Home > Store

Quality Web Systems: Performance, Security, and Usability

Add To My Wish List

Quality Web Systems: Performance, Security, and Usability

By Elfriede Dustin, Jeff Rashka, Douglas McDiarmid
Published Aug 23, 2001 by Addison-Wesley Professional.

Book

Sorry, this book is no longer in print.

Not for Sale

Description

Sample Content

Updates

More Information

Description

Copyright 2002
Dimensions: 7-3/8" x 9-1/4"
Pages: 336
Edition: 1st

Book
ISBN-10: 0-201-71936-3
ISBN-13: 978-0-201-71936-9

Enterprise Web developers are trapped between a rock and a hard place: they're under tremendous pressure to get to market fast -- but if they deploy systems of poor quality, they will drive away customers -- losing revenue and market share for years to come. Quality Web Systems gives software professionals start-to-finish resources for enhancing quality and accelerating development at the same time. Quality Web Systems identifies the key obstacles to delivering Web systems that deliver promised levels of performance, security, and usability -- and proven solutions. Coverage includes: identifying key success criteria for Web development; specifying Web system functionality through RSI (Requirement-Service-Interface) use cases; creating test cases; checking browser and platform compatibility; identifying and testing for security vulnerabilities; planning and evaluating ease-of-use; and meeting specified performance and scalability requirements.



Sample Content

Online Sample Chapter

Web System Security

Downloadable Sample Chapter

Click below for Sample Chapter related to this title:
dustinch3.pdf

Foreword.

Preface.

Acknowledgements.

1. Overview of Web Systems and Technologies.

Quality Web Systems.

Success Criteria.

Assigning Priorities Based on Risks.

Web System Engineering.

Web System Architecture.

2. Web Engineering Using the RSI Approach.

Use Cases Analysis.

Goal Oriented Use Cases Analysis.

RSI Approach.

RSI Model Development.

Non-Functional Requirements.

Technology Selection.

Test Procedures From RSI Use Cases.

Chapter Summary.

References.

3. Security.

Overview.

Web and Application Servers.

Database Server.

Client Computer.

Secure Communications.

Network Security.

Verifying Site Security.

TBS Case Study.

Chapter Summary.

References.

4. Performance.

Overview.

Performance and Scalability Requirements.

Verifying Site Performance and Scalability.

Verification Phases.

Interpreting the Test Results.

Improving Performance and Scalability.

Analyzing Scalability and Cost.

TBS Case Study.

Chapter Summary.

References.

5. Compatibility.

Client-Side Compatibility Issues.

Verifying Site Compatibility.

TBS Case Study.

Chapter Summary.

References.

6. Usability and Accessibility.

Usability Engineering.

Accessibility.

Usability Evaluation.

Automating Usability Evaluation.

TBS Case Study.

Chapter Summary.

References.

7. Tools.

Engineering.

Security.

Performance and Scalability.

Compatibility.

Usability.

Other Tools.

Chapter Summary.

Appendixes.

A. Evaluation Checklists.

B. Test Tool Evaluations.

C. Technology Book Store Case Study.

Contributing Author Biographies.

Index. 0201719363T04202001

Preface

Quality Web Systems addresses the challenge for today's Web software professionals engaged in the development of Web sites and Web-based applications--products that support the business of an organization. These professionals working to develop and to deploy Web systems are under pressure to complete development efforts and to incorporate upgrades to systems ahead of the competition. Deployment delays often translate into the loss of revenue and reputation for the organization and can result in the loss of market share, which may be vital to the future of the organization. Similarly, the deployment of troublesome or error-prone Web systems can result in disgruntled customers, loss of revenue, and loss of market share. Web customers are seeking Web systems that serve them in a reliable fashion, that are secure and usable, and that provide quick and easy service.

Often overlooked during the effort to quickly deploy a Web system are the many necessary aspects that make up a successful system. Among these key success factors are proper functionality, ease of use, compatibility with a variety of browsers, security of the site's components and content, and system performance and scalability.

The Web has brought many changes to the way that systems are built and deployed. Software engineers attempting to build these sites face a multitude of new concerns, most of which have arisen over just a few years. Many systems are deployed with flaws that pose serious problems for the site, such as security holes and the inability to cope with user load. These issues have the effect of placing one or more of the key success factors at risk. This book provides a technical examination of these issues, outlines appropriate implementation techniques, and describes the problem areas in technical detail.

Delivering a quality Web system, however, does not rely merely on the merits of having a grasp of the potential problems and the knowledge of how to fix them. A critical component of any Web development project is the proper use of testing techniques, which are necessary for verifying that the site addresses these concerns and delivers the required functionality to the end users. Therefore, in addition to the technical discussion of each problem area, we also provide detailed testing strategies.

The starting point for exploring these issues and the first step toward ensuring that key Web system success criteria have been addressed during the development of the Web system is the capture and analysis of the site's intended functionality. One of the most effective and popular techniques for requirements capture is known as use case analysis, a technique for specifying system functionality precisely. Use cases are the basis for further analysis and design of the system. The study of use case analysis is a large topic, and it can be undertaken in several ways, depending on the size of the project and the people involved. The use case approach presented here, known as RSI (requirement-service-interface), is a specific way of engineering the functionality of a system and includes definition of system requirements, modeling of the high-level system services, and specification of the user interface.

