Blog

Accessibility Testing

Is the process of testing your website after an upgrade to ensure that it remains usable for people with disabilities like hearing, color blindness, old age, and other disadvantaged groups.  Making sure your website adheres to various web accessibility standards, such as the US federal government’s Section 508 legislation and the W3C’s Web Content Accessibility Guidelines (WCAG) is of growing importance to organizations.

See referred to as: WCAG Testing

Annual Software Subscription

For many software products when you purchase the software you are granted a perpetual use license for that version of the software.  In order to get access to new releases and support for the software, you might often need to purchase annual software maintenance. Typically the cost ranges from 15% - 30% of the original license purchase cost and entitles you to have access to new versions, service packs or patches released during that annual period.

Automatic Update

A feature in the software product that automatically updates the software either without prompting or with a single click.  Take note that while automatic updates are convenient they are also very risky. If your configuration is somehow outside of what the vendor considers normal, applying the automatic upgrade may break your website.  We recommend disabling this feature, if possible and only running the automatic upgrade in a staging or development environment.

Back-end Components

Your back-end components, or back-end stack, is the set of software that runs on your or your hosting company’s servers, versus the browser of a site visitor.  These components comprise everything from the operating system, to the web and database servers, to the Application Development Server, APIs, and frameworks that you use.  Some software stacks are pre-bundled, which make them easier to download and deploy.

Also referred to as: Back-end Stack

Backpatching

If a bug or a security hole is fixed in a newer version of a software component, the software vendor may port that fix to older versions.  This process of moving the fix to an older version is referred to as backpatching or backporting. Note that not all fixes are back patched. It is up to the vendor based on the complexities of the code and the risk involved.  Fixes that are simple (maybe only a few lines of changed code) or are critical have a higher chance of being backpatched.

Also referred to as: Backporting

Backward Compatible Version

A new version, or patch, for a software component, is loosely considered backward compatible if the newer version does not cause the code or content in an older version to break when it is updated.  Some versioning schemes like Semver, define it more tightly to mean that the software component is backward compatible when its API is not affected by upgrading to a newer version.

Bootstrap

Bootstrap is a very popular and widely used open source front-end Web framework.  It contains HTML and CSS-based design templates for typography, forms, buttons, navigation, responsive grids, and other interface components, as well as optional JavaScript extensions. It recently released version 4.x which was a total rewrite from version 3.x and is not backwardly compatible in many areas.

Bug Fix

A bug fix is a correction to a specific isolated issue or set of issues in a software component.   The vendor may not release a full distribution of the version that the fix applies to, but instead only release those files needed to fix the specific issue.

Also referred to as: Patch, Hotfix

Client-side Components

See Front-end Components.

Content Management System (CMS)

Many websites today are built and managed using a Content Management System, often abbreviated CMS, which typically allows for multiple content contributors to create, edit and publish content, media, and other digital assets to their website.  The CMS often controls many of the major aspects of how a website is rendered. New releases of a CMS may affect not only the authoring interface that the content contributor sees and uses, but will also typically affect the rendering and functionality of the website itself.  When upgrading or applying a patch or service pack to a CMS, thorough testing should be conducted to ensure that existing functionality and rendering is not affected. Popular CMS products include WordPress, Drupal, Joomla, etc.

CSS (Cascading Style Sheets)

CSS, short for Cascading Style Sheets, is a language that helps manage the presentation of Web pages in a browser including colors, fonts, and layouts.  Some of your front-end components may define styles or style sheets that control aspects of their components or the overall rendering of the page. Note that simple changes in CSS may have far-reaching effects on your website.  It is best to thoroughly test all version updates, service packs and patches to ensure they don’t unintentionally affect how your website renders across all devices.

Dependencies

Many software applications, libraries, frameworks or plugins not only rely on other software components to operate properly but more specifically rely on specific versions of those components. It’s critical when upgrading your front-end or back-end components to fully understand the dependencies of each product.

