Web Application Testing: 8 Step Guide to

Website Testing

Before we pen down more details on the type of web

testing, lets quickly define Web Testing.

What is Web Testing?

Web Testing in simple terms is checking your web
application for potential bugs before its made live or before
code is moved into the production environment.
During this stage issues such as that of web application
security, the functioning of the site, its access to
handicapped as well as regular users and its ability to
handle traffic is checked.

How to test Web Application

In Software Engineering, the following testing
types/technique may be performed depending on your web
testing requirements.
1. Functionality Testing:
This is used to check if your product is as per the
specifications you intended for it as well as the functional
requirements you charted out for it in your developmental
documentation. Web based Testing Activities includes:
Test all links in your webpages are working correctly and
make sure there are no broken links. Links to be checked
will include -
 Outgoing links
 Internal links
 Anchor Links
 MailTo Links
Test Forms are working as expected. This will include-
 Scripting checks on the form are working as expected.
For example- if a user does not fill a mandatory field in
a form an error message is shown.
 Check default values are being populated
 Once submitted, the data in the forms is submitted to a
live database or is linked to a working email address
 Forms are optimally formatted for better readability
Test Cookies are working as expected. Cookies are small
files used by websites to primarily remember active user
sessions so you do not need to log in every time you visit a
website. Cookie Testing will include
 Testing cookies (sessions) are deleted either when
cache is cleared or when they reach their expiry.
  Delete cookies (sessions) and test that login credentials
are asked for when you next visit the site.
Test HTML and CSS to ensure that search engines can
crawl your site easily. This will include
 Checking for Syntax Errors
 Readable Color Schemas
 Standard Compliance. Ensure standards such W3C,
OASIS, IETF, ISO, ECMA, or WS-I are followed.
Test business workflow- This will include
 Testing your end - to - end workflow/ business
scenarios which takes the user through a series of
webpages to complete.
 Test negative scenarios as well, such that when a user
executes an unexpected step, appropriate error
message or help is shown in your web application.
Tools that can be used: QTP , IBM Rational , Selenium

2. Usability testing:
Usability Testing has now become a vital part of any web
based project. It can be carried out by testers like you or a
small focus group similar to the target audience of the web
application.
Test the site Navigation:
 Menus, buttons or Links to different pages on your site
should be easily visible and consistent on all webpages
Test the Content:

 Content should be legible with no spelling or

grammatical errors.
 Images if present should contain an "alt" text
Tools that can be used: Chalkmark, Clicktale, Clixpy and
Feedback Army

3.Interface Testing:
Three areas to be tested here are - Application, Web and
Database Server
 Application: Test requests are sent correctly to the
Database and output at the client side is displayed
correctly. Errors if any must be caught by the
application and must be only shown to the administrator
and not the end user.
  Web Server: Test Web server is handling all
application requests without any service denial.
 Database Server: Make sure queries sent to the
database give expected results.
Test system response when connection between the
three layers (Application, Web and Database) cannot be
established and appropriate message is shown to the end
user.
Tools that can be used: AlertFox, Ranorex

4. Database Testing:
Database is one critical component of your web application
and stress must be laid to test it thoroughly. Testing
activities will include-
 Test if any errors are shown while executing queries
 Data Integrity is maintained while creating, updating or
deleting data in database.
 Check response time of queries and fine tune them if
necessary.
 Test data retrieved from your database is shown
accurately in your web application
Tools that can be used: QTP, Selenium

5. Compatibility testing.
Compatibility tests ensures that your web application
displays correctly across different devices. This would
include-
Browser Compatibility Test: Same website in different
browsers will display differently. You need to test if your web
application is being displayed correctly across browsers,
JavaScript, AJAX and authentication is working fine. You
may also check for Mobile Browser Compatibility.
The rendering of web elements like buttons, text fields etc.
changes with change in Operating System. Make sure your
website works fine for various combination of Operating
systems such as Windows, Linux, Mac and Browsers such
as Firefox, Internet Explorer, Safari etc.
Tools that can be used: NetMechanic

6. Performance Testing:
This will ensure your site works under all loads. Software
Testing activities will include but not limited to -
 Website application response times at different
connection speeds
 Load test your web application to determine its
behavior under normal and peak loads
 Stress test your web site to determine its break point
when pushed to beyond normal loads at peak time.
 Test if a crash occurs due to peak load, how does the
site recover from such an event
 Make sure optimization techniques like gzip
compression, browser and server side cache enabled
to reduce load times
Tools that can be used: Loadrunner, JMeter
7. Security testing:
Security Testing is vital for e-commerce website that store
sensitive customer information like credit cards. Testing
Activities will include-
 Test unauthorized access to secure pages should not
be permitted
 Restricted files should not be downloadable without
appropriate access
 Check sessions are automatically killed after prolonged
user inactivity
 On use of SSL certificates, website should re-direct to
encrypted SSL pages.
Tools that can be used: Babel Enterprise, BFBTester and
CROSS

8. Crowd Testing:
You will select a large number of people (crowd) to execute
tests which otherwise would have been executed a select
group of people in the company. Crowdsourced testing is an
interesting and upcoming concept and helps unravel many a
unnoticed defects.
Tools that can be used: People like you and me !!!. And
yes , loads of them!
This concludes the tutorial. It includes almost all testing
types applicable to your web application.
As a Web-tester its important to note that web testing is
quite an arduous process and you are bound to come
across many obstacles. One of the major problems you will
face is of course deadline pressure. Everything is always
needed yesterday! The number of times the code will need
changing is also taxing. Make sure you plan your
work and know clearly what is expected of you. Its
best define all the tasks involved in your web testing and
then create a work chart for accurate estimates and
planning.

Web Application Testing Checklist:

Example Test Cases for Website

While testing the web applications, one should consider the

below mentioned template. The below mentioned checklist
is almost applicable for all types of web applications
depending on the business requirements.
The web application testing checklist consists of-
 Usability Testing
  Functional Testing
 Compatibility Testing
 Database Testing
 Security Testing
 Performance Testing
Now let's look each checklist in detail:

Usability Testing
What is Usability Testing?
 Usability testing is nothing but the User-friendliness
check.
 In Usability testing, the application flow is tested so that
a new user can understand the application easily.
 Basically, system navigation is checked in Usability
testing.
What is the purpose or Goal of Usability testing?
A Usability test establishes the ease of use and
effectiveness of a product using a standard Usability test
practices.
Example Usability Test Cases
 Web page content should be correct without any
spelling or grammatical errors
 All fonts should be same as per the requirements.
 All the text should be properly aligned.
 All the error messages should be correct without any
spelling or grammatical errors and the error message
should match with the field label.
  Tool tip text should be there for every field.
 All the fields should be properly aligned.
 Enough space should be provided between field labels,
columns, rows, and error messages.
 All the buttons should be in a standard format and size.
 Home link should be there on every single page.
 Disabled fields should be grayed out.
 Check for broken links and images.
 Confirmation message should be displayed for any kind
of update and delete operation.
 Check the site on different resolutions (640 x 480,
600x800 etc.?)
 Check the end user can run the system without
frustration.
 Check the tab should work properly.
 Scroll bar should appear only if required.
 If there is an error message on submit, the information
filled by the user should be there.
 Title should display on each web page
 All fields (Textbox, dropdown, radio button etc) and
buttons should be accessible by keyboard shortcuts
and the user should be able to perform all operations
by using keyboard.
 Check if the dropdown data is not truncated due to the
field size and also check whether the data
is hardcoded or managed via administrator.

Functional Testing:
What is Functional Testing?
  Testing the features and operational behavior of a
product to ensure they correspond to its specifications.
 Testing that ignores the internal mechanism of a
system or component and focuses solely on the outputs
generated in response to selected inputs and execution
conditions.
What is the purpose or Goal of Functional testing?
 The goal of Functional Testing is to verify whether your
product meets the intended functional specifications
mentioned in your development documentation.
Example Functional Test Scenarios:
 Test all the mandatory fields should be validated.
 Test the asterisk sign should display for all the
mandatory fields.
 Test the system should not display the error message
for optional fields.
 Test that leap years are validated correctly & do not
cause errors/miscalculations.
 Test the numeric fields should not accept the alphabets
and proper error message should display.
 Test for negative numbers if allowed for numeric fields.
 Test division by zero should be handled properly for
calculations.
 Test the max length of every field to ensure the data is
not truncated.
 Test the pop up message ("This field is limited to 500
characters") should display if the data reaches the
maximum size of the field.
  Test that a confirmation message should display for
update and delete operations.
 Test the amount values should display in currency
format.
 Test all input fields for special characters.
 Test the timeout functionality.
 Test the Sorting functionality.
 Test the functionality of the buttons available
 Test the Privacy Policy & FAQ is clearly defined and
should be available for users.
 Test if any functionality fails the user gets redirected to
the custom error page.
 Test all the uploaded documents are opened properly.
 Test the user should be able to download the uploaded
files.
 Test the email functionality of the system.
 Test the Java script is properly working in different
browsers (IE, Firefox, Chrome, safari and Opera).
 Test to see what happens if a user deletes cookies
while in the site.
 Test to see what happens if a user deletes cookies
after visiting a site.
 Test all the data inside combo/list box is arranged in
chronological order.

