Home > Store

Quality Web Systems: Performance, Security, and Usability

Register your product to gain access to bonus material or receive a coupon.

Quality Web Systems: Performance, Security, and Usability


  • Sorry, this book is no longer in print.
Not for Sale


  • Copyright 2002
  • Dimensions: 7-3/8" x 9-1/4"
  • Pages: 336
  • Edition: 1st
  • Book
  • ISBN-10: 0-201-71936-3
  • ISBN-13: 978-0-201-71936-9

Enterprise Web developers are trapped between a rock and a hard place: they're under tremendous pressure to get to market fast -- but if they deploy systems of poor quality, they will drive away customers -- losing revenue and market share for years to come. Quality Web Systems gives software professionals start-to-finish resources for enhancing quality and accelerating development at the same time. Quality Web Systems identifies the key obstacles to delivering Web systems that deliver promised levels of performance, security, and usability -- and proven solutions. Coverage includes: identifying key success criteria for Web development; specifying Web system functionality through RSI (Requirement-Service-Interface) use cases; creating test cases; checking browser and platform compatibility; identifying and testing for security vulnerabilities; planning and evaluating ease-of-use; and meeting specified performance and scalability requirements.

Sample Content

Online Sample Chapter

Web System Security

Downloadable Sample Chapter

Click below for Sample Chapter related to this title:

Table of Contents




1. Overview of Web Systems and Technologies.

Quality Web Systems.

Success Criteria.

Assigning Priorities Based on Risks.

Web System Engineering.

Web System Architecture.

2. Web Engineering Using the RSI Approach.

Use Cases Analysis.

Goal Oriented Use Cases Analysis.

RSI Approach.

RSI Model Development.

Non-Functional Requirements.

Technology Selection.

Test Procedures From RSI Use Cases.

Chapter Summary.


3. Security.


Web and Application Servers.

Database Server.

Client Computer.

Secure Communications.

Network Security.

Verifying Site Security.

TBS Case Study.

Chapter Summary.


4. Performance.


Performance and Scalability Requirements.

Verifying Site Performance and Scalability.

Verification Phases.

Interpreting the Test Results.

Improving Performance and Scalability.

Analyzing Scalability and Cost.

TBS Case Study.

Chapter Summary.


5. Compatibility.

Client-Side Compatibility Issues.

Verifying Site Compatibility.

TBS Case Study.

Chapter Summary.


6. Usability and Accessibility.

Usability Engineering.


Usability Evaluation.

Automating Usability Evaluation.

TBS Case Study.

Chapter Summary.


7. Tools.



Performance and Scalability.



Other Tools.

Chapter Summary.


A. Evaluation Checklists.

B. Test Tool Evaluations.

C. Technology Book Store Case Study.

Contributing Author Biographies.

Index. 0201719363T04202001


Quality Web Systems addresses the challenge for today's Web software professionals engaged in the development of Web sites and Web-based applications--products that support the business of an organization. These professionals working to develop and to deploy Web systems are under pressure to complete development efforts and to incorporate upgrades to systems ahead of the competition. Deployment delays often translate into the loss of revenue and reputation for the organization and can result in the loss of market share, which may be vital to the future of the organization. Similarly, the deployment of troublesome or error-prone Web systems can result in disgruntled customers, loss of revenue, and loss of market share. Web customers are seeking Web systems that serve them in a reliable fashion, that are secure and usable, and that provide quick and easy service.

Often overlooked during the effort to quickly deploy a Web system are the many necessary aspects that make up a successful system. Among these key success factors are proper functionality, ease of use, compatibility with a variety of browsers, security of the site's components and content, and system performance and scalability.

The Web has brought many changes to the way that systems are built and deployed. Software engineers attempting to build these sites face a multitude of new concerns, most of which have arisen over just a few years. Many systems are deployed with flaws that pose serious problems for the site, such as security holes and the inability to cope with user load. These issues have the effect of placing one or more of the key success factors at risk. This book provides a technical examination of these issues, outlines appropriate implementation techniques, and describes the problem areas in technical detail.

Delivering a quality Web system, however, does not rely merely on the merits of having a grasp of the potential problems and the knowledge of how to fix them. A critical component of any Web development project is the proper use of testing techniques, which are necessary for verifying that the site addresses these concerns and delivers the required functionality to the end users. Therefore, in addition to the technical discussion of each problem area, we also provide detailed testing strategies.

The starting point for exploring these issues and the first step toward ensuring that key Web system success criteria have been addressed during the development of the Web system is the capture and analysis of the site's intended functionality. One of the most effective and popular techniques for requirements capture is known as use case analysis, a technique for specifying system functionality precisely. Use cases are the basis for further analysis and design of the system. The study of use case analysis is a large topic, and it can be undertaken in several ways, depending on the size of the project and the people involved. The use case approach presented here, known as RSI (requirement-service-interface), is a specific way of engineering the functionality of a system and includes definition of system requirements, modeling of the high-level system services, and specification of the user interface.

RSI use cases are also an excellent starting point for test case definition, providing an appropriate level of detail for black-box and gray-box testing activities. This book does not attempt to cover all the possible implementation techniques and functional issues that may be encountered but rather concentrates on the engineering of system functionality, a critical factor in Web system quality and success. This effective approach to engineering system functionality supports the development of thorough tests that help to ensure proper operation of the system. The specification of system functionality occurs throughout the project life cycle, with the majority of the work being performed in the earlier phases. The specification of system functionality is an activity that warrants special attention by software professionals and project managers, and it should be regarded as one of the keys to delivering a quality Web system.

