MozillaWiki

QA/Execution/Web Testing/Project Checklist: Difference between revisions

Page Discussion

QA/Execution/Web Testing/Project Checklist (view source)

Revision as of 01:54, 24 February 2012

1,182 bytes added ,  24 February 2012
→‎Security
 
(11 intermediate revisions by 3 users not shown)
Line 15: Line 15:
**Appropriate fallback in place and working?
**Appropriate fallback in place and working?
***No Flash
***No Flash
***Firefox 3.5
***Firefox 3.6+
***Firefox 3.6
***Firefox 4.0
***IE 7/8/9
***IE 7/8/9
***Opera (latest)
***Opera (latest)
Line 24: Line 22:
***Latest Firefox beta
***Latest Firefox beta


=General=
= General =
*If this is an outsourced project, a test plan and the test cases that the consultants used to validate their work should be included in the hand-off process.
*In URL paths, / and "" (without the trailing slash) both resolve to the same URI/resource
*In URL paths, / and "" (without the trailing slash) both resolve to the same URI/resource
*HTML validates: http://html5.validator.nu/
*HTML validates: http://html5.validator.nu/ or http://validator.w3.org/  
**Exceptions can be made for social-network/sharing sites, that may have malformed tags or markup
**Exceptions can be made for social-network/sharing sites, that may have malformed tags or markup  
*Is the robots.txt file configured correctly to prevent bots from spidering to nonsensical pages? ([https://bugzilla.mozilla.org/show_bug.cgi?id=665231 example])<br>


=RSS Feeds=
=RSS Feeds=
Line 55: Line 55:
*Doesn't tank on [http://developer.yahoo.com/yslow/ YSlow!] (Strive for an A with ruleset v2)
*Doesn't tank on [http://developer.yahoo.com/yslow/ YSlow!] (Strive for an A with ruleset v2)
**CDN is hooked up, if needed (static images, CSS, JS, videos) -- see "Site Config" section, too, below
**CDN is hooked up, if needed (static images, CSS, JS, videos) -- see "Site Config" section, too, below
*Load-tested, if needed?
*'''Load-tested, if needed? Make sure to bring this up'''


=Accessibility=
=Accessibility=
Line 62: Line 62:
=JavaScript-disabled=
=JavaScript-disabled=
*Does the site support JavaScript disabled?  If so, where?
*Does the site support JavaScript disabled?  If so, where?
**What's the user messaging?


=Security=
=Security=
*Gone through https://wiki.mozilla.org/WebAppSec/Secure_Coding_QA_Checklist and filed the appropriate bugs
* Complete the following (taken from [[WebAppSec/Secure_Coding_QA_Checklist]])
** [[WebAppSec/Secure_Coding_QA_Checklist#Test: Input Validation For User Controlled Data|Test: Input Validation For User Controlled Data]]
** [[WebAppSec/Secure_Coding_QA_Checklist#Test: SQL Injection|Test: SQL Injection]]
** [[WebAppSec/Secure_Coding_QA_Checklist#Test: Output Encoding For User Controlled Data|Test: Output Encoding For User Controlled Data]]
** [[WebAppSec/Secure_Coding_QA_Checklist#Test: CSRF|Test: CSRF]]
** [[WebAppSec/Secure_Coding_QA_Checklist#Test: Account Lockout -- INACTIVE|Test: Account Lockout -- INACTIVE]]
** [[WebAppSec/Secure_Coding_QA_Checklist#Test: X-Frame-Options|Test: X-Frame-Options]]
*Runs on both HTTP / HTTPS?  Mixed-content warnings?  Cert set up?
*Runs on both HTTP / HTTPS?  Mixed-content warnings?  Cert set up?
**Should HTTP requests get automatically redirected to HTTPS, by default?
**Should HTTP requests get automatically redirected to HTTPS, by default?
Line 78: Line 85:
#Listed on https://wiki.mozilla.org/QA/Execution/Web_Testing#Current_Projects
#Listed on https://wiki.mozilla.org/QA/Execution/Web_Testing#Current_Projects
#Regular status meetings
#Regular status meetings
# IRC channel?
#If needed, a tracking bug with dependencies set for other groups' work (IT, Webdev, Marketing, etc.)
#If needed, a tracking bug with dependencies set for other groups' work (IT, Webdev, Marketing, etc.)
#Make sure to schedule a brief meeting where all parties (Marketing/Webdev/QA) are present and discuss the open issues, and any last-minute (but necessary) changes
#Make sure to schedule a brief meeting where all parties (Marketing/Webdev/QA) are present and discuss the open issues, and any last-minute (but necessary) changes
#Ask for PRDs, user-flow diagrams, testing notes
#Are the third-party developers cc:d on all relevant bugs?  If possible (i.e. not "mozilla-confidential" flagged), have them follow the Bugzilla component (and make sure they have accounts).
#Are the third-party developers cc:d on all relevant bugs?  If possible (i.e. not "mozilla-confidential" flagged), have them follow the Bugzilla component (and make sure they have accounts).
#Has a push bug, and a release checklist, even if you don't think they need it (they do)
#Has a push bug, and a release checklist, even if you don't think they need it (they do)
Line 89: Line 98:
* Bug is triaged for severity, priority and assigned to a target milestone
* Bug is triaged for severity, priority and assigned to a target milestone
* Bug is fixed in work based on next target milestone release
* Bug is fixed in work based on next target milestone release
** Dev puts bug# in git comment
** Dev puts commit url in bugzilla comment
* Dev marks bug RESOLVED:FIXED
* Dev marks bug RESOLVED:FIXED
* Tester verifies bug on stage, bug marked RESOLVED:VERIFIED
* Tester verifies bug on stage, bug marked RESOLVED:VERIFIED
* Code is deployed to production
* Code is deployed to production
* Tester verifies bug
* Tester verifies bug
* Tester verifies deployment
* Tester verifies deployment/push/server-ops bug


Devs may fix bugs before triage, they should update Target Milestone to the next release.
Devs may fix bugs before triage, they should update Target Milestone to the next release.
Line 101: Line 112:


=Site Config=
=Site Config=
*Make sure you get Django-traceback emails
*Make sure you get Django-traceback emails, on both prod and trunk/staging
*Any vanity domains?  Registered/set up, and working?
*Any vanity domains?  Registered/set up, and working?
*Has a favicon?  That works in IE, too?
*Has a favicon?  That works in IE, too?
Davehunt
Confirmed users
2,196

edits

Retrieved from "https://wiki.mozilla.org/Special:MobileDiff/296127...400915"