What is Accessibility Checkpoint in QTP?

Quick test professional has got a variety of check points to offer which are an ultimate help in the determination of the efficiency measure of the software system or application i.e., it functions correctly as expected. 

The check points accomplish this task by making comparisons between the value defined by the user that is the expected value and the current value of a particular property of the software system or application.

Quick test professional itself adds a check point statement in the expert view and a check point in the current row in key word view as well whenever a check point is added by the user.

The name of the test object to which the check point is added forms the default name for the added check point. However this default name of the check point can be changed as needed. 

Following are the check points provided by the quick test professional:

1. Image check point
2. Standard check point
3. Table check point
4. Bit map check point
5. Accessibility check point
6. Page check point
7. Text check point
8. XML check point
9. Data base check point

Our focus is on the accessibility check point in this article. 

Accessibility Check Point

- With the help of accessibility check point, the areas of a web site or web page or web application that do pertain to the standards and web content accessibility guidelines of the W3C or world wide web consortium can be recognized. 

- In fact accessibility check points are an extended support for the web add – ins environment. 

- With the accessibility check point, it can be verified whether the software system or application is in compliance with the World Wide Web consortium. 

- World Wide Web consortium or W3C lays down the instructions as well as guide lines for information systems and technology based on web. 

- These guidelines maintain a certain standard for accessing the web and this is what that is checked by the accessibility check points. 

- The settings of an accessibility check point can be configured according to the user’s needs. 

- These accessibility guidelines have been stated by a part of the World Wide Web consortium called the web accessibility initiative. 

- If the some parts your application software or system does not matches with the accessibility standard defined by the World Wide Web consortium and need special attention to improve them, they are caught by the accessibility check points. 

- In fact, an accessibility check point does not determine whether the software system or application meets all the accessibility guidelines.

- It catches only the faulty areas of that particular application under test or AUT that need to be brought up to that standard. 

- The identification of the improper areas of the software system or application using accessibility check points is quite quick, easy and also reliable. 

- Furthermore, automatic accessibility check points are also available that you add to every page on your web site or test. 

- Also individual pages or frames can have their own set of individual accessibility check points. 

- The accessibility check points are highly customizable and can be configured according to the requirements of the tests. 

- For configuring, an accessibility check point the options are available under web option of the tools menu. 

- Check and un-check the items that you want or don’t want in your that particular accessibility check point and finalize by clicking OK. 

- The tool in the web environment has to be kept in recording mode. 

- Accessibility check points can be added automatically while the recording is in progress and can be accessed while edit very easily. 

Is load testing possible using WinRunner? Does WinRunner help you in web testing?

Winrunner, apart from just serving as a test automation tool has also proved itself to be quite an effective tool for load testing. However, the winrunner can function as a load testing tool only at the level of the graphical user interface layer.  

Why it is so?

- This is so because at this level only the record and play back options are possible as if they are being carried out by a real world human user. 

How is load testing possible using WinRunner?

- The loadrunner counterpart of the winrunner is the proper load testing tool but sometimes winrunner is also used as one in addition to it. 

- Firstly, a user session such as a web browsing session is simulated. 

- The user actions taking place are recorded by the winrunner and are used for load testing. 

- No action is taken at the protocol layer by the wirnunner except recording and playing back of the events and all this seems as if some invisible real world human user is performing all these actions. 

- For the winrunner to perform load testing, it is required to give the control of the pc to it so that it can execute the previously recorded test scripts. 

- But at the same time a load test cannot be run in winrunner as a means of load generation. 

- The number of PCs required is directly proportional to the load that has to be given to the software system or application. 

- In spite of this disadvantage the winrunner will always be valued as a good load testing technology which provides the only means for the determination of the actual user response time. 

- The actual user response it calculates is inclusive of the processing that takes place on the side of the client hardware.

How WinRunner helps you in web testing?

- The context sensitive operations on the web (HTML) objects present in the web site can be recorded and run by the winrunner when it is loaded among with the web test add- in support. 

