Java Reference
In-Depth Information
review process by a specialized third party to ensure security, quality, and consistency of the cod-
ing practice, which relects in a strong application.
he other aspect of testing of Web applications is black-box testing. In this process, the Web
application is viewed as a black box and the code is not reviewed. he application is tested for
functionality, scalability, performance, and, most recently, security. It is recommended that a
separate application testing team be employed for the testing of Web applications. Functional
defects in the application—such as calculation errors, defective buttons or interfaces in the appli-
cation, and defects in the application brought on by incorrect rendering on diferent browser
platforms—are tested in a black-box testing process. Black-box testing also involves a process of
stress testing
, where the application is loaded with a large quantum of data to check for its per-
formance and consistency. Black-box testing also has a security aspect to it, as Web application
security has become quite an important consideration.
Vulnerability assessment
and
penetration
testing
are two popular black-box testing techniques for Web applications. Vulnerability assess-
ment is an exercise that aims at discovering all the vulnerabilities that are inherent in the Web
application and its environment. he deliverable from a vulnerability assessment is a report
detailing all the vulnerabilities found in the Web application and its environment and categoriz-
ing them based on their severity. A vulnerability assessment exercise is a combination of manual
and automated testing techniques, where the automated testing is done with the myriad tools
for Web application vulnerability assessment available in the marketplace today. Penetration
testing is an extension of a vulnerability assessment, where the penetration tester simulates a
Web application attack. he penetration tester, or pen-tester, proiles the Web application in
question, understands its vulnerabilities as a part of a vulnerability assessment exercise, and
subsequently attempts to exploit those vulnerabilities to gain control over the application or its
environment. For instance, an SQL injection vulnerability in a Web application might result in
an attacker being able to gain complete control over the database server. A penetration test aims
at providing the proverbial
proof-of-concept
for Web application vulnerabilities, to highlight
their seriousness and provide insights to developers and architects of their possible and most
efective ixes. Section 4 of this topic will provide insight into the process of testing Java Web
applications for security.
4.3.1.5 User Acceptance Testing
User acceptance testing, popularly referred to as
UAT
, is the inal phase of testing done by the end
users of the application before it is deployed into a production environment. his type of testing
is meant to provide end users and other related stakeholders the conidence that the application
being deployed in their environment meets their requirements. UAT is done only after all other
types of testing such as unit, system, and integration testing have been performed. Technical bugs
and glitches are to have been ixed by the time the application is subject to UAT. he UAT would
be a simulation of the real-world use of the application, through several use cases developed based
on the functionality of the application in the real world. Once the application has been compre-
hensively tested by the end users based on all the test cases, they sign of on the application,
accept-
ing
that the application meets all the requirements of the end users.
4.3.1.6 Deployment
Deployment is an important step in the application development life cycle. his is when a Web
application is ready to be deployed into the live environment or production environment and is
Search WWH ::
Custom Search