Hi,

I have a question..

Explain your process for testing a log-in page. Assume that there is one field for username and one field for password and no other information is available on the interface.

What are the steps involved?

Thanks

For testing the log-in page following are the possible scenarios:1. The design of login page is as per the specifications
2. When the login page is opened the cursor is on the user name text box
3. Validating the user name text box with the following conditions:
i. It accepts alphanumeric characters along with the special characters
ii. Checks whether only the special characters like _, space, - are
allowed
iii. It accepts when only alphabets are given
iv. It does not accepts the numeric values alone
v. It does not accepts the void or null values
vi. When tab is pressed it goes to the password text box
vii. Checks whether the user name entered is available in the data base after the tab key is pressed
viii. Error message thrown for the wrong entry of user name
ix. When OK button in the error message is clicked the cursor should be on the user name text box
4. Validating the password text box with the following conditions:
i. Should allow the entry of alphanumeric and special characters
ii. When the entry is made it should encrypt and display as "*" to the users
iii. When tab or entry key is pressed it should go to the next page of the browser
iv. When wrong password is entered and does not matches with the values in the database the error message is thrown
v. When OK button in the error message is clicked the cursor should be on the user name text box
There may be more possible scenarios for testing this page....but these were the most common ones.

What are the differences between ISO, CMM and CMMi

plese send me all possible test cases for yahoo login page

Hai friend,

Few steps for login

1. Enter the correct user name and password will login and user private area will be shown

2. When username and password is in correct message will be shown as Invalid ID or password. Please try again using your full Yahoo! ID.

Thanks
Deepa

hai alokg,

CMM: A five level staged framework that describes the key elements of an effective software process. The capability Maturity Model covers best practices for planning , engineering and managing software development and maintenance.

CMMI: A framework that describes the key element of an effective product and maintenance Process. The capability Maturity model Integration covers best practices for planning, engineering and managing product development and maintenance. CMMI is the designated successor of the CMM.

Thanks
Deepa

hi,

Plz Clarify.What is regression Testing.When It Will Conduct.

Regards
raja

Hi Swamy,

Regression means retesting the unchanged parts of the application.
Test cases are re-executed in order to check whether previous functionality of application is working fine and new changes have not introduced any new bugs.

Regression Testing attempts to verify:

1)That the application works as specified even after the changes/additions/modification were made to it

2)The original functionality continues to work as specified even after changes/additions/modification to the software application .

3) The changes/additions/modification to the software application have not introduced any new bugs

Why regression Testing?


Regression testing is initiated when programmer fix any bug or add new code for new functionality to the system.

It is a quality measure to check that new code complies with old code and unmodified code is not getting affected.


Most of the time testing team has task to check the last minute changes in the system.

In such situation testing only affected application area in necessary to complete the testing process in time with covering all major system aspects.

What we do in regression testing?

a)Rerunning the previously conducted tests

b)Comparing current results with previously executed test results.

Thanks & Regards,
Riju.

Hi swamy555,

If you have any query please start new thread, why you are messing with an existing thread.

Thanks
Deepa

In addition to the above cases, tester can copy "Username" and "password" from a word or an Excel sheet, and verify the username is appearing as decrypted and password is appearing as Encrypted when pasted on the login page.

2) After entering a valid username and password, verification can also be done for encryption of password stored in cookies.

Following things are to be tested:

1. Cursor position in username field.
2. Validations for wrong entry of username:
a. Case sensitivity can be tested
b. Cursor back to username field after being shown validation message.
3. Cursor position to Password field on pressing Tab key.
4. Validations for wrong entry of password.
a. Case sensitivity should be tested
b. Cursor back to password field after being shown validation message.
5. Focus to Login button on pressing Tab key.

I agree with these points...
But there are some more testcases in terms of Software security perspective...
They can be...
level-1
Disable cookies
Convert GET to POST and vice versa (if possible)
Make form fields writable
Display form details
View cookie information
View response headers
Clear cache/authentication/cookies
Show comments

Level-2
developers can sometimes leave meaningful information in the source code when they don't think anyone will be looking at it, or when a company coding standard forces them to leave comments in the source code when updating. By reviewing the source code for comments such as usernames, passwords, backdoors, or even commented-out links, we can learn a lot about what the developer was thinking when writing the code (or maintaining it).

did you have a look into it ever....??

Developers sometimes use hidden fields to maintain information about your session that they need to remember, but don't want you to see. For example, sometimes a loaded page will include hidden credentials, pricing information, or details about items ordered. This can be an easy way for developers to track information, but it's similarly easy for a hacker to edit the info. A couple of years ago at a conference, Herbert Thompson (coauthor of How to Break Software Security) related an experience in which he did something similar to this little trick, to the tune of a couple thousand dollars on a popular web site. It was only through his kind nature that the owners of the site were made aware of the mistake and were able to fix the problem. It was a compelling story.This is basically hidden field tempering....[]

Authentication
* Disallow the user from directly accessing a page requiring the user to be logged in. If you are able to access a page requiring authentication and are currently not logged in, file a security ticket of severity 2-3 depending on the page.

Login
* If the username or password is incorrect do not display a message such as 'Your Username is Incorrect'. Instead ensure that a generic message stating 'Invalid Credentials' is displayed so as not to leak information about existing user accounts. If either the username or password is specifically mentioned file as a severity 3 issue.

Email Confirmation
* When emailing the order confirmation do not leak sensitive information such as the full credit card number, social security number, full name and address, or other similar sensitive information. If the card number or social security referenced in the email displays more than the last 4 digits (Unless otherwise defined) file a severity 2 issue.

Password Reset
* Ensure that if the password is reset that the temporary password expires after a reasonable amount of time as defined by the product manager (default is 48 hours). After 48 hours the temporary password will expire and will need to be regenerated.

what fidler tool does?