Testing and Quality Assurance for Websites

Overview of Software Development Methodologies

  • Software development methodologies consist of interrelated phases or steps that embody the life cycle of the development process.

  • The development cycle represents the levels a project passes through, from concept to development to completion and implementation.

  • Phases within the cycle may be repeated as necessary throughout the management and tracking of a software project.

  • The primary software development methodology approaches include:

    • System Development Life Cycle (SDLC)/Waterfall

    • Agile software development methodology

    • Joint application development (JAD)

    • DevOps (Software Development and IT Operations) deployment methodology

System Development Life Cycle (SDLC) and Waterfall

  • The SDLC model dictates that application development passes through six distinct phases from initiation to deployment.

  • This is a structured and phased approach intended to maintain project scope and focus on completeness, performance, and security.

  • In the standard SDLC, each phase must be completed and approved before the subsequent phase can begin.

  • The Waterfall model is a commonly used adaptation of the SDLC.

  • Criteria for using Waterfall and SDLC methodologies include:

    • Application requirements are well defined, clear, and compact.

    • The operating environment is stable.

    • The need for new technology is minimal.

    • Required staffing is available and has received appropriate training.

    • The project duration is short.

Agile Software Development Methodology and Scrum

  • Agile methodologies favor strong collaborative interactions between team members and provide for early identification of issues.

  • Scrum is a specific process used within Agile development.

  • Scrum elements: A project is based on a User Story and assigned to a Scrum team as a "Sprint."

  • Scrum Participants:

    • Stakeholder

    • Product Owner

    • Development Team

    • Scrum Master

  • Scrum Artifacts:

    • User Stories

    • Product Backlog

    • Sprint Backlog

  • Scrum Key Concepts:

    • Done: The definition of a finished task.

    • Velocity: The rate at which the team completes work.

  • Scrum Rituals:

    • Sprint

    • Sprint Planning

    • Daily Scrum

    • Sprint Demo

  • Criteria for choosing the Scrum method:

    • Requirements are not clearly defined.

    • Changes are likely to occur.

    • Focus is on producing a Minimum Viable Product (MVP).

    • The project is open to change.

Alternative Agile Methodologies

  • Kanban: Provides visibility and focus on project priorities through Kanban boards. Stages include Input (Backlog), Work in Progress (Phase 2, Phase 3, Feature, Development, Test, Acceptance), and Output.

  • Crystal: Allows Development Teams to customize collaboration based on available resources and project needs. It adjusts processes, workflows, and approval cycles to fit the organization.

  • Dynamic Systems Development Method (DSDM):

    • Focuses on project goals and business impact.

    • Relies heavily on governance.

    • Uses an incremental and iterative approach where end-user/owner feedback is critical.

    • More common in larger organizations like multinational corporations and governments.

  • Extreme Programming (XP):

    • Used primarily in smaller organizations where resources are in a single location.

    • Five key principles: communication, simplicity, courage, feedback, and respect.

    • Uses "pair programming," where developers work in pairs to write code.

  • Feature-Driven Development (FDD):

    • Focuses on the end user and prioritizes User Stories.

    • Desired features are produced first in a priority sequence.

    • Often utilized by organizations with fixed hierarchical structures.

  • Lean Software Development (LSD): Minimizes release time while maximizing quality and reducing the waste of time/resources.

  • Rapid Application Development (RAD): An agile framework utilizing prototypes. Stakeholders and end users provide feedback on prototypes, and adjustments are made iteratively until acceptance is gained.

Joint Application Development (JAD)

  • JAD is commonly used in the early stages of Agile-based frameworks to verify User Story elements.

  • It speeds up the identification and validation of "Epic" details by making the end user or website owner a team member.

  • JAD Project Phases: User story → Design → Development → Testing → Deployment.

  • JAD Team Roles:

    • Executive Sponsor

    • Project Manager/Facilitator

    • Stakeholders

    • Recorder

    • Technical Advisor

    • Observer

  • JAD Sessions vs. Workshops:

    • Sessions: Used to initiate ideas and suggestions to solve User Story issues.

    • Workshops: Executive Sponsors and decision-makers review points from sessions and make final decisions.

DevOps Deployment Methodology

  • DevOps is an acronym for Software Development (Dev) and IT Operations (Ops).

  • It combines development and operations into a single team that works in parallel and collaboratively.

