What to Test in a Login Page?

User Interface

Tab Order - Is there a logical order to using the tab key?

Username field focus - when arriving at the page is the cursor focused on the username field?

Use of enter key - does selecting enter activate the Login button?

Accessibility - are the form fields correctly identified and labelled?

The look - does it look ok? Everything aligned ok?

Content - is the content up to scratch? Any typos?

Links - are there any other existing links on the page? Are they valid?

Security

Password - is it shown in asterisks?

Password - can it be copied and pasted?

Password - is there a minimum complexity on the password?

View Source - is valuable information given away in the HTML source code?

SQL Injection - is it vulnerable to SQL input?

Pages - can pages behind the wall be accessed without logging in?

URL Manipulation - can the URLs be edited to gain access where it should not be allowed?

Multiple accounts - can different accounts be logged in at the same time in the same browser?

Cookies - can they be edited? Disabled?

Functionality

Login - is it possible to login successfully? Unsuccessfully?

Logout - if user logs out, do they log out as expected?

Forgot password - does it exist? does the process work? Is it prone to security failure? URL

manipulation?

Back and Forward buttons - how does the application cope when using the browser Back and Forward

buttons?

Remember me - is there a “Remember me” option? Does it as standard? What if password is changed?

Compatibility - is there a need to test in other browsers?

Data - is there a minimum or maximum length of characters? What are the boundaries? What are the

allowed characters?

Error handling - how are errors handled and displayed?

Mobile Application Testing Checklist.

Installation

• Verify that application will download properly.
• Verify that application will install properly.
• Verify that proper application Icon is displayed.
• Verify that the application will  launch successfully.

Splash Screen

• Verify that proper splash screen is displayed.
• Splash screen should not remain for more than 3 seconds.

Application Stability

• Verify that the Application will not crash or freeze at any time while running.
• Verify that the application must not lose any information as a result of a forcible close.
• Verify that the application will work properly after system shut down and restart.
• Verify that the application will not cause any problem to other application which is installed in the device.

Network Testing

• Observe the behavior of the application during no network range.
• Observe the behavior of the application when network is back in action.
• Observe the application behavior under Wi-fi network range.
• Observe the application behavior under 3G network.
• Observe the application behavior under low network range.
• Observe the application behavior under Airplane mode.

Voice Call Handling

• Verify that the user can accept voice call during application running.
• Verify that the user can reject voice call during application running.
• Verify that the user can establish a voice call during application running.

SMS Handling

• Verify that user can get SMS alert when application is running.
• Verify that the application will not quit when user will get an SMS alert.
• Verify that user can resume back from the same point after reading the SMS.
• Verify that user can send an SMS during application running.

Battery Related Testing

• Error message should be displayed for low battery during application running.
• Verify that the application is running under low battery.
• Verify that the application will not affect when we insert or remove charger.
• Verify that application does not consume battery excessively.

Low Memory

• Verify that application displays proper error message when device memory is low and exits gracefully from the situation.

Continual Keypad Entry

• Verify that continual key pad entry do not cause any problem.

External Incoming Communication

• Application should gracefully handle the condition when incoming communication is made via Bluetooth/Infrared.

Application Version

• Verify that the application version is properly displaying in the application.

Uninstall

• Verify that application can be uninstalled successfully.
• Verify that proper confirmation message is displayed before uninstalling the application.

Database Testing.

To test the database:

• Create a controlled version of the migrated database.
• Oracle recommends that you keep the database migration scripts in a source control system.
• Design a set of test cases that you can use to test the Oracle database from unit to system level. The test cases should:

Ensure the following:

• All the users in the source database have migrated successfully.
• Privileges and grants for users are correct.
• Tables have the correct structure, defaults are functioning correctly, and errors did not occur during mapping or generation.

Validate that the data migrated successfully by doing the following:

• Comparing the number of rows in the Oracle database with those in the source database.
• Calculating the sum of numerical columns in the Oracle database and compare with those in the source database.

