tags:

views:

304

answers:

7
+5  Q: 

Checklist for testing a new site

What are the most common things to test in a new site?

For instance to prevent exploits by bots, malicious users, massive load, etc.?

And just as importantly, what tools and approaches should you use?

(some stress test tools are really expensive/had to use, do you write your own? etc)

Common exploits that should be checked for.

Edit: the reason for this question is partially from being in SO beta, however please refrain from SO beta discussion, SO beta got me thinking about my own site and good thing too. This is meant to be a checklist for things that I, you, or someone else hasn't thought of before.

+1  A: 
Chris  2008-08-22 17:55:35
+1  A: 

YSlow can give you a quick analysis of different metrics.

EndangeredMassa  2008-08-22 18:04:35
+4  A: 

Try and break your own site before someone else does. Your web site is basically a publicly accessible API that allows access to a database and other backend systems. Test the URLs as if they were any other API. I like to start by cataloging all URLs that have some sort of permenant affect on the state of the system - this is easy if you are doing Ruby on Rails development or trying to follow a RESTful design pattern. For each of those URLs, try running a GET, POST, PUT or DELETE HTTP methods with different parameters so that you can ensure that you're only giving access to what you want to give access to.

This of course is in addition to obvious: Functional testing, Load Testing, SQL Injection, XSS etc.

Kyle Boon  2008-08-22 19:11:46
+1  A: 

Turn off javascript and make sure your site can still be navigated.

Even if you want to ignore the small but significant number of people who have it disabled, this will impact search engines as well.

Joshdan  2008-08-22 19:28:03
+1  A: 
Michael OK  2008-09-05 11:55:28
+1  A: 

For checking the cross browser and cross platform look of your site, browershots.org is maybe the best free tool that can safe a lot of time and costs.

Yaba  2008-09-16 20:09:24
A: 

There's seperate stages for this one.

Firstly there's the technical testing, where you check all technical functionality:

  • SQL injections
  • Cross-site Scripting (XSS)
  • load times
  • stress levels

Then there's the phase where you have someone completely computer-illiterate sit down and ask them to find something. Not only does it show you where there's flaws in your navigational logic (I find that developers look upon things way differently than 'other people') but they're also guaranteed to find some way to break your site.

Twan  2008-09-16 21:38:24

related questions

Web framework programming mindset
ASP.NET - asp:xxx Controls versus standard HTML
From Desktop to Web browser considerations
Which PHP Framework will get me to a usable UI the fastest?
Best practice for integrating TDD with web application development?
How to Manage Web Development?
When is a file just a file?
Recommendations for browser add-on tools to help with development
REALLY Simple Website--How Basic Can You Go?
Convince Firefox to send an If-Modified-Since header over HTTPS
What do the getUTC* methods on the date object do?
Planning and Building a mobile enabled site for your main site.
Firebug for IE
Javascript and PHP - Login Script with hidden buttons
Firebug won't display console feeds for some of my sites
Displaying ad content from Respose.WriteFile()/ Response.ContentType
How can I detect if a browser is blocking an popup?
How to Test Web Code?
What PHP framework would you choose for a new application and why?
How do you disable browser Autocomplete on web form field / input tag?
What is Progressive Enhancement?
In HTML, how to word-break on a dash?
The Definitive Guide To Website Authentication
How do you test layout design across multiple browsers/OSs?
How much of the Web build process do you/should you automate?