Compatibility Testing:
What is Compatibility testing?
  Compatibility testing is used to determine if your
software is compatible with other elements of a system
with which it should operate, e.g. Browsers, Operating
Systems, or hardware.
What is the purpose or Goal of Compatibility testing?
 The purpose of Compatibility testing is to evaluate how
well software performs in a particular browser,
Operating Systems, hardware or software.
Sample Compatibility Test Scenarios:
 Test the website in different browsers (IE, Firefox,
Chrome, Safari and Opera) and ensure the website is
displaying properly.
 Test the HTML version being used is compatible with
appropriate browser versions.
 Test the images display correctly in different browsers.
 Test the fonts are usable in different browsers.
 Test the java script code is usable in different browsers.
 Test the Animated GIF's across different browsers.
Tool for Compatibility Testing:
Spoon.net: Spoon.net provides access to thousands of
applications (Browsers) without any installs. This tool helps
you to test your application on different browsers on one
single machine.

Database Testing:
What is Database Testing?
 In Database testing backend records are tested which
have been inserted through the web or desktop
applications. The data which is displaying in the web
application should match with the data stored in the
Database.
To perform the Database testing, the tester should be
aware of the below mentioned points:
 The tester should understand the functional
requirements, business logic, application flow and
database design thoroughly.
 The tester should figure out the tables, triggers, store
procedures, views and cursors used for the application.
 The tester should understand the logic of the triggers,
store procedures, views and cursors created.
 The tester should figure out the tables which get
affected when insert update and delete (DML)
operations are performed through the web or desktop
applications.
With the help of the above mentioned points, the tester
can easily write the test scenarios for Database testing.
Example Test Cases for Database Testing:
 Verify the database name: The database name should
match with the specifications.
 Verify the Tables, columns, column types and defaults:
All things should match with the specifications.
 Verify whether the column allows a null or not.
 Verify the Primary and foreign key of each table.
 Verify the Stored Procedure:
 Test whether the Stored procedure is installed or not.
 Verify the Stored procedure name
 Verify the parameter names, types and number of
parameters.
 Test the parameters if they are required or not.
 Test the stored procedure by deleting some parameters
 Test when the output is zero, the zero records should
be affected.
 Test the stored procedure by writing
simple SQL queries.
 Test whether the stored procedure returns the values
 Test the stored procedure with sample input data.
 Verify the behavior of each flag in the table.
 Verify the data gets properly saved into the database
after the each page submission.
 Verify the data if the DML (Update, delete and insert)
operations are performed.
 Check the length of every field: The field length in the
back end and front end must be same.
  Verify the database names of QA, UAT and production.
The names should be unique.
 Verify the encrypted data in the database.
 Verify the database size. Also test the response time of
each query executed.
 Verify the data displayed on the front end and make
sure it is same in the back end.
 Verify the data validity by inserting the invalid data in
the database.
 Verify the Triggers.

What is Security Testing?

Security Testing involves the test to identify any flaws and
gaps from a security point of view.
Sample Test Scenarios for Security Testing:
1. Verify the web page which contains important data like
password, credit card numbers, secret answers for
security question etc should be submitted via HTTPS
(SSL).
2. Verify the important information like password, credit
card numbers etc should display in encrypted format.
3. Verify password rules are implemented on all
authentication pages like Registration, forgot password,
change password.
4. Verify if the password is changed the user should not
be able to login with the old password.
5. Verify the error messages should not display any
important information.
 6. Verify if the user is logged out from the system or user
session was expired, the user should not be able to
navigate the site.
7. Verify to access the secured and non secured web
pages directly without login.
8. Verify the “View Source code” option is disabled and
should not be visible to the user.
9. Verify the user account gets locked out if the user is
entering the wrong password several times.
10. Verify the cookies should not store passwords.
11. Verify if, any functionality is not working, the
system should not display any application, server, or
database information. Instead, it should display the
custom error page.
12. Verify the SQL injection attacks.
13. Verify the user roles and their rights. For Example
The requestor should not be able to access the admin
page.
14. Verify the important operations are written in log
files, and that information should be traceable.
15. Verify the session values are in an encrypted
format in the address bar.
16. Verify the cookie information is stored in encrypted
format.
17. Verify the application for Brute Force Attacks

What is Performance Testing?

Performance Testing is conducted to evaluate the
compliance of a system or component with specified
performance requirements.
General Test scenarios:
 To determine the performance, stability and scalability
of an application under different load conditions.
 To determine if the current architecture can support the
application at peak user levels.
 To determine which configuration sizing provides the
best performance level.
 To identify application and infrastructure bottlenecks.
 To determine if the new version of the software
adversely had an impact on response time.
 To evaluate product and/or hardware to determine if it
can handle projected load volumes.
How to do Performance testing? By Manual Testing or
by Automation
Practically it is not possible to do the Performance Testing
manually because of some drawbacks like:
 More number of resources will be required.
 Simultaneous actions are not possible.
 Proper system monitoring is not available.
 Not easy to perform the repetitive task.
Hence to overcome the above problems we should use
Performance Testing tool. Below is the list of some popular
testing tools.
 Apache JMeter
 Load Runner
 Borland Silk Performer.
 Rational Performance Tester
 WAPT
  NEO LOAD

Banking Domain Application Testing:

Sample Test Cases
The BFSI (Banking, Financial services and Insurance) sector is the biggest consumer of IT
services. Banking Applications directly deal with confidential financial data. It is mandatory that
all the activities performed by banking software run smoothly and without any error. Banking
software perform various functions like transferring and depositing fund, balance inquiry,
transaction history, withdrawal and so on. Testing banking application assures that these
activities are not only executed well but also remain protected from hackers.

In this tutorial, we will learn

 What is Domain in Testing?

 Why Domain Knowledge Matters?
 Introduction to Banking Domain
 Characteristics of a banking application
 Stages of testing banking applications
 Sample Test Case for Net Banking Login Application
 Challenges in testing banking domain & their Mitigation

Join our Live Banking Testing Project for Free

What is Domain in Testing?

Domain is nothing but the industry for which the software testing project is created. When we
talk about software project or development, this term is often referred. For example, Insurance
domain, Banking domain, Retail Domain, Telecom Domain, etc.

Usually, while developing any specific domain project, domain expert help is sought out.
Domain expert are master of the subject, and he may know the inside-out of the product or
application.
Why Domain Knowledge Matters?
Domain knowledge is quintessential for testing any software product, and it has its own benefits
like

Banking Domain Knowledge -

Introduction
Banking domain concepts are huge, and basically it is sub-characterized into two sectors

1. Traditional banking sector

2. Service based banking sector

Below is the table of the services these two sub-sectors of banking encompass

Traditional banking sector  Core banking

 Corporate banking
 Retail banking

Service based banking sector  Core

 Corporate
  Retail
 Loan
 Trade finance
 Private banking
 Consumer finance
 Islamic banking
 Customer delivery channels/Front end delivery

Based on the scope of your project you may need to test one or all of the above service offerings.
Before you begin testing, ensure you have enough background on the service being tested.

Characteristics of a Banking
Application
Before you begin testing, it's important to note the standard features expected of any banking
application. So that, you can gear your test efforts to achieve these characteristics.

A standard banking application should meet all these characteristics as mentioned below.

 It should support thousands of concurrent user sessions

 A banking application should integrate with other numerous applications like trading
accounts, Bill pay utility, credit cards, etc.
 It should process fast and secure transactions
 It should include massive storage system.
 To troubleshoot customer issues it should have high auditing capability
 It should handle complex business workflows
 Need to support users on multiple platforms (Mac, Linux, Unix, Windows)
 It should support users from multiple locations
 It should support multi-lingual users
 It should support users on various payment systems (VISA, AMEX, MasterCard)
 It should support multiple service sectors (Loans, Retail banking etc.)
 Foolproof disaster management mechanism

Test Phases in Testing Banking

Applications
For testing banking applications, different stages of testing include
  Requirement Analysis: It is done by business analyst; requirements for a particular
banking application are gathered and documented
 Requirement Review: Quality analysts, business analysts, and development leads are
involved in this task. The requirement gathering document is reviewed at this stage, and
cross-checked to ensure that it does not affect the workflow
 Business Requirements Documentation: Business requirements documents are
prepared by quality analysts in which all reviewed business requirements are covered
 Database Testing: It is the most important part of bank application testing. This testing
is done to ensure data integrity, data loading, data migration, stored procedures, and
functions validation, rules testing, etc.
 Integration Testing: Under Integration Testing all components that are developed are
integrated and validated
 Functional Testing: The usual software testing activities like Test Case preparation, test
case review and test case execution is done during this phase
 Security Testing: It ensures that the software does not have any security flaws. During
test preparation, QA team needs to include both negative as well as positive test scenarios
so as to break into the system and report it before any unauthorized individual access it.
While to prevent from hacking, the bank should also implement a multi-layer of access
validation like a one-time password. For Security Testing, automation tools like IBM
AppScan and HPWebInspect are used while for Manual Testing tools like Proxy Sniffer,
Paros proxy, HTTP watch, etc. are used
 Usability Testing: It ensures that differently able people should be able to use the system
as normal user. For example, ATM with hearing and Braille facility for disabled
 User Acceptance Testing: It is the final stage of testing done by the end users to ensure
the compliance of the application with the real world scenario.

Sample Test Case for Net Banking

Login Application
Security is prime for any banking application. Therefore, during test preparation, QA team
should include both negative and positive test scenarios in order to sneak into the system and
report for any vulnerabilities before any unauthorized individual get access to it. It not only
involves writing negative test cases but may also include destructive testing.

