Top 50 Web Testing Interview Questions You Must Prepare 02.Mar.2024

Web services are application components, communicate using open protocols and these can be used by other applications. XML is the basis for Web services SOAP (Simple Object Access Protocol), UDDI (Universal Description, Discovery and Integration) and WSDL (Web Services Description Language) are the Web services platform elements.

First we have to assume that Graphical User Interface (GUI) objects and elements of a website together is One Test Scenario. Then, we have to check all the links and buttons. Then we have to check all forms are working properly or not. Prepare Test Scenarios of the forms of a webpage. We can identify 4 different types of Test Scenarios of a form:

  • Check the form with valid data in all the fields.
  • Check the form with invalid data which violate the validations of fields in the form.
  • Check the form by leaving some mandatory fields in the form.
  • Check the form with existing record details.

Application Server also called an appserver, It is a program that handles all  application operations between users and an organization's back­end business applications or databases.


  • Bea WebLogic
  • IBM WebSphere

Usability testing perform with reference to the end user. In usability testing we find how easily end user can access the application. In terms of websites and software applications, usability is defined as the ease at which a person with no programming knowledge can use the software to complete the desired task.

Usability is comprised of following:

  • Learnability is how easy it is for a new user to accomplish tasks the first time they visit your website.
  • Memorability is how easy it is for someone to come back to using your website after they haven’t used it for a period of time.
  • Efficiency is how quickly users can complete tasks on your site after they are familiar with its use.

Generally it is a public web application, uses Wide area network. It can be accessed from anywhere.

The differences between authentication and authorization are:

  • Authentication is the process with which the system identifies the user whereas authorization is the process after the authentication process.
  • The authentication is used to ensure that the user is indeed a user, who he claims to be whereas in authorization system will decide whether a particular task can be performed by the user.
  • There are different types of authentications, which can be used like password based authentication, device based authentication whereas in authorization there are two types read only, and read write both.

Field validation is used to ensure that only correct data is entered into the field. We can select validation options to make sure that only correct format data can be entered into a field correctly. When validation options are selected, we can use the FileMaker Pro to displays a message when user enter data in incorrectly format. For example, you can set an option to require that users enter a value in a field. The field validations check the format of the data. To ensure this we perform the validation testing in the website. Like the email field must contain the data in format.

The differences between HTTP and HTTPS are following:

  • Hypertext Transfer Protocol is a protocol for information to be passed back and forth between web servers and clients. Https is refers to the combination of a normal HTTP interaction over an encrypted Secure Sockets Layer (SSL) or Transport Layer Security (TLS) transport mechanism.
  • HTTP use port number 80 whereas HTTPS use port number 44@
  • HTTP can support the client asking for a particular file to be sent only if it has been updated after a certain date and time whereas Hypertext Transfer Protocol over Secure Socket Layer is built into its browser that encrypts and decrypts user page requests as well as the pages that are returned by the Web server.

Desktop testing is standalone testing. Desktop need not worry about number of user etc. Web testing is related to client server and Web testing needs to have many testing types to be performed like Usability, GUI, Database and Load Testing etc...

Possible configurations that affect the testing strategy of any web site are hardware platform (PC, Mac), Browser software and version, Browser PlugIns, Browser settings options, Video resolution and Colour Depth, and text size.

We can do the performance testing using QTP by adding the web add-in in the QTP at the startup of the QTP. Now to make URL of the website available to the QTP we have to type the URL of the site. So that while running QTP will open the application and do the testing.

Performance Testing: Performance Testing is performed to evaluate application performance under some load and stress condition. It is generally measured in terms of response time for the user activity. It is designed to test the whole performance of the system at high load and stress condition.

Stress testing: It involves imposing the database with heavy loads. Such as, large numbers of users access the data from the same table and that table contains large number of records.

It can be used for client side validations as well as Server side validations.

Website testing is a type of software testing which deal with the testing of the website. Website testing is performing on website to check the functionality, performance, usability, database related issues and browser related issues. To perform this testing we have so many tools like JMeter, Selenium, QTP etc.

The testing of web applications that communicate with a web service can be broken down in two parts:

Testing of the Web Service in isolation. Each web service has one or more functions which can be tested by sending appropriate requests and analyzing the response and verifying correct data is returned in the response. We can use tools such as SoapUI to test a Soap Service or Rest Client to test a RESTful web service.

Integration Testing of Web Service with the Front End. The integration testing is also important as it can highlight issues with data in the request and display of the response.

The reason for this separation is to be able to identify issues in the web service much quicker and easier to debug.

