Website Testing - Did you miss anything while Testing?

A lot has been written and discussed about Website Testing till date. But still, website testing is probably one of the most commonly confused topic among testers! Need evidence? Spend a little time searching and you can see tons of queries flooding the Internet (Online Forums, Usenet Groups, Orkut Communities, Tech Corners etc) regarding website testing, how a website should be tested, what should be tested, which things should be given priority while testing, what should not be given much importance while testing and so on. I might well be the trillionth person on this planet to write an article on Website Testing here! But I am writing this because I am really tired of replying emails asking me to write an article on Website Testing in my blog. However, this article is not an attempt to show you how you should test your website. You should understand that there is no universal rule to testing that can fit all kind of similar testing assignments. The testing approach that is going to follow consists of a checklist of items that might be tested while testing a website. This does not mean that following this checklist can essentially guarantee you success while testing *any and every* kind of website. In contrary, this post is meant to be used as a website testing cheat-sheet, a kind of checklist of items to remember while testing a website! While following this checklist, the chance of success (or failure) greatly depends on your own particular context! However, here is the cheat-sheet for website testing:

[A] Functionality Testing:
While testing the functionality of the websites the following areas should be tested.

a) Links/URL Testing: There are mainly 4 types of links in most websites.
» Internal links [Test the links that point to the pages of the same website.]
» External links [Test the links that point to external websites.]
» Mail links [Test if the email links open the default email client with the recipient email ID already filled in the “To” field.]
» Broken links [Test if any of those links are broken or dead! Free tools like Link Valet (which is convenient for checking a few pages) or Xenulink (convenient for checking a whole site) can be helpful in testing broken links.]

b) Forms Testing: The web forms should be consistent and should contain all the required input and output controls. Test the integrity of the web forms and the consistency of the variables.

c) Validation Testing:
» You can use tools like W3C validator to test and make sure that you have valid HTML (or XHTML).
» Most of the modern day websites use CSS (Cascading Style Sheet). You can use tools like W3C CSS validator to test and validate the CSS used in your site.
» Test the different fields for field level validation. Test and validate user inputs like: TextBox inputs, ComBox inputs, DropDownBox selections, KeyDown, KeyPress, KeyUp etc.

d) Test the Error messages:
Error messages are integral part of any well-developed website and they guide the user whenever any wrong/unexpected input is submitted. Testing the Error messages is very important as a badly designed Error message can misguide the end user about the actual impact of the error! About testing error messages, Ben Simo has a nice article that you might find interesting.

e) Testing optional and mandatory fields: Test if the web forms handle the optional and mandatory fields efficiently. Ideally, the application should not allow you to proceed unless you have filled in ALL the mandatory fields and should not restrict you from proceeding if you have left ANY of those optional fields unfilled!

f) Database Testing: Most of the modern day websites come with a backend database (unless it’s a site consisting of purely static web pages). So
testing the database for its integrity becomes essential to make sure the website is able to handle the data processing effectively.

g) Cookies Testing: A cookie is information that a website (server side) puts on your hard disk (client side) so that it can remember something about you at a later time. If your website sets cookies at the client machines then test to check that cookies and other session tokens are created in a secure and unpredictable way. Poor handling of cookies can result in security holes and vulnerabilities that can be taken advantage by
malicious users and hackers. Here is a nice article on Testing for Cookie and Session Token Manipulation.

h) Client-side Testing: Test the temporary Internet files on the client side system to make sure if any sensitive data (like password, credit card number etc) is being stored in the client system without being encrypted or in an unsecured way.

[B] Performance Testing:
IEEE defines Performance testing as the testing conducted to evaluate the compliance of a system or component with specified performance requirements. The goal of performance testing is not to find bugs, but to eliminate bottlenecks and establish a baseline for future load/stress testing. Performance testing can be applied to understand the website’s scalability, any loopholes in the load balancing and to test the response time between a request (from the client) and the reply (from the server) and the amount of load/stress the site is able to sustain. Scott Barber’s PerfTestPlus and Chris Loosley’s Web Performance Matters are two great resources for more exhaustive information on Performance Testing.

