Blog

  Key Success Factors in Testing High-traffic Web Sites


Overview

Today, non brick-and-mortar companies such as Google, Amazon and Yahoo! generating revenues in billions of dollars is quite well-known. What may not be so well-known, though, is the level of investment these companies have to make in ensuring that their systems and servers are always available to their customers 24×7, and to make sure that their data centres are able to handle the amount of traffic needed to be processed to keep their business going.

Little wonder then, that testing forms an important part of managing their business infrastructure.

Introduction

This blog is intended to explain to the reader the most important factors that are involved in the testing of high-traffic Web portals. For such Websites, security and performance become the key factors in testing along with other concepts such as usability, functionality and navigation.

Unit Testing

Unit testing must be performed by the developers against their components prior to integration. Custom unit tests only exercise functionality but neglect performance, which becomes a bottleneck later; hence component performance needs to be analyzed during their unit tests. This is usually done using the following tools:

  • Memory profilers
  • Code coverage and coding standard tools

Usability Testing

Usability testing helps to create and maintain a user-friendly and user-centric portal that a visitor will find easy to use and will want to visit again. Some of the usability practices tailored for high traffic Websites are listed below:

  • User friendly layout: Use language and concepts which are familiar to the user. Try to present information in a sequential and logical order.
  • Maintain consistent conventions: Concepts which are similar should be shown using similar terminologies and graphics. Details of maintaining uniform conventions for aspects such as layout, formatting, typefaces, labelling, etc should not be ignored.
  • Minimize users’ memory usage: Try not to force visitors to remember important information across multiple documents.
  • Using a flexible and efficient design: Try to arrange screens in a way such that frequently required data is found easily, providing instructions and directions wherever necessary.
  • Keeping an aesthetic yet simple design: Do not present or display information which may be distracting or irrelevant.
  • Arrange a progressive level for details: Information should be organized such that generic information is presented first, followed by more details, as requested or searched for.
  • Provide navigational feedback. Moving between related topics should be made easy. The user should be allowed to find out where he/she presently is on the website (by providing a site-map) and it should be easy to return to any previously visited point on the site.

Globalization

For high traffic portals, there is increasing demand for supporting local languages as the end user base is increasing from every corner of the world. Globalization testing is the process of testing the Website which has to work uniformly across multiple regions and cultures. There are two aspects to an international website: world readiness (globalization), and localization. World readiness refers to the process of designing, coding and testing the website such that it can be easily localized for different regions. Localization involves translating and customizing the products for different regions. Ensuring world-readiness is different from testing localized program versions, and it is broader than just functionality testing. It also includes realizing the implications of globalization, plus verifying that those implicit requirements are met throughout all the design and development steps.

AJAX Bridging

It is well known that AJAX applications can only connect back to the website from which they have originated and this is a security measure in AJAX. For instance, JavaScript code developed with AJAX and obtained from a certain site cannot launch a connection to another site. The AJAX service bridge was developed to enable a third-party Website connection in this way.

This is how it works: Inside the bridge, first, a host provides a Web service acting as a proxy and allowing traffic forwarding between the JavaScript code running on the client and the third-party Web site. Since a bridge can be considered as a ‘Web service to Web service’ type of connection, an attacker can use this to gain access to sites with restricted access. Hence, it is required to check whether the website is vulnerable to attacks or not.

HTML/AJAX Injection

The heart of AJAX is XMLHttpRequest which allows for synchronous server communications and browser updates. The browser can be updated with just simple HTML (DOM), XML, or another structured data format. These XMLHttpRequest calls are just normal HTTP requests. Check if every request for authentication checks for the behavior of application after introduction of HTML injection. The same security vulnerabilities and controls apply to AJAX websites.

  • AJAX often requires additional or stronger controls because they are usually complex, bidirectional, and asynchronous.
  • AJAX applications often have weak authentication, session management, and error handling.

Cross Site Scripting

Additionally, check the Web application for XSS (Cross site scripting). Any HTML, such as <HTML>, or any script such as <SCRIPT> should not be accepted by the application. If it is, the application can be prone to an attack by Cross Site Scripting.

Cross-Browser Compatibility

Cross-browser compatibility generally is a big issue. It is magnified a few times when you consider high traffic Websites with AJAX. Browsers either do not support AJAX or render AJAX differently. More stress on browser compatibility testing of high traffic Websites comes when you consider different browsers with different versions such as Internet Explorer, Netscape, Firefox, Safari, Opera and Chrome.

Security Testing

Because AJAX is still a recent technology, several of its security issues are still to be fully understood. AJAX must not be deployed in security-sensitive applications, such as credit card verification portals. Some of the security concerns to be considered while designing the test cases while using AJAX are listed below:

  • It increases the available attack surface and requires many more inputs to be secured.
  • It exposes the internals of the application.
  • It enables access to third-party resources for the client without any built-in security and encoding mechanisms.
  • It has no mechanisms to avoid failures in protecting authentication information and sessions.
  • The line between client and server-side code is highly blurred, which results in security mistakes.

