Software Testing Types Starting Points

Software Testing Types Starting Points

Which testing type will you start with?

In this article I will explain the most common testing types for web applications with simple words. I will not use ISTQB or other certification authority glossary. I will give tool examples and starting points for more information.

Security is a top priority.

If you are given entire application to test or you own small web app, start with security testing. This testing checks your application vulnerability. Could unauthorized user login or make changes without permissions?  Is your user’s data at risk? Can someone use your application for making profit for himself?

Why is this important?

Who wants to give credit card information to a hacked website?  Not me. Not you.

Imagine you have worked hard for years, have good SEO rank and loyal customers base. Then one day someone hacks your application (web site). You could easily lose your business overnight. Not something you want to experience, right?

Do not have illusions that you can catch complex security bugs. There are experts that specialize in that field for many years and even they cannot discover all issues. Even big companies discover vulnerabilities in their product and provide patches and updates.

Your job is to make your application less vulnerable. Enforce good password policy. If you own small WordPress site, install security plugin with firewall such as WordFence. If you work in a bigger company, involve related stakeholders (administrators, security experts). Good place to start is OWASP top ten list with vulnerabilities.  Test for the ten most common vulnerabilities and share your findings with the developers in your team.

What to focus on next?

Nobody wants to wait. Performance is essential.

Performance testing is ensuring that your application is fast enough for a wanted period of time with expected users number. Generally the faster, the better, 2 seconds is considered as the limit for responsiveness. Maximum two seconds after user has requested URL, he should see something valuable, or he will leave.

An easy way to check your current speed and areas for improvements is online on or web page test.

SEO testing

You have thought of security and performance. But if your site is not indexed properly by search engines, you will either not have customers, or will have to spend more on paid advertising and direct marketing.

Search engines like Google and Bing like great content, semantic markup and structured data. Your robots.txt and sitemap files should be carefully updated. I have heard a joke:

“What is the ultimate revenge of a fired SEO expert?”

The answer is :

“To put in robots.txt file only the two lines below.”

User-agent: *
Disallow: /

With these simple lines, you are telling that you do not want your site to be indexed. Not funny at all if this had happened to you.

Good starting points are Google Analytics and Google Search Console. From Google Analytics I extract information such as most popular pages and real users number and behavior.  I use Google Search Console for finding crawling errors and request indexing. In order to use them you should have account and you have to add applications that you could verify are yours.

Cross-browser and cross devices testing

Your application should look equally well on different browsers and mobile devices with different screen resolution. Quick way of doing responsive testing is to resize your browser window or use browser extension like Chrome Window Resizer.

I often use Chrome device mode before testing on real devices, because it saves me time. You can use this mode following the steps:

  1. Open Chrome browser.
  2. Press F12.
  3. Press Toggle Device Toolbar (Ctrl+Shift+M)

When you want to return to normal browser mode, you should press the same icon.

Functional testing

Ensure your web application functions as intended. For example, if you distribute products as downloadable files, ensure users can really download them. On my site, there is a search form. Functional testing will be to execute searches with different input strings and see whether expected results are returned.

As a starting point, you could assess your application functionalities, what are their priorities and risk. Write test cases or checklists that cover them.

Integration testing

This is testing how your application communicates with other applications. For example currently on this post I have enabled Disqus post comments instead of default WordPress comments. I should test that user can post and the post appears both in the blog post and in Disqus admin area for my site.

You should have a list of such integration points.

Regression testing

Ensuring that something that worked yesterday, is working today. Great way to execute this type of testing  is using automation tools, such as Selenium. You can do regression testing manually, but it is more error prone and time-consuming.


The article explained briefly the most common types of testing for web applications. It provided real live starting points for security, performance, SEO, cross-browser, integration and regression testing. In next articles I will go into more details on how to perform the tests, as well as I will give real bug examples.  See this article for the four most important things to consider, before you start testing.