Web Testing Interview Questions

What are the typical problems in web testing?

1) Security- Authntication Issue, data not encrypted, User privileges leaks, SQL injection can done, cross side scripting, cookie testing etc. 2)Session Issues:- Session of page not maintained. 3) Compatibility Issues: Browsers like Mozilla 3/2, IE 6/7, safari , netscape etc. 4) Performance: Response time throughput etc. 5) GUI issues:- Page resize issues, alignment of page, page refresh issues, look & feel, broken links, bad hyperlinks, spelling etc. 6) Useablity: User friendliness of site like sorting of data in dropdown etc. 7) Load & stress: site not beer load for large number of users. 1) Pages on the website are not properly validated and do not conform to industry standards (CSS, HTML/XHTML). 2) The application's business logic is not proper. 3) Mechandising content on pages are inassessible or incorrect (if applicable). 4) User inputs are not properly validated. 5) User inputs do not meet technical specification. 6) Error messages are not generated or are incorrect. 7) Web page design (fonts, color scheme, layout) does not meet requirements. 8) Broken links. 9) Feeds do not work properly. 10) Pages are not assessible for visually impaired. 11) Advertisements are incorrect or don't function as expected. 12) Copyright information is incorrect. 13) End User License Agreement (EULA) is incorrect. 14) Images have not been optimized or do not otherwise meet requirements. 15) Cookies don't work properly (if applicable). 16) Web client can't handle some of the messages returned by server. 17) Pages don't render properly with some operating systems and/or browsers. 18) Data obtained through web pages are not captured and/or stored properly in database. 19) It takes too long for some pages to render. 20) Performance lags when there are numerous simultaneous users. 21) Users have inappropriate access to roles or content. 22) User problems with login (password strength, failure to track login attempts, etc). 23) Concurrency issues (session problems) when multiple users are on the same page and/or when a single user is on multiple windows of the same page. 24) Server log does not properly track transactions. 25) Website does not properly use SSL.

What Are The Most Common Issues Seen In Web Testing?

1. Functional Issues. 2. Problems that occur while navigating an application. 3. Usability issues like broken links, form fields missing default focus, tab key not working and all keyboard shortcuts not fully functional. 4. Cosmetic and GUI issues. 5. Performance issues - How much time it takes to display the page to the user. 6. Load - How much load an application can handle at any point in time. 7. Stress - Load that causes an application to crash. 8. The flow of data - Storing of information entered by the user in the correct format. 9. Proper static information is not displayed along with text fields to enter data.

Describe something a tester should keep in mind when testing web applications?

1. UI testing : look and feel of the website tops the list 2. Functional testing : if all the feature/icons/ links etc work as expected 3. Browser compatibility testing: If the application behaves consistently on various browsers. 3 a. (Extension of 3) Mobile/tablet compatibility testing: If the web site behaves consistently on various smartphones and tablets (ipad etc) 4. Performance testing : if the web pages respond within the time set in requirements document. Example - the requirements say that so and so page or website must respond within 5 seconds. Google search engine thrives on their algorithm and fast response times. 5. Integration testing - if the web application interacts correctly with databases, other sites (you click on link don't you) etc. 5. Security testing : Hackers should not be able to get sensitive data or mess around with servers etc. 6. Operating systems compatibility : if it can run on all OS - MAC, windows, linux etc.

In n tier Architecture What are the factors should be considered for testing?

3 tier architecture is not for windows applications... it's for web applications... In n tier Architecture What are the factors should be considered for testing? [Ans] We need to consider below things -> Browser testing -> DB testing -> Networking Testing -> Application testing : GUI, Functional, Adhoc, Compatibility, Security, Load, performance, stress...

There is a login form which is connected to an Authentication Web Service. What tests would you perform at which layer?

All the input/output validation should be tested at the API layer calling the Authentication Web Service. Tests such as valid/invalid username/password combinations as well as verifying correct error messages. The location of the display of error messages, their color and font should be tested at login web page. Also, if applicable, Javascript and Cookie tests needs to be tested at front-end login page.

List Down The Actions Necessary For Securing A New Web Server?

