Web Service Testing for the New Digital Age

Size: px

Start display at page:

Download "Web Service Testing for the New Digital Age"

Sherman Harvey
5 years ago
Views:

1 Web Service Testing for the New Digital Age Harish Auradkar Sr Quality Engineer Deepti Hippargi Sr Software Engineer Allscripts

2 Abstract Most of the companies in the new digital age are adopting the web services to enhance their product value, as web service provides a cost effective and practical solution of exchanging the data in a distributed application irrespective of the operating system, platform and language barriers. This evolution brings with it the challenge of testing the web services completely to provide the optimum quality and customer satisfaction. This paper provides the essential approaches of web service testing to be incorporated at the different stages of software development to have a stable and quality assured product to the customers as per the business demands and also covers the Web service advantage in the new Digital age, Web service attributes in the Shift left approach, testing approaches related to web services and finally the overview of the Web service testing tools.

Web service advantage- why it s being used most in this new Digital era With the emerging digital age the method of storing the information on a collection of mainframes and minicomputers speaking

Now is the time for the major companies adopting the web services, as web services provides the inherent interoperability by using platform and language independent technology.

3 Web service advantage- why it s being used most in this new Digital era With the emerging digital age the method of storing the information on a collection of mainframes and minicomputers speaking different protocols has become merely a memory. Now is the time for the major companies adopting the web services, as web services provides the inherent interoperability by using platform and language independent technology. The platform and language independent aspects of web services is a major advantage in the new age digital world. This is mainly achieved by using different protocols like SOAP, REST, WSDL, XML, HTTP. Web service are majorly re-usable, in the sense the code can be reused in a condition where one service can be used by different clients in term enabling the fulfilment of different business objectives of each client. A section of the service can be simply re used instead of creating a custom service for each client request. Web services are also adaptable, this makes them so versatile in nature. A client can use multiple services to complete a process even though the underlying business layers are in compatible with each other. For example, a client can an application which uses multiple web services to update a sales, shipping and ERP systems but with a single interface.

4 Web service Testing Importance and the challenges With the versatility of the web services, its usage is increasing in the new age digital world, with this comes the challenges to do a comprehensive web service testing and the stage at which the testing needs to be incorporated in the development life cycle to assure a more reliable and cost effective product. One of the main solution here is -Early Testing Adaptation- A shift left approach As it goes with any other form of testing, the web service testing should also be a part of development life cycle from the beginning. With the shift left approach in web service testing, the tester will be able to test and provide the inputs to the development team as and when the web service is deployed. This will immensely help is building a more stable web service environment. This approach not only holds good for functional tests, but for the performance and security testing of the web services as well. As the web services are tested as and when they are deployed, this will help is Finding and fixing the bugs at an early stage To incorporate the integration testing of different environments and to get an accurate detail of the stability To test the security of the web services thoroughly at an early stage will help rule out any breaches at the end To get the scalability of each web service at an early stage helps improve its coding enhancements in terms of design and in turn time taken for its execution later in the production And finally, it also reduces the cost and Time effort, which may incur at the later stage if the issues persist due to lack of testing early

5 As an Example, in our product the web services layer has been introduced newly. As per the shift left approach we started the web service testing right from the time the services were deployed in the test environment. This helped us in a great deal to find the bugs at the early stage and to get them fixed on time and also to do the performance test of each services and to fine tune the code to get the optimized response times. As part of functional/ performance /security testing that we conducted using this approach, advantages we found are: Total User stories User stories 200 Total Functional Bug found in early stage 110 Total Bugs converted to User stories 21 Design Modified / Newly implemented 12 Total Security /Performance Bug found in early stage 15 Code optimizations 12 Major challenges faced for the Web service testing: 1. Lack of User Interface Web services don t have a user interface as compared to other web application testing. So the testing needs the knowledge of programming skills, that the tester will use to write the test cases and use different tools like postman to test the different services and the response from the same. 2. Vast test coverage in terms of distributed environments Web services may be distributed over the network and maybe hosted on different operating systems and deployed in different environments. Hence a through black box testing should be covered. 3. Ensuring the security, scalability and stability A complete testing around the security aspects of the services should be done, and to have a knowledge of how the services will behave with n sudden increase in load, a proper performance tests for the scalability and stability over the time should be incorporated.

