| In Figure 14.1, you saw an example of a web page with much static content in the form of text and images. This static content was most likely created with straight HTML. That same web page also has customizable and dynamic changing content. Remember, HTML isn't a programming languageit's merely a tagging system for text and graphics. To create these extra dynamic features requires the HTML to be supplemented with programming code that can execute and follow decision paths. You've likely heard of the popular web programming languages and technologies that can be used to create these types of features: DHTML, Java, JavaScript, ActiveX, VBScript, Perl, CGI, ASP, and XML. As explained in Chapters 6, "Examining the Code," and 7, "Testing the Software with X-Ray Glasses," to apply white-box testing, you don't necessarily need to become an expert in these languages, just familiar enough to be able to read and understand them and to devise test cases based on what you see in the code. This chapter can't possibly go into all the details of white-box testing a website, but several features could be more effectively tested with a white-box approach. Of course, they could also be tested as a black-box, but the potential complexity is such that to really make sure you find the important bugs that you have some knowledge of the website's system structure and programming: Dynamic Content. Dynamic content is graphics and text that changes based on certain conditionsfor example, the time of day, the user's preferences, or specific user actions. It's possible that the programming for the content is done in a simple scripting language such as JavaScript and is embedded within the HTML. This is known as client-side programming. If it is, you can apply gray-box testing techniques when you examine the script and view the HTML. For efficiency, most dynamic content programming is located on the website's server; it's called server-side programming and would require you to have access to the web server to view the code. Database-Driven Web Pages. Many e-commerce web pages that show catalogs or inventories are database driven. The HTML provides a simple layout for the web content and then pictures, text descriptions, pricing information, and so on are pulled from a database on the website's server and plugged into the pages. Programmatically Created Web Pages. Many web pages, especially ones with dynamic content, are programmatically generatedthat is, the HTML and possibly even the programming is created by software. A web page designer may type entries in a database and drag and drop elements in a layout program, press a button, and out comes the HTML that displays a web page. If this sounds scary, it's really no different than a computer language compiler creating machine code. If you're testing such a system, you have to check that the HTML it creates is what the designer expects. Server Performance and Loading. Popular websites might receive millions of individual hits a day. Each one requires a download of data from the website's server to the browser's computer. If you wanted to test a system for performance and loading, you'd have to find a way to simulate the millions of connections and downloads. Chapter 15, "Automated Testing and Test Tools," introduces the techniques and tools you can use to do this. Security. As you learned in the previous chapter, website security issues are always in the news as hackers try new and different ways to gain access to a website's internal data. Financial, medical, and other websites that contain personal data are especially at risk and require intimate knowledge of server technology to test them for proper security.
|
