Testing and Implementation Industrial Training



The course is designed for software testers and test managers.


A basic knowledge of the Internet and software testing.
Attendance on the Structured Approach to Software Testing course would be an ideal prerequisite.

Course Objectives

While many of the traditional concepts of software testing still hold true, Web sites and Web applications have a different risk profile to other, more mature environments. A typical Web tester now has to deal with shorter release cycles, changing technology, complex hardware and software platforms and an anticipated user base which is uncontrolled and may run into millions. As more companies use the Internet and web for mainstream business processes, testers and test managers are being asked to make the transition from testing traditional client/server, PC, and/or mainframe environments to testing Web sites and applications.
The scope of this course covers Web technology, Web architecture and communications, the testing of functional and non-functional requirements such as usability and includes the complex testing activities of performance and security.
At the end of the course attendees will be able to:

  1. Understand the different technologies used in Web environments.
  2. Communicate adequately with appropriate technical personnel to ensure that the correct test environments are set up.
  3. Perform a simple risk analysis to identify and prioritise tests.
  4. Create appropriate tests, test cases and test scripts.
  5. Execute tests in a controlled manner using the correct setup conditions and inputs.
  6. Understand the nature, availability and limitations of Web testing tools.
  7. Examine performance requirements and ensure that the requirements are realistic and achievable.
  8. Understand how to test a site’s reliability and scalability prior to release.
  9. Examine a security policy and specify the types of tests necessary to ensure that the requirements contained in the policy are being met.

Course Content

Web Basics

  1. Basic Internet Architecture.
  2. Network Protocols.
  3. IP Addresses.
  4. URLs and DNS.
  5. Intranets.
  6. Virtual Private Networks.

Code Quality Assurance

  1. Quality Control and Quality Assurance.
  2. Unit Testing.
  3. Mark-Up Languages.
  4. Hypertext Markup Language (HTML).
  5. HTML Validation.
  6. Images.
  7. Cascading Style Sheets (CSS).
  8. Web Open Font Format (WOOF).
  9. Client-side Scripting.
  10. Extensible Markup Language (XML).
  11. Document Type Definitions (DTD).
  12. XML Namespaces.
  13. XML Schema.
  14. Displaying XML with CSS.
  15. Extensible Stylesheet Language (XSL).


  1. Client Hardware.
  2. Client Software.
  3. Mobile Clients.
  4. Different Web Browsers.
  5. Browser Modes.
  6. Internet Explorer Compatibility View.
  7. Server Software.
  8. Choosing the Test Environment.
  9. Software Combinations.
  10. Installability and Serviceability.


  1. Links.
  2. Static and Dynamic Links.
  3. Framesets.
  4. Inline Frames.
  5. Navigational Aids.
  6. Internal Search Engines.
  7. Site Maps.
  8. Navigational Efficiency.

Risk Based Testing

  1. Test Identification.
  2. Non-Functional Attributes.
  3. ISO 9126.
  4. Business Impact.
  5. Failure Likelihood.
  6. Test Prioritisation.

Client-side Functionality

  1. Forms.
  2. Client-side and Server-side Validation.
  3. Dynamic HTML.
  4. Document Object Model.
  5. AJAX.
  6. Client-side Pop-ups.
  7. Variable Screen Resolutions.
  8. Client-side Objects.
  9. Java and the Java Virtual Machine.
  10. Web Storage.
  11. Geolocation.

Server-side Functionality

  1. Server-Side Includes.
  2. Dynamic Page Generation (ASP, PHP, Python, Ruby, etc.).
  3. Common Gateway Interface (CGI).
  4. Database Interaction and Middleware.
  5. Interfacing to Back-Office Systems.
  6. Personalisation.
  7. RSS.
  8. Internet Explorer Web Slices.


  1. Maintaining a Session.
  2. Cookies.
  3. Private Browsing.
  4. Flash Cookies.
  5. Shopping Carts.
  6. Multi-Page Transactions.
  7. State Transition Diagrams.


  1. Importance of User Interface.
  2. General Usability Testing.
  3. Heatmaps.
  4. Screen Size and Resolution.
  5. Readability.
  6. Printer Friendly Pages.
  7. Help Systems.
  8. Usability Guidelines.
  9. Use Case Analysis.
  10. Performing Usability Tests.
  11. Multivariate Testing.
  12. Globalisation.
  13. International Environment.


  1. Colour Confusion.
  2. Components of Web Accessibility.
  3. Web Accessibility Initiative.
  4. WAI Guidelines and Techniques.
  5. Web Content Accessibility Guidelines.
  6. Conformance Requirements.
  7. Evaluation Web Sites for Accessibility.
  8. BS8878.

Web Architecture and Communications

  1. Client Internet Access (fixed).
  2. Wired Local Area Networks.
  3. Ethernet.
  4. Wireless Local Area Networks.
  5. Client Internet Access (mobile).

Performance Test Specification

  1. Performance Degradation.
  2. Prerequisites to Performance Testing.
  3. the General Process.
  4. When to Start Performance Testing.
  5. Categories of Performance Tests.
  6. Single-Shot/Smoke Testing.
  7. Load Testing.
  8. Stress and Hot Spot Testing.
  9. Spike and Bounce Testing.
  10. Integrity Testing.
  11. Defining and Selecting Test Objectives.
  12. Response Time Requirements.
  13. Defining the Workload.
  14. Think Times.
  15. Site Arrival and Abandonment.
  16. Usage Patterns.
  17. Client Internet Access Speeds – Fixed and Mobile.
  18. ISP Tiers.
  19. User Geographic Locations.
  20. Background Load.


