Review By: Howard S. Epstein
07/08/2010Until recently, there has been a lack of books on the subject of Web testing. Of the books I've seen on testing Web-based applications, Lydia Ash’s Web Testing Companion is one of a few that are truly worthy of the Web testing genre. Its strength lies in the numerous examples the author provides on what to test and how to test these systems.

Too often, I've seen Web testing books that only review the difference between Web applications and client-server or mainframe-based systems. Unfortunately, they rarely go into enough detail regarding what the tester should actually test. This book provides the specific information that the tester needs to hit the ground running when it comes to testing Web applications.

Ms. Ash’s book tackles two main areas. Several chapters focus on the basics of general test practices and what it means to be a professional tester. The remainder of the book is a discussion of Web system design, globalization (or internationalization), performance, and security, four topics that are particularly relevant to Web-app testers.

The book is divided into four parts. Part One, “Becoming a Tester,” assumes that the reader is new to the area of testing. Topics include: the traits that make a good tester, the role a tester plays in the overall organization, how to write an effective bug report, and how to start testing Web applications. Ash also includes useful information about dealing with test design such as ways to compile effective test cases and how to find an application’s most vulnerable areas for defects.

Part II, “Client-Side Testing,” dives into a discussion of HTML tagging and the importance of maintaining coding standards that promote clean, organized code. The material “kicks it up a notch” with an exploration of the types of scripting technologies, and how scripting errors can rear their ugly heads. Finally, she presents an in-depth review of global character sets, the use of different language choices on a website, and the test efforts needed to ensure the integrity of a truly global Web application.

Part III, “Server-Side Testing,” touches on two subjects: performance testing and security testing. The chapter on performance testing teaches the reader how to find potential system-performance bottlenecks. Ms. Ash also presents several interesting measurements, which when used together, give management and the development team a picture of the overall performance characteristics of a Web-based system. Security testing is given a thorough treatment in the following chapter. The book touches on a number of potential areas that either hackers or unwitting participants can exploit within an application – buffer overruns, improper error handling, and denial of service attacks. The author presents a number of useful and interesting testing techniques as well as how to apply them in each situation.

Part IV, “Being a Tester,” goes back to the basics. She presents an introduction to automation and explains which tasks automation suits best and which ones it does not. Finally, the book comes full circle from Part I by re-introducing test planning and design techniques, going a bit deeper by discussing some available methodologies for potential use in architecting future test plans. The last chapter is a general discussion of planning, organization, and preparation guidelines to maximize testing effectiveness and value.

There is a 200-page appendix at the end of the book that testers both new and experienced will find valuable. It is an impressive collection of knowledge and information and will serve as a handy reference for any tester. The compendium of lists in the appendix alone makes this book worth the purchase price. It is a terrific reference that a tester can always turn to when given the task of Web testing.

The chapters dealing with Web design, globalization, performance, and security are the meat of this book. These chapters, along with the appendix, make this a must-have for any tester’s or test manager’s library. Naturally, all of the material is not going to apply to every tester for every application, but any tester dealing with Web applications on a daily basis will find this book valuable and will likely refer others to it for specific information.

All in all, The Web Testing Companion is a highly recommended text for the experienced tester looking for more information on how to attack testing applications for the Web.