Dependency Hell

Wikipedia defines Dependency Hell as “a colloquial term for the frustration of some software users who have installed software packages which have dependencies on specific versions of other software packages. The dependency issue arises around shared packages or libraries on which several other packages have dependencies but where they depend on different and incompatible versions of the shared packages. If the shared package or library can only be installed in a single version, the user may need to address the problem by obtaining newer or older versions of the dependent packages. This, in turn, may break other dependencies and push the problem to another set of packages.”

Development Environment

A development environment, or dev environment, is the environment and collection of tools and processes where you develop and test changes to your website. This environment is isolated from your production environment so that changes made in this environment do not affect your live website.  Depending on how strict your interpretation is, your overall web environment may have three (development, staging, and production) or four (development, testing, acceptance, and production) tiers. If you don’t have a development environment today you definitely should and you should always perform your upgrade first in a dev environment before applying to production.

Discontinued Support

Each version of a software application, component or library has a support shelf life.  As the software ages, the vendor who developed that software may decide to discontinue, or sunset, its support for that version.   Discontinued Support means that the vendor will no longer address issues or release patches for that version of the software. As such it’s important to track each vendor’s support lifetime so you can plan your upgrades accordingly so that you are never running a sunsetted version.  Products that are no longer supported should be upgraded as soon as possible, as discontinued software is a prime target for malicious hackers.

Also referred to as: Sunsetted Support

Dry-run

When upgrading your website, it is strongly recommended that you perform a Dry-run, or practice run of the upgrade process in development before performing in production. By performing a dry-run you will be able to thoroughly test and resolve any issues that are exposed to your visitors.

Framework

There are many frameworks, on both the front-end and back-end that provide an API code foundation upon which you can more easily build your website functionality.  These frameworks, like other software applications or libraries, have typical software release cycles whereby the software is enhanced and fixed with new releases and patches.  Like all other components in your website, frameworks need to be upgraded regularly. They typically affect a large number of pages within your site, and therefore when you do plan to update them, be sure to test thoroughly.

Front-end Components

Front-end or client-side components are those components that run in your site visitor’s browser.  They mostly involve technologies that help manage the HTML, CSS and JavaScript code. They make it easier for developers to manage how the content and user interface components like menus, dropdowns, modals, widgets, and transitions are presented to the user. Several popular modern front-end components or frameworks include Bootstrap, React, Angular, Vue, and Dojo.

Functional Testing

Functional testing is a type of testing that ensures that each of the functions or features of your website meet their stated requirements.  For your website, this typically means testing the interactive process based functions like submitting a Web form, following an e-commerce checkout process, or searching and/or filtering for information.  Tests are conducted by having a defined set of inputs and feeding these into the site, then examining the outputs. The more complex the processes, the more you might consider automating the testing of these functions.

HotFix

See Bug fix.

Issue Resolution

During the upgrade process, as issues are discovered during your testing they are passed to the appropriate resource for resolution.  Great care should be made during this stage to record or commit to source control any fixes made or configurations changed. That way these resolutions can be re-applied when running the final upgrade in production.  The issue resolution stage of the process is often a stage that takes a substantive amount of time, which is hard to predict and not easily avoided. However, the more you are able to automate your testing effort, the faster and more thorough your upgrade process can be.

Library

A software library is a package set of pre-written code that is exposed through an API.  Typically, a web developer utilizes software libraries with the website to achieve more functionality or to automate a process without writing code for it.  There are hundreds of libraries for both front-end and back-end functionality. These libraries need to be regularly upgraded as new versions are released.

Major Release

A major release is a new version of a software component that typically contains several significant new features/capabilities.  It also may contain support for new versions of platforms, major architectural changes, and/or updates to its internal API. Under the Semver specification, a major version is signified when the first digit (of the three digit version number) changes.  This indicates that there were incompatible API changes from the previous version.

Maintenance Page

If you are performing your website upgrade in production and expect any chance of downtime to your site visitors, be prepared and create a maintenance page that informs them that the site is currently under maintenance.  On this page, you should make it clear the site is only temporarily down due to planned maintenance and when you expect the site to be back online.

