Tuesday, January 26, 2010

Test CAPTCHA

CAPTCHA(Completely Automated Public Turing Test to tell the Computers from Human Apart)

1. Must not allow user to copy/paste it.
2. It must not have dictionary words(so that it is difficult for hacker make computer guess)
3. It must not have offensive words(normally won't be, just in case.)
4. It must be random. It must display new image once invalid one is submitted.(AJAX implementation will be user friendly, so that it doesn't wait for user to refresh the page manually).
5. It must be case sensitive(based on rqts.)
6. Must provide audio to help visually impaired people.

Wednesday, January 20, 2010

Test local search engine

Search must work for all inputs. There is no invalid data for search. System should perform search for all input provided by user and show respective result(found/not found).

1. Try XSS injection - Enter the following script in search field and hit enter button

It should not execute the script. It should show a message saying no match found for your search.

2. Try to search keyword with special characters in it (!, @, #, $, %,^, &, *,(,_, -, +, =, `,~).
URL encoding must be done and hence should not result in bad URL request error.

3. Try to search keyword with space besides the keyword on right and left.
It must trim the spaces, fetch the matching records, and show it as results.

4. Check the max and minimum keyword size that can be searched. Depends on requirement.

5. Search without entering any keyword. System must instruct user to enter keyword and then search.

6. Perform search and bookmark the results page.
This page must be accessible anytime later.

7. Manipulate the bookmarked URL with new search.
Search should work and show corresponding result.

8. If wild card search is allowed, then nearest matching result must show up first and then follow with least matching result.

9. Pagination if any must be checked. Alpha pagination if any - starting letters in result set only must be highlighted in the pagination.
Numerical pagination count must be correct. Showing X1-X5 of XX must be verified.
On 2nd page, this pagination message must be X6-X10 of XX.

10. Search field must be focused if there is no other field on the page.

11. Search must work without depending on mouse also. Must support Enter key.

12. Disable javascript. Search must support and work without javascript also.
Check error scenarios with javascript disabled.

13. Try search with mixed case - "SeArCh" It must work.

14. Search keyword with apostrophe. "/" must not appear in search result.

15. Search keyword must be retained in search field anytime a search is performed.

16. Try to search keyword with maximum and minimum limit. It must work.

17. Try to search keyword with less than minimum and more than max limit. It must show error message.

18. Search keyword must be shown on page title, URL also - to enhance SEO.

19. If look ahead completion is provided for search, then it must work be case in-sensitive and also must work for keyboard keys also(up, down arrows; enter key)

20. Pagination using AJAX is not SEO friendly as of today. So, avoid AJAX pagination.
Google search engine doesn't recognize AJAX calls, and hence doesn't index the paginated AJAX links.

21. Bookmark the 2nd page of search result which is implemented without AJAX. Clear cache, cookies, session and open the bookmarked link. It must support "Next" and "Previous" links.
Also, the search keyword used while bookmarking must show in the keyword search field.

22. View the site with a text browser ( Eg: http://www.delorie.com/web/lynxview.html). This is nearest to search engine's view of the site.

Note: Will update the above list as I explore.

Test Login form

1. Try submitting blank input for both user name and password.
2. Try submitting valid Email ID, invalid password
3. Try submitting invalid Email Id, valid password
4. Mouse cursor must be focused in user name field.
5. Login using valid data and click on "Back" button of browser.
It should show page expired message.
6. Login using valid data and then copy paste the URL on another browser.
It should redirect to Login page URL.
7. Enter email ID in caps and respective password. It must work.
8. Check uniqueness of email ID. "ajishaek@gmail.com ; aJISHaek@gmail.com; AJISHAEK@GMAIL.COM" all must be treated as same.
9. Password must be case sensitive.
10. Form must work without depending on mouse. Must support tab and enter key.
11. Check max and minimum length of user name and password field. Check the respective data type constraint in DB, sign up with more than max limit. Try the same ID for login.
12. Sign up using special characters and use the same while logging in.
13. Try SQL injection - Submit the form by entering "anything' OR 'x'='x" in user name field and password field. It shouldn't accept.
14. Watch http response(firebug), user ID and password must be transmitted using POST Method only. Password must not be visible in plain text. It must be encrypted.
15. Login and then clear cache. Login must be still retained.
16. Login and clear session. Login must not be retained.
17. Login and clear cookie. Login must not be retained.
18. Click on "Remember Me" option while logging in. Close and re-open browser. It must not log out the user. It must retain the user login.
19. Only one user must be logged in at any time. If any user is already logged in, then system should not allow any other user to login.
20. Use same password for different Email ID - both must be treated unique.
21. Manipulate the ID if the user ID is passed in URL after login. It must not allow to access other user's details.

Note: Will update the above list eventually as I explore.

Tuesday, January 19, 2010

Test Cases or Checklist for Image Upload

Black box testing for image upload in a form

1. Try to upload file with zero bytes.
Equivalence partitioning
2. Try to upload image less than minimum limit.
3. Try to upload image more than maximum limit.
4. Try to upload image exactly minimum limit.
5. Try to upload image exactly maximum limit.
6. Try to upload image that has hidden text.
7. Try to upload image that is converted from other formats to image format.(.exe file converted to .gif etc).
8. Try to upload image format that is not acceptable - tiff, bmp...
9. Try to upload image format with capital letter extension. (.PNG ...)
10. Try to upload image format with different extension - .png; .jpg; .jpeg; .gif
11. Try to upload image with same names. Image name must be renamed while storing in DB or server.
12. Try to upload image with special characters in it's name.(someName for image's; image! (name) etc)
13. Try to upload image with keywords in its name.(delete.gif)
14. Try to upload image with more than one extension.(imagename.tiff.jpg.gif)
15. Uploaded file must not be directly accessible through URL.