  • Goal: To break down roadblocks common in legacy approaches between Dev and Ops.

  • The CAMS Model: A philosophy representing Culture, Automation, Measurement, and Sharing. It is viewed as a pyramid where each layer provides a foundation for the principle above it.

Website Testing and First Impressions

  • High Stakes: A website viewer makes a decision to stay or leave within 15 seconds.

  • The "Hook": How the site looks determines if a visitor stays.

  • The "Anchor": Functional reliability keeps the visitor engaged.

  • First Impressions and Stickiness: Stickiness is the site's capability to hold a viewer.

  • The 5-Second Test:

    • Measures first impressions and information takeaway after 5 seconds of viewing.

    • The actual viewing period can be up to 15 seconds.

    • Test viewers view the site and then answer questions to determine:

      • What did visitors see? (Identifies objects that drew attention).

      • What did visitors remember? (Identifies effective headings, links, or images).

      • What did visitors believe was the focus? (Identifies how well the site conveys value).

      • What one-word description did they use?

Functional Testing Areas

  • Functional testing ensures the site performs tasks, interfaces with other software/DBMS, and navigates as documented.

  • Zone tests should be used to stress separate functional components.

  • Standard verification areas:

    • Links Testing: Verifies outbound/off-site links, internal links, missing/omitted links, email links, and broken links. Tools include ahrefs.com’s Broken-Link-Checker, Dr. Link Check, and Screaming Frog’s SEO Spider.

    • Forms Testing: Checks for missing data, input data validity, standard sets of values, and abandoned shopping carts.

    • Cookies Testing: Verifies the creation, presence, and content of cookies stored on the client side.

      • Session Cookie: Tracks interactions for a single specific use; removed when the browser closes.

      • Persistent Cookie: Contains the server identity, cookie lifetime, and a random identifier value.

      • Testing Steps: Disable/remove cookies; edit cookie values in a text editor; test on multiple browsers; verify session cookie removal; ensure encryption of sensitive data (usernames, passwords, credit card numbers).

    • HTML/CSS Validation: Small coding errors (e.g., missing close parenthesis) can cause large functional or visual problems.

Security and Vulnerability Mitigation

  • Security testing must be included in every development phase and pre-release testing.

  • Functions focus on protecting Personally Identifiable Information (PII) and sensitive data, usually through encryption.

  • Mitigation Process: An investigation (not just an inventory) to remove or limit exposure to threats.

  • Mitigation Strategies:

    • Accept: Do nothing and live with the vulnerability.

    • Avoid: Remove the website to eliminate the vulnerability.

    • Reduce: Mitigate to lower the probability of exploitation.

    • Transfer: Pass responsibility to a third party or contractor.

  • Steps to mitigate security flaws: Verify vulnerabilities → Analyze and prioritize → Develop mitigation plan → Retest.

Mobile Device and Documentation Testing

  • Mobile Coding: Often uses Extensible HyperText Markup Language—Mobile Profile (XHTML-MP) and WAP CSS.

  • Mobile-Specific Tests:

    • Compatibility with iOS, Android, and Windows tablets/smartphones.

    • Loading time.

    • Object sizes (buttons, text boxes).

    • Use of bulleted lists and short text.

    • Dial-out functions.

  • User Documentation: Includes help files, FAQs, community blogs, and assistance request forms.

  • Administrative Documentation: Includes original specifications, designs, requirements, and functional descriptions.

  • Change Management: A standardized approach to handling fixes, enhancements, and changes for production websites.

Launching, SEO, and Post-Launch Diagnostics

  • Launch Verbs: Release, deploy, upload, launch, publish.

  • Pre-Launch Tasks:

    • Inspect all content for misspellings.

    • Check media downloads (sound, images, video).

    • Verify media permissions and licensing.

    • Retest browser compatibility.

    • Begin marketing 1 to 2 months before launch.

  • Conversion Rates:

    • Major retailers average a conversion rate of only 2.5%2.5\%.

    • This means only 2.5 visitors out of 100 buy something.

  • SEO Strategy:

    • Use sets of keywords in titles, metadata, and content contextually.

    • Experiment with keyword sets to improve search engine rankings.

  • Diagnostics and Post-Launch Tools:

    • Diagnostics check for static issues: broken links, coding errors, unreachable objects.

    • Recommended diagnostic packages: Catchpoint’s WebPageTest, Google Analytics, and Semrush.