  1. Acquiring the Test Scripts and Data.
  2. Specifying the Test Environment.
  3. Selecting the Loads to Run.
  4. Sampling Errors.
  5. Concurrency.
  6. Load Generation Options.
  7. Manual Load Testing.
  8. Home-grown Load Testing Software.
  9. Open Source Tools.
  10. Integrated Development Environments.
  11. Web-only Load Testing Tools.
  12. Hosted Load Testing Services.
  13. Enterprise-class Load Testing Solutions.
  14. Network Considerations.
  15. Load Generator Calibration.


  1. Running the Tests.
  2. Specifying the Number of Runs.
  3. Measuring the Load.
  4. White-Box and Black-Box Measurements.
  5. Full-Blown and Focused Testing.
  6. Phased Load Testing.
  7. Component Level Stress Tests.
  8. Infrastructure Load Tests.
  9. Architectural Load Tests.
  10. End to End Load Tests.


  1. Response Time Graphs.
  2. Margins of Error.
  3. Diagnosing Performance Problems.
  4. Troubleshooting Strategies.
  5. Improving Performance.


  1. Scalability Factors.
  2. Scalability Testing Objectives.
  3. Server Scalability.
  4. Database Server Scalability.
  5. Server Farms and Load Balancing.
  6. Running Scalability Tests.
  7. Horizontal and Vertical Scaling.
  8. Estimating the Resource Requirement.

Reliability and Availability

  1. Testing Objectives.
  2. Categories Of Tests.
  3. Low Resource Testing.
  4. Endurance Testing.
  5. Volume Testing.
  6. Peak Loading.
  7. Network Quality Of Service.
  8. Web Site Failover Testing.
  9. Server Failover Testing.
  10. Hardware and Software Failures.
  11. Calculating Web Site Availability.

Testing Security

  1. How Big is the Problem.
  2. Common Attack Methods.
  3. Where is the Problem.
  4. Security Policies.
  5. Building a Policy.
  6. BS7799.
  7. ITSEC.
  8. Common Criteria.
  9. Hackers and Crackers.
  10. Security Testing Techniques.
  11. Manual Inspections & Reviews – Gap Analysis.
  12. Threat Modelling – Attack Trees.
  13. A Framework for Testing.
  14. Security Architecture.
  15. IP v4 and v6.
  16. Transmission ontrol Protocol.
  17. Three-Way Handshake.
  18. IP Spoofing.
  19. Secure Sockets Layer.
  20. Encryption.
  21. Public Key Infrastructure.
  22. SSL Sessions.
  23. Wireless Encryption.


  1. What Firewalls Can and Can’t Do.
  2. Packet Filtering.
  3. Screening Routers.
  4. Proxy Servers.
  5. Network Address Translation.
  6. Virtual Private Networks.
  7. Types of Firewall Configuration.

Information Gathering

  1. Mapping Out the Network Topology.
  2. Scope of the Testing Effort.
  3. IP Address Inventory.
  4. Ping Sweeps.
  5. Service/Socket Inventory.
  6. Port Scanning.
  7. Hardening the System Software.
  8. Spiders.
  9. Robots and Crawlers.
  10. Web Application Fingerprinting.
  11. Testing for Error Code.
  12. Testing for Weak Cipher Levels.
  13. Testing SSL Certificate Validity.
  14. Testing for File Extension Handling.
  15. Old.
  16. Backup and Unreferenced Files.
  17. Server Logs.
  18. Evaluating Intruder Detection.
  19. Intruder Detection Systems.

Authentication Testing

  1. Client Attacks – Text Input and Drop-Down Lists.
  2. Credentials Transport Testing.
  3. Testing for User Enumeration.
  4. Default or Guessable User Accounts.
  5. Brute Force.
  6. Direct Page Requests.
  7. Parameter Modification.
  8. Session ID Prediction.
  9. Password Remember and Reset.
  10. Social Engineering and Insiders.
  11. Logout Testing.
  12. Cached Pages.

Session Management

  1. Hidden Fields.
  2. CGI Parameters.
  3. Analysis of Session Management.
  4. Cookie Poisoning.
  5. Cookie Reverse Engineering.
  6. Cookie Manipulation by Guessing and Brute Force.
  7. Session Hijacking and Session Fixation.
  8. Overflow.
  9. Exposed Session Tokens.

Data Validation Testing

  1. SQL Injection.
  2. Relational Databases.
  3. Structured Query Language.
  4. Testing for SQL Injection.
  5. Testing for Authorisation Bypass Attacks.
  6. Testing for SELECT Statement Attacks.
  7. URL Based SQL Injection.
  8. Testing for INSERT Statement Attacks.
  9. Cross Site Scripting.
  10. Phishing.
  11. Reflective and Persistent Cross Site Scripting.
  12. Cross Site Request Forgery.
  13. Clickjacking.
  14. HTTP Methods and Cross Site Tracing.
  15. SSI Injection.
  16. Dynamic Code.
  17. Buffer Overflows.