Another critical activity pertains to the early phases of architecture definition, system design, and implementation. These activities are also performed iteratively throughout the life of the project. Some decisions that are made early in these processes will be difficult, if not impossible, to reverse at a later time should a major flaw be discovered in the system's ability to perform in accordance with defined nonfunctional requirements--security, performance and scalability, and so on. Unfortunately, much of the guidance necessary to avoid these issues and to be able to deliver a system that properly addresses the key Web system success criteria has not been readily available and, in particular, has not been provided in one source.

Quality Web Systems addresses in detail the key success factors--security, performance and scalability, compatibility, usability, and the specification of functionality--that have a profound effect on the acceptance and use of the Web system by the end user. Engineering these factors into the system during the architecture, design, and implementation phases enables the Web site to be constructed with proper consideration for these concerns. In addition to the engineering of the key success factors into the Web system, software professionals need to apply the testing samples and guidance provided in the book in order to verify the successful implementation of the key success factors.

As an aid in helping to more completely outline the concepts addressed within the book, a single case study system, the Technology Bookstore, is portrayed throughout. In each chapter, relevant examples from the case study system are examined to provide concrete examples for the implementation concerns and test procedures.


This book focuses on the pragmatic concerns for Web system architecture and development: the Web enabling of applications, the establishment of Internet and intranet Web sites, and the development of Web applications supporting enterprise information portals. Thus, this book is valuable for Web architects and Web developers, who require detailed technical information on Web architectures and the proper implementation of site components to provide a site that is secure, scalable, compatible, and usable. The book also supports software test engineers seeking a more comprehensive technical understanding of Web systems. In addition, each success criterion is accompanied by step-by-step testing strategies for the test engineer. The book supports project managers by providing them with greater technical insight into the key Web system success factors.


This book uses the following conventions to help the reader.

  • Code samples, log entries, commands, and other captures are represented in a special type font: // this is a code sample.
  • Important terms and ideas are highlighted with italicized text.


Chapter 1 provides an overview of Web systems and technologies. The chapter outlines the paradigm shift that has occurred, associated with the movement of modern business and commercial software applications to the Web, and discusses how this shift has introduced new system development issues. Architectural approaches and Web system components are addressed, as well as the languages and products that are used to create Web systems. Basic terms used throughout the book are introduced.

Chapter 2--explains how to capture system behavior, or functionality, at the appropriate levels of detail through use case analysis using the RSI approach. The application of RSI use cases as an excellent starting point for test case definition is addressed.

Chapter 3--covers a multitude of security and privacy concerns for any Web system. The chapter focuses on security issues pertaining to the Web server, the database server and browser, and content security of custom components of a Web system.

Chapter 4--provides an in-depth discussion about the ability of the system to perform and scale. The chapter also explains how to identify and correct performance and scalability problems. The need for capacity planning is addressed as it pertains to the process of determining the resource requirements necessary for the Web system to be able to handle future load within an acceptable response time.

Chapter 5--details the challenges of providing service in an acceptable way to users with various operating systems and Web browsers. Guidance is provided on the implementation of standards and the development of a compatibility test matrix to aid in defining the proper scope of compatibility tests, given the extremely large possible number of test combinations.

Chapter 6--examines the suitability of the site's interface and end user experience relative to the intended user base. The Web system must be logical and intuitive and must provide a unique and pleasant shopping experience. Tests need to be applied to the system to provide assurance that an adequate level of usability has been implemented.

Chapter 7--outlines the various kinds of tools that are available to assist with the issues described in the previous chapters. Finally, Appendixes A-C provide supplementary information: Web testing checklists, a test tool evaluation matrix, and the Technology Bookstore case study.

Note that Chapters 3-6 provide not only an in-depth technical discussion of the material applicable to Web architecture and Web development audiences but also step-by-step guidance for the performance of tests applicable to both Web development and software testing. In addition and where applicable, references to additional sources of information are provided.