RSI use cases are also an excellent starting point for test case definition, providing an appropriate level of detail for black-box and gray-box testing activities. This book does not attempt to cover all the possible implementation techniques and functional issues that may be encountered but rather concentrates on the engineering of system functionality, a critical factor in Web system quality and success. This effective approach to engineering system functionality supports the development of thorough tests that help to ensure proper operation of the system. The specification of system functionality occurs throughout the project life cycle, with the majority of the work being performed in the earlier phases. The specification of system functionality is an activity that warrants special attention by software professionals and project managers, and it should be regarded as one of the keys to delivering a quality Web system.

Another critical activity pertains to the early phases of architecture definition, system design, and implementation. These activities are also performed iteratively throughout the life of the project. Some decisions that are made early in these processes will be difficult, if not impossible, to reverse at a later time should a major flaw be discovered in the system's ability to perform in accordance with defined nonfunctional requirements--security, performance and scalability, and so on. Unfortunately, much of the guidance necessary to avoid these issues and to be able to deliver a system that properly addresses the key Web system success criteria has not been readily available and, in particular, has not been provided in one source.

Quality Web Systems addresses in detail the key success factors--security, performance and scalability, compatibility, usability, and the specification of functionality--that have a profound effect on the acceptance and use of the Web system by the end user. Engineering these factors into the system during the architecture, design, and implementation phases enables the Web site to be constructed with proper consideration for these concerns. In addition to the engineering of the key success factors into the Web system, software professionals need to apply the testing samples and guidance provided in the book in order to verify the successful implementation of the key success factors.

As an aid in helping to more completely outline the concepts addressed within the book, a single case study system, the Technology Bookstore, is portrayed throughout. In each chapter, relevant examples from the case study system are examined to provide concrete examples for the implementation concerns and test procedures.

Audience

This book focuses on the pragmatic concerns for Web system architecture and development: the Web enabling of applications, the establishment of Internet and intranet Web sites, and the development of Web applications supporting enterprise information portals. Thus, this book is valuable for Web architects and Web developers, who require detailed technical information on Web architectures and the proper implementation of site components to provide a site that is secure, scalable, compatible, and usable. The book also supports software test engineers seeking a more comprehensive technical understanding of Web systems. In addition, each success criterion is accompanied by step-by-step testing strategies for the test engineer. The book supports project managers by providing them with greater technical insight into the key Web system success factors.

Conventions

This book uses the following conventions to help the reader.

Code samples, log entries, commands, and other captures are represented in a special type font: // this is a code sample.
Important terms and ideas are highlighted with italicized text.

Organization

Chapter 1 provides an overview of Web systems and technologies. The chapter outlines the paradigm shift that has occurred, associated with the movement of modern business and commercial software applications to the Web, and discusses how this shift has introduced new system development issues. Architectural approaches and Web system components are addressed, as well as the languages and products that are used to create Web systems. Basic terms used throughout the book are introduced.

Chapter 2--explains how to capture system behavior, or functionality, at the appropriate levels of detail through use case analysis using the RSI approach. The application of RSI use cases as an excellent starting point for test case definition is addressed.

Chapter 3--covers a multitude of security and privacy concerns for any Web system. The chapter focuses on security issues pertaining to the Web server, the database server and browser, and content security of custom components of a Web system.

Chapter 4--provides an in-depth discussion about the ability of the system to perform and scale. The chapter also explains how to identify and correct performance and scalability problems. The need for capacity planning is addressed as it pertains to the process of determining the resource requirements necessary for the Web system to be able to handle future load within an acceptable response time.

Chapter 5--details the challenges of providing service in an acceptable way to users with various operating systems and Web browsers. Guidance is provided on the implementation of standards and the development of a compatibility test matrix to aid in defining the proper scope of compatibility tests, given the extremely large possible number of test combinations.

Chapter 6--examines the suitability of the site's interface and end user experience relative to the intended user base. The Web system must be logical and intuitive and must provide a unique and pleasant shopping experience. Tests need to be applied to the system to provide assurance that an adequate level of usability has been implemented.

Chapter 7--outlines the various kinds of tools that are available to assist with the issues described in the previous chapters. Finally, Appendixes A-C provide supplementary information: Web testing checklists, a test tool evaluation matrix, and the Technology Bookstore case study.

Note that Chapters 3-6 provide not only an in-depth technical discussion of the material applicable to Web architecture and Web development audiences but also step-by-step guidance for the performance of tests applicable to both Web development and software testing. In addition and where applicable, references to additional sources of information are provided.