Following are generic test cases to check any banking application

Sample test cases

For Admin  Verify Admin login with valid and Invalid da

 Verify admin login without data
  Verify all admin home links
 Verify admin change password with valid a
data
 Verify admin change password without da
 Verify admin change password with existin
 Verify admin logout

For new Branch  Create a new branch with valid and invalid
 Create a new branch without data
 Create a new branch with existing branch
 Verify reset and cancel option
 Update branch with valid and invalid data
 Update branch without data
 Update branch with existing branch data
 Verify cancel option
 Verify branch deletion with and without de
 Verify branch search option

For New Role  Create a new role with valid and invalid da
 Create a new role without data
 Verify new role with existing data
 verify role description and role types
 Verify cancel and reset option
 Verify role deletion with and without depen
 verify links in role details page

For customer &  Verify all visitor or customer links

Visitors  Verify customers login with valid and inval
 Verify customers login without data
 Verify bankers login without data
  Verify bankers login with valid or invalid da

For New users  Create a new user with valid and invalid d
 Create a new user without data
 Create a new user with existing branch da
 Verify cancel and reset option
 Update user with valid and invalid data
 Update user with existing data
 Verify cancel option
 Verify deletion of the user

Challenges in testing Banking domain

& their Mitigation
Challenges tester might face during testing banking domain
are

Challenge Mitigation

 Getting access to production data and  Ensure that test data meets regulatory
replicating it as test data, for testing is compliances requirements and
challenging guidelines
 Maintain the data confidentiality by
following techniques like data
masking, synthetic test data, testing
system integration, etc.

 The biggest challenge in testing  Ensure Data Migration Testing is

banking system is during the migration complete
of the system from the old system to  Ensure Regression Test cases are
 the new system like testing of all the executed on old and new systems, and
routines, procedures and plans. Also the results match.
how the data will be fetched, uploaded
and transferred to the new system after
migration

 There may be the cases where  The test should participate in the
requirements are not documented well project right from Requirement
and may lead to functional gaps in test Analysis phases and should actively
plan review the Business Requirements
 Many non-functional requirements are
not fully documented, and testers do
not know whether to test it or not

 The most important point is to check  Compliance or Regulatory Policies

whether the said system follows the testing must be done
desired policies and procedures

 The scope and the timelines increases  Ensure Time budget for Integration
as banking application are integrated Testing is accounted if your banking
with other application like internet application has many external
or Mobile banking interfaces

Summary
Banking domain is the most vulnerable area for cyber-theft,
and safeguarding the software requires precise testing. This
tutorial gives a clear idea of what it takes for banking
domain testing and how important it is. One must
understand that -
  Majority of banking software are developed
on Mainframe and Unix
 Testing helps to lessen possible glitches encounter
during software development
 Proper testing and compliance to industry standards,
save companies from penalties
 Good practices help develop good results, reputation
and more business for companies
 Both manual and automated testing have respective
merits and usability

eCommerce Testing: How to Test an E-

Commerce Website
What is Ecommerce Testing?
eCommerce testing is defined as testing of an eCommerce
(online shopping) application. It helps in the prevention of
errors and adds value to the product by ensuring conformity
to client requirements.
The objective of testing is to ensure
 Software reliability
 Software quality
 System Assurance
 Optimum performance and capacity utilization
Setting up an E-commerce system is a complex process
and subject to many market-specific variables. To maintain
the integrity of the E Commerce system, testing becomes
compulsory
 Join our Live Ecommerce Project for Free

In this tutorial, you will learn,

 Types of Testing for E-commerce System
 Performance testing- a top priority in E-commerce
 Useful Tools for Mapping E-commerce Site
 Challenges of E-commerce Testing

E-Commerce Domain Knowledge is important for testing.

Types of Testing for E-commerce

System
A common type of testing included into e commerce system
is

Sr.# Type of Testing Testing Process

1 Browser compatibility  Lack of support for early browsers

 Browser specific extensions
 Browser testing should cover the main platforms (Linux
etc.)

2 Page display  Incorrect display of pages

  Runtime error messages
 Poor page download time
 Dead hyperlink, plugin dependency, font sizing, etc.

3 Session Management  Session Expiration

 Session storage

4 Usability  Non-intuitive design

 Poor site navigation
 Catalog navigation
 Lack of help-support

5 Content Analysis  Misleading, offensive and litigious content

 Royalty free images and copyright infringement
 Personalization functionality
 Availability 24/7

6 Availability  Denial of service attacks

 Unacceptable levels of unavailability

7 Back-up and Recovery  Failure or fall over recovery

 Backup failure
 Fault tolerance

8 Transactions  Transaction Integrity

 Throughput
 Auditing

9 Shopping order processing and  Shopping cart functionality

purchasing  Order processing
 Payment processing
  Order tracking

10 Internationalization  Language support

 Language display
 Cultural sensitivity
 Regional Accounting

11 Operational business procedures  How well e-procedure copes

 Observe for bottlenecks

12 System Integration  Data Interface format

 Interface frequency and activation
 Updates
 Interface volume capacity
 Integrated performance

13 Performance  Performance bottlenecks

 Load handling
 Scalability analysis

14 Login and Security  Login capability

 Penetration and access control
 Insecure information transmission
 Web attacks
 Computer viruses
 Digital signatures

Performance testing- a top priority in

E-commerce
Just delay about 250 milliseconds of a page load time, is
what keeps your customer going to your competitor. Retail
giant Walmart overhaul their site speed and noticed an
increase of 2% in visitor's conversion rate and revenue by
1%.
Performance of your site depends on these factors
 Throughput
o Request per second

o Transactions per minute

o Executions per click

 Response Time
o Duration of a task

o Seconds per click

o Page Load

o DNS Lookup

o Length of time between click and seeing page

Useful Tools for Mapping E-commerce

Site
 Userinput.io: Post your website and get feedback from
experts
 UsabilityHub: UsabilityHub's user testing platform and
research panel help you improve the UX of your apps
and websites. Get feedback from real people.
 ClickHeat: It shows the most clicked and unclicked
zones of sites by visitors
 FiveSecondTest: This tool ensures that your message
is communicated as effectively as possible, in just five
 seconds it tells what a person recalls about your
website design
 Feng-GUI: It simulates the human vision during the first
five seconds and predicts what a real human would
most likely look at
 Optimizely: It enables you to test track, clicks,
conversions or anything else that matters to e-
commerce business

Challenges of E-commerce Testing

 Compliance with security guidelines to safeguard
customer data and identity
 Compliance with accessibility standards to support
multi-lingual markets and business regions
 End to end testing and test management for large e-
commerce transformation programs
 Scalability and reliability of applications

Payment Gateway Testing Tutorial with

Example Test Cases
What is Payment Gateway Testing?
Payment Gateway testing is testing of a Payment Gateway.
A payment gateway system is an e-commerce application
service that approves credit card payment for online
purchases. Payment gateways safeguard the credit card
details by encrypting sensitive information like credit card
numbers, account holder details and so on. This information
is passed safely between the customer and the merchant
and vice versa.
Modern payment gateways also securely
approve payments via debit cards, electronic bank
transfers, cash cards, reward points etc.
In this tutorial, you will learn
 Types of Payment Gateway System
 Testing Types for Payment Domain
 How to test Payment Gateway: Complete Checklist
 Example Test Cases for Payment Gateway Testing
 Things to consider before Buying Gateway Package
Join our Live Payment Gateway Testing Project for Free

Types of Payment Gateway System

Payment Gateway Knowledge is Important

 Hosted Payment Gateway:
 Hosted payment gateway system direct customer away
from an e-commerce site to gateway link during the
payment process. Once the payment is done, it will
bring a customer back to an e-commerce site. For such
type of payment you don't need a merchant id, an
example of a hosted payment gateway are PayPal,
Noche, and WorldPay.
 Shared Payment Gateway:
In a shared payment gateway, while processing
payment customer is directed to the payment page and
stays on the e-commerce site. Once the payment detail
is filled, the payment process proceeds. Since it does
not leave the e-commerce site while processing
payment, this mode is easy and more preferably, an
example of a shared payment gateway is eWay, Stripe.

Testing Types for Payment Domain

Testing for Payment Gateway should include
Functional Testing: It is the act of testing the base
functionality of the payment gateway. It is to verify whether
the application behaves in the same way as it is supposed
to be like handling orders, calculation, an addition of VAT as
per the country etc.
Integration: Test integration with your credit card service.
Performance: Identify various performance metrics like the
highest possible number of users coming through gateways
during a specific day and converting them to concurrent
users
Security: You need to perform a deep security pass for
Payment Gateway.

How to test Payment Gateway:

Complete Checklist
Before you begin testing -
 Collect proper test data for the dummy credit card
number for the maestro, visa, master etc.
 Collect payment gateway information like Google
Wallet, Paypal or else
 Collect payment gateway document with error codes
 Understand the session and parameters passed
through application and payment gateway
 Understand and test the amount related information
passed through query string or variable or session
 Along with payment gateway language check the
language of the application
 Under the various settings of payment gateway like
currency format, subscriber data collected.