- This works if the web site in the browsers such as the internet explorer and Netscape. 

- With the help of the web test add- in, the properties of the web objects can be viewed and the information regarding the web objects present in the web site can be retrieved. 

- The check points can be created on the web objects present in the web site for the testing of the functionality of the web site. 

- Apart from internet explorer and netscape, the web browser AOL can be used for running tests and recording the objects in the web site but cannot be run or recorded on the following web browser elements:

1. Back button
2. Forward buttons
3. Navigate buttons and so on.

- When the tests are created using the web test add- in the below mentioned objects are recognized by the winrunner:

1. Text links
2. Frames
3. Images
4. Web form objects
5. Tables and so on.

- Different properties are possessed by every object. 

- These properties form a key aspect in the following tasks:

1. identification of the objects
2. Retrieval and checking of the property values.
3. Performing web functions.

- All the above three tasks ensure that your web site is working perfectly or not. 

- You should take care that you start the winrunner with the web test add- in loaded in before you open your web browser to start the web testing. 

- The recorded tab of the GUI spy can be used for viewing the properties and values of the properties that were recorded by the winrunner for the selected GUI objects.

- This is how the winrunner makes it possible to do the web testing. 

What is virtual user script? Why do you need to parametrize fields in your virtual user script?

Nowadays, the concept of the virtual user is quite common in the field of load testing. 

What is a Virtual User?

- Virtual user is one of the quite useful tools have been ever invented in the field of software engineering. 

- Virtual users can be used in a number of ways for testing load, stress or capacity of any software system or application you want. 

- It will be the easiest to define a virtual user as a virtualized representation of a real world user which has been specifically designed for simulating the same interactions and behaviors with the software system or application or web site to be tested in a way that a real world user would do exactly. 

Let us take an example, suppose at a peak your web site got 100 users over a particular hour. It becomes quite easy for you to simulate the same behavior using 100 virtual users making use of the scripts that invoke quite similar interaction and the navigation exactly as your real users do. Today such virtual users are also available that can playback the recorded scripts. 

In this article we discuss about what a virtual user script is and what is the need for parameterizing the fields in a virtual user script.  

What is a Virtual User Script & Need to Parametrize fields?

The fact that almost all of the scripts of the virtual user are automated is quite common. 

- For each and every automated script a particular entry point is marked by the script statement in virtual user. 

- From this point, the actions of the automated scripts are much similar to that of the real world users. 

- At any point these virtual user scripts can be made to click on any of the buttons or the windows, type some words, and move the mouse around and so on.

- Not only scripts, there are certain functions that are supported well by the virtual user and these functions can act as an extension to the virtual user scripts. 

- These functions have been given a general name called “tasks”. 

- These tasks consist of a procedure along with a list of parameters and in some cases they may also include an optional return value. 

- The information regarding the environment of the target computer is also collected by the virtual user with help of a statement called the match statement. 

- A specific environment element is searched by this match statement with the help of some descriptor traits like the following:

1. Static text
2. Edit text
3. Pictures
4. Icons
5. User items and so on.

- There is one more kind of statement that is used and is called the collect statement.

- It is used to collect all elements of a certain type in to the list.

- Afterwards the virtual user interacts with the software system or application environment using certain keywords like:

1. Select
2. Drag
3. Type
4. Close
5. Click and so on.

- Common objects of the operating system like windows, buttons, bars, menus and scrolls are accessed by the virtual users. 

- The virtual user software package comes with a log file feature using which one can write out all the information from within a script. 

- This feature also provides the scripter with information regarding the current run time state of the virtual user scripts. 

- These virtual user scripts can also be debugged whenever required by logging with the printh statement. 

Another fact about virtual user is that there exists no type checking which serves as a very good idea to log the parameters that serve as input to every task.

Explain how the data is secured in HTTPS?

HTTP secure or HTTPS can be thought of as an extended version of the regular HTTP. This communication protocol is the widely used one next to the regular HTTP when it comes to having a secure communication path between the user and the server over a computer network. 