Minor Release

A minor release is typically a release that includes a small set of new features or enhancements and a set of bug-fixes.  These new enhancements do not typically contain significant new features, but rather minor enhancements to existing functionality.  A minor release is typically delivered in the form of a single installable package.  Under the Semver specification, a minor version is signified when the second digit (of the three digit version number) changes.  This indicates that there were no incompatible API changes from the previous version, but new functionality was added.

NPM (Node Package Manager)

Wikipedia states “npm is a package manager for the JavaScript programming language. It is the default package manager for the JavaScript runtime environment Node.js. It consists of a command line client, also called npm, and an online database of public and paid-for private packages called the npm registry. Many web developers utilize NPM to manage their front-end libraries.”

Open Source Software

Open source software is software where the source code is made available to the public for inspection, use, modification, and redistribution.  With the increased adoption of open source, many critics contend that security vulnerabilities have also increased as the result of hackers having access to the source code.   Note, however, that proprietary software may also contain or have dependencies to open source software. While the open source software development community is very good at quickly cataloging and releasing security patches for vulnerabilities, you should be diligent in your efforts to track new releases and thoroughly test any updates or patches to your open source components.

Patch

See Bug fix.

Patch Management

Patch Management, as the name implies, is a strategy and process for determining and managing the patches that need to be downloaded and applied to computer systems.  There are enterprise patch management systems that help organizations by automating the delivery of operating and application updates. From our perspective these systems don’t cover many aspects of patching your web components, they are more focused on operating system and desktop and application level patching.  For your web server, you can utilize various package managers to manage, Apache, for example.

Plugins

A website plugin is typically a small library that is developed by a 3rd party that provides a certain piece of functionality or interactivity to your website or one of your website components like your CMS.   For example, on the front-end, there are hundreds of jQuery based plugins for all sorts of UI components and on the back-end, there are plugins to extend your CMS like for WordPress or Drupal.

Production Environment

The production environment is the set of servers and other resources that is used to serve your current live website that is accessible to your site visitors. In terms of your website upgrade process, it is highly discouraged to perform any upgrades or apply any patches or service packs directly into this environment without thoroughly testing.  If at all possible, perform upgrades on a staging environment.

Security Exploit

A security exploit is not the same as a security vulnerability.  A security exploit is an attack on a website, computer system, network or other systems that takes advantage of, or leverages a vulnerability in that system, as a way to breach that system.  You should be concerned if one of the components of your website has a vulnerability but even more concerned if that vulnerability has been exploited.

Security Vulnerability

A security vulnerability is a weakness in a software component which may be able to be exploited by a threat to perform unauthorized actions within the application.  Hackers search for vulnerabilities that they can exploit to gain access. Common types of website vulnerabilities include SQL Injections, Cross Site Scripting (XSS), Cross-site Request Forgery (CSRF), Broken Authentication & Session Management, Insecure Direct Object References, Insecure Cryptographic Storage, and Security Misconfiguration.

Semantic Versioning (Semver)

Semantic Versioning, Semver for short, is a formal convention for specifying compatibility between releases of a "public interface",  using a three-part version number: major version; minor version; and patch, where a public interface could be anything from an application programming interface (API), a command-line interface (CLI) or a graphical user interface (GUI).  While it is a growing standard, not all website components follow the Semver scheme of versioning. Check with your component vendor. Semver is helpful to the developers who integrate libraries into their code to be able to understand the extent of changes in a given version and adjust their own code if necessary.

Server-Side Components

See Back-end Components.

Service Pack

A service pack is typically a collection of patches to a component or library.  Once the number of patches reaches a certain arbitrary number, the vendors often release a service pack which is a roll-up of all of the patches.  A service pack is typically delivered in the form of a single installable package.

Software as a Service (SaaS)

Many websites today are provided under a SaaS (software as a service model) where your vendor provides a packaged website hosting and maintenance plan for a single annual fee.  If your vendor is performing the website upgrade services, be sure that they are performing those upgrade in a manner that at least minimizes, if not fully reduces the risk of any site outages or functionality breakage.  You should insist that they are performed on a development environment and that thorough testing is performed.