Validating client side forms, which is typically done by Java Script. Generally it checks weather the user is entering correct form of data or not? and entering all mandatory fields or not? Client site validation is 2 types One is Field level validation another is Form level validation.

Some of the webs testing tools are discussed below:

  • JMeter (load and performance tester): JMeter is a Java desktop application which is used to create the load test environment and measure performance of the application during load test. It can be used for examine the performance of static and dynamic website.
  • Selenium (Web app testing tool ): Selenium is a contains several application like Selenium IDE, Selenium Remote Control and Selenium Grid to examine and evaluate the web application.

Web forms validation is 2 types:

  1. Field level validations
  2. Form level validations
  • Using Black Box test design techniques we can test web forms manually 
  • Using Conditional statements and built­in functions we can test web forms (Using UFT)

HTML stands for Hyper Text Markup Language, it is for displaying web pages and other information. Basically it is data presenter in the web.

Some of the important steps to be carried out for securing the web server are following:

  • Minimize rights.
  • Update permissions.
  • Delete default data and scripts.
  • Make use of software firewall.
  • Enable and make use of IIS logging.
  • Regular backup.

  • Web server handles Clint side and server side validations and helps to deliver
  • Web content that can be accessed through the Internet protocols.


  • Microsoft IIS (Internet Information Service)
  • Apache Web server from Apache
  • Java Web server
  • Pramathi web server etc...

Web portal is a business gateway, It organizes business operations.

Ex: Online shopping portals, Job portals etc...

The following problem may arise in web testing:

  • Functionality problems
  • User Interface related problems
  • Performance related problems
  • Database related problems
  • OS compatibility problems
  • Browser compatibility problems
  • Security related problems
  • Load related problem
  • Navigation problem

In Web based testing following bugs are very common:

  • Issues in navigation of application
  • Usability
  • Cosmetic Issues and GUI Issues
  • Functional Issues
  • Performance issues - How time it takes to display the page to the user.
  • Load - How much load an application can handle at any point in time.
  • Stress - At how much load application will crash.
  • Flow of data - Information which is entered by user is stored in correct format.
  • If proper static information is not displayed along with text fields to enter data.
  • Links are broken, default focus is not set in forms, tab key not working, all key board short cuts are not fully functional

Cross Site Scripting is a thread in the dynamic website. It is also known as XSS. Cross site scripting occurs when a web application gathers malicious data from a user. The data is collected in the hyperlink form which contains malicious content within it. It allows malicious code to be inserted into the web page. The web page can be a simple HTML code or a client side script. When the malicious code is inserted in page and clicked by some user, the malicious code becomes a part of the web request of the user. This request can also execute on the user’s computer and steal information.

The term WWW refers to the World Wide Web or simply the Web. The World Wide Web consists of all the public Web sites connected to the Internet worldwide, including the client devices (such as computers and cell phones) that access Web content. The WWW is just one of many applications of the Internet and computer networks.

Database server is used to refer to the back­end system of a database application using client/server architecture.The back­end, sometimes called a database server, performs tasks such as data design, storage, data manipulations, archiving, and other non­ user specific tasks.


  • Oracle
  • MS SQL Server
  • MySQL (Open source)
  • IBM DB2 etc...

To perform the security testing tester try to attack the system. This is the best way to determine the lope hole in the security area of the application. Most of the systems use encryption technique to store passwords. In this we have to try to get access to the system by using different combinations of passwords. Another common example of security testing is to find if the system is vulnerable to SQL injection attacks. While performing the security testing, tester cannot do any changes in any of the following:

  • Configuration of the application or the server
  • Services running on the server
  • Existing user or customer data hosted by the application

Web browser is a software application used to locate, retrieve and also display content on the World Wide Web, including Web pages, images, videos and other files.


  • Microsoft Internet Explorer
  • Mozilla Firefox
  • Google Chrome
  • Opera
  • Safari etc…

These configurations may demand for change in strategy of the webpage. The most important factors that need consideration are following:

Hardware platform: some user may use the Mac platform, some may use Linux, while others may use Microsoft platform.

Browsers: browser and their versions also change the layout of the web page. Along with the browser versions, the different Plug-Ins also has to be taken into consideration. The resolution of the monitor also with color depth and text size is some of the other configurations.

All the input/output validation should be tested at the API layer calling the Authentication Web Service. Tests such as valid/invalid username/password combinations as well as verifying correct error messages.

The location of the display of error messages, their color and font should be tested at login web page. Also Javascript and Cookies tests if applicable needs to be tested at front-end login page.

Types of web testing security problems are:

Denial of Service (DoS) attack, buffer overflow etc…

A Web Service is a service accessed via Web. Web Service is a way to publish your application over web and enable other applications to access functions defined by your web service. Web services exposes an interface defined in Web Services Description Language (WSDL).