Abstraction, levels of, 16-18, 25, 39
Access control dialog box, 65
Accessibility, 3, 200-204
disability types, 201-204
research and studies on, 204
ActiveX controls, 7, 228, 230
browser compatibility and, 175
security issues involving, 87-89, 102-104
ALT attributes, 202
ALT links, 235
ALT text for images, 235
Analysis using RSI use cases, 36-39
Animation, 234
Anonymous users, 71-72
AnyBrowser.com Site Viewer, 221
database access through, 85
encrypting/decrypting information with, 83-84
Appearance, 234
Application components, 9
Application logs, 139-140
Application servers, 62
load balancing of, 141
security of, 60, 64-79
authentication, 64-71, 93-94
authorization, 71-72, 94-96, 108-110
content attacks, 72-79, 96-99
Architecture, 4-9
client tier, 5-8
database tier, 9
middle tier, 8-9
n-tier, 5
performance improvement through, 137-138
TBS, 298-299
Architecture baseline (prototype), 42
Asymmetric encryption, 91
Atomic system functions, 40
Atomic use cases, 17
Audience of book, xi
Auditory disabilities, 203
Authentication, 64-71, 226-227
custom authentication form, 68-71
HTTP basic, 64-68
verifying, 93-94
Authenticode, 87
Authorization, 71-72, 227
in TBS case study, 108-110
verifying, 94-96
Automated testing tools, 218
Back button, 195
Background, 233
Background images, 235
Background processing, 143
Base configuration, 124, 136
Base performance testing, 121-122, 123, 127-128, 229
interpreting results of, 134-136
Base unit of scalability, 124
Biographical details, 238
Black-box testing, 43-44, 50
Bottlenecks, 119, 122, 136
Bottom-page navigation, 241
Boundary classes, 38
Boundary conditions, 99
Branding, 199
Browser compatibility, 159-190
ActiveX controls, 174-175
colors, 179-180, 188-189
compression, 181
cookies, 170-172
CSS, 163, 186-188
Document Object Model (DOM), 168-170
ECMAScript, 168
evaluation checklists, 230-231
fonts, 179
handling, 163-168
dynamic HTML page sets, 167-169
multiple HTML page sets, 164-165
single HTML/multiple style sheets, 166-167
single HTML page set, 163-164
HTML rendering, 162, 186
HTML version, 161-162
image formats, 180-181
Java applets, 173-174
plug-ins, 173
secure protocols, 181
TBS case study of, 185-189
tools, 221
verifying, 181-185
compatibility table, 182-183
outsourcing, 185
scope of, 182
strategy for, 184
test environment, 183-184
XHTML, 178-179
XML, 175-178
Browser compatibility chart, 185
Browsers, 5
extensions, 5
security flaws in, 87
usability and interface of, 195-196
Browsing-user session, 127
Buffer overflows, 76-79, 89, 98-99, 227
ActiveX control, 102-103
in TBS case study, 111
Bullets, 234
Business model of Technology Bookstore case study, 23-26
Button text labels, 240
Buzzwords, 232
CAB (cabinet) file, 174
Cascading style sheets. See CSS (cascading style sheets)
CAST Bobby, 222
C/C++ programs, buffer overflow in, 77-79
Certificate authority (CA), 90-91
Check boxes, 240
Child process, 73-74
Cisco Secure Scanner, 219
Classes, in analysis modeling, 38
Clickable regions, 240
Client computer, 228
performance testing of, 124, 125
scalability testing of, 124
security of, 60, 87-90, 102-105
ActiveX controls, 87-89, 102-104
cookies, 89-90, 104-105
verifying, 102-105
Client-side scripts, 7, 87, 88-89, 162
Client tier, 5-8
Cockburn, Alistair, 14-15
Code algorithms, optimized, 139
Cognitive disabilities, 203-204
Collaboration diagrams, 38-39
Collins-Cope, Mark, 12
Colors, 231, 233
browser compatibility and, 179-180, 188-189
link, 240
Comment mechanism, 238
Common Gateway Interface (CGI), 8
Communications, secure, 60, 90-91, 105-106, 228
verifying, 105-106
Compatibility, 3. See also Browser compatibility
checklist for evaluating, 230-231
testing services, 185
usability vs., 160, 193
Completeness of use cases, 43
Component inputs, 98
browser compatibility and, 181
HTTP, 138
of images, 180
Compuware's QADirector, 218
Compuware's QALoad, 220
Concrete scenario, 15
Concurrency, 226
Concurrent users, 120
Configuration file, 86
Connection pooling, 81
Consistency of use cases, 43
Consolidated service set, 18
Content, 199, 232
usability and, 145, 197
Content attacks, 72-79, 227
buffer overflows, 76-79, 89, 98-99, 227
ActiveX control, 102-103
in TBS case study, 111
system command execution, 73-75, 96-97, 227
unauthorized server-side file access, 75-76, 98
verification against, 96-99
Content usability criteria, 208
Control classes, 38
Conventions used in book, xi
Cookies, 86, 87, 228, 230
browser compatibility and, 170-172
browser warning about, 195
security issues involving, 89-90, 104-105
session state stored in, 142, 143
Copyright notice, 214-215
Correctness of use cases, 43
Corruption of database, 137
Cost analysis, 144-147
Cost requirements, 120
CPU utilization, 139, 152-153
excessive, 134, 135
measurement performance guidelines for, 133
CSS (cascading style sheets), 7, 138, 166-167, 169, 176, 201
browser compatibility and, 163, 186-188
multiple, 166-167
Custom authentication form, 68-71
Customer relationship, 191
Customer support user session, 127
Data, association with user, 142
Data accessibility, verifying authorization for, 95-96
corruption of, 137
overview, 80-81
performance considerations in design of, 138
size of, 131
performance and scalability testing and, 124
verifying security of, 99-102
Database objects, 85, 100-101, 227
Database schema, 86, 228
testing security of, 102
Database servers, 62, 227-228
access to, 71
measurement performance guidelines for, 133
performance testing of, 125
scaling, 141
security of, 60, 79-86, 99-102
access to database objects, 85, 100-101
data encryption, 82-84, 99
data privacy, 81-82
schema information, 86, 102
temporary and log files, 84-85, 99-100
user ID and password, 85-86, 101
Database sessions, 142, 143
Database tier, 9
Data constraints, 45
Data dictionary, 35, 45, 47
Data integrity, 52, 226
Data requirements, test, 47-52
Date reference, 239-240
Debug build, 132
Defect tracking, 222
Degradation under stress, 120
Deployment issues, ix