[C] Connection Speed Testing:
Test the website over various Networks like - Dial up connection with a 56-kbps modem (hard to believe, but there are lot of web users who still use a modem), ISDN, cable connection, broadband connection with different download speeds, DSL connection, satellite internet etc. With slower connection speed, if your website results in slow performance or partial loading of web pages then it should be cause of concern. As testers, we act as the representative of the end users. If we find out that even a part of our intended end user community is going to have problem with the application we are testing, it should be sufficient to raise the issue as a defect!

[D] Web Usability Testing:
If you develop a website which is not user-friendly and is difficult to learn, understand and navigate, then it won’t be of much use for the user. For example, if your website relies way too much on JavaScript for navigation, a browser with disabled JavaScript can render the site unusable. Some of the criteria to keep in mind while testing the usability of a website are:
» Ease of learning (How intuitive and self-explanatory the site is).
» Navigation.
» User satisfaction.
» Web accessibility testing (If all the content and parts of the site are accessible).
» General appearance (Look and feel).

[E] Testing Client-Server Interface:
In web testing the server side interface is tested to verify that communication is properly established with the client. In case of n-Tier architecture based web applications, the middle-tier Business Logic APIs should also be tested (even if they are third-party shrink-wrapped softwares) for any communication/interface malfunctioning!

[F] Compatibility Testing:
Test your website to verify that it’s pages render adequately in different browsers (e.g. IE 5, IE 6, IE 7, Firefox 2, Opera, Safari etc) using different operating systems (Win XP, Vista, Linux, Mac etc) on different hardware platforms. Different versions, configurations, display resolutions, and Internet connect speeds all can impact the behavior of the web pages and can introduce embarrassing (and often costly) bugs. However, an important thing to remember while testing the web compatibility is – we should first identify the major customer base for the website and then decide the main browsers and OS to test for. Some typical compatibility tests include testing your application:
» Using various browsers.
» Using various window sizes.
» Using various font sizes.
» Using browsers with CSS, JavaScript turned OFF!
» Using browsers with pop-up blockers!
» On various Operating Systems.
» With different screen resolutions and color depths.
» On various client hardware configurations.
» Using different memory sizes and hard drive space.
» In different network environments.
» Ability to take printouts with different printers (Printer-friendly Versions)

[G] Web Security Testing:
Often Web Security Testing is also referred to as Penetration Testing. The primary objective for testing the security of a website is to identify potential vulnerabilities/security holes and to patch/repair them. For example, if your website allows some files to be uploaded, your web server should have proper automated antivirus checking in place to detect and disable any attempt of virus uploading by the client side. Some of the major aspects of web security testing are:
» Network Scanning.
» Vulnerability Scanning.
» Password Cracking.
» Log Review.
» Integrity Checkers.
» Virus Detection.

Hope this article helps in giving a rough coverage of areas that needs attention while testing a website. Did I miss something here that should have been included in the checklist? Feel free to let me know by commenting and I will update this post along with proper credit to you.

Update: An important aspect of website testing that I had missed to include in my cheat-sheet is Testability Testing. Thanks to Michael Bolton for his comment.

Happy Testing…
Share on Google Plus

About Debasis Pradhan

Debasis has over a decade worth of exclusive experience in the field of Software Quality Assurance, Software Development and Testing. He writes here to share some of his interesting experiences with fellow testers.


  1. One form of testing that is consistently left out of lists like this one is testing for testability. Web sites can be much, much easier to test when

    1) the components on the server side provide appropriate and useful log files, so that you can have some automatic record of things that have happened while testing;

    2) the /.*ML/ elements are identified with unique ID tags, so that automation can be more easily used to drive the Web site;

    3) the components of the site have been unit tested by the developers, ideally but not necessarily7 test-first;

    4) oracles, in the form of information about the site and knowledgeable people to answer questions, are readily available;

    5) the site is only as complex as is absolutely necessary to support the business and customer's tasks.

    Those things won't guarantee better testing--the key component there is tester skill--but they can be helpful in making faster and easier.