The HTTPS finds quite a wide deployment over the internet when compared to deployment over intranet. If we understand it deeply we will come to know that in actual it is not a protocol in itself as it seems so from outside. 

It is actually a regular hyper text transfer protocol (HTTP) simply layered over SSL/ TSL protocol. The SSL/ TSL protocol thus lends its security capabilities to the standard HTTP communications when HTTP is layered up on SSL/ TSL. 

In this article we discuss how the data is secured in HTTPS. As we mentioned above that it is quite deployed in the internet services and it is so because it provides a quite convenient means to authenticate the web site as well as the web server associated with it (with which the connection is being established).

How data is secured in HTTPS

Such an authentication is of much importance as it provides the protection against the man in middle attacks which usually occurs because of eavesdropping between our communications with the server. 

- Moreover, HTTPS provides bidirectional encryption of the communications or the data that is exchanged between the clients and the servers. 

- The ability of the bidirectional encryption by virtue of which it protects against tampering and eavesdropping which otherwise would forge the contents of the communications between the clients and the servers, makes it much necessary. 

- HTTPS comes with a reasonable guarantee that you get to communicate only with the web site which you intended to communicate with and with none else.  - Furthermore, a way to prevent the forgery of the contents of the communication that takes place between the users and the clients cannot be hampered or forged by any of the third parties is ensured by the http secure. 

- In HTTPS, the entire HTTP is levied up on the top of the TSL or SSL thus enabling the total encryption of the HTTP communications content.

- This communications content includes:

1. Request URL which states the particular web page that was requested.
2. Query parameters
3. Headers
4. Cookies containing the identity information about the user and so on. 

Negative Points of HTTPS

Though the HTTPS has got many advantages, its minus point cannot be unseen.

-HTTPS cannot protect the disclosure of the communication content.

-This happens so because the addresses of the host web sites and port numbers form a necessary part of the TCP/ IP protocols that underlie the https. -To be seen practically, it means that the identity of the server can still be inferred by the eavesdroppers even on a correctly configured web server as well as the amount and duration of the communication.

-In the early years, the HTTPS was common to be used in the money transactions over the World Wide Web and other sensitive transitions like e- mails.

-In the recent years it has been known for the following:

1. Authenticating the web pages,
2. Providing security to the accounts,
3. Maintaining the privacy of the user communications, web browsing and identity.

The HTTPS has also come to the rescue of the wi- fi since it is highly prone to attacks being un- encrypted. The importance of https is often more realized when the connections are made over tor or anonymity network.       

Describe some Caching Issues?

We all are familiar with what a cache is? 

"A cache can be defined as a memory component that is held for storing the data transparently in order to speed up the future serving of the data requests."

The data stored in a cache might be the data that has been required earlier for some operations. 

There are two events related to cache as mentioned below:

1. Cache hit: When the requested data is available in cache and

2. Cache miss: When the requested data is not available in cache and has to be looked up in to the RAM.

- The speed of processing is directly proportional to the number of requests that can be served via the cache. 

- Cache memories are quite costly and hence to make it cost efficient and keep the data usage as efficient as possible, smaller caches are used. 

- But since the time of its advent, cache has proven itself in the field of computing. 

"Caching can be thought of as a technique that is aimed at increasing the computing performance by keeping in itself the frequently accessed data."

There are basically three kinds of caching as we have stated below:

1. Caching output caching: In this type of caching the dynamic output that had been generated up on a request.

2. Fragment caching: In this type of caching the portion of the page that is generated by the request is cached since in many situations it is not practical to cache the whole page at once.

3. Data caching: In this type of caching the objects are cached pro grammatically.

What are different caching issues?

In this article we have taken in to discussion some very prominent caching issues. Most of the people experience problem in server caching of certain files. 

There are four major caching issues have been recognized which have been mentioned below:

1. Designing of a custom cache.

2. Securing of a custom cache.

3. Monitoring of a custom cache and lastly.

4. Synchronization of the caches in a server farm.

Besides these four major caching issues, there are many other minor caching issues.