Ans. Following are some of the important steps that a tester should check for securing a web server. 1. Limit the user rights as per their roles. 2. Update user permissions for resources required. 3. Clean default data and scripts stashed on the server. 4. Use a Software firewall on the server. 5. Enabling and making use of IIS logging. 6. Taking Regular backups.

What Are The Different Configurations Which Tester Should Consider While Testing A Web Application?

Ans. Following key factors need consideration while testing an application. 1. Hardware platform: different users may use different platforms like Mac, Linux, and Microsoft. 2. Browser: The layout of the web page changes on the different browser. Also, browser version and plug-ins are other important factors. The resolution of the monitor along with color depth and text size is some of the other configurations.

What Are The Tests That You'll Run For Testing A Login Form Which Uses A Web Service For Authentication?

Ans. For testing such a user case, we need to verify both the Web service and the Login test form. So we can design the test cases in the following manner. Web Service Testing. 1. First of all, we'll cover the testing of Web service API for input/output validation. 2. We'll execute cases including valid/invalid username/password combinations as well as verify the correct error messages. Login UI Testing. 1. Consequently, there will be tests for login web page to check the location of the display of error messages, their color, and font. 2. Also, if the login page uses any Javascript or Cookies, then we'll add cases to test the applicable functionality.

What Is The Difference Between Authentication And Authorization In Web Testing?

Ans. The key difference between both the processes is. 1. Authentication is the process which empowers the system to identify the user. Whereas, authorization happens after authenticating the user. 2. The authentication ensures that the user is indeed a valid user, who he claims to be. Whereas, in authorization system will decide whether a user is entitled to perform a particular task. 3. There are different ways of doing authentication like password-based and device-based. However, authorization is of two types read-only and read-write both.

What Is The Difference Between The Static And Dynamic Website?

Ans. The main differences between Static and Dynamic website are following. 1. A Static website contains web pages with fixed content whereas, in Dynamic website content of the web page change with respect to time. 2. It's not difficult to build a static website as you don't require any database design. But developing a dynamic website requires good programming resources and database knowledge. 3. A static website doesn't support user communication as it displays same information to each one of them. Whereas, in the case of dynamic websites, users may communicate with each other.

Explain Cross Site Scripting?

Cross Site Scripting is a thread in the dynamic website. It is also known as XSS. It occurs when a web application gathers malicious data from a user. Data collection happens in a hyperlinked form which contains malicious content within it. It allows insertion of malicious code into the web page. The web page can be a simple HTML code or a client side script. Suppose a user, accidently clicks on a web page containing the malicious code then that code becomes part of the web-request of the user. This request can also execute on the user's computer and steal confidential information.

What bugs are mainly come in Web testing? What severity and priority we are giving?

Field validation and errors due to the entry of invalid characters are the main problem.In Field validations, especially if you will enter HTML tags in the fields and processed application will crash. Which gives you a HIGH priority and HIGH Severity defect.The bug that mainly comes in web testing are cosmetic bugs on web pages , field validation related bugs and also the bugs related to scalability ,throughput and response time for web pages.Bug is a hidden defect.They are captured in User Environment.Defect Is a specification which is Missing,present but wrong.They are captured in Controlled Environment.

What Is Field Validation In Web Testing?

Field validation is done to ensure that user enters only correct data into the fields present on any web page. We can select a variety of validation option that depends on the type of data user may enter into the field. We can also ask to display an error message if the user enters an incorrect value. For example, you can set an option to make it mandatory for the user to enter a value in the field else, an error message is displayed. It performs data validation like email field must contain the data in [email protected] format.

List The Main Differences Between Client-Server, The Web And Desktop Applications.

Following are the key differences between them. Desktop Application. 1. The application runs in single memory with Front-end and Back-end in one place. 2. It has a single user only. Client/Server Application. 1. The application runs on two or more machines. 2. It is menu-driven. 3. Works in connected mode ( that means connection exists until logout). 4. It has a limited number of users. 5. it has less number of network issues as compared to the web app. Web Application. 1. The application runs on two or more machines. 2. It is URL-driven. 3. It uses a web browser as the client interface. 4. Works in disconnected mode (stateless). 5. It has an unlimited number of users. 6. It has many issues like hardware compatibility, browser compatibility, version compatibility, security issues, and performance issues.

