Changing the QA Mindset for Rich Internet Applications


It is clear that, as tempting as it is from a performance standpoint, executing business logic on the client tier is unacceptably dangerous. Every RIA's quality-assurance test plan should ensure that the client-side code contains only presentation logic. What this means is that QA professionals can no longer rely on a Web browser as their sole testing tool for RIAs. QA teams have to examine the details of the RIAs' client-side components in order to ensure that no business logic has crept into the client code (either accidentally or intentionally). For Flash and Silverlight applications, this requires decompilation of the downloaded SWF or DLL files. For JavaScript, it may require downloading external script source files.

QA professionals should not consider looking at source code or using disassemblers out of the scope of their responsibilities. While it is true that, previously, they never had to perform these actions when testing traditional Web applications, RIAs have expanded the scope of the QA's responsibilities. Simple, manual, black box testing of the application through a Web browser is no longer sufficient. In order to ensure security, the QA arsenal must expand to include new tools and processes in order to thoroughly test all aspects of RIAs.

About the author

AgileConnection is a TechWell community.

Through conferences, training, consulting, and online resources, TechWell helps you develop and deliver great software every day.