Quality Assurance for Web Applications
Once a web application is functional and ready for deployment one key step – serving business value — is done. Nice! But there is another thing to care about: Quality Assurance (QA). Fortunately there are open source tools available to check several aspects of a web application.
Since I just build up this page, I tested them and will describe the tools used and the results I got:
- Google Chrome Browser installed
The first tool is Google Lighthouse. Everybody who has a Google Chrome browser installed can use it. It is integrated in the developer tools, to open it just press F12 on MS Windows and Command+Option+I on Mac. When I ran it on my page, the results were pretty good, however the SEO (Search Engine Optimization) scores had room for improvement, because page meta tags where missing. After I added the meta description tags to the page I got this: These little color dots are part of some "firework animation" google developers added to the tool if an app achieves a score of 100% in all categories. :-)
Nice! 100% in all categories. But what does it mean? Let's have a look at the categories. Stop ... too much details. When working on projects it is essential to remember the 80/20 rule. Only if there is something bad we have to investigate further. In this context bad means: A red or orange number. If the tool shows a green result, it is good enough most of the time. In my case, although there was a good result, the effort to improve it further was only a matter of minutes, so I did it anyways. Next tool, more about security ...
- Docker Desktop installed
The next tool I used is OWASP ZAP. It is a tool to check web applications for security issues. It is available as a desktop application or as a docker image. I used the docker image to check my page (domain replaced by example):
Here are the results:
Note: I removed the passed checks and the lines with the links to the pages, because they are not relevant for this post.
Unfortunately one header couldn't be fixed (without hacks) - the first one: Re-examine Cache-control Directives. If you use frameworks, you have to accept limitations sometimes.
- The tools are easy to use and they give you a good overview about the quality of a web application.
- There are options to include them in a CI/CD pipeline, maybe not for every run, but for a nightly run as an example.
Everything has its costs, It is important to discuss and review the status quo of a project with the stakeholders and define the goals step by step. It is not necessary to achieve 100% in all categories. It is important to know the risks and to have a plan to mitigate them.