The Art of Application Performance Testing by Ian Molyneaux — This book was just released and I found it an outstanding conceptual overview of performance testing a web based application. The book does a great job of reviewing the various types of performance testing, the key performance indicators, and the various steps needed throughout the performance testing process. I particularly liked the various checklists. A short book, at around 130 pages, I’d rate it 9 on a scale of 10.
How to Break Software by James Whittaker — This is software testing 101 put in the context of a series of attacks on a software application. The book presents about 20 attacks, which cover most of the fundamentals of testing, such as “Find input that may interact and test combinations of their values”. About 170 pages. An easy to read, well organized, although I found the “attack” notion a bit distracting. I’d give this a 9 on a scale of 10.
How to Break Web Software by Mike Andrews and James Whittaker — I was a bit disappointed in this book in that I thought that it primarily covered functional testing and had a dedicated chapter on web services. In reality, 99% of the book covered security testing. However, the security testing was covered quite well using the same “attack” approach as noted in the previous review. I’d give this one an 8 on a scale of 10.
Testing Applications on the Web by Hung Nguyen, Bob
Johnson, and Michael Hackett — This book is a bit dated, with the last revision in 2003. Nevertheless, it thoroughly and extensively covers almost all the basics of Web technology and web testing in its 600 plus pages. It does not deal with some of the more recent web developments such as Ajax, mashups, Web API’s, and Flash. I’d give it an 8 out of 10 due to its dated nature, otherwise it would easily get a 10.
Although not a book, I found a publication on a proposed framework work for security testing web services published by SIFT Information Security Services. This is pretty amazing document with very detailed test cases documenting a very wide range of threats to web services. I actually found this more useful than any of the books above with respect to security testing web services.
(This article was originally published on https://www.qualitylogic.com/community/index.php/web-services-api-testing-books/.)