Ensure that the following applies to constraints:

• You cannot enter duplicate primary keys.
• Foreign keys prevent you from entering inconsistent data.
• Check constraints prevent you from entering invalid data.
• Check that indexes and sequences are created successfully.

Ensure that views migrated successfully by doing the following:

• Comparing the number of rows in the Oracle database with those in the source database.
• Calculating the sum of numerical columns in the Oracle database and compare with those in the source database.

Ensure that triggers, procedures, and functions are migrated successfully. Check that the correct values are returned for triggers and functions.

Data integrity is tested by the following tests: Verify that you can create, modify, and delete any data in tables. Verify that sets of radio buttons represent fixed sets of values. Verify that a blank value can be retrieved from the database. Verify that, when a particular set of data is saved to the database, each value gets saved fully, and the truncation of strings and rounding of numeric values do not occur. Verify that the default values are saved in the database, if the user input is not specified. Verify compatibility with old data, old hardware, versions of operating systems, and interfaces with other software.

Cookie Testing

What is Cookie?

• Cookie is small information stored in text file on user’s hard drive by web server. 
• It is usually a small piece of data sent from a website and stored in a user's web browser while a user is browsing a website. 
• When the user browses the same website in the future, the data stored in the cookie can be retrieved by the website to notify the website of the user's previous activity.

Cookie Testing Test Cases

• Check if the application is writing cookies properly or not.
• Test to make sure that no personal or sensitive data is stored in the cookie. If it is there in cookies, it should be in encrypted format.
• If the application under test is a public website, there should not be overuse of cookies. It may result in loss of website traffic if browser is prompting for cookies more often.
• Close all browsers, delete all previously written cookies and disable the cookies from your browser settings. Navigate or use that part of web site which use cookies. It should display appropriate messages like "For smooth functioning of this site please enable cookies on your browser."
• Set browser options to prompt whenever cookie is being stored / saved in your system. Navigate or use that part of web site which use cookies. It will prompt and ask if you want to accept or reject the cookie. Application under test should display an appropriate message if you reject the cookies. Also, check that if pages are getting crashed or data is getting corrupted.
• Close all browsers windows and manually delete all cookies. Navigate various web pages and check and see if these web pages show unexpected behavior.
• Edit few cookies manually in notepad or some other editor. Make modifications like alter the cookie content, name of the cookie, change expiry date etc. Now, test the site functionality. Corrupted cookies should not allow to read the data inside it.
• Cookies written by one web site should not be accessible by other website.
• If you are testing an online shopping portal, Check if reaching to your final order summary page deletes the cookie of previous page of shopping cart properly and no invalid action or purchase got executed from same logged in user.
• Check if the application under test is writing the cookies properly on different browsers as intended and site works properly using these cookies. This test can be done on browsers like different versions of internet explorer, Mozilla Firefox, Netscape, Opera etc.
• If the application under test is using cookies to maintain the logging state for users. Check if some id is being displayed in the address bar. Now, change the id & press enter. It should display an access denied message and you should not be able to see other user's account.

What is Web Testing?

• Web testing is the name given to software testing that focuses on web applications. 
• Complete testing of a web-based system before going live can help address issues before the system is revealed to the public.
• Issues such as the security of the web application, the basic functionality of the site, its accessibility to handicapped users and fully able users, as well as readiness for expected traffic and number of users and the ability to survive a massive spike in user traffic, both of which are related to load testing.

Web security testing

• Web security testing tells us whether Web based applications requirements are met when they are subjected to malicious input data.

Web Testing Checklist

• Functionality Testing
• Link Testing
• Form Testing
• Cookie Testing
• HTML/CSS Validation
• Database Testing
• Usability testing
• Navigation Checking
• Content Checking
• Interface testing
• Web server and application server interface
• Application server and Database server interface.
• Compatibility testing
• Browser compatibility
• Operating system compatibility
• Mobile browsing
• Printing options
• Performance testing
• Load Testing
• Stress Testing
• Security testing
• URL Manipulation
• Session Testing
• SQL Injection
• Cross Site Scripting
• Vulnerability Testing
• Password Cracking
• Spoofing

For Complete Web Application Checklist, Please visit the below link: http://softwaretestingreference.blogspot.in/p/web-application-testing.html

What is Ad Hoc Testing?