Example Test Cases for Payment

Gateway Testing
Following are important Test Scenarios/Cases to check
Payment Gateway
Sr# Test Cases

1 During the payment process try to change the payment gateway language

2 After successful payment, test all the necessary components, whether it is

retrieved or not

3 Check what happens if payment gateway stops responding during payment

4 During the payment process check what happens if the session ends

5 During the payment process check what happens in the backend

6 Check what happens if payment process fails

7 Check the Database entries whether they store credit card details or not

8 During the payment process check error pages and security pages

9 Check settings of pop-up blocker, and see what happens if a pop-up blocker is on
and off

10 Between payment gateway and application check buffer pages

11 Check on successful payment, a success code is sent to the application and a

confirmation page is shown to the user
12 Verify whether the transaction processes immediately or processing is hand to
your bank

13 After successful transaction check if the payment gateway returns to your

application

14 Check all format and messages when successful payment process

15 Unless you don't have an authorization receipt from the payment gateway, good
should not be shipped

16 Inform the owner for any transaction processed through e-mail. Encrypt the
content of the mail

17 Check the amount format with currency format

18 Check if each of the payment options is selectable

19 Check if each listed payment option opens the respective payment option
according to specification

20 Verify whether the payment gateway defaults to the desired debit/credit card
option

21 Verify the default option for debit card shows card selection drop down menu
Things to consider before Buying
Gateway Package
 If you have bought a shopping cart package, find out
about its compatibility
 If shopping gateway package is due, ask the payment
gateway provider for a list of supported applications
 The gateway must offer Address Verification System
Protection
 Find out the types of transaction protection being
offered
 Check what types of debit or credit cards are accepted
by your chosen payment gateway
 Check the transaction fees levied by a payment
gateway
 Check whether the gateways collect the payment right
on the form or direct to another page to complete the
purchase

Mainframe Testing - Complete Tutorial

Before learning mainframe testing concepts, lets learn

What is a Mainframe?
The mainframe is a high performance and a high-speed
computer system. It is used for larger scale computing
purposes that requires great availability and security. It is
mostly used in sectors like finance, insurance, retail and
other critical areas where huge data are processed multiple
times.
What is Mainframe Testing?
Mainframe Testing is defined as testing of Mainframe
Systems and is similar to web based testing. The Mainframe
application (otherwise called job batch) is tested against the
test cases developed using requirements.
 Mainframe Testing is usually performed on the
deployed code using various data combinations set into
the input file.
 Applications that run on the mainframe can be
accessed through terminal emulator. The emulator is
the only software that needs to be installed on the client
machine.
 While performing Mainframe testing, the tester only
needs to know about the navigations of the CICS
screens. They are custom built for specific applications.
Any changes made to the code in COBOL, JCL, etc. tester
does not have to worry about the emulator set up on the
machine. The changes work through one terminal emulator
will work on others too.
In this beginners tutorial, you will learn-
 Mainframe Attributes
 Classification of Manual Testing in Mainframe
 How to do Mainframe Testing
 Mainframe Automation Testing Tools
 Methodology in Mainframe Testing
 Steps involved in Batch testing
 Steps involved in Online Testing
 Steps involved in Online – Batch Integration testing
  Commands used in Mainframe Testing
 Pre-requisites to start mainframe testing
 Best Practices
 Mainframe testing Challenges and Troubleshooting
 Common Abends encountered
 Common issue faced during mainframe testing

Mainframe Attributes
1. Virtual Storage
1. It is a technique that lets a processor simulate
main storage that is larger than the actual amount
of real storage.
2. It is a technique to use memory effectively to store
and execute various sized tasks.
3. It uses disk storage as an extension of real
storage.
2. Multiprogramming
1. The computer executes more than one program at
the same time. But at any given moment only one
program can have control of CPU.
2. It is a facility provided to make efficient use of the
CPU.
3. Batch Processing
1. It is a technique by which any task is accomplished
in units known as jobs.
2. A job may cause one or more programs to execute
in a sequence.
3. The Job scheduler makes a decision about the
order in which the jobs should be executed. To
maximize the average throughput, jobs are
scheduled as per their priority and class.
 4. The necessary information for batch processing is
provided through JCL (JOB CONTROL
LANGUAGE). JCL describes the batch job –
programs, data and resources needed.
4. Time Sharing
1. In a time-sharing system, each user has access to
the system through the terminal device. Instead of
submitting jobs that are scheduled for later
execution, the user enters commands that are
processed immediately.
2. Hence this is called "Interactive Processing". It
enables the user to interact directly with the
computer.
3. Time-share processing is known as "Foreground
Processing" and the batch job processing is known
as "Background Processing."
5. Spooling
1. SPOOLing stands for Simultaneous Peripheral
Operations Online.
2. SPOOL device is used to store the output of
program/application. The spooled output is
directed to output devices like a printer (if needed).
3. It is a facility exploiting the advantage of buffering
to make efficient use of the output devices.

Classification of Manual Testing in

Mainframe
Mainframe Manual Testing can be classified into two types :
1. Batch Job Testing –
 o Testing process involves executions of batch jobs
for the functionality implemented in the current
release.
o The test result extracted from the output files and

the database are verified and recorded.

2. Online Testing –
o Online Testing refers to testing of CICS screens

which is similar to testing of the web page.

o The functionality of the existing screens could be

changed, or new screens could be added.

o Various applications can have enquiry screens and

update screens. The functionality of these screens

needs to be checked as part of the online testing.

How to do Mainframe Testing

1. The Business team prepares requirement documents.
Which determines how a particular item or process is
going to be modified in the cycle of release.
2. The testing team and the development receive the
requirement document. They will figure out how many
processes will be affected by the change. Usually, in a
release, only 20-25% of the application affected directly
by the customized requirement. The other 75% of the
release will be for the out-box-functionalities like testing
the applications and processes.
3. So, a Mainframe application has to be tested in two
parts:
1. Testing Requirements – Testing the application
for the functionality or the change mentioned in the
requirement document.
 2. Testing Integration – Testing the whole process
or other application which receive or send data to
the affected application. Regression Testing is the
primary focus of this testing activity.

Mainframe Automation Testing Tools

Below is the list of tools which can be used for
mainframe Automation Testing.
 REXX
 Excel
 QTP

Methodology in Mainframe Testing

Let us consider an example: An XYZ insurance company
has member enrollment module. It takes data both from
member enrollment screen and offline enrollment. As we
discussed earlier, it takes two approaches for Mainframe
testing, online testing, and batch testing.
 Online testing is done on the member enrollment
screen. Just like a web page the database is validated
with data entered through the screens.
 Offline enrollment can be paper enrollment or
enrollment on a third party website. The Offline data
(also referred to as batch) will be entered into the
company database through batch jobs. An input flat file
is prepared as per the prescribed data format and fed
to the sequence of batch jobs. So for mainframe
application testing we can use the following approach.
 o The first job in the line of batch jobs validates the
data entered. Let say for example special
character, alphabets in number only fields, etc.
o The second job validates the consistency of data

based on business conditions. For example, a

child enrollment should not contain dependent
data, member zip code (which is not available for
service by the enrolled plan), etc.
o The third job modifies the data in the format that

can be entered into the database. For instance,

deleting the plan name (database will store only
plan ID, and insurance plan name), appending
date of entry, etc.
o The fourth job loads the data into the database.

 Batch job testing is done on this process in two

phases –
o Each job is validated separately, and the

o Integration between the jobs is validated by

providing input flat file to the first job and validating

the database. (Intermediary results have to be
validated for extra caution)
The following is the method followed for Mainframe testing:
Step 1): Shakedown/Smoke Testing
The main focus in this stage is to validate whether the code
deployed is in the right test environment. It also ensures that
there are no critical issues with the code.
Step 2): System Testing
Below are the types of testing done as part of System
Testing.
1. Batch Testing – This testing will be done by validating
the test results on output files and data changes done
by the batch jobs under testing scope and recording of
them.
2. Online Testing – This testing will be done on the front
end of the mainframe application. Here the application
is tested for correct entry field like an insurance plan,
interest on the plan, etc.
3. Online-Batch Integration testing – This testing will be
done on the systems having batch processes and
online application. The data flow and interaction
between the online screens and the batch jobs is
validated.
(Example for this type of testing – Consider an
update on Plan details like increase of interest rate. The
change of interest is done on an update screen, and
the balance details on the affected accounts will be
modified only by a nightly batch job. Testing in this case
will be done by validating the Plan details screen and
the batch job run for updating all the accounts).
4. Database Testing – The databases where the data
from the mainframe application (IMS, IDMS, DB2,
VSAM/ISAM, Sequential datasets, GDGs) are validated
for their layout and the data storage.
Step 3): System Integration Testing
The primary purpose of this testing is to validate the
functionality of the systems which are interacting with the
system under test.
These systems are not directly affected by the
requirements. However, they use data from the system
under test. It is important to test the interface and different
types of messages (like Job Successful, Job Failed,
Database updated, etc. ) that can possible flow between the
systems and the resulting actions taken by the individual
systems.
Types of testing done in this stage are
1. Batch Testing
2. Online Testing
3. Online – Batch Integration Testing
Step 4): Regression Testing
Regression Testing is a common phase in any type of
testing project. This testing in Mainframes ensures that
batch jobs and the online screens which do not directly
interact with the system under test (or do not come in the
scope of requirements) are not affected by the current
project release.
In order to have effective regression testing, a particular set
of test cases should be shortlisted depending on their
complexity and a regression bed (Test cases repository)
should be created. This set should be updated whenever
there is a new functionality rolled out into the release.
Step 5): Performance Testing
This testing is done to identify the bottlenecks in high hit
areas like front end data, upgrading online databases and to
project the scalability of the application.
Step 6): Security Testing
This testing is done to evaluate how well the application is
designed and developed to counter anti-security attacks.
Two fold security testing should be done on the system –
Mainframe security and Network security.
The features which need to the tested are
1. Integrity
2. Confidentiality
3. Authorization
4. Authentication
5. Availability

Steps involved in Batch testing

1. After the QA team receives the approved package
(Package contains procedures, JCL, Control Cards,
Modules, etc.), the tester should preview and retrieve
the contents into PDS as required.
2. Convert the production JCL or Development JCL into
QA JCL otherwise called JOB SETUP.
3. Copying production file and preparing test files.
4. For every functionality, there will be a job sequence
defined. (As explained in the example in Methodology
in Mainframe section).The jobs should be submitted
using the SUB command with the test data files.
 5. Check the intermediate file in order to identify the
reasons for missing or error-out data.
6. Check the final output file, database and the Spool to
validate the test results.
7. If the job fails, the spool will have the reason for the job
failure. Address the error and resubmit the job.
Test Reporting – Defect should be logged if the actual result
deviates from expected.