Described images, 202
Directions on Web site, 240
Disabilities, types of, 201-204
Disabled users, 3. See also Accessibility
Disks, measurement performance guidelines for, 133
Disk usage, 139
Display usability criteria, 208
Dispute period, 81
Divider bars, 234
DNS (domain name server), 141
of interface use cases, 17
of nonfunctional requirements, 41
source, 50
Document links, 236
Document Object Model (DOM), 7, 168-170
Documents, multipart, 241
Download times, usability and, 145
Dynamic pages, 8, 72
Dyslexia, 204
ECMAScript, 7, 167-169
E-commerce Web systems, 3
security of, 59, 91
Efficiency, Web site, 198
Elsinore Visual Intercept, 222
Embarcadero GDPro, 218
Emprix/RSW e-Load, 220
Encryption, 71, 82-84, 99, 227
asymmetric vs. symmetric, 91
Engineering, Web system, 4
Engineering system functionality, x
Engineering tools, 217-218
Entity classes, 38
ErgoLight WebTester, 222
Error codes, HTTP, 131
Error handling, 226
Error messages, system stress and, 137
Error page, 96
samples, 109, 110
Essential service set, 18
Ethereal, 219
Ethernet, hubs vs. switches, 141-142
Evaluation checklists, 225-242
compatibility, 230-231
functional, 225-226
performance and scalability, 228-231
security, 226-228
usability, 231-242
information architecture, 236-238
language, 232
layout and graphics, 233-236
user interface, 238-241
Exception flow analysis, 23
"Expected results" steps, 44, 45
Extensible Markup Language. See XML
Extensible Stylesheet Language: Transformations (XSLT), 7, 176
browser, 5
in requirements use case, 25
Web server, 8-9
"False positive" results, 46
Federated servers, 141
File access
with ActiveX controls, 89, 104
server-side, 75-76, 227
File-based database, 80
File names as inputs, security concerns over, 98
Filtered inputs, 74-75
Find command, 100
Firewalls, 92, 228
Flow of events (scenario), 15, 126, 127
test, 130
Fonts, 231
browser compatibility and, 179
Font sizes, 214
Form action, 71
Form fields, 98
hidden, 76, 86, 97
Forms, checklist for, 225
Frames, 196
Freshness, 210
FTP, 92, 118
Functionality, x, 2
analysis modeling classes and, 38
atomic, 40
definition of system requirements and, 11
evaluation of, 4, 225-226
Functional requirements, TBS case study, 283-284
Functional scaling, 118, 145, 147
GIF, 180-181
GlancePlus for HP/UX, 221
Goal levels, 23
Goal-oriented use case analysis, 14-15
Grammar errors, 232
Granularity level, 16-18, 39
Graphics, usability and, 233-236
Graphics links, 234
Gray-box test steps, 44, 46
Guideline framework, 15
GUI widgets, 240
Handshake, 91
Heuristic evaluation (observational studies), 205-207
Hidden form fields, 76, 86, 97
Home page return, 240
Horizontal scaling, 118, 119, 145, 146
Horizontal scrolling, 234
Hresult, 102
HTML, 5, 7, 201
automatic assessment of validation of, 211
compatibility issues
handling, 163-169
rendering, 162, 186
version, 161-162
rendering, 230
storage of schema information or queries within comments, 86
title, 237
visual disabilities and, 202
HTML/CSS/Script version compliance, 230
HTMLed Pro, 197
HTML/Link validation, 222
compression, 138
error codes, 131
functions, 118
HTTP 1.1, 181
HTTP basic authentication, 64-68
HTTPS (SSL) functions, 118
Hubs, switches vs., 141-142
Hyperlinks, 239
Hypertext instruction, 238
Hypertext Markup Language. See HTML
Hypertext structuring, 237
IIETF (Internet Engineering Task Force), 161
Image dimension tags, 234-235
Image formats, 231
browser compatibility and, 180-181
Image maps, 202, 203
clickable, 232
Images, 233, 234
ALT text for, 235
background, 235
described, 202
downloads, 235
interlaced, 236
retrieval of, 124
size total of, 235
thumbnail, 235
Image size notice, 241
«Includes» relationship, 16, 17
Information architecture, 232
usability and, 236-238
Inline execution, 138
component, 98
file names as, security concerns over, 98
filtered, 74-75
keyboard, 194
mouse, 194
user's perceptual limits regarding, 196
Input data, verifying authorization of, 96-97
Input parameters, in service use cases, 18
Instone, Keith, 204
Integrated security technique, 86
«Interface» (site operations) use cases, 126, 128
Interface use case(s), 17, 19-21, 40
impact of service use case on, 33
model development, 26-28
for Technology Bookstore case study, 28-32
test data requirements of, 47
test procedure from, 44, 45-46
Interlaced images, 236
Internal link rot, 239
Internationalization, 197-198
Internet, 1
Internet connection, network scaling and, 142
Internet Engineering Task Force (IETF), 161
Internet Explorer. See Microsoft Internet Explorer
Internet jargon, 232
I/O utilization, 139
IP addresses, "spoofing," 140
Jargon, internet, 232
Java applets, 8, 173-174, 230
Java Archives (JAR), 174
Java Development Kit (JDK), 173-174
JavaScript, 168
Java Virtual Machine (JVM), 8, 173-174
JPEG, 180
JScript, 168
Keyboard input, 194
Keyguard, 221
Kilobytes, available, 137
LAN analyzer, 125
Large-list problem, 195
Large-site navigation, 240-241
Layout, usability and, 233-236
Learnability of Web site, 199
Linear scaling, 119, 145
Link colors, 240
Link rot, 236, 239
automatic assessment of, 211
Links, 226
ALT, 235
document, 236
graphics, 234
Link titles, 237
Load, 117
bursty nature of, 115-116
normal vs. peak, 120
Load balancing, 118, 141, 143
of application servers, 141
of web servers, 140-141
Load testing, 122, 123, 220, 229
interpreting results of, 134-136
single-operation, 128, 134
system, 134-136
tools for, 121
Log files, 84-85, 99-100, 227
Logging functionality, 132
Login interface, custom, 68-71
Logo, 239
Log-on technique, single, 85
Lowest-common-denominator approach, 163
Lsof command, 92
Macintosh, compatibility testing for, 185
Main success scenario, 15, 16
measurement performance guidelines for, 133
short-term, 203
Memory leaks, 139
Merant PVCS Tracker, 222
Merant PVCS Version Manager, 222
Mercury LoadRunner, 220
Mercury TestDirector, 218
Metacharacters, 74
Microsoft, usability evaluation at, 212-213
Microsoft Authenticode, 87