0201719363P08102001

Index

Abstraction, levels of, 16-18, 25, 39
Access control dialog box, 65
Accessibility, 3, 200-204: disability types, 201-204; research and studies on, 204
ActiveX controls, 7, 228, 230: browser compatibility and, 175; security issues involving, 87-89, 102-104
ALT attributes, 202
ALT links, 235
ALT text for images, 235
Analysis using RSI use cases, 36-39
Animation, 234
Anonymous users, 71-72
AnyBrowser.com Site Viewer, 221
APIs: database access through, 85; encrypting/decrypting information with, 83-84
Appearance, 234
Application components, 9
Application logs, 139-140
Application servers, 62: load balancing of, 141; security of, 60, 64-79
Architecture, 4-9: client tier, 5-8; database tier, 9; middle tier, 8-9; n-tier, 5; performance improvement through, 137-138; TBS, 298-299
Architecture baseline (prototype), 42
Asymmetric encryption, 91
Atomic system functions, 40
Atomic use cases, 17
Audience of book, xi
Auditory disabilities, 203
Authentication, 64-71, 226-227: custom authentication form, 68-71; HTTP basic, 64-68; verifying, 93-94
Authenticode, 87
Authorization, 71-72, 227: in TBS case study, 108-110; verifying, 94-96
Automated testing tools, 218

Back button, 195
Background, 233
Background images, 235
Background processing, 143
Base configuration, 124, 136
Base performance testing, 121-122, 123, 127-128, 229: interpreting results of, 134-136
Base unit of scalability, 124
Biographical details, 238
Black-box testing, 43-44, 50
Bottlenecks, 119, 122, 136
Bottom-page navigation, 241
Boundary classes, 38
Boundary conditions, 99
Branding, 199
Browser compatibility, 159-190: ActiveX controls, 174-175; colors, 179-180, 188-189; compression, 181; cookies, 170-172; CSS, 163, 186-188; Document Object Model (DOM), 168-170; ECMAScript, 168; evaluation checklists, 230-231; fonts, 179; handling, 163-168; HTML rendering, 162, 186; HTML version, 161-162; image formats, 180-181; Java applets, 173-174; plug-ins, 173; secure protocols, 181; TBS case study of, 185-189; tools, 221; verifying, 181-185; XHTML, 178-179; XML, 175-178
Browser compatibility chart, 185
Browsers, 5: extensions, 5; security flaws in, 87; usability and interface of, 195-196
Browsing-user session, 127
Buffer overflows, 76-79, 89, 98-99, 227: ActiveX control, 102-103; in TBS case study, 111
Bullets, 234
Business model of Technology Bookstore case study, 23-26
Button text labels, 240
Buzzwords, 232

CAB (cabinet) file, 174
Cascading style sheets. See CSS (cascading style sheets)
CAST Bobby, 222
C/C++ programs, buffer overflow in, 77-79
Certificate authority (CA), 90-91
Check boxes, 240
Child process, 73-74
Cisco Secure Scanner, 219
Classes, in analysis modeling, 38
Clickable regions, 240
Client computer, 228: performance testing of, 124, 125; scalability testing of, 124; security of, 60, 87-90, 102-105
Client-side scripts, 7, 87, 88-89, 162
Client tier, 5-8
Cockburn, Alistair, 14-15
Code algorithms, optimized, 139
Cognitive disabilities, 203-204
Collaboration diagrams, 38-39
Collins-Cope, Mark, 12
Colors, 231, 233: browser compatibility and, 179-180, 188-189; link, 240
Comment mechanism, 238
Common Gateway Interface (CGI), 8
Communications, secure, 60, 90-91, 105-106, 228: verifying, 105-106
Compatibility, 3. See also Browser compatibility: checklist for evaluating, 230-231; testing services, 185; usability vs., 160, 193
Completeness of use cases, 43
Component inputs, 98
Compression: browser compatibility and, 181; HTTP, 138; of images, 180
Compuware's QADirector, 218
Compuware's QALoad, 220
Concrete scenario, 15
Concurrency, 226
Concurrent users, 120
Configuration file, 86
Connection pooling, 81
Consistency of use cases, 43
Consolidated service set, 18
Content, 199, 232: usability and, 145, 197
Content attacks, 72-79, 227: buffer overflows, 76-79, 89, 98-99, 227; system command execution, 73-75, 96-97, 227; unauthorized server-side file access, 75-76, 98; verification against, 96-99
Content usability criteria, 208
Control classes, 38
Conventions used in book, xi
Cookies, 86, 87, 228, 230: browser compatibility and, 170-172; browser warning about, 195; security issues involving, 89-90, 104-105; session state stored in, 142, 143
Copyright notice, 214-215
Correctness of use cases, 43
Corruption of database, 137
Cost analysis, 144-147
Cost requirements, 120
CPU utilization, 139, 152-153: excessive, 134, 135; measurement performance guidelines for, 133
CSS (cascading style sheets), 7, 138, 166-167, 169, 176, 201: browser compatibility and, 163, 186-188; multiple, 166-167
Custom authentication form, 68-71
Customer relationship, 191
Customer support user session, 127