Validating, processing client requests and providing response from the Server.

It is also a private application over internet, can be accessed by fixed machines only. It uses Wide area network and Internet Protocol technology to share information.

It is Software application that is accessed over a network such as the Internet or an intranet through a web browser.

Basically website is an information provider, It provides information globally using internet protocols.

The differences between Static and Dynamic website are following:

  • A static website contains Web pages with fixed content where as in Dynamic web site content of the web page change with respect to time.
  • Static website are easy to create and don't require any database design but in case of dynamic website it require good knowledge to develop the website with programming and database knowledge.
  • In static website user cannot communicate with other and same information will be displayed to each user where as in dynamic website user may communicate with ea

Focus testing is used to test that when we open a webpage the cursor automatically blink on the particular field. Like in the case of Gmail login page. When we open the Gmail login page the cursor automatically blinks on the username filed. This is the Focus testing in website.

  • Stand­alone
  • Intranet (Local Network)
  • Internet (Wide area Network)
  • Extranet (Private network over Internet)

Web based testing is concerned with the following:

  • Broken Links in the web pages.
  • Performance of web like response time.
  • Graphical User Interface
  • Text on the page

Where as in Windows based testing we look for :

  • Functionality
  • Integration

Desktop Testing - Desktop application testing is standalone testing, it is independent of the other application which are executing on the different machines. In this application testing, tester need not worry about number of user.

Web testing - Web testing is related to client server. Web testing needs to have many testing’s like Usability, GUI, Load Testing, Performance Testing.


Latest web technologies are:

The main three web tracks:

  1. Microsoft ASP.Net Track + SQl Server database engine (IDE: Expression Web, Visual Studio).
  2. Oracle Java Track + Oracle database engine (IDE: NetBeans, Eclipse).
  3. PHP Track + MySQL database engine (IDE: Zend Studio, DreamWeaver).

There are many new concepts and enhanced methodologies like Ajax, JQuery, JSON, and so on.

After a request is sent to a server, there are different possible response codes which can be returned by the server:

The blocks are:

  • 2xx for Success, the most common one is 200 which means “OK”.
  • 3xx for Redirection, the most common ones are 301 and 303 which mean “Permanent Redirect” and “Redirect for Undefined Reason”, respectively.
  • 4xx for Application Error, the most common ones are 403 and 404 which mean “Forbidden” and “Not Found”, respectively.
  • 5xx for Server Error, the most common one is 500 which means “Server Error”.

A "cookie" is a small piece of information that sent by a web server to store on a web browser so it can later be read back from that browser. This is useful for having the browser remember some specific information.

The difference between client server and Web Testing:

In client server application you have two different components to test. Application is loaded on server machine while the application exe on every client machine. You will test broadly in categories like, GUI on both sides, functionality, Load, client­server interaction, back­end. This environment is mostly used in Intranet networks. You are aware of number of clients and servers and their locations in the test scenario.

Web application is a bit different and complex to test as tester don’t have that much control over the application. Application is loaded on the server whose location may or may not be known and no exe is installed on the client machine, you have to test it on different web browsers.

Web applications are supposed to be tested on different browsers and OS platforms so broadly Web application is tested mainly for browser compatibility and operating system compatibility, error handling, static pages, back­end testing and load testing.

It is for performing client side validations.

 Web Applications are typically hosted on a server which we can access via a web browser, where as desktop applications are installed on the client’s machine.

This setup opens a whole new testing challenges: Performance and Security testing become important as the application is open to a wide audience. Good design and usability are also important.

Other important factors that come to play are testing on multiple browsers, multiple devices, redirection and responsiveness.

Also we should not forget about Javascript, CSS, Cookies, W3C standards, traffic monitoring, third party tags testing, all of which are important in Web Application Testing.

  • Functionality Testing (Includes Forms Validation, Search operations, links testing, navigation testing etc...),
  • Security Testing (Ahorization, Access Control, Virus Attacks, Etc...)
  • Database Testing (includes Data integrity, data manipulations, data retrievals etc..),
  • Performance Testing (includes all types of performance like Load Testing, Stress Testing, Spike Testing, Endurance Testing and Data volume Testing),
  • Usability Testing (Easy Navigation, Look and feel including colors, Alignments, Fonts etc...)
  • Navigation testing,
  • Configuration Testing,
  • Compatibility Testing,
  • Reliability Testing,
  • Availability Testing,
  • Scalability Testing Etc...

HTTPS stands for Hypertext Transfer Protocol Secure is a widely ­used communications protocol for secure communication over a computer network.