Web Service Testing

The great advantage of Web services is that they empower different types of entities to communicate with one another through platform-independent protocols such as SOAP, XML, and HTTP. However, the tradeoff for this flexibility is that this open, non-native traffic brings with it additional overhead. Take, for example, an enterprise that wants to use a Web service to integrate a J2EE application with a variety of client types or other applications

In this situation, many different types of clients can now access the information contained within the EJBs by going through the Web service layer. But this introduces a potential issue: a new layer of communication has been added with its own overhead and potential for failure into an application whose quality and performance was formerly under control. If the Web service layer makes the application slower or introduces quality issues it could affect application service-levels and negatively impact end users. The only way to ensure that this doesn’t happen is to test the quality and performance of these Web Services before they are deployed.

Web Services are applications that exist within a network. Since web services are being used more and more by businesses, security and testing are essential to web services. Testing ensures that SOA deployments can be reliable and successful for an enterprise. However, there are many gray areas that often occur during testing. To avoid these gray areas it is important to focus on performance, security, SOAP attachments, WSDL, and interoperability.

At a very basic level, one needs to consider how the remote method calls take place via SOAP, how the data is passed, how to test the transport layer, discovery methods, response data, scalability, performance, integrity etc.Testing Approach: Test Case Design, Test Execution shall be Top-Down and Bottom-Up respectively. Documenting test cases for the individual services can be a tedious task and subject matter experts can take part in unit testing the individual service so that they are error-free in the downstream process. This approach facilitates meeting the high-level business requirements and can also be used to create the data contents for the exchanged message. This will avoid the major pitfall of delivering a technically acceptable solution which fails to deliver business value. Once this is done, the data must be formatted into messages (XML) that express service request and replies from consumer and provider respectively.

Test tools must be used before and after publishing a web service. To do this, the WSDL must be loaded into the tool. The tool then acts as a client of the web service and sends SOAP requests. This describes a simple consumer-producer test scenario. Since web services depend on other services, the whole chain must be tested in order to find the problems. If a web service is not performing correctly, it may be due to another web service which it is attached to. This is easy to find if one simply monitors the CPU and memory statistics of each web service as the test transaction occurs. Many performance characteristics must be looked at such as response times and fail/pass ratios.

Security validation is also very important to evaluate when testing web services. This must be taken care of at the message level by using tools such as signatures and encryption. Test cases are also important to look at since a negative test case shows where the web service is inefficient.

SOAP is used to carry complex attachments through a network. These transmissions must also be evaluated to ensure that the attachment is not corrupted. To test a SOAP attachment, one can simply make sure that the upload and download values match and re-calculate the check-sum. The break point for message size must also be figured out.

WSDL acts as an important contract between the consumer and producer. However, this also provides gray area in web services testing since it is often not accessible through a firewall after handled by a partner. To avoid this dilemma, it is important to flatten the WSDL before handing it over to a trading partner. WSDL quality must also be identified.

Web Services Process Flow


A service provider describes its service using WSDL. This definition is published to a directory of services. The directory could use Universal Description, Discovery, and Integration (UDDI). Other forms of directories can also be used. Service consumer issues one or more queries to the directory to locate a service and determine how to communicate with that service. Part of the WSDL provided by the service provider is passed to the service consumer and this tells the service consumer what the requests and responses are for the service provider.

Web Services

A Web service is a method of communication between two electronic devices over a network.
The W3C defines a "Web service" as "a software system designed to support interoperable machine-to-machine interaction over a network. It has an interface described in a machine-process able format (specifically Web Services Description Language WSDL). Other systems interact with the Web service in a manner prescribed by its description using SOAP messages, typically conveyed using HTTP with an XML serialization in conjunction with other Web-related standards.

The W3C also states, "We can identify two major classes of Web services, REST-compliant Web services, in which the primary purpose of the service is to manipulate XML representations of Web resources using a uniform set of "stateless" operations; and arbitrary Web services, in which the service may expose an arbitrary set of operations.

Web services are software systems designed to support interoperable machine-to-machine interaction over a network. This interoperability is gained through a set of XML-based open standards, such as WSDL, SOAP, and UDDI. These standards provide a common approach for defining, publishing, and using web services.

The full-function web services platform can be thought of as XML, HTTP, SOAP, WSDL and UDDI. At higher levels, one might also add technologies such as XAML, XLANG, XKMS, and XFS -- services that are not universally accepted as mandatory.

