At Funda, we like to ensure our platform remains reliable, secure, and accessible under any conditions. That’s why QA Engineers Ashwin Srivastava and Gopi Kosuru wrote this blog to share how we approach non-functional testing in a structured way. Read on to see how we test our platform to keep it reliable.
Why non-functional testing matters
Functional tests confirm features work correctly, but non-functional tests guarantee they remain reliable under various conditions, reducing risks and enhancing user satisfaction. By proactively addressing non-functional issues, we reduce costs, enhance user safety, and ensure smooth, reliable performance at all times.
For more background on our overall testing philosophy, check out our 5 reasons why we believe in testing our products as a team at Funda.
Our roles and collaboration
We (Gopi and Ashwin) work as QA Engineers in different agile teams at Funda but collaborate closely as part of the broader QA team.
We focus on the same domain but support different audiences - Gopi ensures a reliable experience for our broker partners, while Ashwin does the same for sellers, buyers, and even the casual window shoppers. By covering both sides, we help maintain a consistent, high-quality experience across the platform.
This setup allows us to maintain a shared approach to quality while supporting the unique needs of our individual teams. We regularly share ideas, tools, and testing strategies to drive continuous improvement across the board. Our work plays a key role in earning user trust and keeping the platform stable and reliable.
Types of non-functional testing at Funda
We regularly conduct several types of Non-functional testing:
- Load tests: Ensuring the platform remains stable and responsive under heavy user traffic.
- Security tests: Protecting against vulnerabilities such as XSS, SSRF, CSRF, and broken access control.
- Reliability tests: Confirming our services stay functional even if dependent systems fail.
- Accessibility tests: Making sure our platform is usable for everyone, including individuals with disabilities.
- Internationalization (i18n) testing: Ensuring consistent functionality and user experience in both Dutch and English.
- Cross-browser and cross-device testing: Verifying our platform performs seamlessly across different browsers and devices.
Load testing
At Funda, we use k6 to simulate user loads and monitor response times, error rates, and request throughput. Detailed metrics like response times (min, max, mean, median, p95, p99), error rates, and requests per second help us continuously optimize performance. Integration with tools like Datadog allows real-time visualization and advanced analytics, helping us proactively address bottlenecks.
To execute load tests, we typically run staged scenarios to gradually increase user loads, identifying potential performance degradation points before they impact actual users.
Security testing
Security is paramount at Funda. Our development practices incorporate thorough checks against vulnerabilities highlighted by OWASP, specifically targeting:
- Cross-site scripting (XSS): Preventing malicious script injection.
- Server-side request forgery (SSRF): Securing against unauthorized server requests.
- Cross-site request forgery (CSRF): Protecting authenticated user actions from compromises.
- Broken access control: Ensuring strict enforcement of user permissions.
We collaborate closely with Rick, our security consultant and a real lifesaver, who regularly conducts penetration tests and educates our teams about security best practices. His expertise significantly eases our workload, allowing us to focus confidently on other aspects of testing, knowing potential threats are being expertly handled.
In addition to securing our internal systems, we rigorously validate the integrity and confidentiality of data exchanged with external integrations by enforcing:
- secure communication protocols,
- strict schema validation,
- and input sanitization.
This prevents malicious actors from inferring user information, exploiting integrations, or compromising downstream services and applications.
Reliability and resiliency testing
Reliability testing is crucial to ensure our platform continues to function, even if dependencies fail. We employ Chaos Engineering techniques with tools like Chaos Mesh, introducing controlled disruptions to test and enhance system robustness. This proactive approach helps identify and mitigate potential issues before they affect users.
Insights from these experiments feed back into our development cycle, resulting in continuously improved reliability.
Chaos Mesh is our tool of choice since it is possible to introduce a variety of faults at different layers of the infrastructure. Some examples include:
- Network delays, drops, and DNS faults
- CPU or memory stress
- Pod kills, container reboots, and vendor-specific cloud failures
- Time skews
- Disk I/O issues
- Kernel faults
- And more.