• Ad hoc testing is a commonly used term for software testing performed without planning and documentation. 
• The tests are intended to be run only once, unless a defect is discovered. Ad hoc testing is the least formal test method. As such, it has been criticized because it is not structured and hence defects found using this method may be harder to reproduce (since there are no written test cases). 
• However, the strength of ad hoc testing is that important defects can be found quickly.
• It is performed by improvisation: the tester seeks to find bugs by any means that seem appropriate. 
• Ad hoc testing can be seen as a light version of error guessing, which itself is a light version of exploratory testing

What is Performance Testing?

• Performance testing is a testing performed to determine how a system performs in terms of responsiveness and stability under a particular workload. 
• It can also serve to investigate, measure, validate or verify other quality attributes of the system, such as scalability, reliability and resource usage.
• Performance testing is a means of quality assurance (QA). It involves testing software applications to ensure they will perform well under their expected workload.
• The goal of performance testing is not to find bugs but to eliminate performance bottlenecks
• The focus of Performance testing is checking a software program’s
• Speed – Determines whether the application responds quickly
• Scalability – Determines maximum user load the software application can handle.
• Stability – Determines if the application is stable under varying loads

Types of performance testing.

• Load testing – Load testing is the simplest form of performance testing. A load test is usually conducted to understand the behavior of the system under a specific expected load.
• Stress testing – involves testing an application under extreme workloads to see how it handles high traffic or data processing .The objective is to identify breaking point of an application.
• Endurance testing – is done to make sure the software can handle the expected load over a long period of time.
• Spike testing – Spike testing is done by suddenly increasing the number of, or load generated by, users by a very large amount and observing the behaviour of the system. The goal is to determine whether performance will suffer, the system will fail, or it will be able to handle dramatic changes in load.
• Volume testing – Under Volume Testing large no. of. Data is populated in database and the overall software system’s behavior is monitored. The objective is to check software application’s performance under varying database volumes.
• Scalability testing – The objective of scalability testing is to determine the software application’s effectiveness in “scaling up” to support an increase in user load. It helps plan capacity addition to your software system.
• Configuration testing - Rather than testing for performance from the perspective of load, tests are created to determine the effects of configuration changes to the system's components on the system's performance and behaviour. A common example would be experimenting with different methods of load-balancing.
• Isolation testing - Isolation testing is not unique to performance testing but a term used to describe repeating a test execution that resulted in a system problem. Often used to isolate and confirm the fault domain.

Manual Testing and Automation Testing.

Manual testing

• Manual testing is the process of manually testing software for defects. 
• It requires a tester to play the role of an end user, and use most of all features of the application to ensure correct behavior. 
• To ensure completeness of testing, the tester often follows a written test plan that leads them through a set of important test cases.
• Manual testing is a laborious activity that requires the tester to possess a certain set of qualities; to be patient, observant, speculative, creative, innovative, open-minded, resourceful, unopinionated, and skillful.

Automation Testing

• Test automation is the use of software to control the execution of tests, the comparison of actual outcomes to predicted outcomes, the setting up of test preconditions, and other test control and test reporting functions.
• Commonly, test automation involves automating a manual process already in place that uses a formalized testing process.
• Test automation is the process of writing a computer program to do testing that would otherwise need to be done manually. 
• Once tests have been automated, they can be run quickly and repeatedly. 
• This is often the most cost effective method for software products that have a long maintenance life, because even minor patches over the lifetime of the application can cause features to break which were working at an earlier point in time.

What is Security testing?

