Suggestions for Website Testing
Hi all, I am gonna combine both my introduction and question into one.
I am currently working for a company that design and develops websites using their own in-house solution for a CMS that is written in PHP. I currently have zero-involvement with any of the programming and design of the site. I am wondering where would be good points to start within testing as I cannot do any load testing or really any white box testing, at least as far as I am aware.
Currently I am doing functional testing on all forms and the website as a whole as well as any forms within the back end, I am also doing usability testing although not with any user feedback as I also have no capability to do it.
I am aware that I can do some security testing on password and username fields but other than that I don't think I can do anything else as we also host pretty much all websites internally as well as hosting them on a staging and a development server prior to go-live.
Any pointers would be really useful, as would any suggested tools or resources. I have already done a search and cannot find any answers that seem to fit.
If you could help this would be really appreciated, feel free to ask me to clarify any points if you don't understand.
That's a big question. Let's start of first with getting to know what practices your company already has, and what you can do from there.
For the functional testing. If the company doesn't have a system of storing requirements/test scenarios and prioritizing them. I recommend doing that as the first thing. Every company will expect you to test everything, but it's hard to do that if you don't know what everything is. So the next best thing is to come up with a procedure for getting things documented.
For secruity testing. Unless you're an expert on security, it's probably best you don't handle the formal security testing. This will lead to a false sense of security, it would be better to have a security team or 3rd party vendor do this for you. But as part of the certified for release procedure, you could run some sort of out of the box security scan like Skipfish or AppScan. This will help you identify some issues before it goes to a security vendor to save time and money on outside security testing. But these tools do not know the internals of your program, so some sort of formal security audit is recommended for any application that deals with sensitive data.
As for automation. If you don't have this in place already, it's good to start the ground work on that. Evaluate the technology stack of the application, and figure out where testing can happen. Unit level, Database level, API level, user interface level. At the UI level, break down the list of technologies used (HTML, Flash, Java, etc...) that's used in the front end. Then chose a set of tools and APIs that can work with that.
Thanks for the reply, I appreciate I really couldn't have got more generic in my question, I guess I'm more looking for some confirmation I'm doing things right as I have zero background in QA
I am currently writing up some standard documentation and procedures with whatever resources I can find/adapt from software QA sites and forums and as a result have some standardised test cases and bug checklists, it's just when reading up I hear loads of really in-depth things mentioned like Database level things and integration testing and I'm unsure as to whether or not I have any input with things like this. Currently the only things I definitely know I have no involvement with are Database level access/functions, API (I believe) and possibly unit level. I think a good chunk of my problem lies in the fact that the company has never had a dedicated QA person within this department. They've asked me to research some courses to go on and from what I can determine the ISTQB foundation would be useful but other than that I am clueless.
I'm not too worried about security as all of that I believe is handled by our internal IT department but once again I'm not sure
If you can recommend any website-specific communities that would be really useful.
Thanks for the quick reply,it is really appreciated. I guess I'm just looking for confirmation that what I have been doing so far is right as I have zero QA experience prior to this.
At the moment I am in the process of writing up some basic procedure and similar documentation from whatever I find/modify from online resources.
Right now what would be really useful would be a list of website-testing specific websites/communities as most resources I am finding are software specific as opposed to actual websites.