What are the types of web testing security problems?

Web testing is much in demand these days since the use of web sites and web applications are increasing by huge margins day by day. As the cyber crimes are increasing, web sites and web applications call for more security settings which in turn plunge in to the web testing schedule as the web testing security problems.

"Web testing is a kind of software testing that focuses on web sites and web applications. The security issues of the web sites and web applications are addressed by another type of web testing called web security testing". 

The testing of the web sites and web applications for security vulnerabilities is quite and exciting concept. Though the matter is quite exciting, it needs to be taken seriously. The best method to combat with the known web testing security problems can be to be prepared in advance and having knowledge of what is to be checked for.

In this article we are going to take up some of the most common security aspects that can pose problems in web testing. They are mentioned below:

1. Server problems: These are the most common security problem. It happens many a times that the server is down for maintenance or some other reason.
2. Hardware problems
3. Data base problems: Any problems in the data base of the web site or web application gives rise to many of the security problems. Any problem and uncertainty in the data base can prove to be a danger to the overall security of the web site or web application.
4. Navigation from one page to another: Too much of navigation from one page to another endangers the security of the web site or web application which in turn acts as a hindrance in the web testing of that particular web site or web application.
5. Server security: A server houses a web site or web application data base; therefore it is obvious that the security of the web site or the application relates a lot to the security of the server. Maintaining the security of the web server is quite an important point which otherwise could introduce many of the security problems during the web testing.
6. Authentication issue
7. Data encryption
8. User privileges leaks
9. SQL injection
10. Cross side scripting
11. Cookie testing
12. The content on a web site that proves to be inaccessible or incorrect can also pose security problems during web testing.
13. Improper validation of the input can disturb the working mechanism of the web site or web application.
14. Link testing is an important aspect of web testing. Broken links can hamper the security of the web site or application and thus poses problems in web testing security.
15. Incorrect copyright information.
16. Incorrect EULA or end user license agreement.
17. Un-optimized images that do not meet the specifications.
18. Improper storage of the data obtained through the web pages.
19. Time taken by the pages to render.
20. Lag in performance with many simultaneous users.
21. Concurrency issues like when a user is working on multiple windows of the same page or there are multiple users on the same page.
22. Improper and inefficient tracking of the transactions by the server log.
23. Improper usage of SSL by the web site or web application.
24. Inefficient working of the feeds.
25. Inefficient working of the cookies.

Web testing is absolutely essential if you want make sure that your web site or web application has enough browser support and the HTML is valid. 

What constitutes the testing process of web applications?

Web engineering testing process starts with tests that check content and interface functionality. As testing moves further, navigation testing comes into picture and finally tests are done which check the technological capabilities not visible to end users.

Content testing uncovers errors in content.It examines the static as well as the dynamic content of the web application.

Interface testing validates the aesthetic aspects of user interface. It uncovers errors that have occurred due to interaction, omissions, ambiguities.

Navigation testing designs test cases that tests each user scenario against navigation design. Navigation mechanisms are tested against use cases to ensure that any kind of errors are identified and corrected.

Component testing tests content and functional units within a web application. In web application architecture, a unit is a functional component that is directly providing service to end user.

Navigation and component testing are used as integration tests. Strategy behind integration testing depends upon the web application architecture that has been chosen during design.

Thread based testing tests each thread that is integrated tested individually.
Cluster testing uncovers errors which results due to the collaborating pages.

Configuration testing uncover errors specific to a particular client or server environment. Tests are conducted to uncover errors associated with every possible configuration.

Security testing are tests that are designed to make use of weaknesses in the web application and environment.

Performance testing is a series of tests that assess how increased load affects the web application response time and reliability.

WebApp Interface Design - Interface Control Mechanisms and Interface Design Workflow

INTERFACE CONTROL MECHANISM
The objectives of Web application interface are:
- establishing a consistent window into content and functionality provided by interface.
- guiding the users through interactions with web application.
- organizing the content and navigation options.

A metaphor is drawn that guides the user interaction and enables the user to gain understanding of the interface. Some interaction mechanisms available to web application designers are
- navigation menus that list key content and or functionality.
- graphic icons that enable user to select some property or specify a design.
- graphic images that implements a link to content object or the functionality of web application.

INTERFACE DESIGN WORKFLOW
It includes the following tasks:
- The information contained in analysis model is reviewed and refined.
- A rough sketch of web application interface layout is developed.
- The user objectives are mapped to specific interface actions.
- Set of user tasks associated with each action are defined.
- For each interface action, storyboard screen images are developed.
- Input from aesthetic design can be used to refine interface layout.
- User interface objects required to implement interface are identified.
- A procedural representation of user's interaction is developed.
- A behavioral representation is developed.
- Interface layout is described.
- Interface design model is refined and reviewed.