- Some times it happens that the package delivery fails or an object or element appears like it has been corrupted and seems like such a failure has not got anything to do with the connection! 

- In such cases you can go on with a cache clear up. 

- If the situation is worse, you may also require clearing up the proxy cache!

- Web sites and browsers are looked up as a means of optimizing the resources which is done by them so well that they end up breaking down your dynamic web site content. 

- Your web site is not updated as you thought it will be done. 

Let us see an example, suppose you own a music web site which you frequently update with new music. Your clients come to your site every day so what happens is that the cache forces the web site to list the cached version of the play list and so the clients would never be able to listen to new and the latest music.

Such situation though enhances your internet experience, can also cause many other problems! Some times the cache will stash up an old page of the web site instead of showing up the latest one. You should make it a point to empty your browser’s cache from time to time. There are many internet service providers that cache pages to speed up the internet access like AOL. All the web pages that you visit are stashed up in the cache. 

What is website usability testing?

Since the past few years the growth and usage of the web sites which are both free and paid had risen rapidly. In other words, we can say that the usability of the web sites has witnessed a massive growth. With the rise of usage of web sites and web applications, it is obvious that the demand for the web site usability testing also increases! 

Now you must be wondering what actually is web site usability testing? In the earlier times, it took expensive recruitment labs and a large amount of time and deployment to carry out the web site usability testing. Since the advent of the web site usability testing tools, the whole process of testing seems to be so smooth and so under control. 

In this article we have discussed about web site usability testing. You might be thinking that why it is necessary to carry out web site usability and what good it does to the web sites and web applications. 

- The web site usability testing contributes as an essential element of the quality assurance of the web site or web application under the testing. 

- Web site usability testing can be considered to be an exact, actual and true test of how a web site or web application is actually being used by the end users.

- Web site usability testing  becomes quite easy when you know how to do it and also quite cheap when you are going to carry it out yourself. 

- Web site usability testing involves checking the following aspect of the web sites and web applications:

1. It checks if the web site or the web application is being used by a series of individuals under some guidance from a facilitator.
2. It checks whether or not the web site or the web application can be successfully used by the outsiders.
3. It checks if the web site or the web application is focusing only on a particular group.

There are some common terms associated with the web site usability testing that we are going to discuss now:

1. Observer: An observer is the person in charge of the observation of the of the test that is in progress and he/ she often sits in another room.
2. Facilitator: He/ she is the person in charge of the guidance of the user while the usability test is under progress and takes relevant notes.
3. Owner: Owns the web site or the web application.
4. Web site development team: This team constitutes of all the people who are involved with the development and maintenance of the web site or the web application. It includes the following:

a)    Strategy group

b)    Programmers

c)    Designers

d)    Stake holders and so on.

5. User: The person who uses the web application or web testing during the usability testing.
6. Usability: It can be thought of as a measure up to which the intended user achieve his/ her goals using the web site or web application that is under test.

Testers usually take a whole one whopping big usability test which makes the whole testing process quite clumsy rather than breaking down the testing process in to little parts and then executing them. 

There are 5 appropriate timings for carrying out the web site and application testing as mentioned below:

1. At the time of the conception of the web site you can start by testing a printed mock up of the home page of the site.
2. Before a re development plan is created.
3. Repeatedly during development.
4. Whenever an anomaly shows up in a traffic analysis.
5. When the owner of the web site calls for some info regarding his web site or web application. 

Explain the concepts of URL manipulation?

Today in this internet savvy world, I guess almost everybody is familiar with what is an URL or uniform resource locator. 

If you see an URL, you can make out that it is nothing but a string of characters. These characters add up to mark up a reference string which points to a source from internet. A uniform resource locator was previously known as uniform resource identifier.

The URLs came in to existence in the year of 1994 along with the introduction of the World Wide Web by Sir Tim Berners – Lee along with the contributions from the internet engineering task force. 