List Down The Key Web Application Testing Techniques?

Following is the list of standard testing techniques that we apply to test any web application. 1. Functional Testing - includes link testing, form validation, search operations, and navigation testing. 2. Security Testing - includes authorization check for secure pages, verify access control and the user making direct entry to the internal page or redirecting to the login page, check if the session expires after it remains idle for a pre-defined time and testing virus attacks. 3. Database Testing - includes verifying data integrity on creating, updating or deleting data in the database, obtain a correct result on executing heavy queries, retrieve data from the database and represent on the web pages correctly. 4. Performance Testing - Check response times of application under different speeds of connections, verify if site handles many simultaneous user requests at the same time, check how the site handles large input data from users and check how the site pulls through if a crash occurs due to peak load. Next, there are some which ensure a good user-experience. 5. Usability Testing - includes navigation testing to verify that the Menus, Links or buttons on web pages move to correct pages, content testing to identify all the spelling and grammatical errors present on the page. 6. Compatibility Testing - includes verification of OS compatibility, browser compatibility, and mobile browsing. 7. Interface Testing - verifies that communication towards all the three servers - The Web, Application, and Database Server is working fine. Check if any request interrupts in-between then how the application is responding. Handle any error from web or database server to the application server and display the correct error message to the user.

Explain The Difference Between HTTP And HTTPS?

HTTP stands for Hypertext Transfer Protocol which is a set of rules for passing the information back and forth between clients and web servers. HTTPS refers to a combination of a normal HTTP interaction over an encrypted Secure Sockets Layer (SSL) or Transport Layer Security (TLS) transport mechanism. HTTP uses port number 80 whereas, HTTPS uses port number 443. HTTP supports mechanism of sending a file to the client asking for it only if any update is there. Whereas, HTTPS encrypts user page requests and decrypts the page response that web server returns.

What are the typical defects identified through browser compatibility testing?

In browser compatibility testing we found more and more designing issue. UI issues : text cut, text color, missing symbols, overlap issues, cutting texts performance issues flash (game ) site does not open on IE 8 but visible properly on other browsers navigation issues

How to Calculate Session Time Out in Web Testing?

Open the website in Chrome Browser Press F12- Click Time Line - Press Ctrl+E Status will be displayed with Recording Time. Verify the time when it kicks out the user from application 1. First of need to know how much set as a session timed out time. 2. Next invoke the application and keep it idle until crossed the session expired time 3. Now try to do invoke some pages or try to add some thing 4. If we got the message 'Session Expired' then it's fine or else need to log the issue As for negative case, 1. First of need to know how much set as a session timed out time. 2. Next invoke the application and keep it idle until some time, but make sure it doesn't crossed the session expired time 3. Now try to do invoke some pages or try to add some thing 4. If we got the message 'Session Expired' then it's?an issue?or else it's fine. The only thing I might add is that you can do the same thing using HTTP Requests to the web server's 'Client API'. In this way, the actual time (in seconds) is returned in the web server's Response.

How to test the video chat or testcase for video chat

Test case scenarios: 1. Video calling icon should display when another users are online with webcam. 2. Clicking on video calling icon should connect to the particular person with calling ring tone and callers name. 4. Video resolution should good in all browsers and resolutions. 5. video calling should start with sound enabled automatically. 6. Video can be mute for temporary but Sound can be played. (And vice versa) 7. Reconnect to user is possible in low network or quick disconnect/ connect of wifi connection. 8. Chat/ text can be done along with the video calling. 9. Joining / removing more people into same chat is possible. 10. If one person is disconnecting the chart then the connection should not get fail with other persons. 11. When main caller will close the chat, then it should disconnect from all the persons. 12. Video recording / sound recording functionality is working fine during video chat. 13. Mute/ un-mute to sound functionality is working fine. 14. Video calling window should be maximize / minimize. 15. User should use other functionality of PC/ laptop / mobile, during the video call. 16. Screen should divide and display all the persons pics when the video call made for multiple persons. And disconnect with person should remove the screen allocation for him/ her. 17. If the person is not accepting the call request, then the call log should generate and should appear to the called person. 18. Functionality should work fine with diff OS / devices & Networks.

