Sunteți pe pagina 1din 168

QA Assigned:

Developer(s) Assigned:
PM Assigned:
TEST CASE SPECIFICATIO
ID
N REFERENCE

Cookie Testing

OBJECTIVE

Verify cookie privacy policy


Verify cookie privacy policy

Cookie Testing
Verify the major functionality
working after disabling the
browser cookies.
Cookie Testing
Verify the use of cookies by the
application under test.
Cookie Testing
To verify Accepts/Reject some
Cookie Testing cookies
To verify the behavior of pages
Cookie Testing after deleteting cookie
Corrupt the cookies manually edit
the cookie in notepad and change
Cookie Testing the parameters to some vague
values
Cookie Testing on Multiple

Cookie Testing browsers


Log in to your web application
using some username and
password and change the
parameter ID value in the browser
Cookie Testing address bar.

To verify the login page


functionality after disabling the
Cookie Testing browser cookies.

To verify that the session related


Cookie Testing cookie expires when session ends.

Verify that the session ID is unique


Cookie Testing for each session.

Verify the cookie expiry date and


time after modifying it for a
Cookie Testing persistent cookie.

Verify the proper deletion of the


cookie which is created by some
page and some other page will be
Cookie Testing deleting it in same domain.
To verify Error Message
Security
Testing
Security
Testing

To verify Log File

Security
Testing
Security
Testing

To Check data encryption for login


id & Password is fixed
encryption or random encryption
Ensure that accessing the
application is secure.
Check for Valid and invalid login
attempts:

Security
Testing
Security
Testing

Check for book marking a secure


webpage and accessing in another
web-browser session:

Security
Testing
Security
Testing
Security
Testing
Security
Testing
Security
Testing

To Verify that the history of the


transaction.
To guess the potential value for
username and password.

Security
Testing

Security
Testing

To guess the potential value for


username and password by fixing
the value for username and iterate
the value for the password through
a list of possible passwords.

To guess the potential value for


username and password by fixing
the value for password and iterate
the value for the username
through a list of possible
usernames.
Security
Testing
Security
Testing

To check the CAPTCHA for


automates scripts logins.
Try to enter below mentioned
stings in text field from UI or from
URL
</
>
1 OR 1=1
1'OR'1'='1
a' or 't'='t
1'1
1EXEC XP_
1 AND 1
1"AND 1=(SELECT COUNT(*)
FROM Tablename);
'OR username IS NOT NULL OR
username ='
1 AND USER_NAME()='dbo'
1' AND non_existant_table='1
1' AND non_existant_table='1
&#x31;&#x27;
a'; DROP TABLE users; SELECT *
FROM userinfo WHERE 't' = 't
(Only use this command on QA dB,
not on production, be careful)
1; DROP TABLE users

SQL Injection
Test direct URL testing.
URL Testing
Add some additional alphabets
URL Testing
Add some special characters
URL Testing

URL Testing
URL Testing

Check for the Query string value in


the URL.
To access the other pages URL by
guessing the value for the query
string.
If application have different role
permissions then try pasting
different role URL in each other
sessions.

URL Testing
Alter the session identifier in the
Url and try to access another users
account.
URL Testing
Test if SSL is used for security
measures.
SSL_Testing
Test if SSL is used for security
measures.
SSL_Testing
Test the SSL client.

SSL_Testing
Test the SSL client by clicking the
padlock icon.
SSL_Testing

SSL_Testing

Right click Copy the URL.


Paste to any browser address bar.
Remove "https://" from the URL
and hit Enter.
Repeat but change the URL to
"http://"

Total Test Cases:


Security Testing

"Pass" Test Cases:


"Fail" Test Cases:

EXPECTED RESULT

No personal or sensitive data should


stored in the cookie
If there is no option than saving sensitive
data in cookie then make sure data
stored in cookie should stored in
encrypted
format.
Applications
major functionality will not
affected by disabling the cookies and
there should not be any page crash due
to disabling the cookies.
Overuse of cookies will annoy users if
browser is prompting for cookies more
often and this could result in loss of site
traffic.
Pages should not be getting crashed or
data should not be corrupted.
Access the web pages and check the
behavior of the pages.
Corrupted cookies should not allow to
read the data inside it for any other
domain.
Application should works properly using
these cookies.
The proper access message should be
displayed to user and user should not be
able to see other users account.

TEST DATA

ACTUAL RESULT

There should be a proper validation


message prompting user to turn on the
cookies functionality.

The cookie including the session related


information would expire when the
session ends.

The session ID in the cookie would be


unique for each session.

The cookie should expire at the modified


date and time.

The cookie would get deleted.

Error Message does not contain malicious


information.

Log File for both web page & database


would be verified and the error is
reported.

Data encryption would be appropriate


according to the criticality of the business
flow included with it.
If https - Look for the Lock Symbol at
the end of the browser address bar.
a) After 3 invalid attempts (depends from
application to application), try to enter
backspace and see if it moves to second
attempt, try the valid password and it will
log you to the application (but only in
http).b) Check for the limit of number of
login tries.
a) Right click should be disabled
(According to W3C standard) for security
purpose in sensitive pages.
b) We can Bookmark or save the webpages through Windows button like
favorites (IE) or Bookmark (Mozilla)
c) By entering the information and trying
to save the web-page through mouse
right click, it should not be saved.
d) It should not be saved through the
menu File>Save as options also.
e) Copy, paste, save, etc options should
not be allowed with the sensitive pages.
History should not be maintained for the
secured web-pages.
User should not be able to login in the
system.

User should not be able to login in the


system.

User should not be able to login in the


system.

CAPTCHA would not be captured by the


automation script.
Any critical information would not be
accesible.

Test by pasting internal URL directly into


browser address bar without login.
Internal pages should not open.
Url should show some error message
Url should show some error message

Query string value would be appearing in


encrypted format.
Other page/file would not be accessible to
the user.
User should not be able to access a page
whose permission is not granted in that
particular role.

Proper validation message would appear


and the different session would not be
accessible to the user.
If used proper message should get
displayed when user switch from nonsecure http:// pages to secure https://
pages and vice versa.

All transactions, error messages, security


breach attempts should get logged in log
files somewhere on web server.
Enter the domain name in the browser
address bar a padlock icon would appear
in the web browser.
The information regarding the SSL
authenticity of the website should display.

In both cases the URL resolves to https://.

42

"Not Run"

"WontFix"

"Deferred"

"Invalid"

"Duplicate"
"Worksforme
"

STATUS

BUG TYPE

SEVERITY

PRIORITY

0
DEVELOPER'S
COMMENT
(DEVELOPER
NAME/DATE)