Testing and Quality Assurance for Websites
Overview of Software Development Methodologies
Software development methodologies consist of interrelated phases or steps that embody the life cycle of the development process.
The development cycle represents the levels a project passes through, from concept to development to completion and implementation.
Phases within the cycle may be repeated as necessary throughout the management and tracking of a software project.
The primary software development methodology approaches include:
System Development Life Cycle (SDLC)/Waterfall
Agile software development methodology
Joint application development (JAD)
DevOps (Software Development and IT Operations) deployment methodology
System Development Life Cycle (SDLC) and Waterfall
The SDLC model dictates that application development passes through six distinct phases from initiation to deployment.
This is a structured and phased approach intended to maintain project scope and focus on completeness, performance, and security.
In the standard SDLC, each phase must be completed and approved before the subsequent phase can begin.
The Waterfall model is a commonly used adaptation of the SDLC.
Criteria for using Waterfall and SDLC methodologies include:
Application requirements are well defined, clear, and compact.
The operating environment is stable.
The need for new technology is minimal.
Required staffing is available and has received appropriate training.
The project duration is short.
Agile Software Development Methodology and Scrum
Agile methodologies favor strong collaborative interactions between team members and provide for early identification of issues.
Scrum is a specific process used within Agile development.
Scrum elements: A project is based on a User Story and assigned to a Scrum team as a "Sprint."
Scrum Participants:
Stakeholder
Product Owner
Development Team
Scrum Master
Scrum Artifacts:
User Stories
Product Backlog
Sprint Backlog
Scrum Key Concepts:
Done: The definition of a finished task.
Velocity: The rate at which the team completes work.
Scrum Rituals:
Sprint
Sprint Planning
Daily Scrum
Sprint Demo
Criteria for choosing the Scrum method:
Requirements are not clearly defined.
Changes are likely to occur.
Focus is on producing a Minimum Viable Product (MVP).
The project is open to change.
Alternative Agile Methodologies
Kanban: Provides visibility and focus on project priorities through Kanban boards. Stages include Input (Backlog), Work in Progress (Phase 2, Phase 3, Feature, Development, Test, Acceptance), and Output.
Crystal: Allows Development Teams to customize collaboration based on available resources and project needs. It adjusts processes, workflows, and approval cycles to fit the organization.
Dynamic Systems Development Method (DSDM):
Focuses on project goals and business impact.
Relies heavily on governance.
Uses an incremental and iterative approach where end-user/owner feedback is critical.
More common in larger organizations like multinational corporations and governments.
Extreme Programming (XP):
Used primarily in smaller organizations where resources are in a single location.
Five key principles: communication, simplicity, courage, feedback, and respect.
Uses "pair programming," where developers work in pairs to write code.
Feature-Driven Development (FDD):
Focuses on the end user and prioritizes User Stories.
Desired features are produced first in a priority sequence.
Often utilized by organizations with fixed hierarchical structures.
Lean Software Development (LSD): Minimizes release time while maximizing quality and reducing the waste of time/resources.
Rapid Application Development (RAD): An agile framework utilizing prototypes. Stakeholders and end users provide feedback on prototypes, and adjustments are made iteratively until acceptance is gained.
Joint Application Development (JAD)
JAD is commonly used in the early stages of Agile-based frameworks to verify User Story elements.
It speeds up the identification and validation of "Epic" details by making the end user or website owner a team member.
JAD Project Phases: User story → Design → Development → Testing → Deployment.
JAD Team Roles:
Executive Sponsor
Project Manager/Facilitator
Stakeholders
Recorder
Technical Advisor
Observer
JAD Sessions vs. Workshops:
Sessions: Used to initiate ideas and suggestions to solve User Story issues.
Workshops: Executive Sponsors and decision-makers review points from sessions and make final decisions.
DevOps Deployment Methodology
DevOps is an acronym for Software Development (Dev) and IT Operations (Ops).
It combines development and operations into a single team that works in parallel and collaboratively.
Goal: To break down roadblocks common in legacy approaches between Dev and Ops.