Microsoft Internet Explorer, 160-162, 172, 174-175, 183
Microsoft Internet Explorer 5.0, 176, 178
Microsoft Internet Explorer 5.x "Compatibility Mode," 221
Microsoft Internet Information Server (IIS), 65
Microsoft Office 2000 Command Translator, 198
Microsoft Visio2000, 218
Microsoft Visual J++ 6.0, 174
Microsoft Visual SourceSafe, 222
Microsoft Web Application Stress Tool (WAST), 221
Middle tier, 8-9
Mosaic, 161
Motor disabilities, 203
Mouse input, 194
Name/value pairs, 98
National Institute on Disability and Rehabilitation Research, 200-201
Navigability of Web site, 199
bottom-page, 241
large-site, 240-241
Navigation labeling, 237
NetMechanic BrowserPhoto, 221
NetMechanic HTML Toolbox, 223
Netscape Navigator, 160-162, 163, 168-169, 172, 174, 175, 183
Network(s), 228
bandwidth of, 132
performance of, 118-119, 125
scaling of, 141-142
security of, 60, 92-93, 106-107
Network monitoring, 219
Network monitors (sniffers), 60, 105
Next button, 195
Nielsen, Jakob, 11, 191, 200, 202, |205, 210
NJStar, 198
Nmap, 219
Nonfunctional requirements
in requirements use case, 25
RSI use cases for, 41
TBS case study, 294-297
Norman, Donald, 191
n-tier architecture, 5, 62
Object Constraint Language (OCL), 18
Objects, access to database, 85, 100-101
OBJECT tag, 88-89, 102
Observational studies (heuristic evaluation), 205-207
Offensive language, 232
Operating system, security of, 61, 62-63
Output parameters, in service use cases, 18
security and, 63-64
Web compatibility testing, 185
Overload condition, 2
Packet sniffer tool, 93
Page elements, 234
Page faults, 137
Page pregeneration, 138
Page redirect, 239
Pages, lengthy, 235
Page/script accessibility, 94-95
Page summarization, 238
Page title, 237
Paging, 139
"Paging" solution, 195
Palette, Web-safe, 179-180
PARAM attributes, 102-103
Password, 64, 85-86, 93, 227-228
verifying security of, 101
Patches, 132
Payment transaction history, 81-82,83
PCT, 181
Performance, 2, 115-157
bottlenecks, 119, 122, 136
common pitfalls affecting, 131-132
evaluation checklists, 230-231
improving, 137-140
monitoring, 221
software for, 130-131
network, 118-119, 125
requirements, 120-121
resource utilization, 116
response time and, 116-117, 120, 125
TBS case study of, 147-155
tools, 220
usability vs., 193-194
verifying. See Performance testing
Performance log, 131
Performance testing, 121-132,220, 229
base, 121-122, 123, 127-128, 134-136, 229
configuration elements in, 123-124
execution of, 130-131
goal of, 121
load tests, 122, 123, 220, 229
interpreting results of, 134-136
single-operation, 128, 134
system, 134-136
tools for, 121
measurement guidelines, 133-134
measurements, 124-125
planning, 126-129
reliability tests, 122, 123, 129, 137, 229
script creation, 129-130
stress tests, 122, 123, 129, 136-137, 229
tools for, 121
types of, 121-123, 127-129
Perl scripts, 73-74
Personality, Web site with, 199
PGP CyberCop Scanner and Monitor, 219-220
Plug-ins, 7, 172-173, 230
PNG, 180-181
Port 80, 93
Port 443, 93
Port access, 92
Port scanning, 92-93, 219
Port-scanning tools, 60, 107
Postconditions, in service use cases, 18
in requirements use case, 25
in service use cases, 18
Printing of Web page, 196
Privacy, 2. See also Security
data, 81-82, 227
Private information, storing with ActiveX controls, 89, 104
Private key, 90-91
Problem areas, ix
Processes, unnecessary, 132
Processing time, 117
Proposed HTML 3.0 tags, 161
Prototype, usability, 192
Prototype (architecture baseline), 42
Public key, 90-91
Purchasing-user session, 127
Quality Web systems, 1-2
Race condition, 85
Radio buttons, 240
Rational ClearCase, 222
Rational ClearQuest, 222
Rational Robot, 220
Rational Rose, 218
Rational Site Check, 222
Rational TestManager, 218
Reaction time, 194
Refresh button, 195
Regedit utility, 101
Registry, 101
Rehabilitation Engineering Research Center for Access to Computers and Information Systems, 200-201
Relational database management system (RDBMS), 80
Release builds, 132
Reliability, 121, 229
Reliability testing, 122, 123, 129, 229
interpreting results of, 137
Request submission, 117
Requirements, functionality and definition of, 11
Requirements capture, x
Requirements-Service-Interface use case. See RSI use case(s)
Requirements use case(s), 16, 19, 40
model development, 22-23
in TBS case study, 23-26
test procedure from, 44-45
Resource utilization, 116
excessive, 138-140
Response time, 116-117, 120, 125, 127-128, 193-194, 199, 239
actual vs. target, 134
automatic assessment of, 211
compression and, 181
evaluation of, 134-135
Risk, prioritizing success criteria based on, 3-4
Risk analysis, 182
Routers (firewalls), 92, 228
RSI use case(s), x, 11-58, 218. See also Interface use case(s); Requirements use case(s); Services uses case(s)
analysis using, 36-39
interrelationships between models in, 19-21
levels of granularity and abstraction, 16-18, 39
model development, 21-41
interface use case, 26-32, 40
requirement use case, 22-26, 40
service use case, 32-35, 40
traceability model, 36-37, 43
for nonfunctional requirements, 41
objectives of, 15-16
summary of, 39-41
TBS case study, 285-294
requirements use case, 285-290
service use case, 291-294
for technology selection, 41-42
test procedures from, 43-56
generic template for, 52-56
interface use case, 45-46
mapping test data requirements, 47-52
requirements use case, 44-45
sample, 48-49
service use case, 46-47
SAINT, 219
Saturated resources, 117
Scalability, 2, 115-157
analyzing, 144-147
base unit of, 124
common pitfalls affecting, 131-132
defined, 117
evaluation checklists, 230-231
functional, 118, 145, 147
horizontal, 118, 119, 145
improving, 140-143
linear, 119, 145
requirements, 120-121
TBS case study of, 147-155
tools, 220
verification of, 229
vertical, 118, 145, 146
Scalability and cost analysis, 120
Scalability curve, 144
Scenario (flow of events), 15, 126, 127
test, 130
Schema, database, 86, 228
testing security of, 102
Screen resolution, 193, 196
accessibility, 94-95