Data, association with user, 142
Data accessibility, verifying authorization for, 95-96
Database: corruption of, 137; overview, 80-81; performance considerations in design of, 138; size of, 131; verifying security of, 99-102
Database objects, 85, 100-101, 227
Database schema, 86, 228: testing security of, 102
Database servers, 62, 227-228: access to, 71; measurement performance guidelines for, 133; performance testing of, 125; scaling, 141; security of, 60, 79-86, 99-102
Database sessions, 142, 143
Database tier, 9
Data constraints, 45
Data dictionary, 35, 45, 47
Data integrity, 52, 226
Data requirements, test, 47-52
Date reference, 239-240
Debug build, 132
Defect tracking, 222
Degradation under stress, 120
Deployment issues, ix
Described images, 202
Directions on Web site, 240
Disabilities, types of, 201-204
Disabled users, 3. See also Accessibility
Disks, measurement performance guidelines for, 133
Disk usage, 139
Display usability criteria, 208
Dispute period, 81
Divider bars, 234
DNS (domain name server), 141
Documentation: of interface use cases, 17; of nonfunctional requirements, 41; source, 50
Document links, 236
Document Object Model (DOM), 7, 168-170
Documents, multipart, 241
Download times, usability and, 145
Dynamic pages, 8, 72
Dyslexia, 204

ECMAScript, 7, 167-169
E-commerce Web systems, 3: security of, 59, 91
Efficiency, Web site, 198
Elsinore Visual Intercept, 222
Embarcadero GDPro, 218
Emprix/RSW e-Load, 220
Encryption, 71, 82-84, 99, 227: asymmetric vs. symmetric, 91
Engineering, Web system, 4
Engineering system functionality, x
Engineering tools, 217-218
Entity classes, 38
ErgoLight WebTester, 222
Error codes, HTTP, 131
Error handling, 226
Error messages, system stress and, 137
Error page, 96: samples, 109, 110
Essential service set, 18
Ethereal, 219
Ethernet, hubs vs. switches, 141-142
Evaluation checklists, 225-242: compatibility, 230-231; functional, 225-226; performance and scalability, 228-231; security, 226-228; usability, 231-242
Exception flow analysis, 23
"Expected results" steps, 44, 45
Extensible Markup Language. See XML
Extensible Stylesheet Language: Transformations (XSLT), 7, 176
Extensions: browser, 5; in requirements use case, 25; Web server, 8-9

"False positive" results, 46
Federated servers, 141
File access: with ActiveX controls, 89, 104; server-side, 75-76, 227
File-based database, 80
File names as inputs, security concerns over, 98
Filtered inputs, 74-75
Find command, 100
Firewalls, 92, 228
Flow of events (scenario), 15, 126, 127: test, 130
Fonts, 231: browser compatibility and, 179
Font sizes, 214
Form action, 71
Form fields, 98: hidden, 76, 86, 97
Forms, checklist for, 225
Frames, 196
Freshness, 210
FTP, 92, 118
Functionality, x, 2: analysis modeling classes and, 38; atomic, 40; definition of system requirements and, 11; evaluation of, 4, 225-226
Functional requirements, TBS case study, 283-284
Functional scaling, 118, 145, 147

GIF, 180-181
GlancePlus for HP/UX, 221
Goal levels, 23
Goal-oriented use case analysis, 14-15
Grammar errors, 232
Granularity level, 16-18, 39
Graphics, usability and, 233-236
Graphics links, 234
Gray-box test steps, 44, 46
Guideline framework, 15
GUI widgets, 240

Handshake, 91
Heuristic evaluation (observational studies), 205-207
Hidden form fields, 76, 86, 97
Home page return, 240
Horizontal scaling, 118, 119, 145, 146
Horizontal scrolling, 234
Hresult, 102
HTML, 5, 7, 201: automatic assessment of validation of, 211; compatibility issues; rendering, 230; storage of schema information or queries within comments, 86; title, 237; visual disabilities and, 202
HTML/CSS/Script version compliance, 230
HTMLed Pro, 197
HTML/Link validation, 222
HTTP: compression, 138; error codes, 131; functions, 118
HTTP 1.1, 181
HTTP basic authentication, 64-68
HTTPS (SSL) functions, 118
Hubs, switches vs., 141-142
Hyperlinks, 239
Hypertext instruction, 238
Hypertext Markup Language. See HTML
Hypertext structuring, 237

IIETF (Internet Engineering Task Force), 161
Image dimension tags, 234-235
Image formats, 231: browser compatibility and, 180-181
Image maps, 202, 203: clickable, 232
Images, 233, 234
ALT text for, 235: background, 235; described, 202; downloads, 235; interlaced, 236; retrieval of, 124; size total of, 235; thumbnail, 235
Image size notice, 241
«Includes» relationship, 16, 17
Information architecture, 232: usability and, 236-238
Inline execution, 138
Input(s): component, 98; file names as, security concerns over, 98; filtered, 74-75; keyboard, 194; mouse, 194; user's perceptual limits regarding, 196
Input data, verifying authorization of, 96-97
Input parameters, in service use cases, 18
Instone, Keith, 204
Integrated security technique, 86
«Interface» (site operations) use cases, 126, 128
Interface use case(s), 17, 19-21, 40: impact of service use case on, 33; model development, 26-28; for Technology Bookstore case study, 28-32; test data requirements of, 47; test procedure from, 44, 45-46
Interlaced images, 236
Internal link rot, 239
Internationalization, 197-198
Internet, 1
Internet connection, network scaling and, 142
Internet Engineering Task Force (IETF), 161
Internet Explorer. See Microsoft Internet Explorer
Internet jargon, 232
I/O utilization, 139
IP addresses, "spoofing," 140

