Web App Testing

Web applications are no longer simple information-based websites. Their increasing size and complexity combined with Agile’s short development cycles and frequent changes in requirements present many quality assurance and web application testing issues.

With all these changes, web application testing is now more important than ever.  The problem is that testing web applications is now akin to testing a fully functional software application. The only difference is the deployment platform. Size and complexity continues to increase and many think that test automation tools are the cure all. Utilizing these tools to conduct a functional test might be as easy as “record and play” but executing test runs in a coordinated manner while tracking issues and metrics to gauge quality and improvement can bring in a plethora of issues such as:

  • Task complexity and length
  • Roles and authentication
  • Menu options and permissions
  • Integration with other interfaces and 3 rd party plugins
  • # of variations for each data element acted on data integrity and format consistency
  • # configurations
  • # OS and browser platforms supported

Take a look at our web application test plan template. It’s a great checklist to make sure you don’t miss anything in testing web applications. This document is intended as a template for developing detailed test cases for functional testing of websites and web applications. It’s not all encompassing since the specific test case development strategy depends on the domain and application under test. But it does address key areas such as validations, links, forms, error messages, and cookies and sessions, web application security testing, and web application penetration testing. A sampling is shown below:


  • Validate valid HTML is used for website
  • Validate different fields, such as textboxes, dropdowns, radio options, check boxes, Combo box inputs, links etc.
  • Validate the CSS (Cascading Style Sheet) of the website


  • Test outgoing links from all the pages from the specific domain/application under test. This includes Facebook, Google+ and other social networking links.
  • Test all internal links.
  • Test links used to send the email to admin or other users.
  • Check for orphan pages.
  • Check for broken links.
  • Check links for indication of a link action that can be performed or was performed (i.e. color different from normal text).
  • Check that phone numbers can be dialed (for mobile website).
  • Check multimedia links ability to play.


  • Check validations on each field.
  • Check for the default values of fields.
  • Confirm inputs and boundary values for all fields.
  • Confirm options to create forms if any, delete, view or modify the forms.
  • Check different user types – roles if applicable.
  • Data
    • Check data accuracy and integrity
    • Check data input validation
  • Report format
    • Check field header correctness and integrity
    • Check aesthetics; font, size, etc.

Error messages

  • The required error message should be displayed when user proceed with not filling the mandatory fields.
  • Test error messages doesn’t display for option input fields
  • Unfriendly error messages like 404 Not Found, 500 Internal Server Error should not display
  • If web application can’t display correctly, proper error message page should display instead of showing a blank page, etc.

Cookies and sessions

  • Test enabling or disabling of cookies in different browsers’ options.
  • Test for cookie encryption before writing to user machine.
  • Check for login sessions and user statistics after session end.
  • Confirm effect on application security by deleting the cookies.
  • Check if the session is recorded during correct time.
  • Check if appropriate messages are displayed to user to inform that cookies usage for the site.
  • Test for application robustness for rejecting cookies.
  • Check if the session cookies or persistent cookies are used appropriately.

Web Application Security Testing

  • Log out user when user is timed out
  • Confirm that even login with a super admin, user should not see backend data
  • Validate if the web application has XSS leak issue
  • Validate if the web application can see the backend data
  • Validate the web application doesn’t have page permissions leak issue, such as user can’t see the backend page without login web application
  • Validate user can’t edit or delete elements on web application
  • Validate download file
    • Download file should not be damaged
    • Can’t copy/edit the content of the download file
    • Validate if interruption happens during downloading a file, the download copy should be deleted

Web Application Testing Services


To handle all of these issues in testing web applications, we’ve categorized our web app testing services into the following:

API Testing: Often overlooked, but perhaps the most important type of testing as a broken or partially functional API can lead to errors out of the blue. With software becoming more componentized, we are left vulnerable behind the opacity of the interface. Testing the interface thoroughly backwards and forwards and across 3 rd  party components that it may interact with is a critical element in all test efforts.

Functionality Testing: A functional test covers basic functionality, including menus, links and forms, test runs, role authentication as well as complicated features such as database connections and third-party component integration.

Manual Regression & Automated Web Application Testing: Any source code changes to a web app generally require some level of regression testing. This can either be 100% manual regression testing or more often, a mix of manual and automated regression testing.

Learn more about how XBOSoft uses test automation tools such as Selenium Testing in automated web application testing.

Usability Testing: Heuristic inspection-based testing that evaluates usability issues such as flow, efficiency, errors, success rate, content checking, and aspects of user help functions.

Compatibility Testing: Addresses browser compatibility, operating system compatibility, mobile compatibility, and printing options.

Performance Testing: Load testing web applications and web stress testing with benchmarking and application performance evaluation under various environment characterizations, including connection speeds, user loads, and user activities.

Web Application Security Testing and Web Application Penetration Testing for potential vulnerabilities as identified by the Open Web Application Security Project (OWASP), plus XBOSoft’s own list of top security threats.

Automated Software Testing Services – Case Study

XBOSoft possess nearly 10 years of web app testing experience, working with clients big and small, near and far. The selected Case Study below gives a good example of the long-term web app testing services we have been providing to clients over the years.

Mitel – Based in Ontario, Canada, Mitel is the world’s fastest-growing provider of cloud communications, making more than 33 million cloud connections daily. Mitel serves more than 60 million users in more than 100 countries. XBOSoft began providing testing services in 2010 to Benbria, at the time a small start-up whose product division was acquired by Mitel in 2016. Today, XBO’s testing services include API Automated Testing and Selenium Automated Testing.

These are the core areas we focus on when executing web application testing. Having a thoroughly tested web application not only means less support needed for end users but a safe and secure web application.

Next Steps: Not confident about your application’s quality or a round of web application penetration testing is needed? Not enough time for test runs of all platforms? XBOSoft is an expert in testing web applications. Contact us today!