client-side, 7, 87, 88-89, 162
ECMAScript, 7, 167, 168
Perl, 73-74
test, 129-130
Search engine with spell checker, 204
Search feature, 240
Secure protocols, browser compatibility and, 181
Secure Socket Layer (SSL), 61, 68, 71, 90, 131, 181
browser warning about, 195
load balancing and, 143
performance and scalability testing and, 124
performance penalties of, 138
Security, 2, 59-113
of client computer, 60, 87-90, 102-105
ActiveX controls, 87-89, 102-104
cookies, 89-90, 104-105
verifying, 102-105
of database server, 60, 79-86, 99-102
access to database objects, 85, 100-101
data encryption, 82-84, 99
data privacy, 81-82
schema information, 86, 102
temporary and log files, 84-85, 99-100
user ID and password, 85-86, 101
of e-commerce Web systems, 59, 91
evaluation checklists, 226-228
issues, 61-62
of network, 60, 92-93, 106-107
of operating system, 61, 62-63
outsourcing and, 63-64
secure communications, 60, 90-91, 105-106
of service, 62-63
TBS case study, 107-111
authorization, 108-110
buffer overflows, 111
tools, 219-220
verifying, 60, 93-107
authentication, 93-94
authorization, 94-96
client computer, 102-105
content attacks, 96-99
database, 99-102
network, 106-107
secure communications, 105-106
of Web and application servers, 60, 64-79
authentication, 64-71, 93-94
authorization, 71-72, 94-96, 108-110
content attacks, 72-79, 96-99
Segue SilkPerformer, 220
Sequence diagrams, use case, 50
Server(s). See also Application servers; Database servers; Web servers
federated, 141
multiple, 131
performance testing of, 125
scalability of, 118
test configurations for, 123-124
test scenario and configuration of, 130
Server-side file access, 75-76, 227
Server software, 61-62
Service, security of, 62-63
Service packs and patches, 132
Services uses case(s), 17-18, 19-21, 40
impact on interface use case model, 33
model development, 32-33
for Technology Bookstore case study, 33-35
test procedure from, 44, 46-47
Session key, 91, 143
Session objects, 142
Sessions, 226
virtual, 122, 123
Session state, 142-143
SGML, 161
Short-term memory, 203
Signatures, 174
Single log-on technique, 85
Single-operation load testing, 128, 134
Site navigation, 237
Site operations use cases, 126, 128
Site title, 241
Sniffers (network monitors), 60, 105
SOFTEAM Objecteering, 218
performance monitoring, 130-131
server, 61-62
Source documentation, 50
Spatial-reasoning skills, 203
Specification of system functionality, x
Specification of system requirements, 4
Spell checker, search engine with, 204
Spelling errors, 232
"Spoofing" IP addresses, 140
Sprengers, Jaspers, 207
SSL. See Secure Socket Layer (SSL)
Stack, 77-78
Standard General Markup Language (SGML), 161
Standish Group, 11
Stress, degradation under, 120
Stress tests, 122, 123, 129, 229
interpreting results of, 136-137
Style sheet, XSLT, 176
Subfunction, 23
Subnesting, 142
Subshell, 73
Subsidiary use case, 15, 25
Success factors, x-xi, 2-3. See also Browser compatibility; Performance; Scalability; Security; Usability
interrelationships among, 3
prioritizing based on risk, 3-4
Summary goals, 23
Switches, hubs vs., 141-142
Symantec NetRecon, 220
Symmetric encryption, 91
System command execution, 73-75, 96-97, 227
System load test, 134-136
System vulnerability checking, 219
Tables, 239
Tcpdump, 219
TCP/IP, 92
Technology Bookstore (TBS) case study, xi, 107-111, 283-300
architecture, 298-299
authorization, 108-110
browser compatibility, 185-189
buffer overflows, 111
developed components, 299-300
functional requirements summary, 283-284
nonfunctional requirements, 294-297
performance and scalability, 147-155
platform and technologies, 297-298
RSI use cases, 285-294
interface use case, 28-32
requirement use case, 23-26, 285-290
service use case, 33-35, 291-294
usability, 214-215
Technology selection, RSI use case for, 41-42
Telnet command, 93
TELNET utility, 107
Temporary files, 84-85, 99-100, 227
Testability of use cases, 43
Test cases, 4
management of, 218
Test data requirements, 47-52
Testing. See also Verification
procedures for, from RSI use cases, 43-56
from RSI use cases, 43-56
generic template for, 52-56
interface use case, 45-46
mapping test data requirements, 47-52
requirements use case, 44-45
sample, 48-49
service use case, 46-47
scenarios for, 126, 127, 130
strategies for, ix-x
Test scripts, 129-130
Think time, 128, 130
Third-party products, Web system development and, 132
Thumbnail images, 235
Title(s), 214
HTML, 237
link, 237
page, 237
site, 241
TITLE tags, 236-237
TLS, 181
Tools, 217-223
compatibility, 221
engineering, 217-218
evaluations of, 243-281
capture/playback and script creation, 244-256
execution capabilities, 256-263
integration capability, 264-266
performance testing and analysis capability, 268-277
reporting capability, 266-268
vendor qualifications, 278-281
load-testing, 121
performance and scalability, 220
performance testing, 121
security, 219-220
usability, 222
Traceability diagram, 28
Traceability model, 36-37, 43
«Trace» dependencies, 19
Trace log information, 44, 46-47
Transactions, 226
Transmission Control Protocol/Internet Protocol (TCP/IP), 92
Trusted applets, 174
UDP/IP, 92
UML stereotypes, 16
Unified Modeling Language (UML), 19
UNIX systems, 61, 73-74, 100
port-process association in, 92-93
link rot, 236
reusing, 211
Usability, 3, 191-200
compatibility vs., 160, 193
design issues, 193-198
browser interface, 195-196
content depth levels, 197
content size and download times, 195
internationalization, 197-198
performance, 193-194
screen complexity, 196
screen resolution, 193, 196
development phases and, 192
evaluation checklists, 231-242
information architecture, 236-238
language, 232
layout and graphics, 233-236
user interface, 238-241
evaluation of, 204-214
automating, 210-214
end user support of, 208-209
heuristic, 205-207
at Microsoft, 212-213
objective criteria for, 207-208
opinion gathering for, 206
ratings, 206-207
guidelines for, 192, 198-200
keyboard inputs and, 194