Jargon, internet, 232
Java applets, 8, 173-174, 230
Java Archives (JAR), 174
Java Development Kit (JDK), 173-174
JavaScript, 168
Java Virtual Machine (JVM), 8, 173-174
JPEG, 180
JScript, 168

Keyboard input, 194
Keyguard, 221
Kilobytes, available, 137

LAN analyzer, 125
Large-list problem, 195
Large-site navigation, 240-241
Layout, usability and, 233-236
Learnability of Web site, 199
Linear scaling, 119, 145
Link colors, 240
Link rot, 236, 239: automatic assessment of, 211
Links, 226
ALT, 235: document, 236; graphics, 234
Link titles, 237
Load, 117: bursty nature of, 115-116; normal vs. peak, 120
Load balancing, 118, 141, 143: of application servers, 141; of web servers, 140-141
Load testing, 122, 123, 220, 229: interpreting results of, 134-136; single-operation, 128, 134; system, 134-136; tools for, 121
Log files, 84-85, 99-100, 227
Logging functionality, 132
Login interface, custom, 68-71
Logo, 239
Log-on technique, single, 85
Lowest-common-denominator approach, 163
Lsof command, 92

Macintosh, compatibility testing for, 185
Main success scenario, 15, 16
Memory: measurement performance guidelines for, 133; short-term, 203
Memory leaks, 139
Merant PVCS Tracker, 222
Merant PVCS Version Manager, 222
Mercury LoadRunner, 220
Mercury TestDirector, 218
Metacharacters, 74
Microsoft, usability evaluation at, 212-213
Microsoft Authenticode, 87
Microsoft Internet Explorer, 160-162, 172, 174-175, 183
Microsoft Internet Explorer 5.0, 176, 178
Microsoft Internet Explorer 5.x "Compatibility Mode," 221
Microsoft Internet Information Server (IIS), 65
Microsoft Office 2000 Command Translator, 198
Microsoft Visio2000, 218
Microsoft Visual J++ 6.0, 174
Microsoft Visual SourceSafe, 222
Microsoft Web Application Stress Tool (WAST), 221
Middle tier, 8-9
Mosaic, 161
Motor disabilities, 203
Mouse input, 194

Name/value pairs, 98
National Institute on Disability and Rehabilitation Research, 200-201
Navigability of Web site, 199
Navigation: bottom-page, 241; large-site, 240-241
Navigation labeling, 237
NetMechanic BrowserPhoto, 221
NetMechanic HTML Toolbox, 223
Netscape Navigator, 160-162, 163, 168-169, 172, 174, 175, 183
Network(s), 228: bandwidth of, 132; performance of, 118-119, 125; scaling of, 141-142; security of, 60, 92-93, 106-107
Network monitoring, 219
Network monitors (sniffers), 60, 105
Next button, 195
Nielsen, Jakob, 11, 191, 200, 202, |205, 210
NJStar, 198
Nmap, 219
Nonfunctional requirements: in requirements use case, 25; RSI use cases for, 41; TBS case study, 294-297
Norman, Donald, 191
n-tier architecture, 5, 62

Object Constraint Language (OCL), 18
Objects, access to database, 85, 100-101
OBJECT tag, 88-89, 102
Observational studies (heuristic evaluation), 205-207
Offensive language, 232
Operating system, security of, 61, 62-63
Output parameters, in service use cases, 18
Outsourcing: security and, 63-64; Web compatibility testing, 185
Overload condition, 2

Packet sniffer tool, 93
Page elements, 234
Page faults, 137
Page pregeneration, 138
Page redirect, 239
Pages, lengthy, 235
Page/script accessibility, 94-95
Page summarization, 238
Page title, 237
Paging, 139
"Paging" solution, 195
Palette, Web-safe, 179-180
PARAM attributes, 102-103
Password, 64, 85-86, 93, 227-228: verifying security of, 101
Patches, 132
Payment transaction history, 81-82,83
PCT, 181
Performance, 2, 115-157: bottlenecks, 119, 122, 136; common pitfalls affecting, 131-132; evaluation checklists, 230-231; improving, 137-140; monitoring, 221; network, 118-119, 125; requirements, 120-121; resource utilization, 116; response time and, 116-117, 120, 125; TBS case study of, 147-155; tools, 220; usability vs., 193-194; verifying. See Performance testing
Performance log, 131
Performance testing, 121-132,220, 229: base, 121-122, 123, 127-128, 134-136, 229; configuration elements in, 123-124; execution of, 130-131; goal of, 121; load tests, 122, 123, 220, 229; measurement guidelines, 133-134; measurements, 124-125; planning, 126-129; reliability tests, 122, 123, 129, 137, 229; script creation, 129-130; stress tests, 122, 123, 129, 136-137, 229; tools for, 121; types of, 121-123, 127-129
Perl scripts, 73-74
Personality, Web site with, 199
PGP CyberCop Scanner and Monitor, 219-220
Plug-ins, 7, 172-173, 230
PNG, 180-181
Port 80, 93
Port 443, 93
Port access, 92
Port scanning, 92-93, 219
Port-scanning tools, 60, 107
Postconditions, in service use cases, 18
Preconditions: in requirements use case, 25; in service use cases, 18
Printing of Web page, 196
Privacy, 2. See also Security: data, 81-82, 227
Private information, storing with ActiveX controls, 89, 104
Private key, 90-91
Problem areas, ix
Processes, unnecessary, 132
Processing time, 117
Proposed HTML 3.0 tags, 161
Prototype, usability, 192
Prototype (architecture baseline), 42
Public key, 90-91
Purchasing-user session, 127