  2. @ Michael Bolton,

    You can't imagine my happiness to see your comment on my post. It is an honor to be corrected/guided by testing experts like you.

    I agree that Testability is an essential and often neglected (like in my cheat-sheet above) area of testing. If the application under test (can be a website, desktop applications, client-server applications etc) is not testable, it can limit the scope of testing. As you have rightly mentioned a good testable website should have proper log generation system in place that generates log files with time-stamped activities performed on the server side.

    @ Readers,

    I just found an excellent article by Michael Bolton on Stickyminds that talks about the importance of Testability - Support for Testing, Testing for Support. A must read for any tester who is serious about testing. Take a look.

    Sincere Regards,

  3. Thanks for nice article Debasis.


  4. Hi Debasis,
    Good cheat-sheet!
    I am agreeing with Michael that key component in testing is tester skill.
    But as a good testing habits it's better to have testing checklist so that one can not miss any important aspect of testing.

    BTW you can enjoy few more website testing tips on my post written few months back here:
    Complete guide on testing web applications

  5. Hi debasis,

    I use to read your blog , It is interesting. Please provide printer friendly facility.because we can read it any time even if we don't have PC in home.

  6. @ Anonymous (Sam Selva Prabu),

    I received your email. I am so sorry that you could not take Printouts of my post(s) to be able to read them from home. I have provided a Printer Friendly Version (You can find it at the end of each post, just above the Comments section and just below the Categories) as per your request. You can directly take printouts using the [Ctrl+P] too! I have tried to strip off the unnecessary images, header block, top bar and sidebar items from my Printer Friendly Page so that you won't have to waste your expensive printer ink and pages. :)

    Note: Online version of the Printer Friendly Version seems to be OK [though longer posts are displayed in single pages with rest of the post getting truncated!]. Hopefully it should work fine when you take real Printouts. Anyway, I need to test it by taking Printouts and I will do that soon. In the mean while, let me know if you face any problem while printing. Thanks for letting me know your problem and your feedback. Happy Testing/Printing... ;)


  7. Hi Debasis,

    I have been a fan of yours ever since I visited your blog. Your articles are really helpful and interesting.

    I am also a tester, and my company is into web development. I wanted you to write on website testing and was about to write about it, but seems telepathy played a role here and you happened to write a blog on it.

    One thing that I would like to share is that, we do test Javascript validations at our side. If the Javascripts are turned off then the server side validations come into action. Its a kind of double check. I think this is what everyone follows.

    One more type of Compatibility testing I feel is checking the site in various internet connections, ie. Dialup, Broadband, Cable etc just to see how the page displays while loading under different speeds.

    Would appreciate your views on this.

    (The blog is still in its infancy)

  8. hi Debasis,
    To day is the first time i gone thru ur blog,its fantastic.It is very useful to every one.I can't stop my-self to appreciate you for such a hard work u doing for us.By going thru this i came know lot of things came to picture.But... i am sorry to say copy/save option.



  9. is it possible to do load testing for a website, manually, without a testing tool?can you give me sample of the testing cases?.

  10. Hi Debasis,

    I am very satisfied with ur blog, but still i am confused in Testability testing, can u discribe it in simple words with example.

    Thanks n Regards,

  11. Hi Debasis,
    I thank you a lot for your valuable blog. Can you please tell whether there is any International Certifications especially for Website Testing.

    Hoping a reply soon..

  12. Its a Greate article ,I learned so many things from your article thax a lot.

  13. hello debasis,
    nice explanation of website testing!...can u please give an example of client server application?

  14. Great article..i was searching for the best web testing method.Here i really got what i need in a well structured form..and Michael really pointed out a great point..

  15. A very good article for Freshers!!!

    Thanks for your useful blog!!!

  16. "Performance Testing and Software Test Tools resource consumption needs to be conducted on a few servers or workstations with a proper backup for redundancy and failure. Setup tools need to be built in order to monitor and correct performance issues."


NOTE: Comments posted on Software Testing Tricks are moderated and will be approved only if they are on-topic. Please avoid comments with spammy URLs. Having trouble leaving comments? Contact Me!