Ten Ways that I Follow to Test a Web Application.

One fine day in office, I had discussion with “Sandeep Tuppad” about qualities of a good tester, he compared a good tester with a warrior, he said that good warrior is one who know about war tactics and techniques and how and when to use weapons likewise, a good tester is one who know about the architecture and functionality of the app, one who know how to use the right tools and report the bug and get it resolved. So I assume myself as a good warrior while testing.

• Before starting testing I initially tour the product, so that I can better test the product and avoid missing certain area. I use the touring heuristic mnemonic (FCC CUTS VIDS), this helps me to find the testable areas in the application and to differentiate between feature and bug. I create a feature map by touring the application, this not only helps me to keep track of the features that I have tested, but also helps me to track the test coverage. To know more about the application I gather information about the application using add-ons like W3techs and Wappalyzer.
  W3techs website information technology is a browser extension available for Chrome and Firefox, it provides information about website background, server side language, client side language etc. More information like character encoding can be found when we use the website http://w3techs.com/sites the above extension fetches detail from this site.
  Wappalyzer is a Firefox add-on that server, framework present in the application as soon as we open the app in our Firefox browser.

Fig 1: Waaplyzer Output.

• After touring I come with different test scenarios for each feature in the application and I add it to the feature map which I have created and I also document the test cases.
• I will concentrate on particular features and test that feature based on different parameters and try to find bugs, if I am testing a File upload or CAPTCHA feature I go to the TestInsane mindmaps repository and pick the mindmap regarding to file upload testing or CAPTCHA testing, it triggers lots of test ideas.
• I use “Putchik's wheel of emotion” for performing Emotion based like I will get irritated if the application is slow.
• I automate test that I feel that need to be done repeatedly. There was a scenario where I need to add different combination of items to the cart and place the order, so I created a selenium script to add different items to the cart and place the order, it saved lots of time and also gives a better test coverage.
• Combinatorial testing there are different ways to enter a room so doing thing in a different way will leads to some bugs that is trying out different combination to perform the same task, for instance I was testing an app which allows to select postpaid option for a particular subscriber, but if I add the same number as primary number I was able to select prepaid for the subscriber and the re-charge for the number was getting failed.
• If there are any third party API like payment gateway, Dropbox integration I explore about their Terms & Condition and come up with test ideas, supposing if a payment gateway allow only Rs 2000 to be transferred in a particular day the app using the payment gateway must show error message if transaction of more than Rs 2000 is tried.
• I use the “common software error” by Cem Kaner, it contain over 400 ready-made software bugs and mindmap like “Ready-Made50 Bugs / Test Ideas” by Santhosh Tuppad, these helps me a lot to find if I am missing some test ideas
• I use add-on like web developer add-on which are my weapons. Some of the add-on which I use frequently are listed below. 
  
  
  Postman & Postman Interceptor
  Postman is a very useful Chrome APP for performing API testing we can capture the request link in using Developer Tool option and past it in the URL tab and select the option like GET, POST, PUT and click the Send button we will get the response back.
  
  
  PostmanInterceptor is used to capture the request while we load a particular page and show it in the Postman.
  
  
  Recx Security Analyser
  RecxSecurity Analyser  is a Chrome add-on used to analyse the HTTP security headers, page Meta security, cookie security options and Form auto-complete settings in a particular website. It can be used to find security vulnerabilities in the site suppose X-XSS protection header values is not “1: mode =block”, the website may be vulnerable to cross site scripting.
  
  
  BugMagnet
  BugMagnet is an add-on available in Firefox and Chrome, it will be useful while testing web form it provides set of valid and in-valid input values for the form fields like e-mail, URL etc. We can use it test if the form fields accepts invalid items and submit.
  
  
  Mockaroo Random Data Generator
  Mockaroo is a web application it can be used to generate test data for form fields in the app, it will be very helpful for automation.
  
  
  Flagfox
  FireFox add-on which contain tools like Whois. It can also be used to perform SSL Server Test by using SSL Server Test, It provide information such as server information, certificate information, signature algorithm used and the coolest part is it describes the vulnerability in the signature algorithm.

Fig 3: Flagfox Tool list.

• I read the bug reports that are reported by other tester in the team so that I get some ideas from them.