SOAP (Simple Object Access Protocol) is a protocol specification that defines a uniform way of passing XML-encoded data. It also defines a way to perform remote procedure calls (RPCs) using HTTP as the underlying communication protocol.

UDDI (Universal Description, Discovery and Integration Service) provides a mechanism for clients to dynamically find other web services. Using a UDDI interface, businesses can dynamically connect to services provided by external business partners. A UDDI registry is similar to a CORBA trader, or it can be thought of as a DNS service for business applications.

Web Services Description Language (WSDL) is a new specification to describe networked XML-based services. It provides a simple way for service providers to describe the basic format of requests to their systems regardless of the underlying protocol (such as Simple Object Access Protocol or XML) or encoding (such as Multipurpose Internet Messaging Extensions). WSDL is a key part of the effort of the Universal Description, Discovery and Integration (UDDI) initiative to provide directories and descriptions of such on-line services for electronic business.

SOA Testing Challanges

When it comes to testing SOA applications, one has to look beyond functionality and performance (load) testing. SOA testing requires testing of interfaces and services that might bring together diverse systems and platforms, along with other performance (latency) and security related aspects.
One of the other challenges to be tackled in SOA Testing is the availability of the environment with the dependent underlying services and/or applications. For instance, an SOA Implementation might bring together two or more autonomous internal applications/services when composing a business process.
The availability of these internal applications/services becomes highly important during integration testing in parts as well as during end-to-end testing of the business process.
Some of the SOA Testing challenges are:
• Services that do not have a user interface
• Data driven business logic within services
• External services to the organization
• The quality of 'service' software will be vital to promote reuse and facilitate business agility. Services that have known bugs and quality issues will not be reused by the development teams. A significant increase in testing activities and test assets (functional, performance and security regression suites that include sophisticated harnesses and stubs) will be required at a service (program) level
• Predicting the future usage of services to assist with performance, load, stress, scalability
• As your SOA evolves, security testing will have a higher priority and profile within your organizations test strategy
Additional considerations:
• In SOA, Services are based on heterogeneous technologies. The ability to string together multiple types of components to form a business process requires unconstrained thinking from an architect's perspective, and test planning and scheduling complexities from a tester's perspective.
• In SOA, application logic is in the middle-tier, operating within numerous technologies, residing outside the department, or even outside the company.
• To test SOA, you need to go far beyond merely testing a user interface or browser screen. Web Services (WSDL/SOAP) will be an important component for many SOAs, but if you're only testing Web Services, you are not likely to test the entire technology stack that makes up the application. What are the transactions happening at the messaging layer? Is the right entry being reflected in the database?

Multiple Choice Testing Question Answers

1 : With thorough testing it is possible to remove all defects from a program prior to delivery to the customer.
a. True
b. False
ANSWER : b

2 : Which of the following are characteristics of testable Software ?
a. observability
b. simplicity
c. stability
d. all of the above
ANSWER : d

3 : The testing technique that requires devising test cases to demonstrate that each program function is operational is called
a. black-box testing
b. glass-box testing
c. grey-box testing
d. white-box testing
ANSWER : a

4 : The testing technique that requires devising test cases to exercise the internal logic of a software module is called
a. behavioral testing
b. black-box testing
c. grey-box testing
d. white-box testing
ANSWER : d

5 : What types of errors are missed by black-box testing and can be uncovered by white-box testing ?
a. behavioral errors
b. logic errors
c. performance errors
d. typographical errors
e. both b and d
ANSWER : e

6 : Program flow graphs are identical to program flowcharts.
a. True
b. False
ANSWER : b

7 : The cyclomatic complexity metric provides the designer with information regarding the number of
a. cycles in the program
b. errors in the program
c. independent logic paths in the program
d. statements in the program
ANSWER : c

8 : The cyclomatic complexity of a program can be computed directly from a PDL representation of an algorithm without drawing a program flow graph
.a. True
b. False
ANSWER : a

9 : Condition testing is a control structure testing technique where the criteria used to design test cases is that they
a. rely on basis path testing
b. exercise the logical conditions in a program module
c. select test paths based on the locations and uses of variables
d. focus on testing the validity of loop constructs
ANSWER : b

10 : Data flow testing is a control structure testing technique where the criteria used to design test cases is that they
a. rely on basis path testing
b. exercise the logical conditions in a program module
c. select test paths based on the locations and uses of variables
d. focus on testing the validity of loop constructs
ANSWER : c