What is meant by Relationship-Navigation Analysis (RNA)?

Relationship navigation analysis (RNA) is a series of analysis steps to identify relationships among the elements that are left uncovered during the creation of the analysis model. There are five steps that constitutes the RNA approach:
- Stakeholder analysis establishes stakeholder hierarchy and identifies various user categories.
- Element analysis identifies content objects and functional elements that are in interest to end uses.
- Relationship analysis identifies the relationship among web application elements.
- Navigation analysis identifies the accessibility of elements by users.
- Evaluation analysis identifies the cost and benefit included.

RELATIONSHIP ANALYSIS
To assess analysis model elements to understand relationships among them, some guidelines are:
- the attributes identified for element.
- whether description about element exists and where?
- is element composed of other smaller elements?
- is element a member of larger collection of elements?
- does analysis class describe the element?
- in using the element, what are the pre and post conditions.
- is the element used in specific ordering of other elements?
- does the element appear in the same place?

The answers to above questions helps the web engineer to position the element in question within the web application and to establish relationships among elements.

NAVIGATION ANALYSIS
After relationship are identified among elements, the web engineer defines how the user category navigates from one element to another. The questions that would clear the navigation requirements are:
- how are navigation errors handled?
- should certain elements be easier to reach?
- should group element navigation be given priority over specific element navigation?
- should links be used for navigation?
- should there be a navigation log for users?
- should a navigation map or menu be established?
- for which user category an optimal navigation be designed?

Introduction to Navigation Design - Navigation Semantics and Syntax

Once the web application architecture and the content is defined, navigation pathways that enable users to access the web application content and functions.
- semantics of the navigation for different users of the site should be identified.
- syntax of achieving the navigation should be defined.

NAVIGATION SEMANTICS

Each user category has a user hierarchy and related use cases. There are different navigation requirements for each actor. A set of classes are defined for the use cases developed for each user. It contains one or more content objects or web application functions. As interaction with web application occurs, series of Navigation Semantic Units(NSUs) are encountered. A NSU describes the navigation requirements for each use case. The NSU shows how an actor moves between content objects or web application functions.
Navigation Semantic Unit is a set of information and related navigation structures that collaborate in the fulfillment of a subset of related user requirements.

The Web application designer creates a navigation semantic unit for each use case associated with each user role. During initial stages of navigation design, the web application content architecture is assessed to determine one or more ways of navigating for each use case. Ways of navigating identifies navigation nodes and the links that enable navigation between them.

NAVIGATION SYNTAX

The syntax of navigation design are:
- Tabs: a variation of navigation bar or column.
- Individual navigation link: test based links, icons, buttons and graphical metaphors.
- Horizontal Navigation bar: lists major content or functional categories in a bar containing appropriate links.
- Vertical Navigation column: lists major content or functional categories and second lists virtually all major content objects within web application.
- Site maps: provide an all-inclusive table of contents for navigation to all content objects and functionality contained within web application.

Introduction to Architecture Design - WebApp Architecture

The design process for identifying the subsystems making up a system and the
framework for sub-system control and communication is architectural design. An architectural design is :
- early stage in system design process.
- conducted in parallel with other design activities.
- establishes a link among goals established for web application, content, users visiting it, and the navigation criterion.
- identifying system components and their communications.

A web application is an application that is accessed over a network such as the Internet or an intranet.Web application architecture provides an infrastructure that enables a web based system to achieve its business objectives.
The Model View Controller (MVC) architecture decouples the user interface from web application functionality and information content.

The MVC design pattern divides applications into three components:
- The Model maintains the state and data that the application represents.
- The View allows the display of information about the model to the user. It contains all interface specific functions.
- The Controller allows the user to manipulate the application. It coordinates the flow of data between model and view.

Web application architecture is defined within the context of the development environment in which the application is to be implemented.

Introduction to Architecture Design - Content Architecture

The design process for identifying the subsystems making up a system and the
framework for sub-system control and communication is architectural design. An architectural design is :
- early stage in system design process.
- conducted in parallel with other design activities.
- establishes a link among goals established for web application, content, users visiting it, and the navigation criterion.
- identifying system components and their communications.

Content architecture emphasize on the fact how are the content objects structured for presentation and navigation. It focuses on overall hypermedia structure of the web application. It focuses on
- identifying links and relationships among content and documents.
- defining the structure of content.
- specifying consistent document requirements and attributes.

The design can choose from four different content structures:
- Linear Structures : a predictable sequence of interactions is common. The sequence of content presentation is predefined and linear in nature.
- Grid Structures : applied when the web application content can be organized categorically in two dimensions. This web application architecture is useful when highly regular content is encountered.
- Hierarchical Structures : it is the most common web application architecture. It is designed in a manner that enables flow of control horizontally, across vertical branches of the structure.
- Networked Structures : architectural components are designed so that they may pass control to virtually every other component in the system. It provides navigational flexibility but at the same time it can be a bit confusing to a user.
- Composite Structures : the overall architecture of the web application may be hierarchical, but part of the a structure may exhibit linear characteristics, while another part of the architecture may be networked.

