In the software development, the life cycle has different stages like Analysis, Sprint Planning, Development, Quality Analysis (Testing) and Release.

Development and QA are generally executed in parallel. Developers keep on building software to meet requirements and QA engineer verifies the behavior as per the requirements approved by the product owner. QA raises issues and assigns to develop to fix it.

Developers fix and give QA again to verify. This cycle might take some time repeated to finally get the feature as exactly required. There are many things which developer should keep in mind while implementing applications before giving QA to test which can save a lot of time/energy and finally reach to market on time.

Based on my past experience as a QA engineer, I have prepared a curated list of items which needs to be taken care of by developers before releasing it for QA for testing. Let’s call it “Developer’s manual for testing web applications”.

Here is the list of the various checks developer should verify for any web application before release it to QA for testing. I have grouped them in five different areas.

1. User Input Checks:

  • Check for Tab Index and Cursor focus on the first field.
  • Avoiding tab index on a read-only textbox.
  • Put asterisk Sign for Compulsory field.
  • Validation Messages Format to be maintained for all Pages.
  • Successful Messages for all the database operation.
  • An email field must perform email validity check.
  • Number fields should not allow characters.
  • Password field must be shown in dot/star format.
  • A page must be a scroll on first input validation when an error/validation message appears.
  • During form submission when there is an error, the error input field must be highlighted properly.

2. Database Level Checks:

  • Check for empty input values. It should not be allowed while inserting into the database.
  • Check for password encryption.
  • Add proper validations to make sure that the data entered by the end user is always consistent and present when required.
  • All required values or attributes must be present and add validations for that to prevent any data inconsistency.

3. General Checks:

  • Fonts that are used in a website, must be uniform across all browsers.
  • Search Functionality should work properly with pagination.
  • Maintain the ordering of records properly. Means last recent values should be displayed first.
  • Browser compatibility means the application should work on a different browser.
  • Maintain date format at every place and check validation for start date and end date.
  • If your application supports different time zone, then the application should work accordingly.
  • In the case of captcha, check for captcha validation if we entered wrong values. Captcha should be refreshed and entered all value should remain as it is.
  • Check for image extension with case sensitivity letter. Consider the file size if we have any defined criteria for file size.
  • Check back button of the browser.
  • An error message should be in red color and Successful message should be in green color.
  • Error handling must be implemented so that the end user will have enough information about the occurrence of any issues. Need to design error pages in a user-friendly way.
  • When any user hit the URL and page is not exist then it should be handled by showing 404 not found page or redirect to the dashboard page.
  • Multiple clicks on the same button should be prevented otherwise it will make unnecessary requests and may insert multiple entries of the same things.

Read Also: Testing Processes for Software Quality Analysis

4. Security Level Checks:

  • Ensure  your application is protected from OWASP Top 10 Most Critical Web Application Security Risks:
    •  Injection
    •  Cross-Site Scripting (XSS)
    •  Broken Authentication and Session Management
    •  Insecure Direct Object References
    •  Cross-Site Request Forgery (CSRF)
    •  Security Misconfiguration
    •  Insecure Cryptographic Storage
    •  Failure to Restrict URL Access
    •  Insufficient Transport Layer Protection
    •  Unvalidated Redirects and Forwards
  • Make sure that any unauthorized user should not get direct access via hitting the URL directly.
  • Check for the appropriate password policy in the application.
  • There should be a server and client-side validation for user inputs as well as file uploads.
  • View page source should not revel secure details – Make sure that there is no such secure data used or revealed directly in your JavaScript code.
  • Check for sensitive information stored in URLs.
  • Check any Text/Search field should not allow script and HTML tags.
  • Filter password, credit card number and similar critical user data from server logs

5. Performance Level Checks:

  • Page load time should not be longer than 3 seconds.
  • Image loading should happen asynchronously.
  • Images should be properly sized according to viewports
  • Prioritize visible content (Defer off-screen images)
  • Reduce server response time
  • Eliminate render-blocking JS and CSS
  • Avoid long-running JavaScript
  • Enable compression of resources (JS/CSS)
  • Minify JavaScript
  • Minify CSS
  • Use content delivery networks (CDN) to cache resources

Reach out to learn more about the web development agency New York for the various ways to improve or build the quality of projects and across your company.

Click here for more details


At BoTree Technologies, we build enterprise applications with our team of 70+ engineers.

We also specialize in RPA, AI, Django, JavaScript and ReactJS.

Consulting is free – let us help you grow!