11 : Loop testing is a control structure testing technique where the criteria used to design test cases is that they
a. rely basis path testing
b. exercise the logical conditions in a program module
c. select test paths based on the locations and uses of variables
d. focus on testing the validity of loop constructs
ANSWER : d

12 : Black-box testing attempts to find errors in which of the following categories
a. incorrect or missing functions
b. interface errors
c. performance errors
d. all of the abovee. none of the above
ANSWER : d

13 : Graph-based testing methods can only be used for object-oriented systems
a. True
b. False
ANSWER : b

14 : Equivalence testing divides the input domain into classes of data from which test cases can be derived to reduce the total number of test cases that must be developed.
a. True b. False
ANSWER : a

15 : Boundary value analysis can only be used to do white-box testing.
a. True
b. False
ANSWER : b

16 : Comparison testing is typically done to test two competing products as part of customer market analysis prior to product release.
a. True
b. False
ANSWER : b

17 : Orthogonal array testing enables the test designer to maximize the coverage of the test cases devised for relatively small input domains.
a. True b. False
ANSWER : a

18 : Test case design "in the small" for OO software is driven by the algorithmic detail ofthe individual operations.
a. True
b. False
ANSWER : a

19 : Encapsulation of attributes and operations inside objects makes it easy to obtain object state information during testing.
a. True
b. False
ANSWER : b

20 : Use-cases can provide useful input into the design of black-box and state-based tests of OO software.
a. True
b. False
ANSWER : a

21 : Fault-based testing is best reserved for
a. conventional software testing
b. operations and classes that are critical or suspect
c. use-case validation
d. white-box testing of operator algorithms
ANSWER : b

22 : Testing OO class operations is made more difficult by
a. encapsulation
b. inheritance
c. polymorphism
d. both b and c
ANSWER : d

23 : Scenario-based testing
a. concentrates on actor and software interaction
b. misses errors in specifications
c. misses errors in subsystem interactions
d. both a and b
ANSWER : a

24 : Deep structure testing is not designed to
a. examine object behaviors
b. exercise communication mechanisms
c. exercise object dependencies
d. exercise structure observable by the user
ANSWER : d

25 : Random order tests are conducted to exercise different class instance life histories.
a. True
b. False
ANSWER : a

26 : Which of these techniques is not useful for partition testing at the class level
a. attribute-based partitioning
b. category-based partitioning
c. equivalence class partitioning
d. state-based partitioning
ANSWER : c

27 : Multiple class testing is too complex to be tested using random test cases.
a. True
b. False
ANSWER : b

28 : Tests derived from behavioral class models should be based on the
a. data flowdiagram
b. object-relation diagram
c. state diagram
d. use-case diagram
ANSWER : c

29 : Client/server architectures cannot be properly tested because network load is highly variable.
a. True
b. False
ANSWER : b

30 : Real-time applications add a new and potentially difficult element to the testing mix
a. performance
b. reliability
c. security
d. time
ANSWER : d

What Is WSDL?

WSDL: Web Service Description Language

This New Breed of dot com needs a solution that can describe the services .the web services it offers specially this means that you need a format or some type of grammar with which you can describe the answers to the following questions.
  • What are the services offered in Your Online business?
  • How Can You Invoke Your business services?
  • What information do your business services need from the user when he or she invoke your Service?
  • How Will the user Provide the required Information?
  • In which Format will the services send information back to user?