In the image below, we emulated a pod failure for a period of 30 seconds. This allows us to see how our system being tested behaves during that time frame, how dependent services react, and if our observability tools throw the correct alerts. This allows us to test code and the underlying infrastructure with something similar to a real-world scenario.
Network resiliency testing
At Funda, ensuring that our application is functional across varying network conditions is essential to delivering a seamless experience for millions of users - no matter where they are or how they connect.
Funda handles a massive volume of requests daily, coming from a diverse mix of devices and browsers, often under less-than-ideal network conditions. Someone could be casually browsing listings on a high-speed connection at home, scrolling through neighbourhoods while riding a train, or checking properties from abroad on roaming data. We want the experience to be fast, responsive, and frustration-free.
We simulate these real-world scenarios during feature releases - including 3G throttling, high latency, and intermittent packet loss - and make sure Funda performs reliably, even when the network doesn’t.
We can do this reliably because of the tools provided by the platform's SDKs, such as the network throttlers within browsers, and the iOS and Android mobile simulators.
Accessibility testing (A11y)
Accessibility (or A11y, as it's often abbreviated) testing ensures our platform is inclusive and compliant with standards like WCAG and the European Accessibility Act. We utilize automated accessibility checks within our Playwright tests, incorporating axe-core to systematically identify and address common accessibility issues such as:
- Colour contrast
- Image alt attributes
- Accessible roles
We complement these automated checks with manual tests, ensuring comprehensive coverage, including validating keyboard navigation, verifying semantic HTML structure, and assessing usability for assistive technologies.
Frontend performance testing
We use Google Lighthouse audits to assess frontend performance, accessibility, SEO, and adherence to best practices. These regular audits help identify opportunities to enhance load times, responsiveness, and overall user experience. Lighthouse scores guide improvements such as optimizing image delivery, minimizing unused JavaScript, and leveraging caching effectively.
Continuous integration and automation
At Funda, we have integrated accessibility tests specifically into our Continuous Integration and Continuous Delivery (CI/CD) pipelines. These automated tests run with every code change, providing immediate feedback and ensuring ongoing compliance with accessibility standards. While other non-functional testing categories like load and security tests are regularly performed, they are executed separately from our CI/CD pipelines.
To understand our shift towards Playwright, see also:
- Step-by-step guide to running Playwright tests in Azure DevOps
- Why we ditched Selenium for Playwright and how we nailed it
Key takeaways
- Non-functional testing strengthens system reliability and resilience, going beyond just checking if things work, to ensuring they work well under real-world conditions.
- Proactive testing helps prevent downtime, bolsters security, and keeps user experience smooth, even during high traffic or unusual scenarios.
- Automation and CI/CD integration allow us to run consistent, high-quality tests at speed, making it easier to catch issues early and ship with confidence.
- Specialized testing tools and expert collaboration improve both accuracy and efficiency, letting us focus on the areas that matter most.
- Accessibility testing as part of our pipelines ensures we stay compliant and inclusive by default, not as an afterthought.
Looking ahead
Continuous improvement and proactive strategies help us stay ahead of challenges, ensuring that Funda remains reliable, secure, and accessible to everyone.
Not long ago, many of the tools and strategies we’ve shared here were difficult to implement - but both the technology and our own practices have come a long way. Today, there’s a clear market demand for robust testing infrastructure, and Funda’s continued investment in these tools empowers us to meet that demand with confidence and deliver exceptional performance.
But we are not resting on our laurels: we are always on the lookout for new testing practises, tools, and strategies. Keep following our engineering blog for more insights into our processes, tools, and best practices.
Happy Testing!
See also: How we increased content platform traffic by 3000% with A/B testing
Question?
Do you have a burning question for Gopi or Ashwin after reading this blog? Feel free to reach out to them via email.