Web testing, part II
Web testing, part II

Web testing, part II

In the previous post, we talked about Functionality Testing and Usability attributes as per ISO 9126.

Moving further, today we’re going to fathom Performance Testing. Performance Testing is – in general – testing performed to determine how a system performs in terms of responsiveness and stability under a particular workload. In web performance, testing web site functionality on different operating systems, different hardware platforms is checked for software, hardware memory leakage errors etc.

Testing Types:

  • Stress Testing:  is normally used to understand the upper limits of capacity within the system. Web stress testing is performed to break the site by giving stress and checked how system reacts to stress and how system recovers from crashes. Stress is generally given on input fields, login and sign up areas.
  • Load Testing: In performing load testing, we want to simulate how users will use your web application in the real world. The earlier the load testing is performed the better. Simple design changes can often make a significant impact on the performance and scalability of your web application.

Difference between Performance, Load and Stress Testing: 

Performance Testing

The testing to evaluate the response time (speed), throughput and utilization of system to execute its required functions in comparison with different versions of the same product or a different competitive product is called Performance Testing. Performance testing is done to derive benchmark numbers for the system. Heavy load is not applied to the system. Tuning is performed until the system under test achieves the expected levels of performance.

Load Testing

Process of exercising the system under test by feeding it the largest tasks it can operate with. Constantly increasing the load on the system via automated tools to simulate real time scenario with virtual users. Examples: Testing a word processor by editing a very large document. For Web Application load is defined in terms of concurrent.

Stress Testing

Trying to break the system under test by overwhelming its resources or by taking resources away from it. Purpose is to make sure that the system fails and recovers gracefully. Example: Double the baseline number for concurrent users/HTTP connections. Randomly shut down and restart ports on the network.

Why Performance Testing?

Identifies problems early on before they become costly to resolve. Reduces development cycles. Produces better quality, more scalable code. Prevents revenue and credibility loss due to poor Web site performance. Enables intelligent planning for future expansion. To ensure that the system meets performance expectations such as response time, throughput etc. under given levels of load. Expose bugs that do not surface in cursory testing, such as memory management bugs, memory leaks, buffer overflows, etc

When is it required?

Design Phase: Pages containing lots of images and multimedia for reasonable wait times. Heavy loads are less important than knowing which types of content cause slowdowns. Development Phase: To check results of individual pages and processes, looking for breaking points, unnecessary code and bottlenecks. Deployment Phase: To identify the minimum hardware and software requirements for the application.

Security testing

Is a process to determine that an information system protects data and maintains functionality as intended. The six basic security concepts that need to be covered by security testing are: confidentiality, integrity, authentication, availability, authorization and non-repudiation. Security testing as a term has a number of different meanings and can be completed in a number of different ways. As such a Security Taxonomy helps us to understand these different approaches and meanings by providing a base level to work from.


A security measure which protects against the disclosure of information to parties other than the intended recipient that is by no means the only way of ensuring the security.


A measure intended to allow the receiver to determine that the information which it is providing is correct. Integrity schemes often use some of the same underlying technologies as confidentiality schemes, but they usually involve adding additional information to a communication to form the basis of an algorithmic check rather than the encoding all of  the communication.


This might involve confirming the identity of a person, tracing the origins of an artifact, ensuring that a product is what its packaging and labeling claims to be, or assuring that a computer program is a trusted one.


The process of determining that a requester is allowed to receive a service or perform an operation. Access control is an example of authorization.


Assuring information and communications services will be ready for use when expected. Information must be kept available to authorized persons when they need it.


In reference to digital security, non-repudiation means to ensure that a transferred message has been sent and received by the parties claiming to have sent and received the message. Nonrepudiation is a way to guarantee that the sender of a message cannot later deny having sent the message and that the recipient cannot deny having received the message.