The format of a typical URL consists of the domain names along with the file paths and the forward slashes are used to distinguish between the different file names and folders. Name of the servers are preceded by a double slash. 

Components of URL

Let us now list the components of a typical URL in the order in which they are lined up in the URL:

1. The scheme name which is usually a protocol.
2. The scheme is followed by a colon
3. Two slashes
4. Name of the domain (if any depending on the scheme).
5. A port number
6. CGI (common gateway scripts) scripts
7. Query string
8. Fragment identifier (optional)

Categories of URL

- The URLs are categorized under two categories namely relative URLs and absolute URLs. 

- The relative URLs are used whenever the references contained in the resources refer to another resource. 

- These relative URLs are often conceived from the absolute URLs. 

- The URLs locate a resource based on their primary access mechanism. 

- There are various issues related to URLs like URL normalization, URL manipulation etc. 

What is meant by URL Manipulation?

- URL manipulation is just another name for URL rewriting.

- As the term itself suggests it is all about altering the parameters of the URL.

- The URL manipulation is used for good purposes also and for bad ones also. 

- It is a technique that is usually employed by the web server administrator for convenience and is often used by the hackers for nefarious purposes. 

- The original URLs of the resources are quite complicated and complex. 

- Therefore, a purpose of this technique is also to make it easy for the user to access a web resource by providing a simple URL. 

- URL manipulation technique is used so that the user does not require cutting, copying or pasting long and arcane string of characters. 

- This technique is also employed since remembering complex URLs is a difficult task and they are quite lengthy which makes it quite a tedious task for the users to remember or store it and use. 

- Therefore, using the technique of URL manipulation they are modified in to simple and short URLs which are comparatively easy for the users to remember. 

Wrong Use of URL Manipulation

- A nefarious use of URL manipulation is to use the URL of a legitimate site or web resource without the prior permission or knowledge of the site owner or administrator to redirect the users to an illegitimate web site or web resource. 

- Such illegitimate sites then may install malicious code on the hard drive of the user’s system.

- This may also have an intended purpose of increase the traffic on the attacker’s illegitimate web site or application.

- There is a term similar to the term URL manipulation called URL poisoning. These two terms may sound similar in meaning, though they are not. 

What is URL Poisoning?

- URL poisoning is a technique that is employed to track the activities of the user on the web. 

- This technique involves the addition of an identification number to the current URL of the web browser when that particular web site is visited by the user. 

- This URL with the ID number is then used for tracking the visits of that user on the sites.

What are different kind of browser bugs?

It is a universal fact that every thing in this world is infected with some discrepancies. So does it hold well for the web browsers! This article is here to discuss about the bugs associated with the web browsers.

Till date so many bugs of the web browsers like Mozilla, internet explorer, Netscape, opera and so on have been discovered. Let us check out some of the prominent errors:

Multiple browsers bugs

Bugs discovered under this category are:

(a) Font variant ligatures are not implemented by most of the bugs. The font module level 3 of the CSS defines the property of the font variant ligatures to specify the use of ligatures. Till now no such browser has been developed that supports this property fully.

(b) Font weight is not implemented consistently by the browsers. This font weight property of CSS lays down the specifications regarding the numeric values and key words.

(c) Data tables are not managed properly by the browsers. Most of the table properties are not supported by the browsers.

(d) Layout affected by outlining property.

(e) Styling legend tags

(f) Bugs in Mozilla Firefox
Styling is not applied and problems have been experienced with the horizontal scroll bar.

(g) Bugs in Internet Explorer
When the cursor is hovered over some elements, they did not work properly with the forms; the left origin of the positioning coordinates is incorrectly set.

(h) Bugs in Opera
&rsquo and &isquo entities were not recognizable by the opera, but this was later fixed in the 8th version.

(i) Bugs in Safari
These crashes were reported when : hover :: after was used.

(j) The borders separating the head and the body sections are often placed incorrectly by the opera.

(k) Multi-column ordered list remembering.