Steps involved in Online Testing

1. Select the Online screen in a test environment.
2. Test each field for the acceptable data.
3. Test the Test Scenario on the screen.
4. Verify the database for the data updates from the online
screen.
Test Reporting – Defect should be logged if the actual result
deviates from expected.

Steps involved in Online – Batch

Integration testing
1. Run the job in a Test Environment and validate the data
on the online screens.
2. Update the data on the online screens and validate if
the batch job is properly run with the updated data.

Commands used in Mainframe Testing

1. SUBMIT – Submit a background job.
 2. CANCEL – Cancel background job.
3. ALLOCATE – Allocate a dataset
4. COPY – Copy a dataset
5. RENAME – Rename data set
6. DELETE – Delete Dataset
7. JOB SCAN –To bind the JCL with the program,
libraries, file, etc. without executing it.
There are many other commands used when required, but
they are not that frequent.

Pre-requisites to start mainframe

testing
Basic details needed for mainframe testing are:
 Login ID and password for logging into the application.
 Brief knowledge on ISPF commands.
 Names of the files, file qualifier and their types.
Before starting mainframe testing, the below aspects should
be verified.
1. Job
1. Do a job scan (Command – JOBSCAN) to check
for errors before executing it.
2. CLASS parameter should be pointed to the test
class.
3. Direct the job output into spool or a JHS or as
required by using MSGCLASS parameter.
4. Reroute the email in the job to spool or a test mail
ID.
 5. Comment the FTP steps for initial testing and then
point the job to a test server.
6. In case an IMR (Incident Management record) is
generated in the job, just add comment "TESTING
PURPOSE" in the job or param card.
7. All the production libraries in the job should be
changed and pointed to test libraries.
8. The job should not be left unattended.
9. To prevent the job to run in an infinite loop incase
of any error, TIME parameter should be added with
specified time.
10. Save the output of the job including the spool.
The spool can be saved using XDC.
2. File
1. Create test file of needed size only. Use
GDGs(Generation Data Groups – Files with the
same name but with sequential version numbers–
MYLIB.LIB.TEST.G0001V00,MYLIB.LIB.TEST.G0
002V00 so on ) when necessary to store data into
consecutive files with the same name.
2. The DISP (Disposition - describes the system to
perform keep or delete the dataset after normal or
abnormal termination of the step or job) parameter
for the files should be coded correctly.
3. Ensure that all the files used for job execution are
saved and closed properly to prevent job to go into
HOLD.
4. While testing using GDGs make sure that the right
version is pointed at.
3. Database
 1. While executing the job or online program, ensure
that unintended data is not inserted or updated or
deleted.
2. Also, ensure that the correct DB2 region is used
for testing.
4. Test cases
1. Always test for boundary conditions like – Empty
file, First record processing, Last record
processing, etc.
2. Always include both positive and negative test
conditions.
3. In case if standard procedures are used in the
program like Check point restart, Abend Modules,
Control files, etc. include test cases to validate if
the modules have been used correctly.
5. Test Data
1. Test data setup should be done before the
beginning of the testing.
2. Never modify the data on the test region without
notifying. There may be other teams working with
same data, and their test would fail.
3. In case the production files are needed during the
execution, proper authorization should be obtained
before copying or using them.

Best Practices
1. Incase of a Batch Job run, MAX CC 0 is an indicator
that the job has run successfully. It does not mean that
the functionality is working fine. The job will run
successfully even when the output is empty or not as
 per the expectation. So it is always expected to check
all the outputs before declaring the job successful.
2. It is always a good practice to do a dry run of the job
under test. Dry run is done with empty input files. This
process should be followed for the jobs which are
impacted by the changes made for the test cycle.
3. Before the test cycle begins the test job set up should
be done well in advance. This will help in finding out
any JCL error in advance hence saving time during
execution.
4. While accessing DB2 tables through SPUFI (Option on
the emulator to access DB2 tables), always set auto
commit as "NO" in order to avoid accidental updates.
5. Test Data availability is the primary challenge in batch
testing. Required data should be created well in
advance of the test cycle and should be checked for
completeness.
6. Some online transactions and batch jobs may write
data into MQs (Message Queue) for transmitting data
to other applications. If the data is not valid, it may
disable/stop MQs, this will affect the whole testing
process. It is a good practice to check that MQs are
working fine after testing.

Mainframe testing Challenges and

Troubleshooting
Challenges Approach

Incomplete / Unclear Requirements Testers should be involved i

 from the requirements phase
There may be access to user manual/ This will help to verify if the
training guide, but those are not same requirements are testable.
as documented requirements.

Data Setup/ Identification For data setup, homegrown

be used as per the need. Fo
There may be situations where existing existing data, queries should
data should be reused as per the advance. In case of any diffi
requirement. It is sometimes difficult to request can be placed to da
identify the required data from the management team for creati
existing data. cloning required data.

Job Setup Job setup tools should be us

overcome human errors mad
Once the jobs are retrieved into PDS, setup.
the job needs to be setup in the QA
region. So that the jobs are not
submitted with production qualifier or
path detail.

Ad-hoc Request Use of automation scripts, re

scripts, and skeleton scripts
There may be situations when end to in reducing the time and effo
end testing needs to be supported due overhead.
to a problem in upstream or
downstream application issues. These
requests increase the time and effort in
execution cycle.

On-Time Releases for scope change Scope change management

and Impact analysis should b
There may be a situation where the
code impact may completely change
the look and feel of the system. This
may require a change to test cases,
scripts, and data.

Common Abends encountered

1. S001 – An I/O error occurred.
Reason – Reading at the end of the file, file length
error, attempt to write into read-only file.
2. S002 – Invalid I/O record.
Reason – Attempt to write a record longer than record
length.
3. S004 – Error occurred during OPEN.
Reason – Invalid DCB
4. S013 – Error opening a dataset.
Reason – PDS member does not exist, record length in
the program does not match the actual record length.
5. S0C1 – Operation Exception
 Reason –Unable to open file, missing DD card
6. S0C4 – Protection exception/ Storage violation
7. Reason – Trying access storage not available to the
program.
8. SC07 – Program Check Exception – Data
9. Reason – Change in record layout or file layout.
10. Sx22 – Job has been canceled
11. S222 – Job canceled by the user without a dump.
12. S322 – Job or Step time exceeded the specified
limit, or the program is in a loop or insufficient time
parameter.
13. S522 – TSO session timeout.
14. S806 –Unable to link or load.
Reason - Job id unable to find the specified load
module.
15. S80A – Not enough virtual storage to satisfy
GETMAIN or FREEMAIN requests.
16. S913 – Trying to access the dataset which the
user is not authorized.
17. Sx37 – Unable to allocate enough storage to the
dataset.
Error Assist – A very popular tool to get detailed information
on various types of abends.

Common issue faced during

mainframe testing
 Job Abends – For successful completion of the job,
you should check the data, input file and the modules
 present at the specific location or not. Abends can be
faced due to multiple reasons, the most common being
– Invalid data, Incorrect input field, date mismatch,
environmental issues, etc.
 Output file empty–Though the job might run
successfully (MaxCC 0), the output might not be as
expected. So before passing any test case, the tester
have to make sure that the output is cross verified. Only
then proceed further.
 Input file empty – In some applications, files will be
received from the upstream processes. Before using
the received file for testing current application, the data
should be cross verified to avoid re-execution and
rework.
Summary:
 Mainframe testing is like any other testing procedure
starting from Requirement gathering, test design, test
execution and result reporting.
 In order to test the application effectively, the tester
should participate in design meetings scheduled by
development and business teams.
 It is mandatory for the tester to get accustomed to
various mainframe test function. Like screen navigation,
file and PDS creation, saving test results, etc. before
the test cycle begins.
 Mainframe application testing is a time taking process.
A clear test schedule should be followed for test design,
data setup and execution.
 Batch testing and Online testing should be done
effectively without missing any functionality mentioned
 on Requirement document, and no Test Case should
be spared.

Testing Retail Point Of Sale(POS)

Systems: Example Test Cases
What is POS Testing?
POS Testing is defined as Testing of a Point of Sale
Application. A POS or Point Of Sale software is a vital
solution for retail businesses to carry out retail transactions
effortlessly from anywhere. You must have seen Point of
Sale terminal while checking out at your favorite Mall.
The system is more complex than you think and is tightly
integrated with other software systems like Warehouse,
Inventory, purchase order, supply chain, marketing,
merchandise planning etc. POS Domain Knowledge is
important for testing.

