by web engineers, non technical content developers and stakeholders. Analysis modeling is important because it enables a web engineering team to develop a concrete model of web application requirements. It helps to define fundamental aspects of problem. There are four important aspects that analysis modeling focus:
- Content analysis identifies content classed and collaborations.
- Interaction analysis describes user interaction, navigation and system behaviors occurring as a consequence.
- Function analysis defines web application functions performed for user and sequence of processing.
- Configuration analysis identifies the operational environment in which a web application resides.

Analysis modeling should be done by web applications when the following conditions are met:
- web application is large or complex.
- number of stakeholder is large.
- number of web engineers is large.
- goals and objectives for web application will effect the business.
- success of web application will have strong affect on the success of business.

What comprises the Web Engineering Team?

For a successful web application project, there is a need for a successful web engineering team. Web engineering teams can be organized in the same manner as traditional software team, however, players and their roles are quite different.

The roles that people play in a web engineering team are:

- Content is the most important part of web applications. So, role of content developer or provider focus on the generation of content.
- The content developed should be organized. Web publisher is a person who acts as a mediator between the technical person and non technical content developer.
- Web engineer is responsible for activities like requirements elicitation, analysis modeling, architectural, navigational and interface design, web application implementation and testing. He should be thorough in technologies as well.
- Business domain experts take care of questions related to business goals, objectives and requirements associated with a web application.
- Support specialist is a person whose responsibility is to continue with web application support. All the corrections, adaptations and enhancements are taken care by a support specialist.
- Administrator is responsible for the day to day activity of a web application which also includes development and implementation of policies, support procedures, security rights, handling web traffic etc.

In order to build a team for web application:
- team guidelines are established which includes expectations from team member, how problems are dealt and what methods are used to improve the effectiveness.
- strong leadership.
- team motivation and respect for individual talents.
- commitment from every team member is necessary.
- momentum should be maintained.

What are the requirements gathering steps that are used for web applications?

The objectives for web applications are identifying the content and functional requirements and to define the interaction scenarios for different classes of users. To achieve these objectives, following steps are conducted:
- User categories and descriptions are developed for each category by stakeholders.
- Web application requirements are defined and communicated to stakeholders.
- All the information that is gathered is analyzed and then the information is used to follow up with stakeholders.
- The use cases describing the interaction scenarios for each user class are defined.

DEFINING USER CATEGORIES
Understanding the user's background, motivation, and objectives is critical in all software engineering tasks. In order to define a user category:
- one should know the user's overall objective when he or she is using the web application.
- one should know the background of the user and the knowledge of content and functionality of the web application.
- one should know how the user should approach the web application.
- one should know the generic web application characteristics that the user will like or dislike.

COMMUNICATING WITH STAKEHOLDERS AND END USERS
The communication mechanisms that can be used in web engineering work are:
- traditional focus groups.
- electronic focus groups.
- iterative surveys.
- exploratory surveys.
- scenario building.

ANALYZING INFORMATION GATHERED
An evaluation of content objects and operations can be delayed until analysis modeling begins. It is more important to collect information and not evaluating it at this point. As information is gathered, it is categorized by user class and transaction type and then assessed for relevance.

DEVELOPING USE CASES
Use cases tell how a user category will interact with web application to accomplish a specific action. Use cases help the developer to understand the user perception while interacting with the web application, provide detail to create analysis model, help to separate WebE work and provide guidance who test WebApp.