(l) Backgrounds show through invisible tables.

(m) Buttons with images cannot be aligned with those having only text.

(n) In some browsers even the fixed elements align along with the adjacent elements.

WHAT CHALLENGES ARE FACED WHILE DEVELOPING A WEBSITE

- When you start developing or designing your web sites choose carefully between the CSS and HTML.

- Don’t go for such an advance version of the languages because if you did then you may run in to the problems with the incompatibility of the browser.

- There is so much of competition going around the whole software market.

- The browser developers are releasing new browsers at very fast pace without even testing them properly which then becomes a headache for the web site designers.

- The new languages being used today like HTML 5 and CSS 3 are now gaining very much popularity though they are pretty much complex then their preceding versions.

- Number of features to be implemented is quite huge which is the major cause of the bugs.

- Whenever you come across a bug, do not forget to report it since it may be so very rare that nobody else would have stumbled up on it.

- One thing you should always remember is to keep the problem in the reduced form as much as possible.

- For doing this you an simply make up a copy of the code and from that remove the java script or CSS files one by one and ultimately you’ll come at a point when the problem will go away.

- Now you add that file and remove the others from the ones that you did previously.

- If you find that the bug is now going away even after removing all the files then it is likely that the bug lies in HTML coding.

- Now after you know that which aspect houses the problem, you need to locate that file or code.

What is meant by content spoofing in detail?

Content spoofing is a rarely discussed topic and is much unheard by the many of us!
So let's evaluate the concepts of content spoofing in detail:

- Content spoofing has been categorized as an attack technique using which the attacker is able to inject a malicious code or payload in to the good content of a web site or a web application.

- This malicious payload or code is later thought of as being the legitimate content of that particular web site or web application which is a wrong interpretation.

- Content spoofing affects usually the web pages which have been built dynamically.

- Text only content spoofing is the technique in which the payload usually as text is passed in to the body of the web page or application in the form of a query string value.

- This approach usually takes effect on the pages of the web sites displaying some news entries and error pages.

- Such content is then later posted on the web site as its legitimate content.

- So when the users visit that particular link they perceive that the spoofed content is nothing but the legitimate content.

- In some cases it is possible that the pay load may exist on the web page for a longer time than estimated.

- Most of the web pages have been built dynamically with the sources from the HTML (hyper text mark up language).

- The attacker can easily change the content and when the particular web page is accessed by a browser, the location comes of the same domain as the user expected but the user does not come to know that the content is not legitimate instead it is shrouded one.

- As this is not enough to harm a web site, some attackers even manage to send malicious links to the users through emails and messages.

- In some cases the malicious links can be enforced up on the users following a cross site scripting attack.

- When the user clicks that link, he/ she visits the web page designed by the attacker with the malicious URL (uniform resource locator).

- The user will not come to know about this that he/ she is actually viewing am unauthentic web page.

- They will unknowingly believe that the spoofed content that they are viewing is purely authentic but this is not the case.

- Content spoofing does nothing but spoils the trust that the user has on the web site.

- The technique of content spoofing is being used like anything for the creation of fake web sites including fake login pages, press releases and defacement.

- Another point to be noted is that if you can fall victim to a cross site scripting attack, then the chances are that you may fall prey to content spoofing attacks as well.

- Content spoofing is a type of exploitation activity used by the hackers who have wrong intentions like presenting certain web pages to the user as if they are legitimate and not from an external source.

- This is somewhat similar to the SQL injection attacks. In both the cases the victims are defrauded like in phishing.

- Some attackers can even access the data base of a web application stored in a server and alter the contents.

- Content spoofing cannot be readily detected since there is large apparent difference between the actual and the spoofed content.

- The content spoofing carried out with the help of dynamic hyper text mark up language or DHTML is considered to be the most dangerous type since it can be used to form fake login pages.

- When any user inputs his sensitive data (can be a password, credit card number etc) in that page, the data goes directly to the attacker without the knowledge of the user that he has fallen victim to an identity theft.