• Security testing is a process to determine that an information system protects data and maintains functionality as intended.
• The six basic security concepts that need to be covered by security testing are: confidentiality, integrity, authentication, availability, authorization and non-repudiation. 
• Security testing is related to the security of data and the functionality of the application. You should be aware of the following concepts while performing security testing:
• Confidentiality - The application should only provide the data to the relevant party e.g. one customer's transactional data should not be visible to another customer; the irrelevant personal details of the customer should not be visible to the administrator and so on.
• Integrity - The data stored and displayed by the application should be correct e.g. after a withdrawal, the customer's account should be debited by the correct amount.
• Authentication - It should be possible to attribute the data transmitted in the application to either the application or the customer. In other words, no one other than the customer or the bank should be able to create or modify any data.
• Authorization - The application or a user should only be able to perform the tasks which they are respectively authorized to perform e.g. a customer should not be able to withdraw more than the balance in their account without having an overdraft facility, the application should not be able to levy charges on a customer account without prior customer approval.
• Availability - The data and functionality should be available to the users throughout the working period e.g. if the bank's operating times are from 8 a.m. to 8 p.m. on all working days, it should be possible for a customer to access their account and make the necessary transactions on their account.
• Non-repudiation - At a later date, it should not be possible for a party to deny that a particular transaction or data change took place e.g. if a customer withdraws an amount from their account, this should trigger the relevant actions (posting to their transaction records, debiting their account and sending them a notification etc.).

What is System Testing?

• Testing the behavior of the entire(whole) software/system as defined in software requirements specification(SRS) is known as system testing.
• Its main focus is to verify that the customer requirements are fulfilled.
• System testing is done after integration testing is complete. 
• System testing should test functional and non functional requirements of the software.
• Testing done by a professional testing agent on the completed software product before it is introduced to the market.
• Some of the main testing types which need to be covered in system testing:
• Sanity Testing
• Usability Testing
• Stress Testing
• Load Testing
• Performance Testing
• Regression Testing
• Maintenance Testing
• Security Testing
• Accessibility Testing

Unit Testing and Integration Testing.

Unit Testing

• Testing of individual software components or modules. 
• Typically done by the programmer and not by testers, as it requires detailed knowledge of the internal program design and code. may require developing test driver modules or test harnesses.
• The goal of unit testing is to isolate each part of the program and show that the individual parts are correct.
• A unit test provides a strict, written contract that the piece of code must satisfy. 
• As a result, it affords several benefits.

Integration testing

• Integration testing  is the phase in software testing in which individual software modules are combined and tested as a group.
• It occurs after unit testing and before validation testing. 
• Integration testing takes as its input modules that have been unit tested, groups them in larger aggregates, applies tests defined in an integration test plan to those aggregates, and delivers as its output the integrated system ready for system testing.
• Some different types of integration testing are Top Down Testing and Bottom Up Testing.

Top Down Testing

• Top Down Testing is an approach to integrated testing where the top integrated modules are tested and the branch of the module is tested step by step until the end of the related module.

Bottom Up Testing

• Bottom Up Testing is an approach to integrated testing where the lowest level components are tested first, then used to facilitate the testing of higher level components. The process is repeated until the component at the top of the hierarchy is tested.

What is Structural Testing?

• White-box testing (also known as clear box testing, glass box testing, transparent box testing, and structural testing) is a method of testing software that tests internal structures or workings of an application, as opposed to its functionality (i.e. black-box testing). 
• In white-box testing an internal perspective of the system, as well as programming skills, are used to design test cases. 
• The tester chooses inputs to exercise paths through the code and determine the appropriate outputs.
• White-box test design techniques include, control flow testing, data flow testing, branch testing, path testing, statement coverage and decision coverage.

Boundary value analysis and Equivalence partitioning.

Equivalence partitioning

• Equivalence partitioning is a black box testing technique that divides the input data of a software unit into partitions of data from which test cases can be derived.

Example:

• Assume that you have to test an input box that accepts numbers from 1 to 100. It is not possible to write test cases for all 100 valid data and other test cases for invalid data.
• By using Equivalence Partitioning method, the above test cases can be divided into three sets of input data called as classes.

Test cases for input box which accepts numbers between 1 and 100 using Equivalence Partitioning:

1. Take a single value from range 1 to 100 as a valid test case. If you select any other values between 1 and 100 the result will be same. So one test case for valid input data should be sufficient.
2. Test any value below the lower limit. ie, any value below 1, as invalid data test case.
3. Input data with any value greater than 100 to represent third invalid input class.