In this tutorial, you will learn-

 Test Architecture for POS Application
  Types of Testing for POS system
 Sample Test Cases for POS used in Retail
 Security Testing for Retail POS Systems
 Challenges in POS testing

Test Architecture for POS Application

POS test architecture includes three components for testing
- POS terminal, store server, and enterprise server.
Basically, it is classified into three levels for testing of POS
application.

Level 1- (POS Terminal ) Level 2- (Store Server) Level 3- (En

 Device and hardware testing (RFID, Scanner, Printer,  Security Testing  Secur
Barcode reader)  BI & Analytics Testing  BI &
 Interoperability Testing  Disaster Recovery  Disas
 BI and Analytics Testing Testing Testin
 Performance Testing  Interface Testing  Interf

Types of Testing for POS system

Testing of POS System can be broken down into two levels
1. Application Level
2. Enterprise Level

Testing Performed At Application Level Testing Performed At Enterprise Level

 Functionality Testing  Compliance Testing

 Compatibility Testing  Performance Testing
 Payment Gateway Testing  Interoperability Testing
 Report Testing  Data Migration
 Mobility

Sample Test Cases for POS used in

Retail
To ensure quality of the POS system, proper POS software
testing is mandatory. The POS testing spans many things
like

Test Scenario Test Cases

Cashier activity  Test the entry of items purchased by a customer is correct
 Test discounts are applied correctly
 Verify store value cards can be used
 Check petty cash management works as expected
 Check totals and closings match
 Check cash drawer loans are handled properly
 Test the POS system is compatible with peripherals like RFID Reader
Scanner etc.

Payment Gateway Processing  Test the validity of CVV number of Credit Card
 Test swiping of cards from both sides and chips
 Verify that the captured card details are properly encrypted and decryp

Sales  Check for a regular sale process

 Check sales can be processed with debit/credit cards
 Check for loyalty membership purchase
 Check for correct prices are displayed for merchandise purchased
 Test for "0" or null transaction
 Tie UPC or barcodes to vendors
 Test for billing details or shipping details in payment manager
 Test for reference transaction
 Test the print format of the receipt generated
 Verify that the correct code is generated for approved, hold or declined

Return & Exchange scenarios  Make sure the in-house inventory is well integrated with other outlets
 Check for exchange or return of an item with cash
 Check whether system responds on exchange or return of an item with
 Check system process the sale with receipt or without a receipt
 Verify that system should allow entering bar-code manually incase sca
 Verify system display both the current amount as well as the discount
exchange of item if applicable

Performance  Check for speed or time taken to receive a response or send a request
 Check the transaction based rules are applicable (discounts/tax/ rebate
  Verify that the correct code is generated for approved, hold or declined

Negative Scenarios  Test system with expired card details

 Test with an invalid PIN for credit card
 Check the inventory by entering a wrong code for the item
 Check how a system responds while entering a wrong invoice number
 Test for a negative transaction
 Test the response of system while entering an invalid date for promoti
items

Managing Promotions and  Test system for various discount like a veteran discount, seasonal disc
Discounts overgage discount etc.
 Test system for various promotional offers on certain line items
 Test alert system that notifies end or beginning of seasonal offers
 Test whether receipt print the exact discount or offers that are leverage
 Test system for allocating wrong offers or discount online item
 Test the order management process
 Verify product data obtained after scanning a barcode is accurate

Tracking customer's data  Test for system response with incorrect customer data input
 Test system for allowing authorized access to customer's confidential
 Test the database for recording customer's buying history like (what th
frequent they buy, etc.)

Security & Regulatory  Verifying POS system as per regulatory compliances

Compliance  Test alert system that notifies security defenders
 Make sure you can void a payment before posting
 Test user profiles and access levels on the POS Software
 Test database consistency
 Verify specific information about each tender cash, coupon identifier,
so on

Report testing  Testing of a trend analysis report

  Test information related to credit card transaction should be reflected i
 Test for the individual as well as consolidated reports of customers bu
 Test for online report generation

Security Testing for Retail POS

Systems
Some recent studies have Point of Sale Systems very high-
security vulnerabilities. Following measures will help with
security of POS
 Security testing in compliance with PCI standard is very
crucial to be addressed as the part of enterprise testing
 Actively manage all software on the network so that
only authorized software can only execute and installed
 Conduct regular Penetration Testing to identify attack
vectors and vulnerabilities
 Include tests for the presence of unprotected system
information and artifacts that would be useful to
hackers
 Use vulnerability testing tools
 Create a testbed that imitate a production environment
for specific penetration tests and attacks against
elements that are not tested in production

Challenges in POS testing

 Multiple Configurations
 Complex interfaces
 Peripheral issues
 Upgrades
  PCI compliance
 Test lab maintenance
Summary
 Retail POS demands a high level of testing keeping in
mind that its performance and correct functioning
directly affect business revenues.
 To reduce the risk and chances of POS failure during
the transaction process, testing under the extreme
condition is essential.
 Testing needs to perform at Application as well as
Enterprise Level
 Your Testing should cover the following scenarios -
Cashier activity, Payment Gateway Processing, Sales,
Return & Exchange scenarios, Performance, Negative
Scenarios, Managing Promotions and Discounts,
Security & Regulatory Compliance.
 Multiple configuration settings, peripheral issues,
upgrades are few issues you will need to tide over while
testing.

HealthCare Domain Testing with Sample

Test Cases
Before we begin testing, let's quickly study the basic
healthcare domain knowledge.

Basic knowledge of Health Care

Domain
The entire health care system is weaved with each other by
the single body that is hospital or provider (doctor).
While the other entities include-
 Insurance company: Medicare, Medicaid, BCBS, etc.
 Patient/Consumers: Patient Enrolled
 Regulatory Authority: HIPAA, OASIS assessment,
HCFA 1500 and UB92, etc.
 Health-care and Life-Science solution Vendors

Basic Terminology of Health Care System

 Provider: A health care professional (doctor), medical
group, clinic, lab, hospital, etc. licensed by health care
services
  Claim: A request to your health insurance company to
pay a bill for health care service
 Broker: An insurance professional, who negotiates,
procures insurance on behalf of insured or prospective
insured
 Finance: Insurance bodies that pay for medical
expenses, it could be government (Medicare or
Medicaid) or commercial (BCBS)
 Medicare: A federal health insurance program for
senior citizen and permanently disabled people
 Medicaid: A joint and state program that helps low-
income families and individuals pay for the cost
associated with medical care
 CPT code: A current procedural terminology code is a
medical code set to describe medical, surgical and
diagnostic services
 HIPAA: It is a set of rules and regulations which
doctors, hospitals, healthcare providers and health plan
must follow in order to provide their services
In this tutorial, we will learn-
 Basic Knowledge of Health Care Domain
 Healthcare Business Process
 Testing of Providers system
 Testing of Broker System
 Testing of Member System
 Testing of Claims System
 Testing of Finance System
 Testing under regulatory compliance
 Performance testing of Healthcare Application
 Other Testing Types for Healthcare Application
  Testing Challenges in Healthcare Application
 Healthcare device Testing
 Useful tips for Healthcare Testing

Healthcare Business Process

Most health-care organization have adapted software
program to process the smooth functioning of the system.
This software system gives all the information in a single
document for each entity dealing with this.

Interconnecting this whole system to a single web

application is a huge task and making it work effectively is
even a bigger task. Rigorous testing of this health
application is compulsory, and it has to go through various
testing phases.
In this tutorial, we will learn,

Testing of Providers system

Sample Test Scenarios and Test cases for providers
(doctor/hospital) system:

Test Scenario Test Cases

1. Access to providers  Provider system should let us enter, edit and save the
system provider's data

2. Positive flow System  It includes scenarios to enter different types of provider,

Testing change providers details, save and inquire them

3. Negative flow System  Allows to save provider information with incomplete

Testing data, contract's effective date, entering details about
existing providers in the system

4. System Integration  Validate the feed to members system, finance system,

Testing claim system, and provider portal. Also, validate if the
changes from provider portal are entered into the
respective provider's record

5. Positive flow  Login and view providers details, claim status, and
providers portal member details
testing  Make change request to change the name, address,
phone number, etc.

6. Negative flow  View the member details with an invalid ID

providers portal  Login with invalid credentials
testing

7. Positive flow Broker  Login and view details about broker and commission
portal testing payment
  Make a request to change the name, address, phone
number, etc.