Software Vendor

This is the organization that develops the software component.  Please note, however, that for smaller open source libraries or plug-ins the vendor may be a single developer, not an organization.  Often times these libraries or plug-ins may work but have been discontinued. It’s worth looking at who’s behind the component and how often they enhance and post fixes to the component before you integrate it into your site or upgrade to a new version.  

Staging Environment

A staging environment is a configuration environment that is a nearly exact replica of the production environment.  It is used to test builds and updates to a website under a production-like environment before deployment into production.  If you don’t have a staging or development environment to perform your website upgrade in, we strongly recommend setting one up first.

Sunset Date

A sunset date is the date upon which the software vendor discontinues support for a specified version of the product.  When planning your website upgrade you should definitely research the possible sunset dates for all your website components. It is important to note that while some vendors announce these sunset dates as actual dates well in advance, others don’t announce a specific date, but rather say they will support x number of versions back.  Once a new release is made, the x-1 version is sunsetted.

Please also note that for some open source website components, there is no formal support and many times a plugin or library may be discontinued without any formal sunset date.   

Virtual Private Network

A virtual private network (VPN) extends a private network (typically a corporate one) across a public network and enables users to send and receive data across shared or public networks as if their desktop and laptop computers were directly connected to the private network. Server maintenance and certain testing tasks can be accomplished when users are out in the field and away from the office.

Virtual Server

As servers have become more and more powerful, server virtualization has become widespread.  This technology allows for partitioning off one physical server into several virtual machines, or virtual servers.  Each of which can then be deployed, operated and managed more easily. When upgrading your website, if you are running on a virtual server, your upgrade process can be simplified in several ways.  You can more easily clone your production server to a development or staging environment and then simply switch to use that virtual server once all your testing and issue resolution are complete.

Visual Testing

Visual testing is a type of testing that verifies that the user interface appears correct to its users, across different devices.  The testing compares digital snapshots pixel-by-pixel to determine if there are any differences. This type of testing differs from automated functional testing which typically just tests the results returned by code.  When testing your website, both testing approaches make sense. WebsiteUpgradeTester.com is a visual testing tool that is designed specifically for testing website upgrades or applications of service packs or patches to your website.  It differs from traditional visual testing tools that are integrated into your build system and requires developers to write test cases.

WCAG Testing

See Accessibility Testing.

Website Components

Today’s websites are made up of dozens of individual technologies, or components, developed by various third-party vendors.  These components can be libraries, frameworks or API that helps the web developer more easily or quickly build and/or integrate the needed functionality into its site. Each component plays a different role and provides a different purpose, but all need to be implemented and maintained so that they work together to provide a properly functioning website.  The website components are typically broken down into two main groups: front-end components and back-end components.

Website Upgrade Tester.com

WebsiteUpgradeTester.com is the only cloud-based, automated visual testing tool designed to help you efficiently and affordably test your website upgrade. Whether it’s a major version upgrade, service pack or security patch you’re applying to your website, you can quickly test your entire site, no matter how large, to ensure that the upgrade does not adversely affect your site in any way.  By taking digital snapshot screen captures before and after your upgrade and them comparing them pixel-by-pixel, the WebsiteUpgradeTester.com tool will let you know if there is even a small visual change.

Zero-Day Exploit

A zero-day exploit is a security vulnerability that is unknown by the software vendor.  It is referred to as “zero-day” since it has been zero days since they knew of the vulnerability. Zero-day exploits are dangerous because until the vulnerability is mitigated, hackers can exploit it to adversely affect the system.

Zero Downtime Maintenance

If at all possible, you should strive for zero downtime maintenance which means that your site visitors do not experience any stoppage of service trying to connect to your website.  Zero downtime service is best achieved by not performing upgrades, or applications of patches or service pack directly into your production environment. Instead, clone your production servers into a virtualized staging environment, upgrade and test it there, then when all is OK switch that server, or set of servers to be production.  If you are not able to avoid upgrading in your production environment, plan to perform your upgrade during off-peak traffic times, utilize a maintenance screen to inform your customers of the outage window and minimize your testing time with a tool like WebsiteUpgradeTester.com