Testing E-Commerce

Electronic-commerce Web sites incorporate many components familiar to software testers, including GUIs and client/server architectures. Automated testing tools do exist to help with the testing of these sites, but the real challenge is dealing with new and buggy technologies married to a mission-critical retail application.

In this article, I will first discuss the areas of greatest risk and include a quick description of how to handle them. Then, I will lay out a roadmap for planning an electronic commerce testing effort-with specific actions to take for each phase in the product development lifecycle.

Testing is all about risk management, and to understand the risk areas is to manage the testing process. In many ways, testing electronic commerce Web sites is a lot like testing other multi-tiered client/server systems. But there are new risks.

Risk #1: You get no second chances
Web sites sometimes form the customer's crucial first impression of the business. They are often the first points of contact with customers. No second chances means the site must be up all of the time, key features must be accessible, and performance must be adequate.

If you do not at least provide this level of functionality, you will lose customers or viewers even before you've had a chance to sell to them.

Risk #2: You have minimal control over your customers' environments
This is not client/server, in which there typically is only one supported configuration for the client and one for the server. In e-commerce, end users use PCs, Macs, Unix boxes, WebTVs, Internet-enabled phones, and 1024 x 760 or 800 x 600 monitor resolutions. They can use Netscape Navigator, Microsoft Explorer versions 1, 2, 3, or 4.0, Opera, Konqueror, some plug-ins (but perhaps not the ones you assume), different security settings (such as turning off cookies), 1,200 or 56,000 baud modems, T1 lines, etc.

By far the most difficult part of ensuring the quality of an e-commerce application is ensuring the quality of the client environment.

Risk #3: You do not know your customers
Most software products have been designed for a specific type of customer. And most testers have tested products for a very specific type of user. But with e-commerce applications this is very different. You have no idea who will come into your Webstore. Since your customers are anywhere, you might be shipping to Mongolia. Does your one-day shipping guarantee still hold? Can their addresses even fit in your forms? What currency do they use? What measurement system?

Will your customers know how to navigate your site? There are few opportunities for training and documentation. Individual training is not possible. Printed manuals are out. The 800 number will not be used. Your Web site must be usable "out of the box."

Another challenge in not knowing your customers is your inability to always pre-qualify them before doing business. You might be selling alcohol to minors.

Risk #4: You're on WebTime
WebTime is the biggest risk. With an electronic commerce site, your content will be changing frequently, and the software development process will begin to more closely resemble a publishing process. Typically there are many small changes to the user interface throughout the development cycle. Release cycles are measured in days, not months. And you'll be doing more maintenance mode testing with an Internet application than with a normal client/server application.

You're also living in WebTime from a Web technology perspective. The technologies you'll use are uncertain, unstable technologies, and they are constantly changing.

A SPECIAL RISK FOR E-COMMERCE SITES: Security testing. Each e-commerce site has its own unique security concerns [see STQE's "Tracking the Details," Issue