How do you automate testing a web applications server side input validation?
When testing web applications I often write automated browser tests to test input field validation rules are enforced (not allowing the user to input dodgy data) and the appropriate messages are displayed to them.
How do you conduct the equivalent types of test but bypassing the client side validation so that the server side validation is tested?
I've done these kind of tests manually in the past by replaying a post request in fiddlr with different values. I'd really like to know if there's a good automated way of doing this so that I can include the tests in an automated regression pack to be run regularly.
This is specifically for a ruby on rails application in this case but I think this might be a language agnostic question.
There are many different ways to do this, depending on the tools you have available and the way your server-side code runs.
- If you have a means to interact with the server via API, you can use that to test server side validation.
- Alternatively, you can use tools like Fiddlr to directly send parameters and parse responses.
- Some of the load-testing tools will allow you to do this by sending values through HTTP and returning the responses.
- If you know enough html or have the ability to disable your application's client-side validation, you can use the client to send your unvalidated data and verify the results.
- Depending on the browser, you may be able to use the built-in browser developer tools to send requests and process responses.
There are other options, too - this is just what comes to mind immediately.