Submit Errata

More Information

InformIT Promotional Mailings & Special Offers

I would like to receive exclusive offers and hear about products from InformIT and its family of brands. I can unsubscribe at any time.


Pearson Education, Inc., 221 River Street, Hoboken, New Jersey 07030, (Pearson) presents this site to provide information about products and services that can be purchased through this site.

This privacy notice provides an overview of our commitment to privacy and describes how we collect, protect, use and share personal information collected through this site. Please note that other Pearson websites and online products and services have their own separate privacy policies.

Collection and Use of Information

To conduct business and deliver products and services, Pearson collects and uses personal information in several ways in connection with this site, including:

Questions and Inquiries

For inquiries and questions, we collect the inquiry or question, together with name, contact details (email address, phone number and mailing address) and any other additional information voluntarily submitted to us through a Contact Us form or an email. We use this information to address the inquiry and respond to the question.

Online Store

For orders and purchases placed through our online store on this site, we collect order details, name, institution name and address (if applicable), email address, phone number, shipping and billing addresses, credit/debit card information, shipping options and any instructions. We use this information to complete transactions, fulfill orders, communicate with individuals placing orders or visiting the online store, and for related purposes.


Pearson may offer opportunities to provide feedback or participate in surveys, including surveys evaluating Pearson products, services or sites. Participation is voluntary. Pearson collects information requested in the survey questions and uses the information to evaluate, support, maintain and improve products, services or sites, develop new products and services, conduct educational research and for other purposes specified in the survey.

Contests and Drawings

Occasionally, we may sponsor a contest or drawing. Participation is optional. Pearson collects name, contact information and other information specified on the entry form for the contest or drawing to conduct the contest or drawing. Pearson may collect additional personal information from the winners of a contest or drawing in order to award the prize and for tax reporting purposes, as required by law.