• So using equivalence partitioning you have categorized all possible test cases into three classes. Test cases with other values from any class should give you the same result.
• Equivalence partitioning uses fewest test cases to cover maximum requirements.

Boundary value analysis

• Boundary value analysis is a black box testing technique in which tests are designed to include representatives of boundary values.
• Values on the minimum and maximum edges of an equivalence partition are tested.
• Boundary value analysis testing technique is used to identify errors at boundaries rather than finding those exist in center of input domain.

Test cases for input box which accepts numbers between 1 and 100 using Boundary value analysis:

1. Test cases with test data exactly as the input boundaries of input domain i.e. values 1 and 100 in our case.
2. Test data with values just below the extreme edges of input domains i.e. values 0 and 99.
3. Test data with values just above the extreme edges of input domain i.e. values 2 and 101.

• Boundary value analysis is often called as a part of stress and negative testing.

Black Box Testing and White Box Testing.

Black Box Testing

• Black Box Testing is testing without knowledge of the internal workings of the item being tested.
• For Example: when black box testing is applied to software engineering, the tester would only know the "legal" inputs and what the expected outputs should be, but not how the program actually arrives at those outputs.

Advantages of Black Box Testing

• more effective on larger units of code than glass box testing.
• tester needs no knowledge of implementation, including specific programming languages.
• tester and programmer are independent of each other.tests are done from a user's point of view.
• will help to expose any ambiguities or inconsistencies in the specifications.
• test cases can be designed as soon as the specifications are complete

White Box Testing

• White box testing strategy deals with the internal logic and structure of the code.
• White box testing is also called as glass, structural, open box or clear box testing.
• The tests written based on the white box testing strategy incorporate coverage of the code written, branches, paths, statements and internal logic of the code etc.

Advantages of White Box Testing

• White Box Testing are tests that are run an application with the knowledge.
• White box testing is testing from the inside--tests that go in and test the actual program structure.
• As the knowledge of internal coding structure is prerequisite, it becomes very easy to find out which type of input/data can help in testing the application effectively.
• The other advantage of white box testing is that it helps in optimizing the code.
• It helps in removing the extra lines of code, which can bring in hidden defects.

Verification and Validation.

Verification and Validation is independent procedures that are used together for checking that a product, service, or system meets requirements and specifications and that it fulfills its intended purpose.

 

Verification:

• Verification is the process of checking or testing items, including software, for conformance and consistency by evaluating the results against pre-specified requirements.
• Verification: "Are we building the product right"
• The software should conform to its specification.
• It is intended to check that a product service, or system meets a set of initial design requirements, specifications, and regulations.

Validation:

• Validation looks at the system correctness – i.e. is the process of checking that what has been specified is what the user actually wanted.
• Validation: “Are we building the right product?”
• The software should do what the user really requires.
• It is intended to check that development and verification procedures for a product, service, or system result in a product, service, or system that meets initial requirements, specifications, and regulations.

Functional Testing and Non-Functional Testing.

Functional Testing

• In functional testing, the focus of testing activities is on functional aspects of the system. 
• Test cases are written to check the expected output. 
• Functional testing is normally performed in all the test phases from unit to system testing.

Non-Functional Testing

• In non-functional testing, the focus of the testing activities is on non functional aspects of the system. 
• Non functional testing is normally carried out during the System Testing phase only. 
• The focus of non functional testing is on the behavior and user experience of the system.

What is Software Testing?

• Software testing is the process of validating and verifying a software product to ensure its quality. 
• Software testing is used to measure the quality of developed computer software.
• It is the process of exercising a system component by manually or automated means to verify that it specifies the specified requirement.
• The objective of software testing is to find problems and fix them to improve quality.
• The purpose of software testing is to assess and evaluate the quality of work performed at each step of the software development process.
• It will increase the functioning of the software.
• The goal of testing is to ensure that the software performs as intended, and to improve software quality, reliability and maintainability.
• It will reduce costly errors.