It is usually stress-free for a tester to migrate from one technology to another, but at times it is more difficult to move from one methodology to another. Jumping from a custom application to Commercial Off-The-Shelf (COTs) is still an easy transition. The tester has a better idea on which parts they need to focus on or which modules are more susceptible than others.
With the dispersed architecture of loosely coupled systems which may be technically apart but frequently need to communicate with each other in terms of data requirements is where web services comes into the picture. A web service provides a simple interface for communication for these systems using a typical data transfer mechanism.
Ladders in Web service testing:
- To conclude what is expected from a Web service with respect to business requirements
- To gather and understand the requirements, and the data transfer standards
- To design test cases keeping business requirements in mind, the more data scenarios you have, healthier the quality of deliverable
- It is a thornier task to test complete end to end business flows with all the possible data scenarios. The trick is to have an automated tool which can shorten the testing of web services like Optimyz, SOAP UI etc.
Web Services: What all do we need to test?
- Functionality: We need to look for the following in the midst of functional testing
- Specification Review (SR)
- Test Case Development (TCD)
- Test Execution, the examination of requests & responses
- Performance: Testing web services performance may be complicated. To avoid this, following a simple rule of clearly mentioning the thresholds upfront, solves problems. Another key is to know the performance requirements in the most accurate manner.
For e.g.
- A good requirement: This service has been identified as serving 50,000 concurrent users with 10 second average response time
- A bad requirement: This service should serve > 4000 concurrent users, and the response should be fast
- Security: Web Services are wide-open in a network. This element opens up a host of vulnerabilities, such as penetration, Denial-of-Service (DOS) attacks, and great volumes of spam data, etc. Distinctive security policies have to be imposed at the network level to create a sound Service Oriented Architecture (SOA). There are certain security policies which are enforced during data transfer, and user tokens or certificates are common sights where data is protected with a password. Precise test cases aimed at directing these policies need to be designed to completely test the Web service security
- Compliance: Compliance testing is required to ensure that:
- Web services meet certain specified standards
- Authorize SOAP request/response messages
- Authenticate WSDL definitions
When testers take up web services it tosses many challenges at them, it is still very important to know what they need to do, rather than doing it first to learn costly lessons later.