Testing Search Engine Optimization

Testing teams of such high traffic portals need to deeply understand the basics of search engine optimization (SEO). This is all the more important, especially because Website technologies like AJAX and Flash are not search engine friendly. Listed below are some important SEO items that the testing teams should be aware of:

  • Ensure that static URLs are used widely and IP addresses are used only when absolutely necessary.
  • Ensure that there is no excessive use of tables which is considered a bad SEO practice.
  • Ensure that non-compliant HTML is not used.
  • Ensure that images have ‘ALT’ and ‘Title’ attributes.
  • Ensure proper use of ‘Meta’ tags and keywords.
  • Ensure the presence of an ‘Admin’ screen to dynamically update keywords based on feedback from search engines.
  • Check hyperlink updates for use of domain name instead of IP address.
  • Avoid excessive use of JavaScript based menus which have a negative impact on SEO.
  • Ensure that all searchable text is available to search engines.
  • Test the Website on all search engines for which the site is optimized.

Special Test Cases for Websites Heavily Loaded with AJAX and Flash

  • Absence of an IDE for AJAX makes unit testing and debugging a discouraging task. Hence, excessive dependency is always there on the regression testing teams who need to factor this and design the test suite more elaborately and cover each single unit for all its possible functionalities.
  • High traffic Websites with AJAX will not work if JavaScript is disabled. Make sure that the user is prompted to enable JavaScript and even if the user doesn’t do so, the site should not become totally inaccessible with JavaScript turned off.
  • The ‘Back’ button on the browser may not work until developers provide that functionality. Testing teams need to ensure that this functionality is available on pages where there is a high probability of users hitting the ‘Back’ button.
  • It may be difficult to bookmark a particular section of an AJAX site. Testing teams must ensure that pages users may want to bookmark are free from this limitation.
  • The Flash based interface must be tested on different speeds such as modem, broadband, LAN etc.
  • The audio and video synchronization for flash movies and animations must be checked.
  • Finally, the Flash/AJAX application on the machine with minimum configuration must be tested.

Bandwidth Dependency

Both AJAX and Flash have a heavy bandwidth dependency and do not work well on low bandwidths. Hence, testing the response on varying bandwidths to determine and ensure the comfort band is an important requirement. This adds a whole new dimension to testing such sites, and demands additional discipline, time and resources.

Performance Testing

For such high traffic Web portals, thousands of requests are usually being made to the server and during particular events and times, this count can go in millions. With such a high volume of traffic, server performance may become an issue and hence to ensure satisfactory performance, the following criteria should be met during performance testing:

  • It must be ensured that your site’s performance requirements and goals represent the needs of your users.
  • Load tests must be designed such that they replicate the actual workload at both normal and peak times.
  • Performance testing must be conducted using parameters such as data types, distributions and volumes which are similar to those used in actual business operations under actual production.
  • Whether the system can handle multiple concurrent requests performing the same transactions must be checked.
  • To properly identify the bottlenecks during performance testing, using a good and optimised profiling tool is also important.
  • Automated testing tools such as LoadRunner, Keynote and JMeter should also be used for evaluating various performance aspects.
  • Time-critical transactions in the performance tests must be included.
  • Even under peak traffic conditions, it must be ensured that the user can transfer large volumes of data.
  • The performance tests must also be conducted while regular system processes, such as a batch job execution or a virus definition update download, are in progress.
  • The performance must be measured under various load levels and mixed scenarios.
  • It has to be validated that all of the correct data was displayed and saved during your performance tests.
  • An important testing technique, known as Soak Testing, also has to be executed. This involves testing a system with a significant load extended over a significant period of time, to discover how the system behaves under sustained use.

Summary of the Factors Important in Testing High-traffic Web Sites

Standard testing methodologies must be adapted to the unique nature of Website testing environments. The following table lists some of the key aspects that testing teams should consider while designing test strategies for high traffic Web sites:

Type of Check Parameters to be Validated
Validation checks Validating HTML, input forms, check for broken links, validating CSS (such as fonts, colors, spacing etc)
Security checks Testing cookies
Performance checks Testing bandwidth dependencies
Browser compatibility checks Using different browsers such as Internet Explorer, Netscape, Firefox, Safari, Opera and Chrome
Other checks Testing the sever side interface, configuration, recovery and accessibility

Phases in Testing Applications Running on such High-traffic Web Portals

To ensure that the application is able to withstand the high volume of traffic, it must go through the following phases during specific points in the software development lifecycle:

  • Unit testing
  • Integration testing
  • Functional testing
  • End-to-end testing
  • Distributed testing
  • Usability Testing
  • Globalisation testing
  • Exploratory testing
  • Regression testing
  • Compatibility testing
  • Conformance testing
  • Fault tolerance and security testing
  • Load and stress testing
  • Performance testing

 

Summarizing, we have seen in this blog that testing high-volume portals requires careful planning at every stage, starting from the site’s design right up to considerations such as the end user’s bandwidth availability.



Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.