Cloud applications that are developed ‘on’ the cloud or applications that are developed ‘for’ the cloud, are very different from traditional web applications. The biggest advantages of cloud applications are that they are cost efficient and scalable and are built using more modern technologies such as CSS3, HTML5, jQuery, JavaScript etc. At the same time, cloud applications have to be multi-tenant, highly configurable, secure, fault-tolerant and to provide business advantage. This would suggest that testing cloud applications is very different from testing traditional applications.

At the high level, testing cloud applications consists of validating the applications with data, business workflows, compliance, network/application security, performance, scalability as well as compatibility to build robust applications. Unlike web application testing, cloud testing remains relatively unaffected by versioning, server installation, multi-platform testing or backward compatibility. The focus here is more on security, SLA adherence, deployment, access, interfaces between components and failovers.

In this blog, we take a look at some key considerations that testers have to give special consideration to when testing cloud applications, many of which are dependent on the infrastructural nature of the cloud.

1. Performance Testing
   Since cloud applications run on hardware that is shared and testers have no control over, performance testing of the application and the required scalability become essential. Running load tests on the application and the shared resources simultaneously, thus, become imperative to evaluate if the performance of the application is impacted in any way. Testers also need to evaluate response times, latency, response codes, errors, deviations etc. and isolate the issues that cause a performance dip with increasing loads or multi-user operations. Testing also has to take into consideration the number of concurrent users accessing the application from multiple geographical locations.
2. Security Testing
   Since cloud applications share infrastructure and resources, testers need to perform a high degree of security testing to ensure data integrity and security. Testers, thus need to implement security testing in the form of SQL injections, testing cookies, cross-site scripting, multi-tenant isolation, access validations for roles and application data. They need to address accessibility concerns by performing multi-privilege tests and access control tests to ensure that one tenant’s data cannot be accessed by another. Security testing also assumes a very important role to ensure compliance according to government standards. Considering the infrastructure on which the application is hosted is owned and managed by someone else, testers need to create security tests within, without and across the cloud infrastructure system and the application itself to ensure the security of business data and the application.
   Testers also need to consider testing the network to control access, sensitive data flow, and encryption along with testing the network bandwidth to ensure data availability and its transfer from the cloud application to the network.
3. Third-party dependencies
   Testers need to test third party dependencies since cloud applications are most likely to consume external API’s and services to provide certain functionalities. Testers thus need to monitor and test these API’s as a part of their own solution to make sure the application functions in the manner that it should and identify any associated deterrents of performance.

Testing of cloud applications has to be a proactive process considering the frequent upgrades and releases, especially live upgrades, interface upgrades etc. that are made to the application. Hence, testers need to ensure that any of the new changes do not impact the existing functionality of the application. For this, they need to ensure that validating the changes are prompt and do not cause any performance bottlenecks. Since the software teams developing cloud applications move fast, testing needs to be more organized, documented and defined. Hence having a detailed testing plan that defines the scope of testing, the elements that need to be tested and test definitions to produce quality releases and delivering fool-proof applications.

Conclusion

There is no escaping the cloud services(services of cloud) in today’s business environment – more and more applications will get built with the cloud in mind and testing services looks set to change as a result. For those reading this post – how has the cloud impacted your testing practices?