Testing Definition In Simple

  • What's Ad Hoc Testing ?
  • A testing where the tester tries to break the software by randomly trying functionality of software.
  • What's the Accessibility Testing ?
  • Testing that determines if software will be usable by people with disabilities.
  • What's the Alpha Testing ?
  • The Alpha Testing is conducted at the developer sites and in a controlled environment by the end user of the software
  • What's the Beta Testing ?
  • Testing the application after the installation at the client place।
  • What is Component Testing ?
  • Testing of individual software components (Unit Testing).
  • What's Compatibility Testing ?
  • In Compatibility testing we can test that software is compatible with other elements of system.
  • What is Concurrency Testing ?
  • Multi-user testing geared towards determining the effects of accessing the same application code, module or database records. Identifies and measures the level of locking, deadlocking and use of single-threaded code and locking semaphores.
  • What is Conformance Testing ?
  • The process of testing that an implementation conforms to the specification on which it is based. Usually applied to testing conformance to a formal standard.
  • What is Context Driven Testing ?
  • The context-driven school of software testing is flavor of Agile Testing that advocates continuous and creative evaluation of testing opportunities in light of the potential information revealed and the value of that information to the organization right now.
  • What is Data Driven Testing ?
  • Testing in which the action of a test case is parameterized by externally defined data values, maintained as a file or spreadsheet. A common technique in Automated Testing.
  • What is Conversion Testing ?
  • Testing of programs or procedures used to convert data from existing systems for use in replacement systems.
  • What is Dependency Testing ?
  • Examines an application's requirements for pre-existing software, initial states and configuration in order to maintain proper functionality.
  • What is Depth Testing ?
  • A test that exercises a feature of a product in full detail.
  • What is Dynamic Testing ?
  • Testing software through executing it. See also Static Testing.
  • What is Endurance Testing ?
  • Checks for memory leaks or other problems that may occur with prolonged execution.
  • What is End-to-End testing ?
  • Testing a complete application environment in a situation that mimics real-world use, such as interacting with a database, using network communications, or interacting with other hardware, applications, or systems if appropriate.
  • What is Exhaustive Testing ?
  • Testing which covers all combinations of input values and preconditions for an element of the software under test.
  • What is Gorilla Testing ?
  • Testing one particular module, functionality heavily.
  • What is Installation Testing ?
  • Confirms that the application under test recovers from expected or unexpected events without loss of data or functionality. Events can include shortage of disk space, unexpected loss of communication, or power out conditions.
  • What is Localization Testing ?
  • This term refers to making software specifically designed for a specific locality.
  • What is Loop Testing ?
  • A white box testing technique that exercises program loops.
  • What is Mutation Testing ?
  • Mutation testing is a method for determining if a set of test data or test cases is useful, by deliberately introducing various code changes ('bugs') and retesting with the original test data/cases to determine if the 'bugs' are detected. Proper implementation requires large computational resources
  • What is Monkey Testing ?
  • Testing a system or an Application on the fly, i.e just few tests here and there to ensure the system or an application does not crash out.
  • What is Positive Testing ?
  • Testing aimed at showing software works. Also known as "test to pass". See also Negative Testing.
  • What is Negative Testing ?
  • Testing aimed at showing software does not work. Also known as "test to fail". See also Positive Testing.
  • What is Path Testing ?
  • Testing in which all paths in the program source code are tested at least once.
  • What is Performance Testing ?
  • Testing conducted to evaluate the compliance of a system or component with specified performance requirements. Often this is performed using an automated test tool to simulate large number of users. Also know as "Load Testing".
  • What is Ramp Testing ?
  • Continuously raising an input signal until the system breaks down.
  • What is Recovery Testing ?
  • Confirms that the program recovers from expected or unexpected events without loss of data or functionality. Events can include shortage of disk space, unexpected loss of communication, or power out conditions.
  • What is the Re-testing testing ?
  • Retesting- Again testing the functionality of the application.
  • What is the Regression testing ?
  • Regression- Check that change in code have not effected the working functionality
  • What is Sanity Testing ?
  • Brief test of major functional elements of a piece of software to determine if its basically operational.
  • What is Scalability Testing ?
  • Performance testing focused on ensuring the application under test gracefully handles increases in work load in Normal Condition.
  • What is Security Testing ?
  • Testing which confirms that the program can restrict access to authorized personnel and that the authorized personnel can access the functions available to their security level.
  • What is Stress Testing ?
  • Stress testing is a form of testing that is used to determine the stability of a given system or entity. It involves testing beyond normal operational capacity, often to a breaking point, in order to observe the results in Abnormal Condition.
  • What is Smoke Testing ?
  • A quick-and-dirty test that the major functions of a piece of software work. Originated in the hardware testing practice of turning on a new piece of hardware for the first time and considering it a success if it does not catch on fire.
  • What is Soak Testing ?
  • Running a system at high load for a prolonged period of time. For example, running several times more transactions in an entire day (or night) than would be expected in a busy day, to identify and performance problems that appear after a large number of transactions have been executed.it means Reliability with load.
  • What's the Usability testing ?
  • Usability testing is for user friendliness.
  • What's the User acceptance testing ?
  • User acceptance testing is determining if software is satisfactory to an end-user or customer.
  • What's the Volume Testing ?
  • We can perform the Volume testing, where the system is subjected to large volume of data.