Quality Web systems, 1-2

Race condition, 85
Radio buttons, 240
Rational ClearCase, 222
Rational ClearQuest, 222
Rational Robot, 220
Rational Rose, 218
Rational Site Check, 222
Rational TestManager, 218
Reaction time, 194
Refresh button, 195
Regedit utility, 101
Registry, 101
Rehabilitation Engineering Research Center for Access to Computers and Information Systems, 200-201
Relational database management system (RDBMS), 80
Release builds, 132
Reliability, 121, 229
Reliability testing, 122, 123, 129, 229: interpreting results of, 137
Request submission, 117
Requirements, functionality and definition of, 11
Requirements capture, x
Requirements-Service-Interface use case. See RSI use case(s)
Requirements use case(s), 16, 19, 40: model development, 22-23; in TBS case study, 23-26; test procedure from, 44-45
Resource utilization, 116: excessive, 138-140
Response time, 116-117, 120, 125, 127-128, 193-194, 199, 239: actual vs. target, 134; automatic assessment of, 211; compression and, 181; evaluation of, 134-135
Risk, prioritizing success criteria based on, 3-4
Risk analysis, 182
Routers (firewalls), 92, 228
RSI use case(s), x, 11-58, 218. See also Interface use case(s); Requirements use case(s); Services uses case(s): analysis using, 36-39; interrelationships between models in, 19-21; levels of granularity and abstraction, 16-18, 39; model development, 21-41; for nonfunctional requirements, 41; objectives of, 15-16; summary of, 39-41; TBS case study, 285-294; for technology selection, 41-42; test procedures from, 43-56

SAINT, 219
Saturated resources, 117
Scalability, 2, 115-157: analyzing, 144-147; base unit of, 124; common pitfalls affecting, 131-132; defined, 117; evaluation checklists, 230-231; functional, 118, 145, 147; horizontal, 118, 119, 145; improving, 140-143; linear, 119, 145; requirements, 120-121; TBS case study of, 147-155; tools, 220; verification of, 229; vertical, 118, 145, 146
Scalability and cost analysis, 120
Scalability curve, 144
Scenario (flow of events), 15, 126, 127: test, 130
Schema, database, 86, 228: testing security of, 102
Screen resolution, 193, 196
Scripts: accessibility, 94-95; client-side, 7, 87, 88-89, 162; ECMAScript, 7, 167, 168; Perl, 73-74; test, 129-130
Search engine with spell checker, 204
Search feature, 240
Secure protocols, browser compatibility and, 181
Secure Socket Layer (SSL), 61, 68, 71, 90, 131, 181: browser warning about, 195; load balancing and, 143; performance and scalability testing and, 124; performance penalties of, 138
Security, 2, 59-113: of client computer, 60, 87-90, 102-105; of database server, 60, 79-86, 99-102; of e-commerce Web systems, 59, 91; evaluation checklists, 226-228; issues, 61-62; of network, 60, 92-93, 106-107; of operating system, 61, 62-63; outsourcing and, 63-64; secure communications, 60, 90-91, 105-106; of service, 62-63; TBS case study, 107-111; tools, 219-220; verifying, 60, 93-107; of Web and application servers, 60, 64-79
Segue SilkPerformer, 220
Sequence diagrams, use case, 50
Server(s). See also Application servers; Database servers; Web servers: federated, 141; multiple, 131; performance testing of, 125; scalability of, 118; test configurations for, 123-124; test scenario and configuration of, 130
Server-side file access, 75-76, 227
Server software, 61-62
Service, security of, 62-63
Service packs and patches, 132
Services uses case(s), 17-18, 19-21, 40: impact on interface use case model, 33; model development, 32-33; for Technology Bookstore case study, 33-35; test procedure from, 44, 46-47
Session key, 91, 143
Session objects, 142
Sessions, 226: virtual, 122, 123
Session state, 142-143
SGML, 161
Short-term memory, 203
Signatures, 174
Single log-on technique, 85
Single-operation load testing, 128, 134
Site navigation, 237
Site operations use cases, 126, 128
Site title, 241
Sniffers (network monitors), 60, 105
SOFTEAM Objecteering, 218
Software: performance monitoring, 130-131; server, 61-62
Source documentation, 50
Spatial-reasoning skills, 203
Specification of system functionality, x
Specification of system requirements, 4
Spell checker, search engine with, 204
Spelling errors, 232
"Spoofing" IP addresses, 140
Sprengers, Jaspers, 207
SSL. See Secure Socket Layer (SSL)
Stack, 77-78
Standard General Markup Language (SGML), 161
Standish Group, 11
Stress, degradation under, 120
Stress tests, 122, 123, 129, 229: interpreting results of, 136-137
Style sheet, XSLT, 176
Subfunction, 23
Subnesting, 142
Subshell, 73
Subsidiary use case, 15, 25
Success factors, x-xi, 2-3. See also Browser compatibility; Performance; Scalability; Security; Usability: interrelationships among, 3; prioritizing based on risk, 3-4
Summary goals, 23
Switches, hubs vs., 141-142
Symantec NetRecon, 220
Symmetric encryption, 91
System command execution, 73-75, 96-97, 227
System load test, 134-136
System vulnerability checking, 219

