??? security-test all websites to ISO/IEC17799
5 Safety-critical website containing information
whose inaccuracy may lead to loss of life or an
interface whose failure may lead to loss of life.
As 4 but also FTA on the problem domain as part of a safety
case.
Testing and the Web
69
5.3 Web Test Planning
In addition to the normal test plan contents consider the following issues:
???
Information gathering
. Assuming that the site is underspecified:
??“ Undertake a scoping exercise to identify every document, script, manual, or specification which
may be useful. Send a memorandum from both yourself and the project manager asking for
information.
??“ Identify from the results:
??? A list of all components of the website (html, scripts, servlets, applets, web, and legacy
applications)
??? A list of all the website features
??“ Create a cross-reference between feature and component
??? Against this list identify:
??? Any item which may form a baseline against which to test, who owns the item, and
where it is held
??? The development group responsible
??? The tester(s) responsible
??? The manager concerned for the item or feature
??? The baseline documents, code, etc.
??? The components which are under-documented
??? The priority of each component
??? The tests to be written
??“ Give this list to a tester to keep updated.
This list is a major weapon in your battle to impose order on website testing. As testers explore
the site the discrepancy between what is supposed to be there and what isn??™t, can provoke some
major battles and you will need back-up and proof that information is missing.
Pages:
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206