The WebApp Design - Attributes, Goals and Web Design Pyramid

Design is an engineering activity that leads to a high quality product. The major attributes of quality for web applications are:
- Security : The main emphasis of security is the ability of the web application and its environment to avoid unauthorized access or attack.
- Availability : Web application will not meet users needs if its unavailable. Availability is the measure of the percentage of time that a web application is available for use.
- Scalability : Is the variation in volume handled significantly by the web applications and the system. It is important to build a web application that can accommodate the burden of success.
- Time to market : It is a measure of quality from business point of view.

What should be considered when assessing content quality?
- Scope and depth of content be easily determined so that it meets user's needs?
- Background and authority of content's author be easily identified?
- Possibility of determining the currency of content, last update?
- Stability of content and location?
- Credibility of content?
- Uniqueness of content?
- Is content well organized?
- Is content valuable?

Design Goals

The design goals for every web application are:
- Simplicity
- Consistency
- Identity
- Robustness
- Navigability
- Visual appeal
- Compatibility

Web Design Pyramid

Each level of the pyramid represents the design activities:
- Interface Design : It describes structure and organization of the user interface. It includes screen layout, interaction modes, navigation mechanisms.
- Aesthetic Design : It describes the look and feel of the application.
- Content Design : It defines layout, structure and outline of all content.
- Navigation Design : It describes the navigational flow for web application.
- Architectural Design : It represents the overall hypermedia structure.
- Component Design : It develops detailed processing logic.

What are different user interface design principles and guidelines in software engineering ?

A good web application interface is understandable and forgiving, providing the user with a sense of control. The inner workings of the system are not for concern for the users. Effective applications perform a maximum of work, while requiring a minimum of information from users.

USER INTERFACE DESIGN PRINCIPLES AND GUIDELINES

- Consistency of actions should be required in similar situations. The use of navigation controls, menus, icons should be consistent throughout the web application.
- Anticipation Web application should be designed in such a way that it should interpret the user's next move.
- Communication Whatever activity that is been initiated by the user, it should be communicated by the interface. Communication can be obvious or subtle. User status and location should also be communicated by the interface.
- Efficiency Users work efficiency should be optimized by the design of the web application and its interface and not the efficiency of the web engineer who designs and builds it.
- Flexibility Flexibility of the user interface should enable some users to get the tasks done directly and some other users to explore the web application in random fashion.
- Controlled Autonomy User movement should be facilitated by the interface in such a manner that enforces navigation conventions that are established for application.
- Focus The interface of the web application should be focussed on user tasks at hand.
- Human Interface Objects Use reusable human interface objects. An interface object that is seen, heard, touched by the end user can be get from the object libraries.
- Learn ability Learning time should be reduced by a well designed web application interface.
- Latency Reduction The web application should use multitasking so that the user can proceed with his work and do not wait for some internal operation to get completed.
- Metaphors A metaphor should call images and concepts from user's experience, but it does not need to be an exact reproduction of real world experience. The web application interface that uses an interaction metaphor is easier to learn and use.
- Maintain work product integrity A work product must be automatically saved so that there is no loss of information if an error occurs.
- Readability Every person should be able to read the information in the user interface.
- Track State The state of the user interaction should be saved and stored so that the user can return to the same point even if he or she logs off.
- Visible navigation A well designed web application interface provides the illusion that users are in the same place, with the work brought to them.

Hypermedia Design Patterns in Web Engineering

Web engineering uses design patterns. These are of two types:
- Generic design patterns - applicable for every software.
- Hypermedia design pattern - specific to WebApps.
Design problems can be solved by using design patterns. There are some pattern categories:

NAVIGATION PATTERNS
These patterns helps in the design of NSU, navigation links and overall navigation flow of the web application.

ARCHITECTURAL PATTERNS
It helps in the design of content and web application architecture. Many architectural patterns are available for web engineers who design web applications in various business domains.

COMPONENT CONSTRUCTION PATTERNS
The web application components can be combined by the methods provided by these patterns. When data processing functionality is required within a web application, the architectural and component level design patterns are applicable.

PRESENTATION PATTERNS
Presentation patterns assist in the presentation of content as it is presented to the user via the interface. They tell how to organize user interface control functions, shows the relationship between an interface action and the content object it affects, establish content hierarchies.

BEHAVIOR AND USER INTERACTION PATTERNS
These patterns assist in design of user machine interaction. They address how the interface informs the user of the consequences of a specific action, how a user expands content based on usage context, how to best describe the destination that is implied by a link.