Tables, 239
Tcpdump, 219
TCP/IP, 92
Technology Bookstore (TBS) case study, xi, 107-111, 283-300: architecture, 298-299; authorization, 108-110; browser compatibility, 185-189; buffer overflows, 111; developed components, 299-300; functional requirements summary, 283-284; nonfunctional requirements, 294-297; performance and scalability, 147-155; platform and technologies, 297-298; RSI use cases, 285-294; usability, 214-215
Technology selection, RSI use case for, 41-42
Telnet command, 93
TELNET utility, 107
Temporary files, 84-85, 99-100, 227
Testability of use cases, 43
Test cases, 4: management of, 218
Test data requirements, 47-52
Testing. See also Verification: procedures for, from RSI use cases, 43-56; from RSI use cases, 43-56; scenarios for, 126, 127, 130; strategies for, ix-x
Test scripts, 129-130
Think time, 128, 130
Third-party products, Web system development and, 132
Thumbnail images, 235
Title(s), 214: HTML, 237; link, 237; page, 237; site, 241
TITLE tags, 236-237
TLS, 181
Tools, 217-223: compatibility, 221; engineering, 217-218; evaluations of, 243-281; load-testing, 121; performance and scalability, 220; performance testing, 121; security, 219-220; usability, 222
Traceability diagram, 28
Traceability model, 36-37, 43
«Trace» dependencies, 19
Trace log information, 44, 46-47
Transactions, 226
Transmission Control Protocol/Internet Protocol (TCP/IP), 92
Trusted applets, 174

UDP/IP, 92
UML stereotypes, 16
Unified Modeling Language (UML), 19
UNIX systems, 61, 73-74, 100: port-process association in, 92-93
URLs: link rot, 236; reusing, 211
Usability, 3, 191-200: compatibility vs., 160, 193; design issues, 193-198; development phases and, 192; evaluation checklists, 231-242; evaluation of, 204-214; guidelines for, 192, 198-200; keyboard inputs and, 194

Updates

Submit Errata



More Information



InformIT Promotional Mailings & Special Offers

I would like to receive exclusive offers and hear about products from InformIT and its family of brands. I can unsubscribe at any time.

Privacy Notice

Overview

Pearson Education, Inc., 221 River Street, Hoboken, New Jersey 07030, (Pearson) presents this site to provide information about products and services that can be purchased through this site.

This privacy notice provides an overview of our commitment to privacy and describes how we collect, protect, use and share personal information collected through this site. Please note that other Pearson websites and online products and services have their own separate privacy policies.

Collection and Use of Information

To conduct business and deliver products and services, Pearson collects and uses personal information in several ways in connection with this site, including:

Questions and Inquiries

For inquiries and questions, we collect the inquiry or question, together with name, contact details (email address, phone number and mailing address) and any other additional information voluntarily submitted to us through a Contact Us form or an email. We use this information to address the inquiry and respond to the question.

Online Store

For orders and purchases placed through our online store on this site, we collect order details, name, institution name and address (if applicable), email address, phone number, shipping and billing addresses, credit/debit card information, shipping options and any instructions. We use this information to complete transactions, fulfill orders, communicate with individuals placing orders or visiting the online store, and for related purposes.

Surveys

Pearson may offer opportunities to provide feedback or participate in surveys, including surveys evaluating Pearson products, services or sites. Participation is voluntary. Pearson collects information requested in the survey questions and uses the information to evaluate, support, maintain and improve products, services or sites, develop new products and services, conduct educational research and for other purposes specified in the survey.

Contests and Drawings

Occasionally, we may sponsor a contest or drawing. Participation is optional. Pearson collects name, contact information and other information specified on the entry form for the contest or drawing to conduct the contest or drawing. Pearson may collect additional personal information from the winners of a contest or drawing in order to award the prize and for tax reporting purposes, as required by law.

Newsletters

If you have elected to receive email newsletters or promotional mailings and special offers but want to unsubscribe, simply email information@informit.com.

Service Announcements

On rare occasions it is necessary to send out a strictly service related announcement. For instance, if our service is temporarily suspended for maintenance we might send users an email. Generally, users may not opt-out of these communications, though they can deactivate their account information. However, these communications are not promotional in nature.

Customer Service

We communicate with users on a regular basis to provide requested services and in regard to issues relating to their account we reply via email or phone in accordance with the users' wishes when a user submits their information through our Contact Us form.

Other Collection and Use of Information

Application and System Logs

Pearson automatically collects log data to help ensure the delivery, availability and security of this site. Log data may include technical information about how a user or visitor connected to this site, such as browser type, type of computer/device, operating system, internet service provider and IP address. We use this information for support purposes and to monitor the health of the site, identify problems, improve service, detect unauthorized access and fraudulent activity, prevent and respond to security incidents and appropriately scale computing resources.