If you have elected to receive email newsletters or promotional mailings and special offers but want to unsubscribe, simply email information@informit.com.

Service Announcements

On rare occasions it is necessary to send out a strictly service related announcement. For instance, if our service is temporarily suspended for maintenance we might send users an email. Generally, users may not opt-out of these communications, though they can deactivate their account information. However, these communications are not promotional in nature.

Customer Service

We communicate with users on a regular basis to provide requested services and in regard to issues relating to their account we reply via email or phone in accordance with the users' wishes when a user submits their information through our Contact Us form.

Other Collection and Use of Information

Application and System Logs

Pearson automatically collects log data to help ensure the delivery, availability and security of this site. Log data may include technical information about how a user or visitor connected to this site, such as browser type, type of computer/device, operating system, internet service provider and IP address. We use this information for support purposes and to monitor the health of the site, identify problems, improve service, detect unauthorized access and fraudulent activity, prevent and respond to security incidents and appropriately scale computing resources.

Web Analytics

Pearson may use third party web trend analytical services, including Google Analytics, to collect visitor information, such as IP addresses, browser types, referring pages, pages visited and time spent on a particular site. While these analytical services collect and report information on an anonymous basis, they may use cookies to gather web trend information. The information gathered may enable Pearson (but not the third party web trend services) to link information with application and system log data. Pearson uses this information for system administration and to identify problems, improve service, detect unauthorized access and fraudulent activity, prevent and respond to security incidents, appropriately scale computing resources and otherwise support and deliver this site and its services.

Cookies and Related Technologies

This site uses cookies and similar technologies to personalize content, measure traffic patterns, control security, track use and access of information on this site, and provide interest-based messages and advertising. Users can manage and block the use of cookies through their browser. Disabling or blocking certain cookies may limit the functionality of this site.

Do Not Track

This site currently does not respond to Do Not Track signals.


Pearson uses appropriate physical, administrative and technical security measures to protect personal information from unauthorized access, use and disclosure.


This site is not directed to children under the age of 13.


Pearson may send or direct marketing communications to users, provided that

  • Pearson will not use personal information collected or processed as a K-12 school service provider for the purpose of directed or targeted advertising.
  • Such marketing is consistent with applicable law and Pearson's legal obligations.
  • Pearson will not knowingly direct or send marketing communications to an individual who has expressed a preference not to receive marketing.
  • Where required by applicable law, express or implied consent to marketing exists and has not been withdrawn.

Pearson may provide personal information to a third party service provider on a restricted basis to provide marketing solely on behalf of Pearson or an affiliate or customer for whom Pearson is a service provider. Marketing preferences may be changed at any time.

Correcting/Updating Personal Information

If a user's personally identifiable information changes (such as your postal address or email address), we provide a way to correct or update that user's personal data provided to us. This can be done on the Account page. If a user no longer desires our service and desires to delete his or her account, please contact us at customer-service@informit.com and we will process the deletion of a user's account.


Users can always make an informed choice as to whether they should proceed with certain services offered by InformIT. If you choose to remove yourself from our mailing list(s) simply visit the following page and uncheck any communication you no longer want to receive: www.informit.com/u.aspx.

Sale of Personal Information

Pearson does not rent or sell personal information in exchange for any payment of money.

While Pearson does not sell personal information, as defined in Nevada law, Nevada residents may email a request for no sale of their personal information to NevadaDesignatedRequest@pearson.com.

Supplemental Privacy Statement for California Residents

California residents should read our Supplemental privacy statement for California residents in conjunction with this Privacy Notice. The Supplemental privacy statement for California residents explains Pearson's commitment to comply with California law and applies to personal information of California residents collected in connection with this site and the Services.

Sharing and Disclosure

Pearson may disclose personal information, as follows:

  • As required by law.
  • With the consent of the individual (or their parent, if the individual is a minor)
  • In response to a subpoena, court order or legal process, to the extent permitted or required by law
  • To protect the security and safety of individuals, data, assets and systems, consistent with applicable law
  • In connection the sale, joint venture or other transfer of some or all of its company or assets, subject to the provisions of this Privacy Notice
  • To investigate or address actual or suspected fraud or other illegal activities
  • To exercise its legal rights, including enforcement of the Terms of Use for this site or another contract
  • To affiliated Pearson companies and other companies and organizations who perform work for Pearson and are obligated to protect the privacy of personal information consistent with this Privacy Notice
  • To a school, organization, company or government agency, where Pearson collects or processes the personal information in a school setting or on behalf of such organization, company or government agency.


This web site contains links to other sites. Please be aware that we are not responsible for the privacy practices of such other sites. We encourage our users to be aware when they leave our site and to read the privacy statements of each and every web site that collects Personal Information. This privacy statement applies solely to information collected by this web site.

Requests and Contact

Please contact us about this Privacy Notice or if you have any requests or questions relating to the privacy of your personal information.

Changes to this Privacy Notice

We may revise this Privacy Notice through an updated posting. We will identify the effective date of the revision in the posting. Often, updates are made to provide greater clarity or to comply with changes in regulatory requirements. If the updates involve material changes to the collection, protection, use or disclosure of Personal Information, Pearson will provide notice of the change through a conspicuous notice on this site or other appropriate way. Continued use of the site after the effective date of a posted revision evidences acceptance. Please contact us if you have questions or concerns about the Privacy Notice or any objection to any revisions.

Last Update: November 17, 2020