This article is provided courtesy of STQE, the testing and quality engineering magazine. Reference Point

accurate picture of Web technology.) The author gets into specific testing practices in the third major Testing Applications on the Web: section of the book, with each chap- Test Planning for Internet-Based Systems ter bullet-listing specific errors to by Hung Q. Nguyen look for and how to approach the testing task. Many of the items in the 2000, John Wiley & Sons, Inc. lists aren’t discussed in the text, and some require some background ISBN: 0-471-39470-X knowledge about the technology in Paperback List Price US$39.99 order to understand them. But that caveat aside, these bullet lists will come in handy the next time I plan a test for a Web application. Recommended by Danny R. Faught The chapter covering user inter- face testing delves into a good deal of detail about the Web browser user interface and how the server inter- ooking up at my bookshelf, I see several general books on acts with it. This chapter is accompa- nied by several reusable test matri- . Good books, full of ideas that can be ap- ces in the appendix. The material on database testing Lplied to many different types of software. Yet I still often shows how to dig into the underbelly of a Web application. Here the book hear people ask, “Yes, but what do I talk specifically about gray box test- offers a great example of a gray box need to know to be able to test my ing after the introduction, but he technique: using single quotes in in- specific type of software?” Under- uses a gray box approach throughout put data. If the application doesn’t standing general testing processes is the book. check for meta-characters like this, important, but they know that in any Nguyen’s book opens with a SQL errors can pop up in unexpected domain there are useful approaches, brief introduction to testing and the places. hints, and tricks specific to that do- unique characteristics of Web-based The chapter on installation test- main that will make them more effec- applications. The next section is de- ing will be irrelevant to some Web tive. And books that describe testing voted to methodology and technolo- testers, but it’s useful for those who in general terms don’t offer many of gy. It covers some testing fundamen- are testing a product that the cus- these rules of thumb. tals, as well as introducing Nguyen’s tomer will install on her own Applications on the unique acronyms that are used later server, or in those cases where a user Web provides this domain-specific in the book. This section also in- is required to install software to get knowledge for people who plan test- cludes a sample test plan that shows the client side of a Web application ing efforts for Web-based software. a work breakdown of a broad set of to work. This is mostly standard Win- The author is Hung Quoc Nguyen, testing tasks for a Web testing proj- dows information. President and CEO of LogiGear, and ect. (The appendix includes a com- If you thought you could handle a co-author of the well-known book plete test plan template, an item that all of your configuration and compat- Testing Computer Software. testers often ask for.) ibility testing by playing with a few Nguyen draws from his experi- Mixed in with the testing funda- different versions of the Web brows- ence in guiding the development of mentals is some background infor- er, Nguyen’s chapter on configura- TRACKGEAR, a Web-based defect mation about networking and Web tion and will set tracking tool. He uses examples from applications, including a description you straight. There are a huge array this application throughout the book, of TRACKGEAR. Having a basic under- of options to consider. but doesn’t tout the fact that he has a standing of the technology and the You can’t talk about the quality tool for sale—he usually refers to it architecture of the system is a funda- of a Web application without dis- as “the sample application.” mental part of . cussing security. I applaud the author Nguyen takes a gray box ap- (While this section gives the reader for stressing that security experts proach to testing. Gray box testing is enough background to understand should be involved in security test- similar to black box testing, but the the big ideas in the rest of the book, I ing. When listing security concerns tester uses information about the im- would recommend that people who in a book, it’s important not to give a plementation of the software to implement Web tests do further read- reader the impression that they’ll be guide the testing effort. He doesn’t ing to get a more comprehensive and able to do a sufficient job of assuring 12 www.stqemagazine.com STQE November/December 2001 This article is provided courtesy of STQE, the software testing and quality engineering magazine. ReferenceReference PointPoint the security of an application after reading one chapter on the subject. Nguyen gives an overview of com- mon security issues and protection mechanisms, so that testers under- stand the scope of software security. Performance is also important to any Web testing effort. Nguyen cov- ers the basics of performance testing and includes a sample user profile. Other chapters cover functional testing and online help testing. There’s a chapter on tools that in- cludes a sampling of the tools avail- able, and more importantly, the types of tools that you can expect to find in the marketplace. Each chapter concludes with a nice bibliography, and many chapters also include useful Web links. These lists of resources give plenty of ideas for further reading, but they’re not so exhaustive that you’re left won- dering which ones to start with. Testing Applications on the Web does not attempt to be a general reference on software testing. What it provides, instead, is domain-specif- ic information that helps the reader plan for testing a Web-based applica- tion. Its clear illustrations of impor- tant Web testing approaches and its extensive checklists give testers de- tailed suggestions for their testing, based on real Web development ex- periences. STQE

Danny R. Faught recently founded Tejas Software Consulting (http:// tejasconsulting.com), a one-man software quality consulting firm offering training services and con- sulting to help people manage soft- ware quality. Danny is a charter member of STQE’s Practicality Gauntlet and a Technical Editor for StickyMinds.com.

STQE magazine is produced by STQE Publishing, a division of Software Quality Engineering.

13 November/December 2001 STQE www.stqemagazine.com