How would you Test a Service Oriented Architecture (SOA) Web Application?

The testing of web applications that communicate with a web service can be broken down into two parts: Testing of the Web Service in isolation. Each web service has one or more functions which can be tested by sending appropriate requests and analyzing the response and verifying correct data is returned in the response. We can use tools such as SoapUI to test a Soap Service or Rest Client to test a RESTful web service. Integration Testing of Web Service with the Front End. The integration testing is also important as it can highlight issues with data in the request and display of the response. The reason for this separation is to be able to identify issues in the web service much quicker and easier to debug.

How do you test the login feature of a web application?

This is a very common software testing interview question and the aim is to see how broad you can think about the feature. Most interviewees start with the obvious answer of checking input fields with positive and negative values, invalid email, valid email but incorrect password, SQL injection, etc. But most of these tests can be done and should be done by the developers as part of integration testing. Here the focus is on testing at the system level, tests which cannot be done without a fully integrated system. Possible answers to this testing interview question can be: Sign in with valid login, Close browser and reopen and see whether you are still logged in or not. Session management is important - how do we keep track of logged in users, is it via cookies or web sessions? Sign in, then log out and then go back to the login page to see if you are truly logged out. Log in, then go back to the same page, do you see the login screen again? Sign in with one browser, then open another browser to see if you need to sign in again? Log in, change the password, and then log out, then see if you can log in again with the old password.

What Types of Testing is Specifically Important for Web Testing?

This is also an important Software Testing interview question for web application testing roles. Note, this question is asking about the types of testing. Although you would do functional testing, usability testing, accessibility testing, etc, these are all also applicable to desktop application testing. The question is asking specifically for web testing. Two types of testing which are very important for testing web applications are Performance Testing and Security Testing. The difference between a web application and desktop application is that web applications are open to the world, with potentially many users accessing the application simultaneously at various times, so load testing and stress testing are important. Web applications are also vulnerable to all forms of attacks, mostly DDOS, so security testing is also very important to consider when testing web applications.

How do You Verify the Results of Your Search on Search Results Page?

This is another common Software Testing Interview Question for e-commerce testing roles. This question refers to verifying the results are what we expect to see. Suppose you search for a product on Amazon.com website. On the search results page, you will see a list of items related to your search. How can you verify that the results that you see are really the ones that you are supposed to see? The answer to this question is rather simple. At first instance, we need to know where the data is coming from. Are they coming from a database? Or some XML files from 3rd party websites? Once we have this information, we can start comparing the results we see on the result page with the results from the source, e.g. database. Another option is to use mocks to generate the data that we need so we can fully control the data that we see on the search results page.

There are many ways to test a website and there could be lots of test cases to execute, how can you make sure the web application is fit for release?

We can Automate majority of test cases, but most importantly we can use test techniques such as Pair-wise testing to reduce combinations and/or model-based testing to plan user journeys to ensure major functionality of web application works. We can also use analytics to gain insight into what users do on the website, which page is most popular and which feature is most used by users.

How is Web Application Testing different to Desktop Application Testing?

Web Applications are typically hosted on a server which we can access via a web browser, whereas desktop applications are installed on the client's machine. This setup opens a lot of new testing challenges: Performance and Security testing become important as the application is open to a wide audience. Good design and usability are also important. Other important factors that come to play are testing on multiple browsers, multiple devices, redirection, and responsiveness. Also, we should not forget about Javascript, CSS, Cookies, W3C standards, traffic monitoring, third-party tags testing, all of which are important in Web Application Testing.

What Is The Scope Of Web Testing?

Web testing is the name given to Software Testing that focuses on testing the web-based applications. Before going to the production environment, test team performs exhaustive testing of the web applications. This help to uncover different issues in the application like the functional discrepancy, web application security, web service testing, problems during integration, environmental issues, and its ability to handle the user load. These issues if remain uncovered may get exposed to the public. Thus efforts are made in this stage of testing to find out the possible bugs.