Web Analytics

Pearson may use third party web trend analytical services, including Google Analytics, to collect visitor information, such as IP addresses, browser types, referring pages, pages visited and time spent on a particular site. While these analytical services collect and report information on an anonymous basis, they may use cookies to gather web trend information. The information gathered may enable Pearson (but not the third party web trend services) to link information with application and system log data. Pearson uses this information for system administration and to identify problems, improve service, detect unauthorized access and fraudulent activity, prevent and respond to security incidents, appropriately scale computing resources and otherwise support and deliver this site and its services.

Cookies and Related Technologies

This site uses cookies and similar technologies to personalize content, measure traffic patterns, control security, track use and access of information on this site, and provide interest-based messages and advertising. Users can manage and block the use of cookies through their browser. Disabling or blocking certain cookies may limit the functionality of this site.

Do Not Track

This site currently does not respond to Do Not Track signals.

Security

Pearson uses appropriate physical, administrative and technical security measures to protect personal information from unauthorized access, use and disclosure.

Children

This site is not directed to children under the age of 13.

Marketing

Pearson may send or direct marketing communications to users, provided that

Pearson will not use personal information collected or processed as a K-12 school service provider for the purpose of directed or targeted advertising.
Such marketing is consistent with applicable law and Pearson's legal obligations.
Pearson will not knowingly direct or send marketing communications to an individual who has expressed a preference not to receive marketing.
Where required by applicable law, express or implied consent to marketing exists and has not been withdrawn.

Pearson may provide personal information to a third party service provider on a restricted basis to provide marketing solely on behalf of Pearson or an affiliate or customer for whom Pearson is a service provider. Marketing preferences may be changed at any time.

Correcting/Updating Personal Information

If a user's personally identifiable information changes (such as your postal address or email address), we provide a way to correct or update that user's personal data provided to us. This can be done on the Account page. If a user no longer desires our service and desires to delete his or her account, please contact us at customer-service@informit.com and we will process the deletion of a user's account.

Choice/Opt-out

Users can always make an informed choice as to whether they should proceed with certain services offered by InformIT. If you choose to remove yourself from our mailing list(s) simply visit the following page and uncheck any communication you no longer want to receive: www.informit.com/u.aspx.

Sale of Personal Information

Pearson does not rent or sell personal information in exchange for any payment of money.

While Pearson does not sell personal information, as defined in Nevada law, Nevada residents may email a request for no sale of their personal information to NevadaDesignatedRequest@pearson.com.

Supplemental Privacy Statement for California Residents

California residents should read our Supplemental privacy statement for California residents in conjunction with this Privacy Notice. The Supplemental privacy statement for California residents explains Pearson's commitment to comply with California law and applies to personal information of California residents collected in connection with this site and the Services.

Sharing and Disclosure

Pearson may disclose personal information, as follows:

As required by law.
With the consent of the individual (or their parent, if the individual is a minor)
In response to a subpoena, court order or legal process, to the extent permitted or required by law
To protect the security and safety of individuals, data, assets and systems, consistent with applicable law
In connection the sale, joint venture or other transfer of some or all of its company or assets, subject to the provisions of this Privacy Notice
To investigate or address actual or suspected fraud or other illegal activities
To exercise its legal rights, including enforcement of the Terms of Use for this site or another contract
To affiliated Pearson companies and other companies and organizations who perform work for Pearson and are obligated to protect the privacy of personal information consistent with this Privacy Notice
To a school, organization, company or government agency, where Pearson collects or processes the personal information in a school setting or on behalf of such organization, company or government agency.

Links

This web site contains links to other sites. Please be aware that we are not responsible for the privacy practices of such other sites. We encourage our users to be aware when they leave our site and to read the privacy statements of each and every web site that collects Personal Information. This privacy statement applies solely to information collected by this web site.

Requests and Contact

Please contact us about this Privacy Notice or if you have any requests or questions relating to the privacy of your personal information.

Changes to this Privacy Notice

We may revise this Privacy Notice through an updated posting. We will identify the effective date of the revision in the posting. Often, updates are made to provide greater clarity or to comply with changes in regulatory requirements. If the updates involve material changes to the collection, protection, use or disclosure of Personal Information, Pearson will provide notice of the change through a conspicuous notice on this site or other appropriate way. Continued use of the site after the effective date of a posted revision evidences acceptance. Please contact us if you have questions or concerns about the Privacy Notice or any objection to any revisions.

Last Update: November 17, 2020

Email Address

Quality Web Systems: Performance, Security, and Usability

Book

Description

Sample Content

Online Sample Chapter

Downloadable Sample Chapter

Table of Contents

Preface

Audience

Conventions

Organization

Index

Updates

Submit Errata

More Information

InformIT Promotional Mailings & Special Offers

Overview

Collection and Use of Information

Questions and Inquiries

Online Store

Surveys

Contests and Drawings

Newsletters

Service Announcements

Customer Service

Other Collection and Use of Information

Application and System Logs

Web Analytics

Cookies and Related Technologies

Do Not Track

Security

Children

Marketing

Correcting/Updating Personal Information

Choice/Opt-out

Sale of Personal Information

Supplemental Privacy Statement for California Residents

Sharing and Disclosure

Links

Requests and Contact

Changes to this Privacy Notice

Other Things You Might Like