8. Negative flow Broker  It should include scenarios to log in with invalid

portal testing credentials

Testing of Broker System

Sample Test Scenarios and Test cases for Broker
System:

Sr# Test Scenario Test Cases

1) Broker System  It should be capable of edit, enter and save broker data
 Broker commission calculation based on the premium payment details fro
system

2) Positive Flow System  Enter, save and edit brokers record for different types of broker
Testing  For active brokers calculate the commission by creating a feed file with th
record for members with a different plan

3) Negative flow System  Enter a broker record with incomplete data and save for different types of
Testing  By creating the feed file with the respective record for members with diff
calculate the commission for the terminated broker
 By creating the feed file with the respective record for members with diff
calculate the commission for the invalid broker

4) System Testing  To downstream system such as finance system, broker portal and membe
the feeds
 Validate if the changes from broker portal are incorporated in the respect
Testing of Member System
Sample Test Scenarios and Test cases for Member
(Patient) System:

Sr# Test Scenario Test Cases

1) Member system  Enroll, reinstate and terminate a member

 Remove and add a dependent
 Generate premium bill
 Process premium payments

2) Positive Flow System  With the current, past, and future effective dates enroll different types o
Testing  Inquire and change members
 Produce premium bill for an active member for the following month
 Terminate an active member with past, current and future termination d
the effective date
 Re-enroll a terminated member with current, past and future effective d
 Reinstate a terminated number

3) Negative flow System  With insufficient data enroll a member

Testing  For a terminated member produce a premium bill for the following mo

4) System Integration  Validate the feed to downstream systems such as provider portal, broke
Testing system, and claim system
 Validate if the alterations from member portal are incorporated in the r
record
 Process the payment of premium bill generated with the feed from mem
has details of payment made

Testing of Claims System

Sample Test Scenarios and Test cases for Claims
System:

# Test Scenarios Test Cases

1) Claim System  Claims in health-care should edit, enter and process claims for a memb
dependent
 For invalid claims, it should throw errors when incorrect data is entered

2) Positive Flow System  It should include the scenario to edit, enter and process claims for a me
Testing dependent

3) Negative Flow System  It should validate and enter a claim with invalid procedure code and dia
Testing  Validate and enter a claim with the inactive provider ID
 Validate and enter a claim with a terminated member

4) System Integration  It should include a scenario to validate the feed to downstream systems
and finance portal

Testing of Finance System

Sample Test Scenarios and Test cases for Finance
System

Sr# Test Scenarios Test Cases

1) Finance System  Enroll, reinstate and terminate a member

2) Positive flow system  It should check whether correct account number or address is chosen for t
testing
 member, provider or broker for the payment

3) Negative flow system  Verify whether payment is done for an invalid member, provider or broke
testing respective record in the feed
 Verify whether payment is done for an invalid amount for the member, pr
by creating respective records in the feed

Testing for regulatory compliance

Protecting patient sensitive data and health information is an
utmost priority for health regulatory bodies. The testing
should be done in compliance of such regulatory bodies.
Sample Test Scenarios and Test cases for Regulatory
Compliance:

Sr# Test Scenarios Test Cases

1) User's Authentication  Using verification method to ensure that correct users get a login a

2) Information Disclosure  Authorizing access to information is based on the user's role and p

3) Data Transfer  At all transfer, points ensure that data is encrypted

4) Audit Trail  All transactions and all attempts to access data with a proper set of
information are recorded

5) Sanity Testing related to  Perform sanity testing and verify the encryption of the data is done
regulatory body like EPHI ( Electronic Protected Health Information)
Performance testing of Healthcare
Application
Before preparing test scenarios certain requirement of the
system should be considered. For example, health-care
providers (Doctors/Hospitals) provide care 24/7, so the
patient check-in software needs to be available at all times.
Also, it needs to communicate with insurance companies to
validate policy information, send claims and receive
remittances. Here, the architecture should define the
different components of the system, the protocol to
communicate with insurance companies, and how to deploy
the system so that it complies 24/7.
As a tester, you need to ensure that the healthcare software
system meets the desired load/performance benchmark.

Other Testing Types for Healthcare

Application
  Functional Testing: Testing healthcare application
against functional capabilities
 Conformance Testing: Conformance test Healthcare
security requisites and industry frameworks
 Platform Testing: Testing of applications
on Mobile platform and applications testing for cross-
browser compatibility
 Interoperability Testing: Testing conformance to
interoperability standards ( Eg; DICOM, HL7,
CCD/CDA)

Testing Challenges in Healthcare

Application
Testing challenges in testing healthcare application are no
different than other web application testing.
 Requires expertise in testing, and usually, it is high in
cost
 Requires interoperability, compliance, regulatory,
security, safety testing besides regular testing
techniques (Non-Functional, Functional and Integration
testing)
 Testing should be done keeping in mind the safety and
regulatory standards- as any error can cause a direct
effect on patient's life
 Testing team needs to be well aware of the various
functionalities, clinical usage, and the environment the
software will be used for
 A health-care product should comply with various
standards like FDA, ISO, and CMMI before it can be
used
  Cross dependency of software- testers need to ensure
that any changes in one component or layer should not
lead to side effect on the other.

Healthcare device Testing

While health-care device software is not the direct concern

of patient, they also require rigorous testing like another
software testing. For example, X-ray machines that are
controlled by software programs should be tested well
because any testing error in software can lead to a serious
effect on the patient.
FDA (Food and Drug Administration) has guidelines for
mobile and web applications for medical devices. While
testing medical devices the proper functional Test
Plan along with pass and fail criteria is also the part of FDA
guidelines. When a test plan is executed, the results are
collected and reported to FDA. This process ensures that
the device meets the standard of the regulatory bodies.

Useful tips for Healthcare Testing

While testing software, you can consider some important
tips for the testing healthcare system.
 Dates are important and need to be accurate
  While designing test cases consider various
parameters like different types of plan, brokers,
members, commission, etc.
 Complete knowledge of the domain is required

Testing Insurance Domain Applications

with Sample Test Cases
Insurance Companies rely heavily on Software to run their
business. Software Systems helps them to deal with various
insurance activities like developing standard policy forms,
handling billing process, managing customer's data,
rendering quality services to the customer, coordinating
between branches and so on.
Though this software is designed to meet the customer's
expectations, its durability and consistency needs to be
tested before its actual deployment. Software testing
assures the quality of the insurance software by identifying
bugs before go-live.
In this tutorial, we will learn,
 What is Domain in Testing?
 Why Insurance Domain Knowledge Matters?
 What is Insurance? Type of Insurance
 What is Premium? How is Premium calculated?
 Testing required in different process area of Insurance
 What to Test in Insurance?
 Sample Test Case for Insurance Application Testing
Join our Live Insurance Testing Project for Free
What is Domain in Testing?
Domain is nothing but the industry for which the software
testing project is created. When we talk about software
project or development, this term is often referred. For
example, Insurance domain, Banking domain, Retail
Domain, Health Care Domain, etc.

Usually, while developing any specific domain project,

domain expert help is sought out. Domain expert are master
of the subject, and he may know the inside-out of the
product or application.
Why Insurance Domain Knowledge
Matters?
Domain knowledge is quintessential for testing any software
product, and it has its own benefits like

What is Insurance? Type of Insurance

Insurance is defined as the equitable transfer of the risk of a
loss from one entity to another in exchange for payment.
Insurance Company, which sells the policy is referred as
INSURER while the person or company who avails the
policy is called the INSURED.
Insurance policies are usually classified into two categories,
and insurer buy these policies as per their requirement and
budget.
However, there are other types of insurance that falls under
these categories
 Unemployment insurance
 Social Security
 Workers Compensation

What is Premium? How is Premium

calculated?
Premium is defined as the amount to be charged for a
certain amount of insurance coverage or policy the insured
has bought.
Premium for the insurance is determined by on the basis of
two factors
 The frequency of claims
 The Severity of claims (Cost of each claim)
For example, we will see how insurance system works,
Suppose an insurance company provides insurance to
all houses in a village

Home Insurance Am
Total number of house in village = 10

Value of each house =$

Contribution of each house owner as premium =$

Total Premium Collected = $8

Statistically, it has calculated that in case of fire a maximum

of 10 houses are burnt which it need to compensate.
So incase, of fire, it will have to pay 10 house $800 which
comes $8000 equal to the premium it collected.
The risk of 10 house owners is spread over 1000 house
owner in the village hence reducing the burden on any one
of the owner.
In case of no fire in a particular year, the entire sum goes to
its profit while if more than 10 houses burn the insurer will
incur a loss.

Testing required in different process

area of Insurance
Testing can mitigate the risk of business disruption during
and after deployment of software. There are many branches
of an insurance company that requires testing.
 Policy Administration Systems
 Claim Management Systems
 Distribution Management Systems
 Investment Management Systems
 Third party Administration Systems
 Risk Management Solutions
 Regulatory and Compliance
 Actuarial Systems (Valuation & Pricing)
What to Test in Insurance?
The insurance sector is a network of small units that deals
directly or indirectly with processing claims. For smooth
functioning of an insurance company, it is necessary that
each of this unit is tested rigorously before it is sync
together to deliver the desired outcome. The testing
includes

 Call Center  IVR Integration Testing

 Call routing and assignment
 Security and access
 Reflexive Questions

 Policy Serving  Policy life cycle testing

 Financial and Non-financial policy changes
 Policy lapse and Re-instatement
 Policy aging-run cycles
 Premium due alerts
 Valuation of NPV/NAV

 Claims  Claims triage and assignment

 Testing claims life cycle
 Claims accounting/reserving
 Third party EDI/messaging

 Direct channel  Mobile access

 Cross browser/cross platform accessibility
 Application performance
 Usability of application

 Reports/BI  Behaving to regulatory requirements

  Generate quality data for reporting
 Create bulk data for roll-up reports
 Testing formula based fields in reports

 Underwriting  Underwriting quality

 Manual and Straight through processing
 Complex business rules
 Rating efficiency
 Requirements Management (Vendor Interfacing)

 Integration  Data integration

 Complex interface integration
 Source/Destination formats
 Production like interface
 Web service pull/push efficiency

 New Business  Validate rates-factor combinations

 Batch job schedules and runs
 Commissioning calculations settlements
 Quick and detailed quote
 Benefit illustration
 Benefit summary validation
 Quick and detailed quote

Sample Test Case for Insurance

Application Testing
Sr# Test Cases for Insurance Application

1 Validate claims rule

2 Ensure that claim can occur to the maximum and minimum payment

3 Verify data is transferred accurately to all sub-systems including accounts and

reporting.