The CAMS Model: A philosophy representing Culture, Automation, Measurement, and Sharing. It is viewed as a pyramid where each layer provides a foundation for the principle above it.
Website Testing and First Impressions
High Stakes: A website viewer makes a decision to stay or leave within 15 seconds.
The "Hook": How the site looks determines if a visitor stays.
The "Anchor": Functional reliability keeps the visitor engaged.
First Impressions and Stickiness: Stickiness is the site's capability to hold a viewer.
The 5-Second Test:
Measures first impressions and information takeaway after 5 seconds of viewing.
The actual viewing period can be up to 15 seconds.
Test viewers view the site and then answer questions to determine:
What did visitors see? (Identifies objects that drew attention).
What did visitors remember? (Identifies effective headings, links, or images).
What did visitors believe was the focus? (Identifies how well the site conveys value).
What one-word description did they use?
Functional Testing Areas
Functional testing ensures the site performs tasks, interfaces with other software/DBMS, and navigates as documented.
Zone tests should be used to stress separate functional components.
Standard verification areas:
Links Testing: Verifies outbound/off-site links, internal links, missing/omitted links, email links, and broken links. Tools include ahrefs.com’s Broken-Link-Checker, Dr. Link Check, and Screaming Frog’s SEO Spider.
Forms Testing: Checks for missing data, input data validity, standard sets of values, and abandoned shopping carts.
Cookies Testing: Verifies the creation, presence, and content of cookies stored on the client side.
Session Cookie: Tracks interactions for a single specific use; removed when the browser closes.
Persistent Cookie: Contains the server identity, cookie lifetime, and a random identifier value.
Testing Steps: Disable/remove cookies; edit cookie values in a text editor; test on multiple browsers; verify session cookie removal; ensure encryption of sensitive data (usernames, passwords, credit card numbers).
HTML/CSS Validation: Small coding errors (e.g., missing close parenthesis) can cause large functional or visual problems.
Security and Vulnerability Mitigation
Security testing must be included in every development phase and pre-release testing.
Functions focus on protecting Personally Identifiable Information (PII) and sensitive data, usually through encryption.
Mitigation Process: An investigation (not just an inventory) to remove or limit exposure to threats.
Mitigation Strategies:
Accept: Do nothing and live with the vulnerability.
Avoid: Remove the website to eliminate the vulnerability.
Reduce: Mitigate to lower the probability of exploitation.
Transfer: Pass responsibility to a third party or contractor.
Steps to mitigate security flaws: Verify vulnerabilities → Analyze and prioritize → Develop mitigation plan → Retest.
Mobile Device and Documentation Testing
Mobile Coding: Often uses Extensible HyperText Markup Language—Mobile Profile (XHTML-MP) and WAP CSS.
Mobile-Specific Tests:
Compatibility with iOS, Android, and Windows tablets/smartphones.
Loading time.
Object sizes (buttons, text boxes).
Use of bulleted lists and short text.
Dial-out functions.
User Documentation: Includes help files, FAQs, community blogs, and assistance request forms.
Administrative Documentation: Includes original specifications, designs, requirements, and functional descriptions.
Change Management: A standardized approach to handling fixes, enhancements, and changes for production websites.
Launching, SEO, and Post-Launch Diagnostics
Launch Verbs: Release, deploy, upload, launch, publish.
Pre-Launch Tasks:
Inspect all content for misspellings.
Check media downloads (sound, images, video).
Verify media permissions and licensing.
Retest browser compatibility.
Begin marketing 1 to 2 months before launch.
Conversion Rates:
Major retailers average a conversion rate of only .
This means only 2.5 visitors out of 100 buy something.
SEO Strategy:
Use sets of keywords in titles, metadata, and content contextually.
Experiment with keyword sets to improve search engine rankings.
Diagnostics and Post-Launch Tools:
Diagnostics check for static issues: broken links, coding errors, unreachable objects.
Recommended diagnostic packages: Catchpoint’s WebPageTest, Google Analytics, and Semrush.