What to do if website is ready to launch and you are called to test it?

When you are in that situation, we should first test the high priorty on the funtionality of the web site. We need to check there are no broken links and dead ends. Check for any broken links Validate if cookies are being created. If yes, check the information that it contains. It shouldn't contain any confedential information. validate the applications performance. The time taken to search a content, time taken to navigate from one page to anothers. How users friendly the application is. Check for browser compatibility. > First tested the high priority functionalities -> Will check the navigational links and make sure there would be no broken links -> Will check all positive cases like adding an application, editing, etc -> And depends on time we can do the remaining testings like GUI, security etc. -Which functionality is the core functionality? - Which functionality if fails affects the core purpose of website? - Which functional area deals with finance (money transfer)? - Which browser audience uses more? - What is the performance benchmark? - Timings with maximum web traffic?

Can You Tell Few Scenarios For Testing A Web Application?

While testing a web application, you need to consider the following areas. 1- Functionality Verification. A- Testing Links which includes. i. Internal Links. ii. External Links. iii. Mail Links. iv. Broken Links. B- Form validation includes. i. Field validation. ii. Display error message for wrong input. iii. Verification of optional and mandatory fields. C- Database. i. Testing the database integrity. D- Cookies. i. Testing will be done on the client system side, on the temporary Internet files. 2- Performance Verification. Performance testing can be applied to understand the web site's scalability or to benchmark the performance in the environment of third party products such as servers and middleware for potential purchase. A- Connection Speed. Testing done on various networks like Dial-up, ISDN. B- Load. i. A Huge number of users accessing the application at the same time. ii. Check for peak loads and how the system behaves. iii. A Large amount of data accessed by a user. C- Stress. i. Apply continuous load on the system. ii. Verify the performance of memory, CPU, and file handling. 3- Usability. The characteristics of a system are measured. i. Ease of use. ii. Navigation. iii. Content completeness and correctness. iv. General appearance. 4- Server Side Interface. To verify that communication is proper on this interface. Test the compatibility of the server with software, hardware, network, and the database. 5- Client Side Compatibility. Testing is done on different platforms using various browsers. 6- Security. Security testing involves the following. i. Network Scanning. ii. Vulnerability Scanning. iii. Password Cracking. iv. Log Review. v. Integrity Checkers. vi. Virus Detection.

How to Check whether your website is secure or not?

Yes, first visual tests are the padlock and secured protocol (https). But for thoroughness security testing is your game plan. You can and should tell the interviewer about security testing. If he asks you tell him you have done low-level SQL injections - easiest tutorial at: http://www.securiteam.com/securityreviews/5DP0N1P76E.html At the top of your internet browser , Check if this website address starts with "http://" or whether it starts with "https://".if the page does start with https:// then the website is in a secure area Look for a padlock somewhere in your internet browser. If there is no padlock on the browser somewhere then the page could be unsecure. If the browser does have a padlock, then it means that the website is secure. NOTE: The padlock is not shown on the website page (as this means absolutely nothing), rather the padlock that youre looking for is somewhere on the browser.Click on the yellow padlock or key icon for an additional check on the level of security. These icons represent a certificate of authenticity for a website.When you click on the icon, it should display more information about the websites encryption and authentication information. You can click on “View Certificates to see more information about the website and whether it matches with the address being used. Their are two protocols that secure a website - "SSL" (Secure Sockets Layer) and "TLS" (Transport Layer Security). Both of these protocols encrypt information between pages so that if information is "intercepted" by an unauthorized party, the encrypted data is meaningless and useless unless they know have to decrypt the information. By using SSL or TLS, only the intended recipient has the encryption "key" and can successfully decrypt the information passed to it. SSL and TLS use third party companies such as Comodo, VeriSign or GeoTrust to validate that the website is genuine, provide the encryption and decryption abilities. Simple answer- We should see to it that our data is passed with encryption. - Better use Post method rather than Get for form submission. - The site has SSL encryption