6 Web service Testing Different Approaches Functional In general, the best approach to normal functional testing is the same for web services (except for the fact that unlike most other applications, web services don t have GUI user interfaces). Apply the same functional testing techniques which you applied in the GUI testing. Simply think of a web service as a business process without a UI, and write your test case accordingly. Because web services can be used by many different clients and used in multiple ways, a through functional testing and negative testing do become more critical. In Web service testing make sure following points are covered: Does the service respond with the correct values? To check whether the web server under test works correctly, verify and compares the received response codes against response codes specified in the scenario. If your tested web server communicates with your client through a socket connection, messages the server sends are not HTTP responses and do not contain response codes. To check whether your tested server responses correctly, use validation rules. Validation rules are comparison criteria that you add to scenarios in your tests and that compare the response data against expected values. You can also create a validation rule if your tested server returns incorrect data (check the response data in the Response Body panel of the test log). After the issue is fixed, the validation rule will help you to check that the error does not occur anymore. Advantages we found with this approach: In the initial stage, we were able to catch the issues and we made sure that receiving the proper response from server (compares the actual (extracted) data with the expected data. ) Implemented the new user stories Can the service handle invalid values and exceptions have caused due to bad data? Verified the service response when we passed the bad request exceptions Advantages we found with this approach: One of the example was When we passed the wrong request we were expecting the 404 error message in the status code but request has succeeded and returns the status code with 200 Ok and entire Data has been returned in the response body, It was immediately fixed

7 Performance As much as functional testing is important for the web services, the performance testing also plays a major role in the stability and scalability of the web services. With the early adaptation of performance testing, we can conclude on how much load each web service can sustain, what impact is on the app server with the increase in the web service load, how is the whole system behaving will the system capacity is enough for the stated load or it should be increased. This approach of early performance testing of web services really help for our product where the web services are being introduced newly. Steps we followed for our product testing: Single web service test-once a web service is deployed and is functionally tested, it was taken for the load testing. We started with a small load of 2 requests per second and increased the load to get the level at which the services break in terms of response time SLA. When an code enhancements are done to handle more load, the tests were repeated and the threshold for each service was captured and a baseline value was concluded for each services. Multiple web services -A test with the specified/ agreed upon user load with different group of services depending on the modules in which they fall was done and the results included not only the response times but also the utilizations of App server in terms of memory, queuing time etc and also the overall impact of the web services changes at the system utilizations levels like memory, Processor etc. Advantages we found with this approach: With a single web service load test, we could make code level changes in terms of timeout parameter settings, memory allocation settings etc, which greatly helped in the web service performance With the multi web services load tests, we could see how our App server load is impacting the overall product performance, the changes to the Ram allocation to the app server were made (if the DB and App server are in one server) and also a new app server implementation other than client and DB servers was also introduced.

Most common Vulnerabilities Preventive Mechanisms Since SOAP messages are XML-based, all passed credentials have to be converted to text format.

8 Security Why security testing? In modern web-based applications, the usage of web services is inevitable and they are prone for attacks as well. Since the web services request fetch from multiple websites developers have to take few additional measures in order to avoid any kind of penetration by hackers. Most common Vulnerabilities Preventive Mechanisms Since SOAP messages are XML-based, all passed credentials have to be converted to text format. Hence one has to be very careful in passing the sensitive information which has to be always encrypted. Protecting message integrity by implementing the mechanisms like checksum applied to ensure packet's integrity. Protecting message confidentiality - Asymmetric encryption is applied to protect the symmetric session keys, which in many implementations are valid for one communication only and are discarded subsequently. OWSP standards :

9 Tools- For easing the effort of web service Testing 1. Postman 2. Fiddler 3. Jmeter 4. SilkPerformer 5. SoapUI 6. TestingWhiz 7. SOAPSonar 8. SOAPtest 9. TestMaker 10. vrest 11. HttpMaster 12. Runscope 13. Rapise 14. WebInject 15. Storm

10 References & Appendix

Author Biography Harish Auradkar 10+ years of experience in Performance testing and engineering Certified Scrum Master Senior Quality Engineer @ Allscripts Harish Auradkar is having 10+ years of

Earlier He worked for Excel soft, Telelogic Rational and Mphasis He has an expertise in different tools like IBM DOORS, Synergy, Change,RQM, HP SIM.

11 Author Biography Harish Auradkar 10+ years of experience in Performance testing and engineering Certified Scrum Master Senior Quality Allscripts Harish Auradkar is having 10+ years of experience in Manual testing currently working as Senior Quality Engineer at Allscripts. Earlier He worked for Excel soft, Telelogic Rational and Mphasis He has an expertise in different tools like IBM DOORS, Synergy, Change,RQM, HP SIM. He holds a Master in Computer Application degree and is an Certified Scrum Master tester. Co-Author Biography 10+ years of experience in Performance testing and engineering ISTQB certified Deepti Hippargi Senior Software Allscripts Deepti Hippargi is having 10+ years of experience in performance testing and engineering and currently working as Senior Software Engineer at Allscripts. Earlier she worked for Wipro technologies, Sapient India Ltd and Tech Mahindra. She also worked at client places at United Kingdom. She has an expertise in different tools like Loadrunner, Rational performance tester, Webload, Jmeter. She holds a Bachelor of Engineering degree in computer science and is an ISTQB certified tester.

12 THANK YOU!

Integrated Functional and Non -Functional Testing for Agile

Integrated Functional and Non-Functional Testing for Agile P a g e 1 Integrated Functional and Non -Functional Testing for Agile STC 2013 Arush Gupta Umesh Kanade Harbinger Systems Pvt. Ltd 139, "Siddhant",