4 Check that the claims can be processed via all channels example web, mobile, calls, etc

5 Test for 100% coverage and accuracy in calculations determining premium rates

6 Make sure formula for calculating dividend and paid up values gives correct value

7 Verify surrender values are calculated as per the policy requirement

8 Verify fiduciary details and bookkeeping requirements

9 Test complex scenarios for policy lapse and revivals

10 Test various conditions for non-forfeiture value

11 Test scenarios for policy termination

12 Verify general ledger account behave same as to reconcile with subsidiary ledger

13 Test calculation of net liability for valuation

14 Test conditions for extended term insurance

15 Verify policy for a non-forfeiture option

16 Check different insurance product term behaves as expected

17 Verify premium value as per product plan

18 Test automatic messaging system to inform customer about new products

19 Validate all the data entered by users as it progresses through the workflow to trigger
warnings, compliance, notification and other workflow events

20 Verify insurance document template supports the document format like MS-Word

21 Test system for generating invoice automatically and send it to customer through e-
mail

Summary
Timely process of the insurance policy and managing
client's data is a foremost priority for any insurance
company. Their complete dependency on a software
solution for handling claims, as well as customers, requires
software solution to be precise and accurate. Considering all
the key aspects of insurance company's requirement some
of the testing strategy and scenarios are represented in this
tutorial.
Testing Telecom Domain with Sample
OSS/BSS Test cases
What is Telecom Testing?
Telecom Testing is defined as the testing of
Telecommunication software. Since the shift of the telecom
sector to digital and computer networks, telecommunication
industry uses software indispensable. Telecom sector
depends on the various types of software components to
deliver many services like routing and switching, VoIP
broadband access, etc. Hence, telecom software testing is
inevitable.
In this tutorial, you will learn-
 What is Domain in Testing?
 Why Domain Knowledge Matters?
 Business Processes in Telecom Industry
 Typical Telecom Business Process
 Types of Protocols used in Telecom Industry
 Testing LifeCycle in the Telecom Industry
 Types of Testing Performed on Telecom Software
 Sample TestCases for Telecom Testing
Join our Live Telecom Testing Project for Free

What is Domain in Testing?

A domain is nothing but the industry for which the software
testing project is created. When we talk about software
project or development, this term is often referred. For
example, the Insurance domain, Banking domain, Retail
Domain, Telecom Domain, etc.

Usually while developing any specific domain project,

domain expert help is sought out. Domain expert is master
of the subject and he may know the inside-out of the product
or application.

Why Testing Domain Knowledge

Matters?
Domain knowledge is quintessential for testing any software
product, and it has its own benefits like
Business Processes in the Telecom
Industry
For telecom testing end-to-end service verification is
important. To ensure efficient testing a good understanding
of the different Business process is a must.
You need to understand each stage of service deliverability
before drafting the test cases.
Telecom services are either based on a business support
system that includes IVR's, Call Centers, generating
invoices, etc. or an operation support system that includes
routers, switches, cell towers, etc.
The following table shows what activities are performed at
different levels
 Telecom Telecom Activities
Department

Pre-sales  It handles all the sales information like discounts, services, promos, etc.

Ordering  Applying for a new connection or disconnecting a connection

Provisioning  This division deals with the physical connection between customers and TSP ( T
Provider)

Billing  Under this division, all billing work is done

Service Assurance  In case of any failure, this division corrects the problem

Inventory Systems  It is the repository of all information

Tracking  This division tracks the ordering system and the status of an order

Typical Telecom Business Process

Following is a typical business process in the Telecom
Industry.
Types of Protocols used in Telecom
Industry
Here the popular protocols used in the Telecom industry
 VoIP technologies: VoIP, IMS, MPLS, ISDN, PSTN
 Signaling and Protocols: SIP, ISDN, Codecs, H.323
  Wireless technologies: GPRS, CDMA, GSM, UMTS
 Network Management: SNMP
 Layer 2 Protocols: ARP, STP, L2TP, PPP
 Layer 3 protocols/routing: ICMP, BGP, ISIS, MPLS
 Infrastructure/Security: ATM, TCP/IP, LAN/VLAN,
SSH
You can learn more about Protocol Testing here

Testing LifeCycle in the Telecom

Industry
The Test Lifecycle in the telecom industry is similar to that of
any other industry but with a stress on details. Here is how
the test lifecycle looks like along with the test artifacts.

Telecom Testing Stage Test artifacts

 Business View  Requirement based test artifacts

 Feasibility based artifacts
 Standard and policy identification based test artifacts
 Operation and maintenance considerations related test artifacts

 System/ Architecture  System test artifacts (Security, Installation)

 Test artifacts for virtual prototype
 Special System Testing artifacts ( interoperability, disaster recove

 Implementation  Unit test artifacts

 Integration test artifacts
 Quality and performance artifacts
 Regression, load testing, sanity, etc.
  Deployment  Acceptance test artifacts
 Integration test artifacts
 Quality and performance artifacts
 Functional test artifacts
 Alpha/Beta test artifacts

Types of Testing Performed on

Telecom Software
 Interconnection Testing
 Conformance Testing
 IVR Testing
 Performance Testing
 Security Testing
 Interoperability Testing
 Protocol Testing
 Functional Testing
 Automation Testing

Sample TestCases for Telecom Testing

In Telecom Testing, one must consider the testing following

Various Telecom Testing Testing activities in Telecom

Billing System  Verify, the telephone number of the customer is registered

under telecom operator
 Verify whether the number is still working
 Verify the number entered is valid, and it is 10 digit
number
 Verify the number is not blocked due to some reasons
  Verify if the number has any outstanding bills, if exist,
display it on screen
 Verify the number has all previous accounts or bills cleared
 Verify the system enables statement generation as per
customer requirement
 Verify the system has recorded a number of calls
accurately
 Verify the plan chosen by the customer displays on the
billing system
 Verify the total amount billed is accurate and mapped to
the service offered

Application Testing  Protocols, signaling, field testing for IOT

 Usage and Functional Testing for core Mobile handset
applications like a call, SMS, transfer/hold, etc.
 Testing of various applications like finance, sports and
location-based services, etc. OSS-BSS testing

OSS-BSS Testing  Billing, customer case, interconnect billing, order and fraud
management, revenue assurance
 Network management, mediation, provisioning, etc.
 EAI, CRM & ERP, data warehousing, etc.

Conformance Testing  Electrical interface compatibility

 Conformance of protocol
 Conformance of transport layers

IVR Testing  Interactive test scenarios

 Detection of voice energy
 Broadband audio tones
 Extensive conditional branching sequences
 DTMF Entries
Summary
The telecom service is a very broad field consists of a
various component including cables, networks, signals,
protocols, etc. and their testing requires a broad range of
testing techniques, so the choice of testing techniques and
strategy highly depends on what component of telecom is
tested.
The test requirement, scope, test scenarios, testing
techniques, testing tools, etc. varies with the type of testing
involves, it can be protocol testing for VoIP or wireless
device testing for CDMA. The tutorial gives a basic but
complete overview of how telecom testing can be performed
and discuss various prospects that are crucial for telecom
testing.

Business Intelligence (BI) Testing:

Sample Test Cases
What is BI Testing?
BI or Business Intelligence is defined as the process of
gathering, cleansing, analyzing, integration and sharing data
to accelerate business growth.
You can learn more about ETL/ Business Intelligence in
this tutorial

Sample Test Cases for BI

Following are generic test cases that need to be validated
for any BI Testing Project
Test Scenarios Test Cases

ETL verification  Verify data is mapped correctly from source to target system

 Verify all tables and their fields are copied from source to target

 Verify keys configured to be auto-generated are created properly in target system

 Verify that null fields are not populated

 Verify data is neither garbled nor truncated

 Verify data type and format in target system is as expected

 Verify there is no duplicity of data in the target system

 Verify transformations are applied correctly

 Verify that the precision of data in numeric fields is accurate

 Verify exception handling is robust

Staging data  Reconciliation check- record count between the STG (staging) tables and target tabl
applying filter rules

 Insert a record which is not loaded into target table for given key combination
  Copy records, sending same records that are already loaded into target tables-should

 Update a record for a key when value columns changed on day_02 loads

 Delete the records logically in the target tables

 Values loaded by process tables

 Values loaded by reference tables

Data Loading in  Check if the target and source data base are connected well and there are no access
BI

 For a full load, check the truncate option and ensure its working fine.

 While loading the data, check for the performance of the session

 Check for non-fatal errors.

 Verify you can fail the calling parent task if the child task fails.

 Verify that the logs are updated

 Verify mapping and workflow parameters are configured accurately

 Verify the number of tables in source and target systems is the same

 Compare the attributes from stage tables to that of the target tables. They should be
BI Reports  Display date and time

 Decimal precision for key figures

 In a given page display the number of rows and columns

 Free characteristics in the report

 How are blank values/data displayed for both characteristics and key figures in the r

 Whether search for characteristics is based on key or key&text as applicable

 Does search option on text is case sensitive- Upper, Lower or both